Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/NjC6XBaTXf_HVFD_b4LrLhZwd7k.roa
File: NjC6XBaTXf_HVFD_b4LrLhZwd7k.roa (raw, json)
Hash identifier: RLajpkzlNcD4g7QLwAk7J+FlW4Y1b91vQTwqqOJjLuQ=
Subject key identifier: 36:30:BA:5C:16:93:5D:FF:C7:54:50:FF:6F:82:EB:2E:16:70:77:B9
Certificate issuer: /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial: 01823E026F1895B5035EDA9095EC87FA905A
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/NjC6XBaTXf_HVFD_b4LrLhZwd7k.roa
Signing time: Wed 27 Jul 2022 04:55:23 +0000
ROA not before: Wed 27 Jul 2022 04:55:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 185.104.32.0/21 maxlen: 24
185.104.43.0/24 maxlen: 24
185.104.40.0/24 maxlen: 24
185.101.168.0/24 maxlen: 24
185.101.168.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:3e:02:6f:18:95:b5:03:5e:da:90:95:ec:87:fa:90:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Validity
Not Before: Jul 27 04:55:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3630ba5c16935dffc75450ff6f82eb2e167077b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:ce:df:d9:4f:fb:e4:03:07:7f:22:ca:df:50:
19:22:c7:a5:a7:ae:3d:74:d3:15:c5:c1:34:0a:c7:
25:da:0d:47:47:a5:bd:be:0d:cb:31:33:f2:4f:7b:
46:be:61:ab:1b:18:c3:24:e5:e5:a1:77:1e:e7:24:
36:da:a4:32:8e:cb:8b:36:a8:ba:67:46:3a:71:f4:
e7:a0:83:cb:38:b4:4b:a7:71:5c:5b:55:b4:9c:20:
23:18:f8:4a:77:e1:e6:40:c1:8b:37:37:95:03:21:
f2:7d:a6:3f:55:ef:86:a4:46:ab:6d:a8:6a:3a:4f:
97:36:c4:ed:87:2a:5c:b1:a8:82:31:30:fa:12:cf:
a2:12:95:c4:d5:ff:2c:ab:7c:ae:17:78:da:83:93:
b4:6a:a9:b5:e6:b6:b9:61:d2:9d:64:ea:e0:d1:be:
6f:6a:fb:f5:95:34:55:eb:f0:15:c7:8b:1f:e5:c9:
bf:ff:89:0a:41:d6:42:da:ed:74:53:5f:5c:8f:e5:
c2:8e:cd:bd:b4:18:21:36:0e:0e:aa:f4:ba:74:c6:
3d:84:26:b8:64:c1:f1:fb:4e:92:24:31:7a:46:4f:
8d:83:9a:f9:80:0d:02:fc:0b:57:71:00:0b:db:43:
fc:28:e3:d6:4a:78:95:62:60:68:38:4d:83:5c:4a:
db:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:30:BA:5C:16:93:5D:FF:C7:54:50:FF:6F:82:EB:2E:16:70:77:B9
X509v3 Authority Key Identifier:
keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/NjC6XBaTXf_HVFD_b4LrLhZwd7k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.101.168.0/22
185.104.32.0-185.104.40.255
185.104.43.0/24
Signature Algorithm: sha256WithRSAEncryption
82:7e:51:22:30:5a:8a:99:43:b1:48:6e:73:a2:b5:d2:b3:f8:
d9:d9:62:a4:b2:ba:97:f9:2d:ac:06:bf:32:52:6c:d2:d0:96:
87:63:0a:30:65:30:ef:bc:2d:df:55:13:87:9c:80:0f:41:a5:
6a:68:cc:f2:8a:8b:04:e7:7c:8b:3e:70:4a:bf:66:8c:46:26:
2b:1d:41:72:87:49:45:74:6a:29:72:40:bb:0e:9b:f1:7f:72:
2d:74:52:46:21:d2:40:7b:72:57:30:09:6e:bb:69:30:06:4c:
7f:7b:b3:e7:00:b9:8e:f5:eb:4e:67:04:93:03:d8:e4:32:f6:
69:69:7f:6d:24:ea:a6:76:5e:aa:d4:89:c0:7b:08:6f:98:8d:
5b:c1:e5:84:23:08:ba:31:19:77:5f:d6:1a:e0:8b:36:fd:c8:
af:18:64:6a:97:9b:64:6a:67:9e:da:fb:7a:5c:04:cb:79:8c:
0d:a3:c3:dd:09:e8:f3:c2:7f:14:c6:93:10:47:78:e8:0b:28:
f9:b9:79:09:7f:66:01:4d:5f:f4:74:8b:1b:26:ce:96:5c:7b:
cf:9a:1f:1f:8f:51:55:50:ea:1a:21:bb:7a:f1:a8:8f:92:5d:
b1:8a:83:2f:cd:a0:5b:50:22:84:90:db:ae:42:f2:1a:38:66:
05:47:c1:da
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYI+Am8YlbUDXtqQleyH+pBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjIwNzI3MDQ1NTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjMwYmE1YzE2OTM1ZGZmYzc1NDUwZmY2ZjgyZWIyZTE2NzA3N2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc7f2U/75AMHfyLK31AZIselp649
dNMVxcE0Cscl2g1HR6W9vg3LMTPyT3tGvmGrGxjDJOXloXce5yQ22qQyjsuLNqi6
Z0Y6cfTnoIPLOLRLp3FcW1W0nCAjGPhKd+HmQMGLNzeVAyHyfaY/Ve+GpEarbahq
Ok+XNsTthypcsaiCMTD6Es+iEpXE1f8sq3yuF3jag5O0aqm15ra5YdKdZOrg0b5v
avv1lTRV6/AVx4sf5cm//4kKQdZC2u10U19cj+XCjs29tBghNg4OqvS6dMY9hCa4
ZMHx+06SJDF6Rk+Ng5r5gA0C/AtXcQAL20P8KOPWSniVYmBoOE2DXErbhQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDYwulwWk13/x1RQ/2+C6y4WcHe5MB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvTmpDNlhCYVRYZl9IVkZEX2I0THJMaFp3ZDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCuWWoMAwD
BAW5aCADBAC5aCgDBAC5aCswDQYJKoZIhvcNAQELBQADggEBAIJ+USIwWoqZQ7FI
bnOitdKz+NnZYqSyupf5LawGvzJSbNLQlodjCjBlMO+8Ld9VE4ecgA9BpWpozPKK
iwTnfIs+cEq/ZoxGJisdQXKHSUV0ailyQLsOm/F/ci10UkYh0kB7clcwCW67aTAG
TH97s+cAuY71605nBJMD2OQy9mlpf20k6qZ2XqrUicB7CG+YjVvB5YQjCLoxGXdf
1hrgizb9yK8YZGqXm2RqZ57a+3pcBMt5jA2jw90J6PPCfxTGkxBHeOgLKPm5eQl/
ZgFNX/R0ixsmzpZce8+aHx+PUVVQ6hohu3rxqI+SXbGKgy/NoFtQIoSQ265C8ho4
ZgVHwdo=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:57 2023 by rpki-client on console-fra.rpki-client.org