Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/rpj5cnk30BBihXkncoKKS2E5s44.roa
File: rpj5cnk30BBihXkncoKKS2E5s44.roa (raw, json)
Hash identifier: WG9ASxwDGvzS/vL+HwdYkOmyXCK1OKauTO7KWilSlbA=
Subject key identifier: AE:98:F9:72:79:37:D0:10:62:85:79:27:72:82:8A:4B:61:39:B3:8E
Certificate issuer: /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial: 01854F98F29CA2A4D4938E3A1A4473F99984
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/rpj5cnk30BBihXkncoKKS2E5s44.roa
Signing time: Mon 26 Dec 2022 18:01:41 +0000
ROA not before: Mon 26 Dec 2022 18:01:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207279
IP address blocks: 185.104.43.0/24 maxlen: 24
185.101.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:4f:98:f2:9c:a2:a4:d4:93:8e:3a:1a:44:73:f9:99:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Validity
Not Before: Dec 26 18:01:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ae98f9727937d0106285792772828a4b6139b38e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:3b:a0:c8:66:03:5b:0d:ce:10:f8:ea:d4:ae:
a2:b7:7d:73:28:51:01:d3:68:7a:40:62:e0:dd:20:
45:e3:de:91:0f:a1:c0:c9:55:f7:c3:62:a5:43:df:
55:42:d3:24:3b:19:42:63:09:0e:2a:3e:3c:43:18:
00:f9:36:1b:5e:b4:2a:85:d3:b5:e4:e2:c9:53:9e:
ac:b6:ae:c2:30:a6:87:03:27:72:c0:96:71:65:fa:
c6:aa:57:ac:f3:b5:4a:4d:49:03:a1:c7:68:36:d1:
b0:7d:cc:cf:4e:55:3f:ac:83:a1:f2:c3:79:6e:ff:
e3:a0:d1:ae:43:86:d9:54:9a:47:54:a1:79:fd:3a:
34:fb:a3:c6:e9:e2:c6:83:36:fd:0d:53:48:15:86:
61:72:5f:90:57:97:ee:6b:a1:f7:72:e6:f6:83:79:
55:5b:06:90:53:73:91:0b:b5:e6:a5:43:38:b6:db:
1d:ba:67:15:52:fc:3f:13:7b:89:55:c1:15:d1:25:
78:9d:ad:c7:cc:cf:95:4f:99:18:47:9e:9b:10:c5:
c1:c8:7f:95:51:2a:cb:88:88:8d:70:1c:14:1b:f9:
c7:44:46:28:07:64:8a:16:a3:e3:c7:d8:73:f4:6b:
d3:a1:13:ab:a4:20:af:43:8b:9b:b6:6a:a7:66:f1:
7d:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:98:F9:72:79:37:D0:10:62:85:79:27:72:82:8A:4B:61:39:B3:8E
X509v3 Authority Key Identifier:
keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/rpj5cnk30BBihXkncoKKS2E5s44.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.101.170.0/24
185.104.43.0/24
Signature Algorithm: sha256WithRSAEncryption
57:c6:56:58:ef:ef:da:7e:46:39:a0:b6:47:48:ae:83:07:78:
80:db:4b:03:a0:d4:c9:8d:32:2b:0b:27:0f:61:6f:44:64:40:
5f:18:4f:4d:33:3b:80:22:bd:25:01:4f:6f:03:ad:89:9c:1e:
1f:99:19:7d:1f:88:99:5f:f5:54:41:b5:06:5e:58:f5:8a:3f:
2c:a5:30:37:cf:05:32:e7:79:82:de:c4:35:15:0b:77:16:55:
67:ed:87:f6:59:e1:cd:ef:ae:96:82:78:dd:9e:97:9f:8f:a6:
c7:70:ac:80:f2:ce:4a:fb:91:5c:16:d0:b6:03:92:cb:c1:3a:
be:80:61:60:d4:7c:49:80:59:bb:c1:87:21:a0:86:9e:f8:ab:
89:88:d6:82:27:ec:fe:8b:5d:0b:b7:aa:b2:bb:54:f3:7c:8b:
0f:d8:98:ae:dc:93:d6:75:a2:36:e3:f2:3b:b2:ad:ea:5e:90:
ec:9b:bb:92:8b:e2:23:73:65:3e:39:10:e7:c1:7f:31:79:33:
3b:d2:32:c9:53:83:dd:56:1f:1e:ab:d2:01:be:15:c8:7b:ad:
9e:65:31:f1:c4:0a:52:74:b6:d0:44:3a:2d:84:12:f6:ce:1c:
12:cd:3e:99:e2:33:00:4a:19:47:55:e5:b0:42:67:3b:e2:98:
e8:f5:fd:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVPmPKcoqTUk446GkRz+ZmEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjIxMjI2MTgwMTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTk4Zjk3Mjc5MzdkMDEwNjI4NTc5Mjc3MjgyOGE0YjYxMzliMzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DugyGYDWw3OEPjq1K6it31zKFEB
02h6QGLg3SBF496RD6HAyVX3w2KlQ99VQtMkOxlCYwkOKj48QxgA+TYbXrQqhdO1
5OLJU56stq7CMKaHAydywJZxZfrGqles87VKTUkDocdoNtGwfczPTlU/rIOh8sN5
bv/joNGuQ4bZVJpHVKF5/To0+6PG6eLGgzb9DVNIFYZhcl+QV5fua6H3cub2g3lV
WwaQU3ORC7XmpUM4ttsdumcVUvw/E3uJVcEV0SV4na3HzM+VT5kYR56bEMXByH+V
USrLiIiNcBwUG/nHREYoB2SKFqPjx9hz9GvToROrpCCvQ4ubtmqnZvF9QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK6Y+XJ5N9AQYoV5J3KCikthObOOMB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvcnBqNWNuazMwQkJpaFhrbmNvS0tTMkU1czQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWWqAwQA
uWgrMA0GCSqGSIb3DQEBCwUAA4IBAQBXxlZY7+/afkY5oLZHSK6DB3iA20sDoNTJ
jTIrCycPYW9EZEBfGE9NMzuAIr0lAU9vA62JnB4fmRl9H4iZX/VUQbUGXlj1ij8s
pTA3zwUy53mC3sQ1FQt3FlVn7Yf2WeHN766Wgnjdnpefj6bHcKyA8s5K+5FcFtC2
A5LLwTq+gGFg1HxJgFm7wYchoIae+KuJiNaCJ+z+i10Lt6qyu1TzfIsP2Jiu3JPW
daI24/I7sq3qXpDsm7uSi+Ijc2U+ORDnwX8xeTM70jLJU4PdVh8eq9IBvhXIe62e
ZTHxxApSdLbQRDothBL2zhwSzT6Z4jMAShlHVeWwQmc74pjo9f2R
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:20:53 2025 by rpki-client