Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WQCx6NFvSeLY38NUZufcMf8ir4o.roa
File: WQCx6NFvSeLY38NUZufcMf8ir4o.roa (raw, json)
Hash identifier: jxKaNlGxXNh5ObC/m88JVGHLWkhuHOtvLSSqCFGDiys=
Subject key identifier: 59:00:B1:E8:D1:6F:49:E2:D8:DF:C3:54:66:E7:DC:31:FF:22:AF:8A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018DEE6CF9A466585D312F34288F9BF4D29E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WQCx6NFvSeLY38NUZufcMf8ir4o.roa
Signing time: Wed 28 Feb 2024 06:35:35 +0000
ROA not before: Wed 28 Feb 2024 06:35:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199605
IP address blocks: 45.129.84.0/24 maxlen: 24
171.22.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:ee:6c:f9:a4:66:58:5d:31:2f:34:28:8f:9b:f4:d2:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 28 06:35:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5900b1e8d16f49e2d8dfc35466e7dc31ff22af8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:46:0d:46:7c:ae:a9:e7:cb:0f:8f:4e:14:f7:
36:a6:28:f9:53:19:44:1d:d2:f7:e6:20:e5:88:1c:
d3:35:fb:bb:5c:38:83:db:a5:58:9a:3a:70:cb:19:
79:8c:00:9f:3b:38:d3:10:d5:92:bc:45:c4:c5:dd:
fe:c2:cc:7f:d2:dd:53:83:58:da:cc:c9:43:64:b7:
74:0a:9d:27:da:6b:d7:f6:52:5c:ba:7b:78:ab:e7:
67:9e:9c:c0:af:2b:ea:07:b9:53:57:f8:64:a6:8e:
fa:b4:07:8f:60:16:98:76:3d:b5:19:ba:77:9a:f9:
b7:39:f4:7c:8f:5e:ba:34:fe:f1:fa:a9:9c:45:20:
1e:eb:de:11:01:98:b1:e4:e7:e1:d9:9d:db:6b:72:
b9:f0:6c:ac:66:3d:c9:7a:08:6a:bc:ed:e5:d5:9f:
fb:6c:10:75:3a:6b:cb:d1:38:20:38:a6:92:38:fd:
a2:65:03:44:15:6d:74:12:73:ee:07:30:30:55:e9:
d3:fc:65:36:2a:15:28:6a:6b:b0:52:fc:ed:ce:9a:
3e:70:24:5b:73:fe:38:2d:66:5c:91:c5:48:40:54:
ac:d5:ef:ab:53:58:eb:e1:ce:93:72:02:ee:42:d7:
7d:1a:fc:16:38:8b:d3:fb:76:e3:84:99:21:d5:dd:
ae:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:00:B1:E8:D1:6F:49:E2:D8:DF:C3:54:66:E7:DC:31:FF:22:AF:8A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WQCx6NFvSeLY38NUZufcMf8ir4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.84.0/24
171.22.31.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:fc:43:3c:93:85:02:53:55:99:b1:84:3c:5c:b4:a7:ec:9d:
06:d8:3d:f3:49:28:fd:a2:80:98:e4:77:4c:a1:f8:da:c8:1f:
c9:80:68:4e:81:dc:3d:6c:80:99:d0:97:92:25:0a:6a:38:13:
a9:29:8e:27:d5:ed:9d:92:ec:11:b0:0d:84:48:b4:df:72:aa:
f8:26:ce:f4:59:8d:db:94:91:5f:04:f6:bb:c5:da:f9:da:1b:
b5:09:34:b0:7a:52:08:9f:46:8e:5f:a5:e7:13:ed:66:40:48:
df:fd:42:5d:15:23:69:36:c7:21:4a:5f:c2:32:b5:a7:ae:94:
4d:42:70:b5:0f:92:2d:34:86:1d:50:96:b3:f4:ef:7a:3f:4c:
31:56:e4:bd:96:23:8f:d2:7b:74:9e:3c:f8:85:09:71:cf:09:
11:06:3c:fa:a7:ea:16:fc:df:52:ea:6d:74:3b:44:ff:40:a6:
7b:06:e9:9b:e2:a6:78:de:94:cb:9e:1c:f2:4d:a0:bf:fe:fc:
88:d4:56:42:6d:cc:af:20:5f:0d:b4:f7:49:0b:34:ac:f2:06:
af:f5:94:a6:fc:ad:82:b8:22:3e:05:3b:98:a0:47:e6:73:c0:
03:56:51:fc:8d:32:23:ae:06:1d:a6:70:ee:89:eb:b5:fd:dd:
01:9c:2b:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3ubPmkZlhdMS80KI+b9NKeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjI4MDYzNTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTAwYjFlOGQxNmY0OWUyZDhkZmMzNTQ2NmU3ZGMzMWZmMjJhZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUYNRnyuqefLD49OFPc2pij5UxlE
HdL35iDliBzTNfu7XDiD26VYmjpwyxl5jACfOzjTENWSvEXExd3+wsx/0t1Tg1ja
zMlDZLd0Cp0n2mvX9lJcunt4q+dnnpzAryvqB7lTV/hkpo76tAePYBaYdj21Gbp3
mvm3OfR8j166NP7x+qmcRSAe694RAZix5Ofh2Z3ba3K58GysZj3JeghqvO3l1Z/7
bBB1OmvL0TggOKaSOP2iZQNEFW10EnPuBzAwVenT/GU2KhUoamuwUvztzpo+cCRb
c/44LWZckcVIQFSs1e+rU1jr4c6TcgLuQtd9GvwWOIvT+3bjhJkh1d2uzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFkAsejRb0ni2N/DVGbn3DH/Iq+KMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV1FDeDZORnZTZUxZMzhOVVp1ZmNNZjhpcjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYFUAwQA
qxYfMA0GCSqGSIb3DQEBCwUAA4IBAQA8/EM8k4UCU1WZsYQ8XLSn7J0G2D3zSSj9
ooCY5HdMofjayB/JgGhOgdw9bICZ0JeSJQpqOBOpKY4n1e2dkuwRsA2ESLTfcqr4
Js70WY3blJFfBPa7xdr52hu1CTSwelIIn0aOX6XnE+1mQEjf/UJdFSNpNschSl/C
MrWnrpRNQnC1D5ItNIYdUJaz9O96P0wxVuS9liOP0nt0njz4hQlxzwkRBjz6p+oW
/N9S6m10O0T/QKZ7Bumb4qZ43pTLnhzyTaC//vyI1FZCbcyvIF8NtPdJCzSs8gav
9ZSm/K2CuCI+BTuYoEfmc8ADVlH8jTIjrgYdpnDuieu1/d0BnCsR
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org