Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QZAawKLrdwKcx8o3Zs7j1jVPlDA.roa
File: QZAawKLrdwKcx8o3Zs7j1jVPlDA.roa (raw, json)
Hash identifier: XlLazx+75N480FsTCOa/Evlez0fZffM1rcTf9O4RpyM=
Subject key identifier: 41:90:1A:C0:A2:EB:77:02:9C:C7:CA:37:66:CE:E3:D6:35:4F:94:30
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01852AFEE1EBF0F0041B4295BB6D027A1F30
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QZAawKLrdwKcx8o3Zs7j1jVPlDA.roa
Signing time: Mon 19 Dec 2022 15:27:05 +0000
ROA not before: Mon 19 Dec 2022 15:27:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 87.121.124.0/23 maxlen: 24
164.40.185.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2a:fe:e1:eb:f0:f0:04:1b:42:95:bb:6d:02:7a:1f:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 19 15:27:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=41901ac0a2eb77029cc7ca3766cee3d6354f9430
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:fa:67:30:c6:c9:df:6e:20:4f:e7:a1:79:43:
f2:66:95:04:e8:b6:16:c7:8b:73:fd:81:e8:89:e7:
7d:e5:c9:6e:c0:f5:84:3f:c8:70:c1:75:50:e2:c6:
b0:45:38:f9:95:42:1a:53:dc:44:3d:19:10:53:23:
83:83:e0:f0:3e:26:fa:75:90:ab:6a:1e:a5:99:c3:
b3:c3:0d:be:40:48:60:09:ec:e6:4f:96:5f:3a:c6:
7a:3a:18:11:57:ba:a6:7b:81:bf:18:60:7d:f6:16:
fb:21:49:b8:89:26:ef:62:d0:85:1f:5b:61:65:2d:
6a:f1:71:47:db:85:d0:f6:e5:f8:26:d9:b2:b3:b9:
a9:8a:29:54:1e:d8:5c:3c:1c:34:2f:03:83:d6:0a:
f4:94:71:c2:93:fb:16:05:87:e6:c1:23:47:c3:8d:
b1:ad:b6:e2:bf:f2:82:7c:ff:8f:fe:32:66:e1:6a:
f3:8d:c4:70:93:38:b7:eb:7a:9c:95:f9:c9:0b:6f:
57:ce:1b:de:a6:c9:e0:80:b3:57:bc:86:76:a9:e8:
2f:df:75:58:91:d3:91:21:fd:87:9b:27:04:c2:b9:
11:a8:42:c7:9c:79:fe:c0:e2:d0:30:24:d7:66:a6:
ed:87:54:0a:3a:e1:a1:cd:7b:97:79:a8:5c:a0:48:
03:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:90:1A:C0:A2:EB:77:02:9C:C7:CA:37:66:CE:E3:D6:35:4F:94:30
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QZAawKLrdwKcx8o3Zs7j1jVPlDA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.124.0/23
94.154.161.0-94.154.163.255
164.40.185.0/24
185.218.137.0/24
185.219.126.0/24
194.48.248.0/24
Signature Algorithm: sha256WithRSAEncryption
39:8f:7b:2a:9e:9a:41:eb:e0:11:70:9d:9a:39:d8:c4:c4:58:
d6:eb:03:4e:2e:ba:31:24:a0:8c:7a:09:51:47:ac:c3:b6:e7:
57:23:f8:45:bb:da:56:52:1a:35:10:be:d3:f2:39:58:49:b2:
22:e7:7d:09:c0:38:e5:a0:26:11:5d:44:8f:af:ad:c7:f8:fe:
24:96:54:67:05:82:41:14:7b:69:76:ea:e1:01:0c:c7:e0:f4:
8e:2c:94:e7:78:39:a8:6e:af:8c:57:01:76:b1:26:b5:70:8d:
6c:c6:e6:dc:fe:f6:3e:5a:24:b2:ae:c8:7a:e0:b0:31:da:96:
e3:8b:8e:7d:c5:c0:cc:6d:b0:cf:8a:b1:0a:b3:cb:e1:86:13:
3d:20:85:74:c8:38:90:99:41:22:56:9d:9b:86:f2:60:10:4d:
6a:6b:f6:c4:bc:e2:6e:2a:04:e8:9d:84:30:73:3d:e9:88:7c:
97:ba:3d:cb:68:4b:cb:08:3b:c5:59:3e:68:e6:e3:31:87:25:
2b:f4:b2:4b:84:89:9e:28:0e:ea:b1:a3:4c:5f:3b:ab:b6:0f:
ff:4c:eb:22:e7:a8:93:d2:c9:5c:e0:e4:07:ae:5e:c1:db:43:
f4:45:ac:d7:4a:4f:91:97:f7:02:8d:69:13:d3:2d:4f:7e:76:
6c:cc:c5:5a
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYUq/uHr8PAEG0KVu20Ceh8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjE5MTUyNzA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTkwMWFjMGEyZWI3NzAyOWNjN2NhMzc2NmNlZTNkNjM1NGY5NDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvpnMMbJ324gT+eheUPyZpUE6LYW
x4tz/YHoied95cluwPWEP8hwwXVQ4sawRTj5lUIaU9xEPRkQUyODg+DwPib6dZCr
ah6lmcOzww2+QEhgCezmT5ZfOsZ6OhgRV7qme4G/GGB99hb7IUm4iSbvYtCFH1th
ZS1q8XFH24XQ9uX4Jtmys7mpiilUHthcPBw0LwOD1gr0lHHCk/sWBYfmwSNHw42x
rbbiv/KCfP+P/jJm4WrzjcRwkzi363qclfnJC29XzhvepsnggLNXvIZ2qegv33VY
kdORIf2HmycEwrkRqELHnHn+wOLQMCTXZqbth1QKOuGhzXuXeahcoEgDOwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFEGQGsCi63cCnMfKN2bO49Y1T5QwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUVpBYXdLTHJkd0tjeDhvM1pzN2oxalZQbERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBV3l8MAwD
BABemqEDBAJemqADBACkKLkDBAC52okDBAC5234DBADCMPgwDQYJKoZIhvcNAQEL
BQADggEBADmPeyqemkHr4BFwnZo52MTEWNbrA04uujEkoIx6CVFHrMO251cj+EW7
2lZSGjUQvtPyOVhJsiLnfQnAOOWgJhFdRI+vrcf4/iSWVGcFgkEUe2l26uEBDMfg
9I4slOd4Oahur4xXAXaxJrVwjWzG5tz+9j5aJLKuyHrgsDHaluOLjn3FwMxtsM+K
sQqzy+GGEz0ghXTIOJCZQSJWnZuG8mAQTWpr9sS84m4qBOidhDBzPemIfJe6Pcto
S8sIO8VZPmjm4zGHJSv0skuEiZ4oDuqxo0xfO6u2D/9M6yLnqJPSyVzg5AeuXsHb
Q/RFrNdKT5GX9wKNaRPTLU9+dmzMxVo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org