Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/kqaujv0fUojBvKPyClAnKomHqBM.roa
File: kqaujv0fUojBvKPyClAnKomHqBM.roa (raw, json)
Hash identifier: VRR2n6MVQONYyIb0kX8+YD9qt+uWCZ47GdKJ7GOulLc=
Subject key identifier: 92:A6:AE:8E:FD:1F:52:88:C1:BC:A3:F2:0A:50:27:2A:89:87:A8:13
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018D174E2710FD0101BE724B4332E93BD191
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/kqaujv0fUojBvKPyClAnKomHqBM.roa
Signing time: Wed 17 Jan 2024 12:03:34 +0000
ROA not before: Wed 17 Jan 2024 12:03:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206509
IP address blocks: 91.85.0.0/17 maxlen: 17
91.85.128.0/19 maxlen: 19
91.85.192.0/18 maxlen: 18
194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:17:4e:27:10:fd:01:01:be:72:4b:43:32:e9:3b:d1:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 17 12:03:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=92a6ae8efd1f5288c1bca3f20a50272a8987a813
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:8a:94:9e:37:c9:3d:14:22:60:8b:b8:82:55:
c3:93:31:f4:53:92:76:99:38:17:6d:d7:a5:d4:9b:
83:92:0b:f4:ea:19:07:8b:07:76:a6:c6:bd:d7:06:
0c:ed:93:e3:44:3b:e8:5a:f7:2a:05:18:30:9c:2e:
2a:3a:38:be:4c:94:16:74:fb:fa:42:39:f5:d9:15:
70:e3:9c:c2:97:a6:40:4e:bb:93:69:75:6c:ab:ff:
18:1c:18:40:5e:ca:32:88:42:04:1d:c2:c3:81:ab:
4b:96:b5:62:69:87:f3:dc:b3:64:26:90:e3:40:7f:
03:b0:94:e6:eb:fd:bd:d1:68:7c:f7:7d:80:ba:58:
e8:e0:cc:cb:9e:07:33:b0:73:15:7e:9a:bf:03:3d:
36:a0:85:ec:20:ec:f1:72:c3:99:92:7c:08:e8:56:
f5:7e:e0:3b:ee:fd:20:27:21:ca:46:7d:7a:cb:fc:
28:2d:c6:a8:56:e9:5b:51:ae:d6:a0:8e:2c:e4:50:
c3:78:10:05:c1:92:22:30:ea:3d:1f:b1:f0:af:8f:
1f:ff:21:a0:72:a5:bf:89:de:9b:c4:f3:16:70:82:
06:c8:3b:16:83:c8:4b:70:1f:e9:3e:cd:3d:c0:64:
6a:69:86:f3:45:a2:0f:ed:de:10:0e:91:de:48:89:
9a:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:A6:AE:8E:FD:1F:52:88:C1:BC:A3:F2:0A:50:27:2A:89:87:A8:13
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/kqaujv0fUojBvKPyClAnKomHqBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.85.0.0-91.85.159.255
91.85.192.0/18
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
41:53:84:69:98:ee:52:57:5b:96:36:eb:b5:99:72:3b:87:b7:
4f:5c:7f:f5:56:7d:05:da:b4:9e:3f:4a:84:3e:24:db:2e:f8:
d2:ac:14:09:cb:25:42:1b:74:cc:4d:e3:f8:bd:43:b6:fb:5f:
e9:59:6b:e3:89:46:35:c1:bb:17:9b:a0:bc:e5:35:5f:73:ab:
1e:97:1f:ab:a1:4d:4a:93:99:33:49:16:be:ff:3d:d7:06:48:
13:a6:9d:41:d0:26:60:49:4b:90:20:63:69:7f:05:35:a2:e2:
2d:cc:e1:dc:5f:c7:85:ce:a2:35:9d:4d:ae:84:de:1a:70:fa:
45:e9:21:17:e2:6f:01:b1:ee:06:f1:a5:e1:16:52:0e:90:97:
19:ae:d7:5f:fa:ee:92:f2:c4:6e:ce:65:30:d8:7e:ea:15:77:
97:33:2e:53:5e:5a:2a:52:58:a3:6b:d2:6e:f8:83:9a:35:05:
8b:47:82:70:63:4f:2f:a6:3b:cc:0c:21:a0:6b:5d:3c:af:43:
ce:bc:9d:a4:84:90:f5:ac:29:10:00:b5:d7:8a:82:6b:05:b5:
02:17:5d:50:c8:c2:a7:e4:aa:68:37:be:b4:43:35:33:84:df:
a2:36:0d:9c:88:ac:d5:2d:66:43:d0:38:ac:1e:7d:d2:b8:81:
01:b4:20:23
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAY0XTicQ/QEBvnJLQzLpO9GRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTE3MTIwMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmE2YWU4ZWZkMWY1Mjg4YzFiY2EzZjIwYTUwMjcyYTg5ODdhODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIqUnjfJPRQiYIu4glXDkzH0U5J2
mTgXbdel1JuDkgv06hkHiwd2psa91wYM7ZPjRDvoWvcqBRgwnC4qOji+TJQWdPv6
Qjn12RVw45zCl6ZATruTaXVsq/8YHBhAXsoyiEIEHcLDgatLlrViaYfz3LNkJpDj
QH8DsJTm6/290Wh8932Auljo4MzLngczsHMVfpq/Az02oIXsIOzxcsOZknwI6Fb1
fuA77v0gJyHKRn16y/woLcaoVulbUa7WoI4s5FDDeBAFwZIiMOo9H7Hwr48f/yGg
cqW/id6bxPMWcIIGyDsWg8hLcB/pPs09wGRqaYbzRaIP7d4QDpHeSImavQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFJKmro79H1KIwbyj8gpQJyqJh6gTMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEva3FhdWp2MGZVb2pCdktQeUNsQW5Lb21IcUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1MAsDAwBbVQME
BVtVgAMEBltVwDAMAwQFwi4gAwQFwi5AAwQF1GiAMAwDBATUbFADBALUbFgwDQYJ
KoZIhvcNAQELBQADggEBAEFThGmY7lJXW5Y267WZcjuHt09cf/VWfQXatJ4/SoQ+
JNsu+NKsFAnLJUIbdMxN4/i9Q7b7X+lZa+OJRjXBuxeboLzlNV9zqx6XH6uhTUqT
mTNJFr7/PdcGSBOmnUHQJmBJS5AgY2l/BTWi4i3M4dxfx4XOojWdTa6E3hpw+kXp
IRfibwGx7gbxpeEWUg6Qlxmu11/67pLyxG7OZTDYfuoVd5czLlNeWipSWKNr0m74
g5o1BYtHgnBjTy+mO8wMIaBrXTyvQ868naSEkPWsKRAAtdeKgmsFtQIXXVDIwqfk
qmg3vrRDNTOE36I2DZyIrNUtZkPQOKwefdK4gQG0ICM=
-----END CERTIFICATE-----
Generated at Sun Apr 20 20:59:05 2025 by rpki-client