Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Qt0fRgkcuG7FNWSvYfHqs3qPKVM.roa
File: Qt0fRgkcuG7FNWSvYfHqs3qPKVM.roa (raw, json)
Hash identifier: MVWYETIT+/N/fdHSMtfFp42jT0AclszFtSfuaU5Qhdk=
Subject key identifier: 42:DD:1F:46:09:1C:B8:6E:C5:35:64:AF:61:F1:EA:B3:7A:8F:29:53
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0186C910971C63CCDF0739D992752A51EFF4
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Qt0fRgkcuG7FNWSvYfHqs3qPKVM.roa
Signing time: Fri 10 Mar 2023 01:09:13 +0000
ROA not before: Fri 10 Mar 2023 01:09:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 82.97.240.0/20 maxlen: 24
5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
185.80.196.0/23 maxlen: 24
188.209.155.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
82.115.12.0/23 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:c9:10:97:1c:63:cc:df:07:39:d9:92:75:2a:51:ef:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Mar 10 01:09:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=42dd1f46091cb86ec53564af61f1eab37a8f2953
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:b0:bb:6d:5e:bd:ea:69:a8:a7:15:f3:c7:b7:
c3:a0:a6:15:c7:e4:e3:10:93:50:57:32:09:26:f8:
2c:62:58:51:e9:c0:ba:12:a2:d1:45:10:1e:6e:61:
32:96:7a:ce:8d:e6:14:36:cb:26:1d:5c:22:8e:11:
04:b1:90:2c:ad:d1:d8:52:94:e7:85:54:bd:08:a6:
af:6a:03:e5:e0:77:a5:ee:78:63:78:ab:5b:c0:88:
30:05:b5:50:98:34:98:62:13:4b:84:26:54:f7:70:
a2:d2:f7:4b:75:cc:2e:b2:31:2c:e7:0b:a4:29:2a:
22:90:2d:fe:13:8f:9c:4e:b9:f3:08:b9:5f:96:b3:
da:b0:66:8f:84:19:6f:ff:df:1b:8a:6f:5b:00:f8:
e9:02:73:6b:57:13:bd:06:5c:87:90:2d:73:1a:4f:
07:96:e2:a2:c7:7a:05:ab:f6:fb:19:f5:9a:f5:be:
20:a3:25:dd:fc:af:2e:04:1e:9e:f3:2d:84:32:4e:
15:af:6e:8f:03:09:5a:0a:3d:ac:ec:1e:8e:45:b5:
72:aa:ff:71:4c:a0:f6:8d:08:e1:61:af:50:bf:1b:
14:37:fd:ae:37:16:65:a5:1a:db:62:46:02:47:f3:
75:96:07:14:d1:fb:35:97:68:73:2a:b0:f7:0b:b2:
0b:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:DD:1F:46:09:1C:B8:6E:C5:35:64:AF:61:F1:EA:B3:7A:8F:29:53
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Qt0fRgkcuG7FNWSvYfHqs3qPKVM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
45.137.180.0/22
82.97.240.0/20
82.115.12.0/23
185.80.196.0/23
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
Signature Algorithm: sha256WithRSAEncryption
c6:e1:5d:c9:c6:51:02:7a:22:0e:1c:e9:68:31:ea:b5:36:52:
74:eb:28:21:5c:58:c2:a8:a7:99:f2:c7:6a:62:2a:0c:40:26:
26:10:28:ff:d6:ea:66:6f:77:43:7a:f2:f8:23:dd:83:18:af:
6b:b4:57:3f:58:f7:45:ce:a0:7a:7d:a1:a2:7d:aa:e1:de:25:
40:1c:a1:ad:ff:c2:66:b2:6c:92:c8:f7:6a:fc:bd:33:b5:fb:
27:c8:ae:3a:d5:96:7b:ee:22:17:5f:48:16:33:1f:a3:31:bd:
b4:d1:90:8e:6d:56:b9:46:1a:c3:30:a0:73:66:a6:d6:ad:84:
4c:c2:4e:cf:a9:69:c2:cf:a8:45:94:cd:03:3b:3b:f8:8b:c9:
e6:57:47:c1:bd:44:13:37:6b:bc:03:f6:f5:3e:b8:9f:8e:ff:
ee:66:45:6e:08:d3:c3:6d:50:4b:14:88:3d:9f:65:ee:ef:e2:
68:4c:a2:ea:fc:2a:3a:84:27:74:50:f2:06:a6:fa:09:1f:bf:
c4:0d:88:df:56:3e:7f:ae:51:37:86:3f:2f:08:23:a9:7a:44:
94:2d:76:e1:c8:85:00:ae:71:56:9d:3b:91:35:7a:84:de:70:
45:fd:cf:e7:96:f6:02:87:eb:0c:80:95:4f:3f:b7:36:e4:08:
75:33:ee:55
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYbJEJccY8zfBznZknUqUe/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMzEwMDEwOTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmRkMWY0NjA5MWNiODZlYzUzNTY0YWY2MWYxZWFiMzdhOGYyOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbC7bV696mmopxXzx7fDoKYVx+Tj
EJNQVzIJJvgsYlhR6cC6EqLRRRAebmEylnrOjeYUNssmHVwijhEEsZAsrdHYUpTn
hVS9CKavagPl4Hel7nhjeKtbwIgwBbVQmDSYYhNLhCZU93Ci0vdLdcwusjEs5wuk
KSoikC3+E4+cTrnzCLlflrPasGaPhBlv/98bim9bAPjpAnNrVxO9BlyHkC1zGk8H
luKix3oFq/b7GfWa9b4goyXd/K8uBB6e8y2EMk4Vr26PAwlaCj2s7B6ORbVyqv9x
TKD2jQjhYa9QvxsUN/2uNxZlpRrbYkYCR/N1lgcU0fs1l2hzKrD3C7ILuwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFELdH0YJHLhuxTVkr2Hx6rN6jylTMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUXQwZlJna2N1RzdGTldTdllmSHFzM3FQS1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBSLQAwQC
LYm0AwQEUmHwAwQBUnMMAwQBuVDEAwQCuYFsAwQCudzsAwQAvNGbMA0GCSqGSIb3
DQEBCwUAA4IBAQDG4V3JxlECeiIOHOloMeq1NlJ06yghXFjCqKeZ8sdqYioMQCYm
ECj/1upmb3dDevL4I92DGK9rtFc/WPdFzqB6faGifarh3iVAHKGt/8JmsmySyPdq
/L0ztfsnyK461ZZ77iIXX0gWMx+jMb200ZCObVa5RhrDMKBzZqbWrYRMwk7PqWnC
z6hFlM0DOzv4i8nmV0fBvUQTN2u8A/b1Prifjv/uZkVuCNPDbVBLFIg9n2Xu7+Jo
TKLq/Co6hCd0UPIGpvoJH7/EDYjfVj5/rlE3hj8vCCOpekSULXbhyIUArnFWnTuR
NXqE3nBF/c/nlvYCh+sMgJVPP7c25Ah1M+5V
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org