Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/q2qtOtsF8cnMj70i0RptX9AireM.roa
File: q2qtOtsF8cnMj70i0RptX9AireM.roa (raw, json)
Hash identifier: lWRlL+1wYPxju2Gsq7a5XpdQLUMlzh+mVVmqLBukdIg=
Subject key identifier: AB:6A:AD:3A:DB:05:F1:C9:CC:8F:BD:22:D1:1A:6D:5F:D0:22:AD:E3
Certificate issuer: /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial: 018737DFEBD0DFAB2DDA80B6D5930704BD52
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/q2qtOtsF8cnMj70i0RptX9AireM.roa
Signing time: Fri 31 Mar 2023 13:33:54 +0000
ROA not before: Fri 31 Mar 2023 13:33:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7029
IP address blocks: 185.232.86.0/23 maxlen: 23
45.134.178.0/23 maxlen: 23
2a0c:fe07::/32 maxlen: 32
2a0e:cbc2::/32 maxlen: 32
2a0c:fe06::/32 maxlen: 32
2a0e:cbc1::/32 maxlen: 32
2a0e:cbc0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:37:df:eb:d0:df:ab:2d:da:80:b6:d5:93:07:04:bd:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Validity
Not Before: Mar 31 13:33:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ab6aad3adb05f1c9cc8fbd22d11a6d5fd022ade3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:95:92:58:d0:c4:80:51:82:7d:66:9e:96:f7:
59:3c:58:d0:a2:ea:f0:07:98:a6:35:37:93:8e:8d:
9b:82:a1:fb:e2:e3:a8:a8:f8:a8:ad:de:ae:22:c4:
c9:86:90:90:ab:85:36:b2:3e:05:ad:d3:3c:29:fa:
de:dd:e3:13:f3:35:5e:86:5f:99:15:01:d8:64:3b:
4c:8a:4b:55:ce:4d:24:bb:fa:4a:d2:cf:57:9e:b7:
ce:8f:68:8f:5c:f6:61:30:4f:13:bd:55:b9:9c:d2:
d8:96:52:bf:a9:42:8d:f0:0c:10:4b:09:5a:c9:ad:
80:af:0f:dd:8e:c6:2a:b3:03:d6:be:3b:08:09:06:
17:c0:14:bd:f6:a0:a7:30:9e:0b:06:dd:bb:29:34:
68:2e:2b:72:a0:2d:b1:44:85:c6:83:31:47:34:a8:
81:bb:89:7f:56:b6:94:7a:d2:13:55:62:31:08:ce:
ff:09:10:28:1a:d4:4c:76:2b:0c:df:f8:08:2c:29:
f2:82:fd:21:70:6a:0a:73:61:64:40:ca:42:ea:77:
2f:14:4c:9c:b2:7e:3b:5c:5e:1c:d5:b1:e5:48:67:
8b:5d:5d:21:e0:90:7d:32:43:84:39:54:69:67:43:
ff:45:f7:ac:0c:19:6a:65:3e:49:67:25:3e:b3:bd:
14:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:6A:AD:3A:DB:05:F1:C9:CC:8F:BD:22:D1:1A:6D:5F:D0:22:AD:E3
X509v3 Authority Key Identifier:
keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/q2qtOtsF8cnMj70i0RptX9AireM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.134.178.0/23
185.232.86.0/23
IPv6:
2a0c:fe06::/31
2a0e:cbc0::-2a0e:cbc2:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
1d:49:09:be:78:21:14:bc:22:1a:1e:6c:41:ac:1a:57:73:7f:
b8:31:b2:6e:21:e3:e3:83:85:de:c4:29:a8:8a:29:f0:6f:9f:
ce:b0:f4:1c:4e:eb:ca:b7:4e:b6:f1:fc:1a:23:59:57:83:5a:
d7:d0:19:d9:e3:ba:57:5d:4e:90:4c:09:86:6e:9f:1b:19:ce:
ba:4e:71:6b:3e:0b:b9:47:5e:63:71:db:b8:2b:05:21:0a:36:
6d:82:7a:df:f8:8f:60:2e:d7:69:73:97:f6:1f:cc:5a:dd:44:
51:a5:21:9e:e0:80:d1:ed:9c:79:06:93:0e:9d:db:04:eb:59:
00:02:a5:86:d7:4c:1e:60:18:25:d6:7c:a9:6a:b8:c6:80:74:
74:7f:a4:0d:af:e1:e6:2b:e8:fc:d7:16:28:08:53:6a:74:9e:
48:a8:0c:86:de:a7:a4:a8:9f:b7:c5:ed:b8:3b:b7:09:ea:d0:
27:09:5e:e0:13:ae:7e:d7:10:1f:a3:da:a5:ff:4e:3f:03:c9:
b7:b7:7e:76:38:13:ce:31:c6:d5:67:a3:b9:1f:94:86:9e:f1:
fb:a9:79:6f:a3:fc:12:16:8a:88:8b:eb:13:5a:b9:18:ba:9a:
3c:a5:56:d2:a0:03:df:01:0f:0e:9e:34:3b:78:36:ee:0b:f1:
94:1d:a8:2a
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYc33+vQ36st2oC21ZMHBL1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwMzMxMTMzMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjZhYWQzYWRiMDVmMWM5Y2M4ZmJkMjJkMTFhNmQ1ZmQwMjJhZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5WSWNDEgFGCfWaelvdZPFjQourw
B5imNTeTjo2bgqH74uOoqPiord6uIsTJhpCQq4U2sj4FrdM8Kfre3eMT8zVehl+Z
FQHYZDtMiktVzk0ku/pK0s9XnrfOj2iPXPZhME8TvVW5nNLYllK/qUKN8AwQSwla
ya2Arw/djsYqswPWvjsICQYXwBS99qCnMJ4LBt27KTRoLityoC2xRIXGgzFHNKiB
u4l/VraUetITVWIxCM7/CRAoGtRMdisM3/gILCnygv0hcGoKc2FkQMpC6ncvFEyc
sn47XF4c1bHlSGeLXV0h4JB9MkOEOVRpZ0P/RfesDBlqZT5JZyU+s70UZQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFKtqrTrbBfHJzI+9ItEabV/QIq3jMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvcTJxdE90c0Y4Y25NajcwaTBScHRYOUFpcmVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzASBAIAATAMAwQBLYayAwQB
uehWMB0EAgACMBcDBQEqDP4GMA4DBQYqDsvAAwUAKg7LwjANBgkqhkiG9w0BAQsF
AAOCAQEAHUkJvnghFLwiGh5sQawaV3N/uDGybiHj44OF3sQpqIop8G+fzrD0HE7r
yrdOtvH8GiNZV4Na19AZ2eO6V11OkEwJhm6fGxnOuk5xaz4LuUdeY3HbuCsFIQo2
bYJ63/iPYC7XaXOX9h/MWt1EUaUhnuCA0e2ceQaTDp3bBOtZAAKlhtdMHmAYJdZ8
qWq4xoB0dH+kDa/h5ivo/NcWKAhTanSeSKgMht6npKift8XtuDu3CerQJwle4BOu
ftcQH6Papf9OPwPJt7d+djgTzjHG1WejuR+Uhp7x+6l5b6P8EhaKiIvrE1q5GLqa
PKVW0qAD3wEPDp40O3g27gvxlB2oKg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:25 2024 by rpki-client on console-fra.rpki-client.org