Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/QR7legixHkuwE3_ydU7kYzjTtr0.roa
File: QR7legixHkuwE3_ydU7kYzjTtr0.roa (raw, json)
Hash identifier: ruPJYVOWWxXi8pSRNs1ZTV1oCUK8LZ60pcEcuA6Oveo=
Subject key identifier: 41:1E:E5:7A:08:B1:1E:4B:B0:13:7F:F2:75:4E:E4:63:38:D3:B6:BD
Certificate issuer: /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial: 01856F42AA000FA78EE657AD0DFE68D53F43
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/QR7legixHkuwE3_ydU7kYzjTtr0.roa
Signing time: Sun 01 Jan 2023 21:35:17 +0000
ROA not before: Sun 01 Jan 2023 21:35:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 398107
IP address blocks: 92.204.96.0/21 maxlen: 24
2a01:488:bb0d::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:42:aa:00:0f:a7:8e:e6:57:ad:0d:fe:68:d5:3f:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Validity
Not Before: Jan 1 21:35:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=411ee57a08b11e4bb0137ff2754ee46338d3b6bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:87:49:d4:a9:ed:3b:96:20:a8:d8:f0:b9:c3:
a6:50:e8:71:b5:c1:f5:af:c8:b5:6b:1c:3b:9a:c7:
96:c5:fc:b2:df:c9:76:0c:72:f1:48:fc:a6:18:22:
4d:b4:db:b5:af:68:a1:99:9b:91:71:df:70:ae:06:
01:2b:19:7f:77:5e:04:1b:30:a7:fb:bb:09:c3:4c:
81:4c:33:c8:c7:cc:76:a8:7d:48:fd:10:ec:db:14:
56:3f:42:e0:1d:0a:36:ff:97:bd:1b:15:b4:47:58:
83:e4:57:f7:1f:a5:dc:6e:e2:b0:da:9d:81:1b:4c:
ec:ee:02:07:94:4d:4f:51:6e:a1:6e:41:aa:32:11:
0b:89:e7:59:da:28:ec:79:06:3d:8a:76:74:e2:da:
a7:49:27:ec:43:5e:bd:a8:f1:29:30:2d:8e:8c:40:
d6:51:ac:d6:d1:79:f8:7b:d4:e5:9f:4d:31:48:57:
6b:90:0a:7c:35:b2:e0:9f:b4:e4:e0:5e:fd:7e:05:
d6:60:43:0e:8a:3e:a0:7a:17:df:e6:36:e2:dd:c9:
9b:b0:fd:24:65:0d:8e:15:b2:24:58:08:07:84:da:
2a:0a:66:a0:c8:2a:0d:b5:4c:7b:91:5c:f1:89:7d:
14:f4:e4:49:4a:0b:7c:7e:a7:7d:9b:75:b7:b4:dd:
33:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:1E:E5:7A:08:B1:1E:4B:B0:13:7F:F2:75:4E:E4:63:38:D3:B6:BD
X509v3 Authority Key Identifier:
keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/QR7legixHkuwE3_ydU7kYzjTtr0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.204.96.0/21
IPv6:
2a01:488:bb0d::/48
Signature Algorithm: sha256WithRSAEncryption
3a:89:d4:fa:0f:da:5f:ac:c0:18:92:c0:35:1d:32:fc:86:af:
1f:e4:9c:d7:ca:5e:da:52:48:6f:2c:d1:4d:ce:e2:ff:42:9d:
97:30:d3:04:0c:47:18:cc:cc:97:c1:5d:2e:b2:05:9a:db:23:
1f:f2:d9:1e:2f:53:5d:3e:28:08:e8:f5:f7:cd:63:cc:83:a0:
60:71:dd:63:46:a2:16:18:cf:0f:3d:52:97:58:31:0b:f2:88:
d7:ab:4c:95:03:7d:c5:75:66:d0:4c:e2:34:1a:18:a5:45:0a:
3b:17:00:a0:9a:57:6f:53:33:f1:b0:95:3a:53:c7:9c:7d:38:
6a:81:08:45:d3:18:70:df:a3:54:a8:67:16:d1:38:b1:bb:6d:
4b:f7:d4:95:9f:d8:1f:9f:b0:86:db:7f:80:c9:ba:cc:ac:8b:
51:b9:8e:8d:4f:f4:48:46:01:a8:d8:42:70:bc:ef:5a:6a:fe:
79:fb:7c:18:db:83:30:da:0b:13:d4:65:7a:8e:40:c0:3f:0b:
22:58:01:3d:5d:91:18:a6:39:3d:5f:de:10:fb:f6:87:bb:a4:
bd:da:18:78:1c:3d:de:da:5e:35:78:87:c5:5d:a9:ed:be:e6:
d0:44:c4:03:47:05:65:0f:cc:8c:2b:d1:d1:e3:9d:65:fa:63:
57:85:33:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVvQqoAD6eO5letDf5o1T9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjMwMTAxMjEzNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFlZTU3YTA4YjExZTRiYjAxMzdmZjI3NTRlZTQ2MzM4ZDNiNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA74dJ1KntO5YgqNjwucOmUOhxtcH1
r8i1axw7mseWxfyy38l2DHLxSPymGCJNtNu1r2ihmZuRcd9wrgYBKxl/d14EGzCn
+7sJw0yBTDPIx8x2qH1I/RDs2xRWP0LgHQo2/5e9GxW0R1iD5Ff3H6XcbuKw2p2B
G0zs7gIHlE1PUW6hbkGqMhELiedZ2ijseQY9inZ04tqnSSfsQ169qPEpMC2OjEDW
UazW0Xn4e9Tln00xSFdrkAp8NbLgn7Tk4F79fgXWYEMOij6gehff5jbi3cmbsP0k
ZQ2OFbIkWAgHhNoqCmagyCoNtUx7kVzxiX0U9ORJSgt8fqd9m3W3tN0zGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEEe5XoIsR5LsBN/8nVO5GM407a9MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvUVI3bGVnaXhIa3V3RTNfeWRVN2tZempUdHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDXMxgMA8E
AgACMAkDBwAqAQSIuw0wDQYJKoZIhvcNAQELBQADggEBADqJ1PoP2l+swBiSwDUd
MvyGrx/knNfKXtpSSG8s0U3O4v9CnZcw0wQMRxjMzJfBXS6yBZrbIx/y2R4vU10+
KAjo9ffNY8yDoGBx3WNGohYYzw89UpdYMQvyiNerTJUDfcV1ZtBM4jQaGKVFCjsX
AKCaV29TM/GwlTpTx5x9OGqBCEXTGHDfo1SoZxbROLG7bUv31JWf2B+fsIbbf4DJ
usysi1G5jo1P9EhGAajYQnC871pq/nn7fBjbgzDaCxPUZXqOQMA/CyJYAT1dkRim
OT1f3hD79oe7pL3aGHgcPd7aXjV4h8Vdqe2+5tBExANHBWUPzIwr0dHjnWX6Y1eF
M5M=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:03 2024 by rpki-client on console-fra.rpki-client.org