Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/z0Ghv2QOutGCDMGv9xqJqGbyl6k.roa
File: z0Ghv2QOutGCDMGv9xqJqGbyl6k.roa (raw, json)
Hash identifier: vjUW/LxDrYkkaDZ2VS82O0xP835tdzPOsQ5fQZLW9as=
Subject key identifier: CF:41:A1:BF:64:0E:BA:D1:82:0C:C1:AF:F7:1A:89:A8:66:F2:97:A9
Certificate issuer: /CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
Certificate serial: 01856B6E8D0ACE64CA4638870D5AA785269C
Authority key identifier: D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/z0Ghv2QOutGCDMGv9xqJqGbyl6k.roa
Signing time: Sun 01 Jan 2023 03:44:44 +0000
ROA not before: Sun 01 Jan 2023 03:44:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28920
IP address blocks: 185.103.229.0/24 maxlen: 24
185.103.228.0/24 maxlen: 24
185.103.228.0/22 maxlen: 22
185.103.230.0/24 maxlen: 24
91.231.144.0/24 maxlen: 24
2a06:2e00::/29 maxlen: 29
2a0b:67c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:6e:8d:0a:ce:64:ca:46:38:87:0d:5a:a7:85:26:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
Validity
Not Before: Jan 1 03:44:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cf41a1bf640ebad1820cc1aff71a89a866f297a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:5b:a4:3a:68:68:2d:6c:cb:12:f2:29:2e:bc:
0f:2b:19:5e:c6:a6:63:f1:76:56:e8:f2:07:1f:4f:
56:b1:3c:0f:2a:04:85:54:28:16:b3:f4:29:25:89:
49:c1:db:ba:29:d0:e8:1d:2d:3d:51:bb:f4:91:d5:
31:9a:94:74:b1:8a:e7:0c:1f:38:2b:4c:71:9a:1a:
fa:35:f4:0d:10:3d:66:ef:51:19:de:1a:2d:92:a4:
9a:f1:6c:9f:90:d9:7a:e9:4d:58:32:7b:c4:90:1f:
45:d2:77:1e:46:41:77:62:73:56:69:bd:e5:11:b1:
ae:ec:f5:9c:c6:0a:3a:b7:3e:50:01:d2:d2:58:2c:
ab:e3:c3:f2:96:1f:43:c5:c2:83:4e:87:45:db:10:
3e:e2:e5:13:4d:fb:a9:16:e3:ec:69:8b:5a:03:a9:
ee:11:30:b9:2a:4b:bc:4d:59:04:7b:6e:ec:76:89:
f8:60:a1:93:50:69:d7:56:85:22:c7:63:e9:e6:34:
03:1c:3c:1b:a2:fd:75:00:5b:08:c4:73:7c:77:08:
13:0d:2b:12:4f:77:04:cd:ff:7a:43:27:d3:7d:ad:
e8:d2:d3:9d:3e:d9:62:6d:d1:08:b7:1a:68:d7:96:
bc:22:4e:a0:c2:f2:7e:8d:d3:15:b3:94:ea:05:77:
af:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:41:A1:BF:64:0E:BA:D1:82:0C:C1:AF:F7:1A:89:A8:66:F2:97:A9
X509v3 Authority Key Identifier:
keyid:D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/z0Ghv2QOutGCDMGv9xqJqGbyl6k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/1UCrGFzzmd5s2zykXe0pa2vmj-o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.144.0/24
185.103.228.0/22
IPv6:
2a06:2e00::/29
2a0b:67c0::/29
Signature Algorithm: sha256WithRSAEncryption
3b:3d:74:21:ff:03:4c:4f:5b:01:3a:58:db:70:2d:93:ac:98:
