Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/T4nI26TLnNrCAWl14afAc7cicJI.roa
File: T4nI26TLnNrCAWl14afAc7cicJI.roa (raw, json)
Hash identifier: zHbLqj8ISkA6vI+in63LOGJxWlsBy98g32zJWY9yRgY=
Subject key identifier: 4F:89:C8:DB:A4:CB:9C:DA:C2:01:69:75:E1:A7:C0:73:B7:22:70:92
Certificate issuer: /CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
Certificate serial: 018AC1C7E43D3B3FB483B0400ED72893CF21
Authority key identifier: D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/T4nI26TLnNrCAWl14afAc7cicJI.roa
Signing time: Sat 23 Sep 2023 11:23:37 +0000
ROA not before: Sat 23 Sep 2023 11:23:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28920
IP address blocks: 185.103.228.0/22 maxlen: 22
91.231.144.0/24 maxlen: 24
2a06:2e00::/29 maxlen: 29
2a0b:67c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:c1:c7:e4:3d:3b:3f:b4:83:b0:40:0e:d7:28:93:cf:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
Validity
Not Before: Sep 23 11:23:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4f89c8dba4cb9cdac2016975e1a7c073b7227092
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:77:41:fa:30:dd:81:ce:ef:f8:e7:91:20:99:
36:c2:eb:a5:ee:b8:fd:e7:2b:7d:78:1b:b8:08:9f:
06:3a:fb:b0:42:eb:ec:d3:c7:bd:90:c8:93:b0:5a:
da:22:6b:36:aa:0e:8a:78:35:4e:41:a9:c1:20:41:
5c:5a:03:5c:8b:9e:fd:1d:11:af:37:32:3b:67:22:
26:6e:ae:40:e2:44:70:84:9a:c7:08:58:18:81:54:
29:f2:77:0e:1a:0e:a8:9d:0b:e9:0c:1f:27:41:3b:
b4:f9:98:12:38:0c:c9:d6:89:52:a4:b0:a9:48:ca:
94:06:c1:f6:e2:06:38:b8:92:34:6b:e2:0c:96:40:
e9:05:b6:10:3a:74:f0:ba:ff:fc:28:29:a9:1c:bd:
62:f5:a6:10:cb:25:d0:c8:a0:77:ad:30:d4:6d:3e:
e4:6c:80:0c:a7:c9:87:21:48:0e:7a:19:d1:ab:8b:
29:9e:dd:4e:f1:e5:3a:2f:0f:a6:4d:68:e8:8b:92:
8f:4f:ef:19:4c:4b:19:3f:af:2d:6b:91:5e:ed:65:
de:4b:30:15:0a:e3:e3:36:d7:e0:c3:58:97:06:50:
02:85:f7:fd:8f:ed:78:3a:eb:08:80:b7:39:21:87:
e5:cc:45:58:27:71:0c:ee:35:9c:97:78:c9:58:ed:
d6:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:89:C8:DB:A4:CB:9C:DA:C2:01:69:75:E1:A7:C0:73:B7:22:70:92
X509v3 Authority Key Identifier:
keyid:D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/T4nI26TLnNrCAWl14afAc7cicJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/1UCrGFzzmd5s2zykXe0pa2vmj-o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.144.0/24
185.103.228.0/22
IPv6:
2a06:2e00::/29
2a0b:67c0::/29
Signature Algorithm: sha256WithRSAEncryption
4e:a6:2e:c4:e1:7a:91:ad:53:a7:b6:e0:b3:68:7f:bb:93:9a:
05:06:fe:6e:31:c6:8c:ba:83:82:95:eb:92:58:f7:5b:c2:1b:
