Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/TOZEauddtNHBY_uGc-b48v5eA5w.roa
File: TOZEauddtNHBY_uGc-b48v5eA5w.roa (raw, json)
Hash identifier: I15vGIK6PKC5esveCFxvsvReA+eHtjyzBdSZ7aWwvq8=
Subject key identifier: 4C:E6:44:6A:E7:5D:B4:D1:C1:63:FB:86:73:E6:F8:F2:FE:5E:03:9C
Certificate issuer: /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial: 018F38C74D7A4BDAD512825D10A51C760D17
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/TOZEauddtNHBY_uGc-b48v5eA5w.roa
Signing time: Thu 02 May 2024 10:08:56 +0000
ROA not before: Thu 02 May 2024 10:08:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201453
IP address blocks: 185.160.228.0/22 maxlen: 22
185.160.228.0/24 maxlen: 24
185.160.229.0/24 maxlen: 24
185.160.230.0/24 maxlen: 24
185.160.231.0/24 maxlen: 24
185.230.144.0/24 maxlen: 24
185.232.132.0/22 maxlen: 22
185.232.134.0/24 maxlen: 24
185.232.135.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:38:c7:4d:7a:4b:da:d5:12:82:5d:10:a5:1c:76:0d:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Validity
Not Before: May 2 10:08:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4ce6446ae75db4d1c163fb8673e6f8f2fe5e039c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:67:68:cb:dc:44:23:a9:ef:fe:c2:10:b1:06:
9e:cb:af:ff:1b:20:d4:54:35:14:1f:2e:01:55:17:
e2:7c:b0:76:3b:9f:d0:89:d8:ad:fc:81:60:b2:b9:
07:fc:76:99:02:fd:17:99:f2:4e:29:da:b3:ec:c3:
9b:df:5a:10:21:b5:88:eb:40:bb:05:e9:a1:e9:4c:
2e:82:65:f7:0c:96:33:89:a4:1c:33:69:6c:07:6e:
7f:85:82:0d:cc:a6:85:81:a3:b3:d6:29:2c:54:22:
03:08:da:70:de:15:05:5b:09:20:4e:35:19:32:ce:
7f:1f:fa:15:44:38:d1:6c:42:ca:c3:e9:40:39:04:
cc:a4:15:4a:03:70:6e:82:60:99:b5:b6:6e:a8:ae:
43:63:0b:fb:00:7a:fc:7f:16:cf:b8:1e:fc:e4:c3:
3d:9d:29:af:0a:dc:4d:c3:d2:72:d1:57:3a:9a:cd:
ab:fe:92:8e:01:eb:0a:4d:1c:a6:a8:a0:c7:60:49:
ac:d3:08:9e:33:ce:e5:09:41:a8:92:e6:a8:c9:44:
0d:05:37:e3:78:b2:39:1a:f9:46:0e:9c:1b:2c:96:
7f:fd:81:00:b7:c0:5c:e7:f4:30:5f:10:8e:6d:67:
89:e7:6a:c7:7a:ea:0d:41:30:75:08:24:2a:e2:de:
f5:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:E6:44:6A:E7:5D:B4:D1:C1:63:FB:86:73:E6:F8:F2:FE:5E:03:9C
X509v3 Authority Key Identifier:
keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/TOZEauddtNHBY_uGc-b48v5eA5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.160.228.0/22
185.230.144.0/24
185.232.132.0/22
Signature Algorithm: sha256WithRSAEncryption
22:fa:14:bb:2b:eb:ea:75:45:a7:e8:3e:c9:b3:8e:b1:c8:39:
66:d8:82:3a:1b:c7:7b:02:a0:01:0a:53:51:c0:65:52:70:88:
78:78:0c:ef:d3:6b:96:08:d8:09:60:11:04:8f:37:31:cf:99:
49:e0:ab:c2:ee:d2:8f:ab:f6:54:61:14:26:c0:b7:e3:e1:a3:
fa:51:15:da:90:34:e4:d4:c6:c9:51:fc:cf:79:03:45:4a:b2:
11:12:46:e2:02:d8:fe:3f:6d:43:9a:74:c4:17:4a:66:f6:7f:
e2:63:c9:f7:96:3d:3f:6a:b8:7c:3a:19:d9:ba:09:2e:6a:c9:
f3:46:65:b8:5f:91:15:30:61:9c:ce:7a:73:68:db:b9:37:23:
f4:cb:12:4e:66:58:d7:24:c4:d4:bc:67:aa:4a:3e:b0:ce:af:
af:8f:01:0e:a5:19:49:03:b8:0c:f0:ff:bc:22:3b:6a:7a:81:
2a:9d:30:2b:c0:54:61:19:19:64:e3:46:57:b4:a2:21:27:bc:
29:6e:87:ba:6e:6a:6f:c1:df:b9:a7:ef:85:cc:4e:70:1d:43:
6d:03:c9:85:88:5a:3c:22:27:1f:43:47:0c:a7:08:68:03:f3:
d4:85:47:c5:8e:3f:d5:c1:6b:7a:f0:81:3e:2c:cd:77:f4:5d:
36:42:0e:b3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY84x016S9rVEoJdEKUcdg0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjQwNTAyMTAwODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2U2NDQ2YWU3NWRiNGQxYzE2M2ZiODY3M2U2ZjhmMmZlNWUwMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2doy9xEI6nv/sIQsQaey6//GyDU
VDUUHy4BVRfifLB2O5/Qidit/IFgsrkH/HaZAv0XmfJOKdqz7MOb31oQIbWI60C7
Bemh6UwugmX3DJYziaQcM2lsB25/hYINzKaFgaOz1iksVCIDCNpw3hUFWwkgTjUZ
Ms5/H/oVRDjRbELKw+lAOQTMpBVKA3BugmCZtbZuqK5DYwv7AHr8fxbPuB785MM9
nSmvCtxNw9Jy0Vc6ms2r/pKOAesKTRymqKDHYEms0wieM87lCUGokuaoyUQNBTfj
eLI5GvlGDpwbLJZ//YEAt8Bc5/QwXxCObWeJ52rHeuoNQTB1CCQq4t71UQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEzmRGrnXbTRwWP7hnPm+PL+XgOcMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvVE9aRWF1ZGR0TkhCWV91R2MtYjQ4djVlQTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuaDkAwQA
ueaQAwQCueiEMA0GCSqGSIb3DQEBCwUAA4IBAQAi+hS7K+vqdUWn6D7Js46xyDlm
2II6G8d7AqABClNRwGVScIh4eAzv02uWCNgJYBEEjzcxz5lJ4KvC7tKPq/ZUYRQm
wLfj4aP6URXakDTk1MbJUfzPeQNFSrIREkbiAtj+P21DmnTEF0pm9n/iY8n3lj0/
arh8OhnZugkuasnzRmW4X5EVMGGcznpzaNu5NyP0yxJOZljXJMTUvGeqSj6wzq+v
jwEOpRlJA7gM8P+8IjtqeoEqnTArwFRhGRlk40ZXtKIhJ7wpboe6bmpvwd+5p++F
zE5wHUNtA8mFiFo8IicfQ0cMpwhoA/PUhUfFjj/VwWt68IE+LM139F02Qg6z
-----END CERTIFICATE-----
Generated at Thu Jul 18 10:06:40 2024 by rpki-client on console-ams.rpki-client.org