Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/ai9D2-zXlAtgGHNUIVgrgcRUUMM.roa
File: ai9D2-zXlAtgGHNUIVgrgcRUUMM.roa (raw, json)
Hash identifier: yC/9LYWZFAmgvjgz08OdOyHIvn7S4zSwmg1loF6feJs=
Subject key identifier: 6A:2F:43:DB:EC:D7:94:0B:60:18:73:54:21:58:2B:81:C4:54:50:C3
Certificate issuer: /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial: 053794D4
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/ai9D2-zXlAtgGHNUIVgrgcRUUMM.roa
Signing time: Wed 06 Apr 2022 07:12:37 +0000
ROA not before: Wed 06 Apr 2022 07:12:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 40676
IP address blocks: 185.104.42.0/24 maxlen: 24
185.104.43.0/24 maxlen: 24
185.104.40.0/24 maxlen: 24
185.101.171.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 87528660 (0x53794d4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Validity
Not Before: Apr 6 07:12:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6a2f43dbecd7940b6018735421582b81c45450c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:6d:ec:6c:96:49:42:d5:f4:4b:58:35:0c:08:
cb:1e:de:98:5e:82:ab:bb:cf:7e:fa:d5:5c:67:09:
62:fe:b0:3e:11:1b:7a:e7:23:b8:22:69:63:05:c2:
1e:12:0e:2d:4e:63:92:4e:43:8a:c1:8b:e1:a9:56:
75:ea:bc:7b:1d:3f:db:1f:32:5c:89:bc:d5:1c:7f:
2a:71:a8:21:7c:69:ef:f9:b4:0c:34:40:99:f3:d2:
f0:b6:2e:76:4e:07:0c:06:f3:ab:fd:4f:ea:07:52:
cb:e4:fe:37:96:88:b6:99:b1:ca:8d:61:05:7a:41:
39:46:2d:01:63:0f:a3:b1:77:aa:53:dd:dc:36:1a:
d1:a7:35:ed:0f:20:3f:9e:c9:91:87:d7:0f:2c:35:
64:77:93:be:d3:e9:9d:bd:cf:c7:5b:e8:da:48:d4:
60:0a:09:61:4d:91:1f:64:0d:62:68:2d:32:f4:47:
2f:93:a3:22:56:a1:00:cf:88:17:e1:d2:52:8d:c6:
95:b5:39:c7:a5:fe:5e:2a:f6:fb:cf:11:08:a6:c3:
fe:6f:9d:97:1e:b7:5d:95:dc:f4:b4:26:02:08:bd:
e3:37:0e:ed:d7:3a:b7:ea:8a:21:86:73:7f:63:72:
1c:d1:45:72:51:d9:ab:01:35:8e:85:bc:10:ea:91:
f7:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:2F:43:DB:EC:D7:94:0B:60:18:73:54:21:58:2B:81:C4:54:50:C3
X509v3 Authority Key Identifier:
keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/ai9D2-zXlAtgGHNUIVgrgcRUUMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.101.171.0/24
185.104.40.0/24
185.104.42.0/23
Signature Algorithm: sha256WithRSAEncryption
0b:c7:6b:28:db:e8:46:71:c6:6f:3f:e5:69:e4:eb:c6:0b:dc:
3e:8c:09:54:67:2f:ff:77:22:29:c2:79:3a:e0:a9:a4:d0:e5:
7e:65:9f:f1:0d:c6:92:32:af:1e:ce:ac:fe:fd:ec:e6:03:ef:
21:06:27:b2:ee:d6:2e:b0:a6:d4:fe:77:7f:a9:2d:b3:cd:8b:
7c:f9:91:ed:7c:ec:e4:ce:51:3a:95:b4:82:48:01:92:4d:c5:
c2:69:d2:ec:33:b4:7a:bf:1d:be:c8:ba:4f:62:08:c4:a8:cb:
83:16:99:e3:0f:f3:a8:41:94:95:3e:63:0a:ec:de:2f:0d:63:
f7:8b:5f:28:6d:3e:d2:54:f2:4c:6f:12:84:eb:ad:12:73:9d:
43:8e:3c:c7:bb:75:d0:27:8d:f1:27:e0:58:47:da:0e:37:d7:
5d:f0:ef:c4:a0:c1:97:9a:b4:05:57:c5:ed:77:a4:7d:09:1b:
51:f6:55:71:61:23:5a:53:3b:94:ab:52:63:32:73:2d:dc:68:
a2:81:06:ce:94:a2:23:67:af:5c:19:57:4c:76:2a:80:e7:62:
7a:4b:84:7f:35:20:ec:9f:33:99:d5:6e:6c:bd:bf:84:60:3c:
85:29:28:7c:80:72:a3:e3:22:e4:0a:91:20:83:0e:7f:dd:b5:
ea:c9:68:58
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEBTeU1DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NDFmZGM3YTJmMTFhNTc2NmQzYWQ3YmRmNjI1Y2U1ZTExOWE4ZmRmMB4XDTIyMDQw
NjA3MTIzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmEyZjQzZGJlY2Q3
OTQwYjYwMTg3MzU0MjE1ODJiODFjNDU0NTBjMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOFt7GyWSULV9EtYNQwIyx7emF6Cq7vPfvrVXGcJYv6wPhEb
eucjuCJpYwXCHhIOLU5jkk5DisGL4alWdeq8ex0/2x8yXIm81Rx/KnGoIXxp7/m0
DDRAmfPS8LYudk4HDAbzq/1P6gdSy+T+N5aItpmxyo1hBXpBOUYtAWMPo7F3qlPd
3DYa0ac17Q8gP57JkYfXDyw1ZHeTvtPpnb3Px1vo2kjUYAoJYU2RH2QNYmgtMvRH
L5OjIlahAM+IF+HSUo3GlbU5x6X+Xir2+88RCKbD/m+dlx63XZXc9LQmAgi94zcO
7dc6t+qKIYZzf2NyHNFFclHZqwE1joW8EOqR9xUCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRqL0Pb7NeUC2AYc1QhWCuBxFRQwzAfBgNVHSMEGDAWgBRUH9x6LxGldm06
1732Jc5eEZqP3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZCX2NlaThScFhadE90ZTk5aVhPWGhHYWo5OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGQvOGZhZDY3LWJiNmItNDc3My1iODFlLWM5MDBhODlmMjBmMS8x
L2FpOUQyLXpYbEF0Z0dITlVJVmdyZ2NSVVVNTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQv
OGZhZDY3LWJiNmItNDc3My1iODFlLWM5MDBhODlmMjBmMS8xL1ZCX2NlaThScFha
dE90ZTk5aVhPWGhHYWo5OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEALllqwMEALloKAMEAbloKjANBgkq
hkiG9w0BAQsFAAOCAQEAC8drKNvoRnHGbz/laeTrxgvcPowJVGcv/3ciKcJ5OuCp
pNDlfmWf8Q3GkjKvHs6s/v3s5gPvIQYnsu7WLrCm1P53f6kts82LfPmR7Xzs5M5R
OpW0gkgBkk3FwmnS7DO0er8dvsi6T2IIxKjLgxaZ4w/zqEGUlT5jCuzeLw1j94tf
KG0+0lTyTG8ShOutEnOdQ448x7t10CeN8SfgWEfaDjfXXfDvxKDBl5q0BVfF7Xek
fQkbUfZVcWEjWlM7lKtSYzJzLdxoooEGzpSiI2evXBlXTHYqgOdiekuEfzUg7J8z
mdVubL2/hGA8hSkofIByo+Mi5AqRIIMOf9216sloWA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:57 2023 by rpki-client on console-fra.rpki-client.org