Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/yg2jyDq46aPixCZahZglY3vWwxU.roa
File: yg2jyDq46aPixCZahZglY3vWwxU.roa (raw, json)
Hash identifier: uu9y04JJgc94PHzCdG6mzHOU10/aNswNSyrkpI/Azc4=
Subject key identifier: CA:0D:A3:C8:3A:B8:E9:A3:E2:C4:26:5A:85:98:25:63:7B:D6:C3:15
Certificate issuer: /CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
Certificate serial: 0E4552A2
Authority key identifier: D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/yg2jyDq46aPixCZahZglY3vWwxU.roa
Signing time: Sat 01 Jan 2022 09:06:25 +0000
ROA not before: Sat 01 Jan 2022 09:06:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 28920
IP address blocks: 185.103.229.0/24 maxlen: 24
185.103.228.0/24 maxlen: 24
185.103.228.0/22 maxlen: 22
185.103.230.0/24 maxlen: 24
91.231.144.0/24 maxlen: 24
2a06:2e00::/29 maxlen: 29
2a0b:67c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 239424162 (0xe4552a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
Validity
Not Before: Jan 1 09:06:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ca0da3c83ab8e9a3e2c4265a859825637bd6c315
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:98:85:d6:3b:d7:17:f0:d8:d2:76:c1:3c:6f:
70:96:f5:58:56:b0:a6:6f:80:3e:02:06:7a:cf:2f:
a4:56:de:b8:e1:40:bd:73:4d:19:ee:6e:0d:64:2b:
03:72:78:5a:b2:3a:dc:26:12:a0:be:7b:50:7d:ce:
dd:da:94:23:2c:a2:47:d7:d9:0b:f0:0c:24:02:29:
f9:95:f8:b3:6e:dd:4c:a4:ad:79:60:a8:14:b8:57:
d4:ad:ca:8d:05:3b:ca:79:0f:ea:c2:01:78:5d:b5:
5e:3f:f2:58:48:8c:51:0c:f7:92:47:62:ec:ae:a3:
d7:60:fd:55:06:4c:b6:17:fa:a0:9d:18:06:4d:fa:
9b:9b:be:08:ec:a2:c6:8d:d0:30:16:fb:89:2b:65:
86:d2:18:25:fd:82:61:cc:ab:57:e0:83:92:c7:47:
95:09:9a:62:71:b4:f2:6f:02:6c:3e:3f:c7:0b:f0:
c4:51:4c:f8:e5:5f:0c:58:e2:cb:9d:94:5d:49:f9:
af:f5:90:2d:56:47:5c:70:a6:80:46:20:08:16:b0:
e7:d0:14:f1:fe:0e:f5:23:93:c9:c4:58:5d:b2:40:
66:39:a7:62:37:fd:bb:70:67:fd:ee:05:4b:7d:75:
79:11:6f:09:71:46:2e:30:6c:5a:c5:c6:0a:8a:dc:
2b:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:0D:A3:C8:3A:B8:E9:A3:E2:C4:26:5A:85:98:25:63:7B:D6:C3:15
X509v3 Authority Key Identifier:
keyid:D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/yg2jyDq46aPixCZahZglY3vWwxU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/1UCrGFzzmd5s2zykXe0pa2vmj-o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.144.0/24
185.103.228.0/22
IPv6:
2a06:2e00::/29
2a0b:67c0::/29
Signature Algorithm: sha256WithRSAEncryption
95:84:d4:4a:bb:79:14:2c:6e:4b:87:77:2d:f6:04:53:2e:53:
