Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QzUthlWO0jwQ21H9m-WQsvOeiAQ.roa
File: QzUthlWO0jwQ21H9m-WQsvOeiAQ.roa (raw, json)
Hash identifier: lic1oiuzL6KzcCFg42SFtZAHOxkEuAcW8ligiBRRgwo=
Subject key identifier: 43:35:2D:86:55:8E:D2:3C:10:DB:51:FD:9B:E5:90:B2:F3:9E:88:04
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0185966945E31128E297166756C39F22FFB5
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QzUthlWO0jwQ21H9m-WQsvOeiAQ.roa
Signing time: Mon 09 Jan 2023 12:02:39 +0000
ROA not before: Mon 09 Jan 2023 12:02:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 395800
IP address blocks: 85.92.109.0/24 maxlen: 24
194.5.92.0/24 maxlen: 24
109.236.58.0/24 maxlen: 24
91.107.116.0/24 maxlen: 24
194.31.174.0/24 maxlen: 24
194.31.173.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:96:69:45:e3:11:28:e2:97:16:67:56:c3:9f:22:ff:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 9 12:02:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43352d86558ed23c10db51fd9be590b2f39e8804
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:01:0b:8a:1d:43:f8:21:6d:75:dd:d1:a7:51:
58:ea:38:d4:5c:f6:54:a8:fb:f6:68:5c:b4:cf:fe:
e3:2c:8a:79:fd:78:5c:cb:c2:1c:2f:ca:09:8a:78:
cb:27:59:4e:08:78:bc:e9:8f:eb:db:94:d8:ba:c1:
81:dc:21:fd:31:67:ca:cb:e8:85:53:b1:5b:89:3f:
5d:e1:e3:07:2e:74:5e:6b:63:98:fe:e4:b1:3a:7a:
51:65:bf:e1:da:81:78:87:0e:ab:4d:ef:45:19:50:
1d:59:c6:8b:a5:8e:5a:1a:06:89:3e:5e:58:bd:fb:
a4:19:57:01:da:96:d7:70:1b:c3:65:f8:0d:b3:3b:
45:a4:a9:69:51:3b:64:ec:b7:31:8a:6c:f8:98:e7:
73:09:0f:84:92:7b:74:f3:9c:35:ed:6b:fb:9d:6c:
82:69:c1:1d:cf:1f:39:be:c9:17:c4:f2:6c:cc:47:
40:41:d4:e7:d7:ef:48:36:82:f9:70:6b:71:02:0f:
07:ba:63:92:0c:15:a7:ae:90:6e:23:bf:16:d7:44:
73:6b:31:98:fe:5f:f6:d5:bd:6c:a2:7c:45:e5:21:
e8:a4:37:5a:20:d8:67:eb:87:15:3b:06:80:0c:47:
14:16:a5:21:22:c7:04:dd:86:a5:ee:d9:3f:a6:8c:
6b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:35:2D:86:55:8E:D2:3C:10:DB:51:FD:9B:E5:90:B2:F3:9E:88:04
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QzUthlWO0jwQ21H9m-WQsvOeiAQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.92.109.0/24
91.107.116.0/24
109.236.58.0/24
194.5.92.0/24
194.31.173.0-194.31.174.255
Signature Algorithm: sha256WithRSAEncryption
16:d1:19:99:0c:6e:56:c4:2c:6e:90:89:fd:56:95:3e:54:92:
3b:a4:8d:57:76:59:55:90:c1:07:53:95:a2:cc:6a:b9:82:58:
ef:a6:51:d9:62:7d:25:2f:09:7c:31:4e:42:53:4d:e2:bf:6a:
00:d2:0f:11:50:6d:fa:a4:53:7f:7e:37:15:76:fd:a9:78:3f:
11:f2:5c:d3:d8:e6:10:a8:d4:d4:69:4d:98:a0:d3:8a:ae:43:
56:73:40:20:d1:09:f4:18:57:53:e1:7b:a7:d4:59:1a:dd:82:
00:01:dc:a4:81:f2:d3:bc:c8:6e:3f:36:e1:4e:5f:a9:2a:8d:
4b:7d:5a:7c:eb:be:be:3f:f6:51:9e:bc:87:ac:37:84:7b:51:
5e:50:c0:03:c2:da:a8:b6:14:a7:e7:dd:8f:99:63:bb:ab:19:
78:50:b3:4d:e0:ca:30:58:23:2b:74:d9:8d:e2:27:59:8f:72:
18:a9:b4:c1:ca:59:72:31:f4:09:52:0b:3b:a3:f5:30:5d:bb:
80:15:bc:e0:6e:d5:76:09:08:65:61:f6:54:ee:5c:ac:f2:bb:
dd:6d:5c:81:56:bf:30:69:93:da:b2:b9:96:a3:54:c2:02:91:
fa:58:5c:24:29:8d:d4:d6:bb:ea:c4:89:5b:55:ba:43:9b:39:
37:4a:e2:cd
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYWWaUXjESjilxZnVsOfIv+1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTA5MTIwMjM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM1MmQ4NjU1OGVkMjNjMTBkYjUxZmQ5YmU1OTBiMmYzOWU4ODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQELih1D+CFtdd3Rp1FY6jjUXPZU
qPv2aFy0z/7jLIp5/Xhcy8IcL8oJinjLJ1lOCHi86Y/r25TYusGB3CH9MWfKy+iF
U7FbiT9d4eMHLnRea2OY/uSxOnpRZb/h2oF4hw6rTe9FGVAdWcaLpY5aGgaJPl5Y
vfukGVcB2pbXcBvDZfgNsztFpKlpUTtk7Lcximz4mOdzCQ+Eknt085w17Wv7nWyC
acEdzx85vskXxPJszEdAQdTn1+9INoL5cGtxAg8HumOSDBWnrpBuI78W10RzazGY
/l/21b1sonxF5SHopDdaINhn64cVOwaADEcUFqUhIscE3Yal7tk/poxr/wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFEM1LYZVjtI8ENtR/ZvlkLLznogEMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvUXpVdGhsV08wandRMjFIOW0tV1Fzdk9laUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAVVxtAwQA
W2t0AwQAbew6AwQAwgVcMAwDBADCH60DBADCH64wDQYJKoZIhvcNAQELBQADggEB
ABbRGZkMblbELG6Qif1WlT5UkjukjVd2WVWQwQdTlaLMarmCWO+mUdlifSUvCXwx
TkJTTeK/agDSDxFQbfqkU39+NxV2/al4PxHyXNPY5hCo1NRpTZig04quQ1ZzQCDR
CfQYV1Phe6fUWRrdggAB3KSB8tO8yG4/NuFOX6kqjUt9Wnzrvr4/9lGevIesN4R7
UV5QwAPC2qi2FKfn3Y+ZY7urGXhQs03gyjBYIyt02Y3iJ1mPchiptMHKWXIx9AlS
Czuj9TBdu4AVvOBu1XYJCGVh9lTuXKzyu91tXIFWvzBpk9qyuZajVMICkfpYXCQp
jdTWu+rEiVtVukObOTdK4s0=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:54 2023 by rpki-client on console-fra.rpki-client.org