d2:12:1d:af:64:08:2d:37:02:0e:c8:84:3a:e1:20:fc:f4:96:
69:ff:1c:0d:fe:7f:72:dc:cf:6a:97:75:cf:36:ce:7b:a7:f8:
39:09:4d:22:d8:f8:37:8f:4f:7d:38:27:80:25:ce:15:77:8c:
e0:ca:a5:5b:31:c3:42:d6:e5:05:b0:05:a2:5e:81:42:90:76:
f5:32:8d:3b:5e:b7:a8:e3:10:46:09:39:a5:bf:79:01:52:9d:
d0:c9:f7:c8:5c:ea:cc:92:9a:1a:8a:09:f1:7c:eb:92:67:a9:
8d:0d:60:dd:9c:9f:d0:15:7b:6f:dd:2e:ea:3b:a4:d5:6c:4a:
af:6e:47:92:30:a2:be:1f:6f:73:40:da:00:0c:67:00:fa:3e:
09:d4:ef:a4:81:7b:74:f0:4b:89:32:92:ea:9f:86:d9:fa:72:
1d:2e:5f:00:58:f0:d3:39:be:c4:99:90:06:00:e3:b5:dc:61:
89:44:b4:6f:15:da:5c:4a:95:81:2d:f2:4e:98:54:af:19:9c:
7c:b1:e6:42:3c:95:7f:30:22:e5:12:2d:9f:55:60:3f:d5:b2:
15:e1:83:73:8e:98:18:11:7d:d4:25:e1:45:68:ad:77:51:33:
e0:b4:9b:b5
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVrbo0KzmTKRjiHDVqnhSacMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NDBhYjE4NWNmMzk5ZGU2Y2RiM2NhNDVkZWQyOTZiNmJl
NjhmZWEwHhcNMjMwMTAxMDM0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQxYTFiZjY0MGViYWQxODIwY2MxYWZmNzFhODlhODY2ZjI5N2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlukOmhoLWzLEvIpLrwPKxlexqZj
8XZW6PIHH09WsTwPKgSFVCgWs/QpJYlJwdu6KdDoHS09Ubv0kdUxmpR0sYrnDB84
K0xxmhr6NfQNED1m71EZ3hotkqSa8WyfkNl66U1YMnvEkB9F0nceRkF3YnNWab3l
EbGu7PWcxgo6tz5QAdLSWCyr48Pylh9DxcKDTodF2xA+4uUTTfupFuPsaYtaA6nu
ETC5Kku8TVkEe27sdon4YKGTUGnXVoUix2Pp5jQDHDwbov11AFsIxHN8dwgTDSsS
T3cEzf96QyfTfa3o0tOdPtlibdEItxpo15a8Ik6gwvJ+jdMVs5TqBXev1QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFM9Bob9kDrrRggzBr/caiahm8pepMB8GA1UdIwQY
MBaAFNVAqxhc85nebNs8pF3tKWtr5o/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVVDckdGenptZDVzMnp5a1hlMHBhMnZtai1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8xYWFmNWQtNGU2Zi00OTc0LWJmZTQt
YzU3MmNmODY3Y2JmLzEvejBHaHYyUU91dEdDRE1Hdjl4cUpxR2J5bDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8xYWFmNWQtNGU2Zi00OTc0LWJmZTQtYzU3MmNmODY3Y2Jm
LzEvMVVDckdGenptZDVzMnp5a1hlMHBhMnZtai1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQAW+eQAwQC
uWfkMBQEAgACMA4DBQMqBi4AAwUDKgtnwDANBgkqhkiG9w0BAQsFAAOCAQEAOz10
If8DTE9bATpY23Atk6yY0hIdr2QILTcCDsiEOuEg/PSWaf8cDf5/ctzPapd1zzbO
e6f4OQlNItj4N49PfTgngCXOFXeM4MqlWzHDQtblBbAFol6BQpB29TKNO163qOMQ
Rgk5pb95AVKd0Mn3yFzqzJKaGooJ8XzrkmepjQ1g3Zyf0BV7b90u6juk1WxKr25H
kjCivh9vc0DaAAxnAPo+CdTvpIF7dPBLiTKS6p+G2fpyHS5fAFjw0zm+xJmQBgDj
tdxhiUS0bxXaXEqVgS3yTphUrxmcfLHmQjyVfzAi5RItn1VgP9WyFeGDc46YGBF9
1CXhRWitd1Ez4LSbtQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:20 2024 by rpki-client on console-fra.rpki-client.org