28:39:ff:60:b5:28:f6:4b:a7:94:ca:38:44:3e:1d:3e:fd:14:
8a:0e:a1:09:bb:fd:ff:ce:37:fc:49:2f:50:1d:8f:7b:61:63:
8f:03:d3:36:75:4e:00:04:a8:b1:87:d0:99:24:74:d3:02:0d:
55:db:ea:37:ee:c4:7a:2d:79:33:c3:ee:48:f8:dc:a4:33:4d:
1e:4b:b4:4b:dd:34:e4:5c:5d:40:b7:15:5d:c3:79:72:ac:d9:
68:2a:b5:b9:76:c9:11:e2:15:cc:f0:1f:d6:6d:5a:9e:69:9e:
90:57:23:2f:9d:cc:85:2a:8f:2f:1d:63:71:2d:56:79:ef:31:
5f:57:f6:6a:79:db:98:a8:64:c9:b6:8d:71:7e:a4:e1:ce:dd:
a0:73:86:05:c6:f0:96:69:58:13:af:23:1e:09:83:d9:7e:4e:
bc:3b:a7:8b:9e:14:75:82:f9:c9:37:65:10:d4:48:76:a4:24:
31:26:c8:10:75:12:30:26:78:f9:a4:78:39:09:2d:8d:36:9f:
fa:57:86:8f:3b:91:3d:7a:b0:f7:ea:95:30:38:50:fb:14:a5:
89:56:7e:f4
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYrBx+Q9Oz+0g7BADtcok88hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NDBhYjE4NWNmMzk5ZGU2Y2RiM2NhNDVkZWQyOTZiNmJl
NjhmZWEwHhcNMjMwOTIzMTEyMzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjg5YzhkYmE0Y2I5Y2RhYzIwMTY5NzVlMWE3YzA3M2I3MjI3MDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3dB+jDdgc7v+OeRIJk2wuul7rj9
5yt9eBu4CJ8GOvuwQuvs08e9kMiTsFraIms2qg6KeDVOQanBIEFcWgNci579HRGv
NzI7ZyImbq5A4kRwhJrHCFgYgVQp8ncOGg6onQvpDB8nQTu0+ZgSOAzJ1olSpLCp
SMqUBsH24gY4uJI0a+IMlkDpBbYQOnTwuv/8KCmpHL1i9aYQyyXQyKB3rTDUbT7k
bIAMp8mHIUgOehnRq4spnt1O8eU6Lw+mTWjoi5KPT+8ZTEsZP68ta5Fe7WXeSzAV
CuPjNtfgw1iXBlAChff9j+14OusIgLc5IYflzEVYJ3EM7jWcl3jJWO3WYwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFE+JyNuky5zawgFpdeGnwHO3InCSMB8GA1UdIwQY
MBaAFNVAqxhc85nebNs8pF3tKWtr5o/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVVDckdGenptZDVzMnp5a1hlMHBhMnZtai1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8xYWFmNWQtNGU2Zi00OTc0LWJmZTQt
YzU3MmNmODY3Y2JmLzEvVDRuSTI2VExuTnJDQVdsMTRhZkFjN2NpY0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8xYWFmNWQtNGU2Zi00OTc0LWJmZTQtYzU3MmNmODY3Y2Jm
LzEvMVVDckdGenptZDVzMnp5a1hlMHBhMnZtai1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQAW+eQAwQC
uWfkMBQEAgACMA4DBQMqBi4AAwUDKgtnwDANBgkqhkiG9w0BAQsFAAOCAQEATqYu
xOF6ka1Tp7bgs2h/u5OaBQb+bjHGjLqDgpXrklj3W8IbKDn/YLUo9kunlMo4RD4d
Pv0Uig6hCbv9/843/EkvUB2Pe2FjjwPTNnVOAASosYfQmSR00wINVdvqN+7Eei15
M8PuSPjcpDNNHku0S9005FxdQLcVXcN5cqzZaCq1uXbJEeIVzPAf1m1anmmekFcj
L53MhSqPLx1jcS1Wee8xX1f2annbmKhkybaNcX6k4c7doHOGBcbwlmlYE68jHgmD
2X5OvDuni54UdYL5yTdlENRIdqQkMSbIEHUSMCZ4+aR4OQktjTaf+leGjzuRPXqw
9+qVMDhQ+xSliVZ+9A==
-----END CERTIFICATE-----
Generated at Fri Oct 6 08:56:49 2023 by rpki-client on console-ams.rpki-client.org