Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/4Mc-ulAdRYkPbkl4nRIlsgOAxi8.roa
File: 4Mc-ulAdRYkPbkl4nRIlsgOAxi8.roa (raw, json)
Hash identifier: M66dyx8++jpPiRKEhFL3fNpmU33pvXAdMiMc/eHrI2w=
Subject key identifier: E0:C7:3E:BA:50:1D:45:89:0F:6E:49:78:9D:12:25:B2:03:80:C6:2F
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0A853183
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/4Mc-ulAdRYkPbkl4nRIlsgOAxi8.roa
Signing time: Tue 15 Mar 2022 08:04:26 +0000
ROA not before: Tue 15 Mar 2022 08:04:26 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 171.22.146.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
177.222.64.0/19 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.13.0/24 maxlen: 24
89.46.98.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 176501123 (0xa853183)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Mar 15 08:04:26 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e0c73eba501d45890f6e49789d1225b20380c62f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:86:47:2a:11:58:bc:6b:97:20:22:bf:ef:1b:
35:ae:d7:70:ed:45:13:d7:d0:c4:88:1f:f6:4d:43:
32:d4:14:4f:9e:f7:9c:f7:05:0e:1d:17:99:e7:a7:
16:06:57:0a:1d:2c:48:31:3e:21:d1:1b:09:69:b6:
36:0b:8e:7f:44:31:1a:14:61:24:41:33:03:2b:6f:
0f:4b:81:ad:81:58:21:68:a0:53:f2:1d:9b:a9:d0:
58:57:3d:74:8a:a6:1f:ed:ff:1e:e9:33:0e:59:a8:
18:5b:b4:44:e2:72:6a:96:d0:15:f5:19:85:98:02:
05:b8:7f:f5:da:91:0c:be:a0:dd:f2:dc:7e:0a:a0:
c1:22:7a:fc:8d:98:b5:ab:97:d5:31:09:1d:bd:46:
f7:3f:9b:4a:a1:aa:10:67:b0:b5:de:0e:e4:8d:2e:
1d:cb:d4:75:d5:84:b5:10:be:56:b1:ab:73:8f:e9:
73:0f:fe:2f:ac:70:eb:31:a9:9b:ab:23:c6:6d:34:
aa:e8:a8:be:e5:b7:57:01:1b:ae:0f:2a:35:d8:39:
39:29:79:d4:b3:cc:a3:f1:d0:22:3e:78:6e:82:ab:
2c:f5:c3:51:6d:3e:b2:98:d4:ac:35:be:58:59:51:
c8:01:48:77:dc:d0:e7:4b:8e:98:3b:43:8f:6b:da:
b6:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:C7:3E:BA:50:1D:45:89:0F:6E:49:78:9D:12:25:B2:03:80:C6:2F
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/4Mc-ulAdRYkPbkl4nRIlsgOAxi8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.98.0/24
95.111.128.0/19
171.22.146.0/24
177.222.64.0/19
185.149.13.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:b2:6a:70:4d:ba:02:40:48:af:b8:06:88:bd:ee:88:48:f8:
ca:6c:71:bd:ee:80:96:a6:92:ce:cc:d8:3a:fd:c1:75:70:44:
c7:ed:f5:99:d2:ee:7d:20:e6:03:05:92:46:f8:f6:00:cf:57:
e7:2d:11:17:cd:24:e3:5f:32:b5:e4:4a:4b:57:20:15:a0:7b:
47:4b:0a:b7:da:a4:1f:4d:0b:51:ed:95:53:2b:4a:a5:61:90:
ba:02:1d:de:39:2c:85:d2:cd:a2:db:c4:6b:85:d3:f6:96:16:
63:4f:88:15:4b:56:58:37:67:36:89:fc:08:ec:47:96:82:ca:
99:0f:b9:bd:a9:44:e9:68:ef:f7:2e:19:5a:cb:91:fc:01:50:
13:c5:83:10:91:9c:b1:3b:5f:a2:71:2d:99:ed:94:c9:9d:b6:
ab:e3:11:a5:45:69:e9:72:b8:33:cd:85:a7:2c:ac:77:59:c1:
d2:02:19:25:95:5d:00:ec:3a:57:04:3b:9a:9a:27:b8:72:a7:
a6:37:91:f6:1c:e5:89:aa:e4:b4:67:be:18:f9:0f:a8:96:80:
3c:ef:fd:ff:89:68:b7:05:c1:59:36:9e:a7:0f:f7:4b:69:2c:
d3:df:eb:2f:b1:5c:ef:52:d7:4d:7b:52:2a:ec:b6:42:34:e6:
c5:fc:e1:dd
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECoUxgzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDMx
NTA4MDQyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTBjNzNlYmE1MDFk
NDU4OTBmNmU0OTc4OWQxMjI1YjIwMzgwYzYyZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALeGRyoRWLxrlyAiv+8bNa7XcO1FE9fQxIgf9k1DMtQUT573
nPcFDh0XmeenFgZXCh0sSDE+IdEbCWm2NguOf0QxGhRhJEEzAytvD0uBrYFYIWig
U/Idm6nQWFc9dIqmH+3/HukzDlmoGFu0ROJyapbQFfUZhZgCBbh/9dqRDL6g3fLc
fgqgwSJ6/I2YtauX1TEJHb1G9z+bSqGqEGewtd4O5I0uHcvUddWEtRC+VrGrc4/p
cw/+L6xw6zGpm6sjxm00quiovuW3VwEbrg8qNdg5OSl51LPMo/HQIj54boKrLPXD
UW0+spjUrDW+WFlRyAFId9zQ50uOmDtDj2vatqUCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBTgxz66UB1FiQ9uSXidEiWyA4DGLzAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
LzRNYy11bEFkUllrUGJrbDRuUklsc2dPQXhpOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAFkuYgMEBV9vgAMEAKsWkgMEBbHe
QAMEALmVDTANBgkqhkiG9w0BAQsFAAOCAQEADLJqcE26AkBIr7gGiL3uiEj4ymxx
ve6AlqaSzszYOv3BdXBEx+31mdLufSDmAwWSRvj2AM9X5y0RF80k418yteRKS1cg
FaB7R0sKt9qkH00LUe2VUytKpWGQugId3jkshdLNotvEa4XT9pYWY0+IFUtWWDdn
Non8COxHloLKmQ+5valE6Wjv9y4ZWsuR/AFQE8WDEJGcsTtfonEtme2UyZ22q+MR
pUVp6XK4M82Fpyysd1nB0gIZJZVdAOw6VwQ7mponuHKnpjeR9hzliarktGe+GPkP
qJaAPO/9/4lotwXBWTaepw/3S2ks09/rL7Fc71LXTXtSKuy2QjTmxfzh3Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org