4f:ee:1c:65:0c:50:3d:0b:fd:0b:3b:f5:36:ce:34:b6:92:d7:
a1:3e:29:27:53:b0:0c:ed:07:d9:a4:ff:b7:fe:ad:d2:df:49:
ac:b8:92:f3:ca:e9:88:2a:0e:c1:31:20:5d:51:52:dd:e0:76:
3f:12:53:31:c7:6d:e0:03:4f:f1:bd:e4:20:ce:d5:d2:bd:3f:
d3:e4:ee:29:f1:f2:f9:d3:8d:54:04:92:96:c0:57:2b:f5:88:
5e:37:22:ed:70:ee:8e:8a:7e:e4:e6:31:ab:16:26:77:95:8e:
e0:16:29:54:2f:3f:29:83:bb:23:f4:d5:a6:88:ba:f8:8b:7b:
bd:6c:75:e2:22:04:b8:08:6e:9e:90:95:73:88:d6:c5:50:18:
67:14:b6:af:9f:06:a0:6c:13:f6:f6:06:2d:4a:af:e2:a4:5a:
14:46:45:f5:37:03:8e:f7:ad:15:c3:02:bc:a3:3c:ab:e6:28:
c0:5b:b4:ef:9e:2e:2d:90:fb:d0:cc:8b:61:79:85:47:55:67:
a1:60:5d:80:4c:ad:35:cf:55:4d:a8:f3:27:df:81:09:c1:1c:
aa:28:d8:72:55:5e:ff:02:07:2c:e1:46:dd:7e:63:54:da:b9:
ae:ca:9f:f0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEDkVSojANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NTQwYWIxODVjZjM5OWRlNmNkYjNjYTQ1ZGVkMjk2YjZiZTY4ZmVhMB4XDTIyMDEw
MTA5MDYyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2EwZGEzYzgzYWI4
ZTlhM2UyYzQyNjVhODU5ODI1NjM3YmQ2YzMxNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMyYhdY71xfw2NJ2wTxvcJb1WFawpm+APgIGes8vpFbeuOFA
vXNNGe5uDWQrA3J4WrI63CYSoL57UH3O3dqUIyyiR9fZC/AMJAIp+ZX4s27dTKSt
eWCoFLhX1K3KjQU7ynkP6sIBeF21Xj/yWEiMUQz3kkdi7K6j12D9VQZMthf6oJ0Y
Bk36m5u+COyixo3QMBb7iStlhtIYJf2CYcyrV+CDksdHlQmaYnG08m8CbD4/xwvw
xFFM+OVfDFjiy52UXUn5r/WQLVZHXHCmgEYgCBaw59AU8f4O9SOTycRYXbJAZjmn
Yjf9u3Bn/e4FS311eRFvCXFGLjBsWsXGCorcKyECAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBTKDaPIOrjpo+LEJlqFmCVje9bDFTAfBgNVHSMEGDAWgBTVQKsYXPOZ3mzb
PKRd7Slra+aP6jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFVQ3JHRnp6bWQ1czJ6eWtYZTBwYTJ2bWotby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzAvMWFhZjVkLTRlNmYtNDk3NC1iZmU0LWM1NzJjZjg2N2NiZi8x
L3lnMmp5RHE0NmFQaXhDWmFoWmdsWTN2V3d4VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAv
MWFhZjVkLTRlNmYtNDk3NC1iZmU0LWM1NzJjZjg2N2NiZi8xLzFVQ3JHRnp6bWQ1
czJ6eWtYZTBwYTJ2bWotby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEAFvnkAMEArln5DAUBAIAAjAOAwUD
KgYuAAMFAyoLZ8AwDQYJKoZIhvcNAQELBQADggEBAJWE1Eq7eRQsbkuHdy32BFMu
U0/uHGUMUD0L/Qs79TbONLaS16E+KSdTsAztB9mk/7f+rdLfSay4kvPK6YgqDsEx
IF1RUt3gdj8SUzHHbeADT/G95CDO1dK9P9Pk7inx8vnTjVQEkpbAVyv1iF43Iu1w
7o6KfuTmMasWJneVjuAWKVQvPymDuyP01aaIuviLe71sdeIiBLgIbp6QlXOI1sVQ
GGcUtq+fBqBsE/b2Bi1Kr+KkWhRGRfU3A473rRXDAryjPKvmKMBbtO+eLi2Q+9DM
i2F5hUdVZ6FgXYBMrTXPVU2o8yffgQnBHKoo2HJVXv8CByzhRt1+Y1Taua7Kn/A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:20 2024 by rpki-client on console-fra.rpki-client.org