Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/KQRPp2Z378lDRjS9mN_RWn2xC-s.roa
File: KQRPp2Z378lDRjS9mN_RWn2xC-s.roa (raw, json)
Hash identifier: D9lSJupvLM6pPpj4uIY3pan7VJIlgNr3ODBHbAzg/gM=
Subject key identifier: 29:04:4F:A7:66:77:EF:C9:43:46:34:BD:98:DF:D1:5A:7D:B1:0B:EB
Certificate issuer: /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial: 019423D7CA25B15F983E26F0E72A07DC63A0
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/KQRPp2Z378lDRjS9mN_RWn2xC-s.roa
Signing time: Wed 01 Jan 2025 21:48:52 +0000
ROA not before: Wed 01 Jan 2025 21:48:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216205
IP address blocks: 46.36.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:ca:25:b1:5f:98:3e:26:f0:e7:2a:07:dc:63:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Validity
Not Before: Jan 1 21:48:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=29044fa76677efc9434634bd98dfd15a7db10beb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:1e:11:2f:e1:08:bd:d4:6a:70:af:77:80:66:
76:16:5a:67:8d:b8:9d:a8:42:4a:34:f9:80:ec:a3:
08:30:51:32:fd:b5:d2:5e:32:3d:d6:20:65:c7:65:
ef:8e:f9:55:bf:61:d0:3a:ab:50:c2:87:d0:0f:47:
79:a0:05:44:30:99:5e:e4:62:ae:fb:d1:e9:a1:65:
13:4f:c7:1b:52:ad:57:38:d5:7e:3d:84:64:62:7d:
4b:7e:69:3b:90:26:c0:28:c9:5d:68:ff:90:5e:ae:
12:1f:35:49:34:38:0d:4f:a2:32:14:5d:c8:17:01:
b7:08:d0:d7:56:f6:df:c9:20:5e:73:12:db:07:5d:
bd:64:6a:65:fc:f1:5f:73:ea:22:72:64:1f:69:e6:
68:30:a5:88:41:49:c2:b6:61:d8:d9:db:77:73:e0:
1d:38:f0:22:05:f8:59:c9:65:c6:fe:b8:6a:5b:da:
0f:57:24:f4:12:09:51:cd:1c:b4:f6:a3:49:61:fb:
8c:9d:dd:7e:42:93:c1:d8:27:7b:75:53:bb:d9:37:
39:b6:e6:71:22:df:8a:47:a2:6d:b6:3b:e4:a3:4c:
68:30:87:f6:cb:0b:31:8a:56:7e:35:ac:f5:45:aa:
fb:07:f4:25:25:10:13:52:71:3f:06:30:bc:0d:4f:
5f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:04:4F:A7:66:77:EF:C9:43:46:34:BD:98:DF:D1:5A:7D:B1:0B:EB
X509v3 Authority Key Identifier:
keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/KQRPp2Z378lDRjS9mN_RWn2xC-s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.36.99.0/24
Signature Algorithm: sha256WithRSAEncryption
17:db:4a:33:65:94:b2:61:e5:49:74:a6:f7:bf:bf:7b:97:3a:
c1:96:b8:11:79:bb:e5:c0:81:a4:7d:7b:69:89:a6:b6:e6:9e:
b7:76:43:49:dc:2f:9a:51:b4:3c:74:ad:42:07:9d:44:48:56:
02:b2:f7:be:70:55:b7:4e:6c:2f:a5:00:1b:68:bd:5c:b5:94:
53:7c:47:c3:a7:53:6a:7b:41:4d:c0:4e:d7:ca:aa:dc:4f:a1:
bc:2e:cb:07:72:b2:b1:dd:0e:b2:92:8d:a5:98:d5:85:db:88:
2a:9f:0a:ac:1d:a5:70:ad:e7:7f:d6:6b:7d:6b:ed:71:42:95:
f6:89:70:96:6d:24:1a:06:e8:32:4f:e5:66:3c:4d:fd:ac:7a:
d6:b8:18:88:df:89:ab:9f:6e:63:1c:3f:71:ca:72:c1:39:05:
32:7a:54:8b:89:90:92:81:52:fe:de:a4:9d:76:33:96:21:91:
a8:44:96:66:b3:20:be:6d:3e:a6:05:7d:02:4d:21:3e:3b:a2:
73:2d:54:87:4b:6e:93:e7:43:cb:4b:96:a8:1e:a8:e4:4c:d5:
ad:f5:06:48:93:08:20:51:7a:22:ee:41:f1:12:9d:12:19:d8:
3e:25:0b:19:7e:0d:62:b8:f4:75:80:f4:63:af:be:fa:7b:05:
ae:fb:31:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj18olsV+YPibw5yoH3GOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUwMTAxMjE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA0NGZhNzY2NzdlZmM5NDM0NjM0YmQ5OGRmZDE1YTdkYjEwYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB4RL+EIvdRqcK93gGZ2Flpnjbid
qEJKNPmA7KMIMFEy/bXSXjI91iBlx2XvjvlVv2HQOqtQwofQD0d5oAVEMJle5GKu
+9HpoWUTT8cbUq1XONV+PYRkYn1Lfmk7kCbAKMldaP+QXq4SHzVJNDgNT6IyFF3I
FwG3CNDXVvbfySBecxLbB129ZGpl/PFfc+oicmQfaeZoMKWIQUnCtmHY2dt3c+Ad
OPAiBfhZyWXG/rhqW9oPVyT0EglRzRy09qNJYfuMnd1+QpPB2Cd7dVO72Tc5tuZx
It+KR6Jttjvko0xoMIf2ywsxilZ+Naz1Rar7B/QlJRATUnE/BjC8DU9fCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkET6dmd+/JQ0Y0vZjf0Vp9sQvrMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvS1FSUHAyWjM3OGxEUmpTOW1OX1JXbjJ4Qy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiRjMA0G
CSqGSIb3DQEBCwUAA4IBAQAX20ozZZSyYeVJdKb3v797lzrBlrgRebvlwIGkfXtp
iaa25p63dkNJ3C+aUbQ8dK1CB51ESFYCsve+cFW3TmwvpQAbaL1ctZRTfEfDp1Nq
e0FNwE7XyqrcT6G8LssHcrKx3Q6yko2lmNWF24gqnwqsHaVwred/1mt9a+1xQpX2
iXCWbSQaBugyT+VmPE39rHrWuBiI34mrn25jHD9xynLBOQUyelSLiZCSgVL+3qSd
djOWIZGoRJZmsyC+bT6mBX0CTSE+O6JzLVSHS26T50PLS5aoHqjkTNWt9QZIkwgg
UXoi7kHxEp0SGdg+JQsZfg1iuPR1gPRjr776ewWu+zFS
-----END CERTIFICATE-----
Generated at Sun Jun 8 12:34:13 2025 by rpki-client