Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/mkqa6nqewnxSLxNGqQFylpV3Q1M.roa
File: mkqa6nqewnxSLxNGqQFylpV3Q1M.roa (raw, json)
Hash identifier: H0N5+tHjLgKztTm2q0iy3dz7BfwMFq+ukKnPOnq5r6c=
Subject key identifier: 9A:4A:9A:EA:7A:9E:C2:7C:52:2F:13:46:A9:01:72:96:95:77:43:53
Certificate issuer: /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial: 0184339938BDC18C21DB1B2714FFD18F4458
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/mkqa6nqewnxSLxNGqQFylpV3Q1M.roa
Signing time: Tue 01 Nov 2022 14:29:50 +0000
ROA not before: Tue 01 Nov 2022 14:29:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35575
IP address blocks: 185.190.44.0/23 maxlen: 23
185.190.46.0/24 maxlen: 24
185.190.47.0/24 maxlen: 24
193.238.68.0/22 maxlen: 22
195.66.24.0/21 maxlen: 21
195.66.31.0/24 maxlen: 24
195.66.29.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:33:99:38:bd:c1:8c:21:db:1b:27:14:ff:d1:8f:44:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
Validity
Not Before: Nov 1 14:29:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9a4a9aea7a9ec27c522f1346a901729695774353
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:5f:b8:f4:54:0f:80:0b:65:c9:7a:da:3d:51:
70:09:a4:68:b6:41:93:3e:96:6c:7c:2f:af:54:e0:
ce:a6:a3:4b:21:b3:39:a4:d3:e5:7a:cf:06:f3:dd:
2b:17:ee:2b:3d:b3:05:d2:9b:c2:1f:68:9c:7b:25:
22:b1:85:3c:9b:72:eb:40:7d:a3:b0:23:b4:42:53:
94:e6:20:2f:d5:a7:b9:ec:1b:6a:87:60:83:58:68:
77:33:dc:30:c3:29:86:ca:36:36:7c:2c:05:58:06:
71:2a:30:0e:0c:30:29:a1:f5:85:36:a8:d0:57:ac:
e1:29:0e:f0:49:7f:ff:13:62:6d:c2:04:f8:45:3e:
35:b9:fa:16:37:4b:60:88:1a:28:f7:cc:69:bc:d1:
50:d8:11:b9:83:e2:16:81:37:4e:f2:11:7e:3f:a9:
b2:d4:b2:4c:f9:45:0b:61:cb:e8:48:4f:b0:72:7f:
38:d8:95:6e:6c:dc:49:70:a7:9f:a9:ce:ca:57:fd:
3b:59:f8:07:26:00:30:fb:25:5c:ca:4f:13:68:aa:
e6:27:5e:35:d3:99:0d:89:16:94:a5:3e:5a:24:10:
51:06:2a:31:c3:60:82:0e:79:6e:ba:1d:1c:ea:0b:
4a:1e:57:da:84:50:17:05:01:c2:0d:86:18:27:3c:
76:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:4A:9A:EA:7A:9E:C2:7C:52:2F:13:46:A9:01:72:96:95:77:43:53
X509v3 Authority Key Identifier:
keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/mkqa6nqewnxSLxNGqQFylpV3Q1M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.44.0/22
193.238.68.0/22
195.66.24.0/21
Signature Algorithm: sha256WithRSAEncryption
64:ce:86:26:d4:d4:7a:db:b8:8d:1e:ed:7e:1a:f5:ed:58:47:
2d:8a:8b:a3:e1:33:f1:56:a4:eb:bd:f7:9d:56:d7:ee:5e:8c:
3e:1f:8c:60:fb:a2:38:1c:1d:2c:9d:88:1c:82:e3:00:52:da:
04:64:13:7f:ed:7a:c3:3a:ba:4a:c1:d7:85:3d:d0:c2:e0:76:
e6:d9:9c:14:88:ab:cb:66:33:30:e3:13:90:a3:bb:be:59:fb:
08:c4:6f:02:51:26:9b:9a:58:63:9c:01:50:2f:b6:d9:22:73:
6f:42:82:36:45:0c:5a:71:ad:5e:e0:96:eb:a9:e3:23:a1:15:
41:aa:64:34:33:8a:ed:90:c7:93:3d:6a:36:c3:1d:45:1f:4a:
12:9e:24:1d:f9:24:00:8c:5c:ae:7e:5d:5b:a7:d0:b9:e2:95:
64:97:71:3a:4f:c8:32:0c:28:a8:2c:cc:56:4c:59:ff:ad:42:
d2:3c:4e:c8:3d:c6:6a:34:be:98:ca:45:a9:4c:31:c1:29:14:
59:c2:39:1e:e2:fe:a1:17:00:bf:19:04:22:f2:d5:da:2a:bd:
e2:96:9e:75:70:75:c2:a2:43:3e:6d:7f:69:40:14:62:7e:35:
ea:13:60:86:04:0b:4b:96:05:c3:a0:32:ae:27:b4:d3:8a:9f:
db:ba:ac:fd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYQzmTi9wYwh2xsnFP/Rj0RYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjIxMTAxMTQyOTUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTRhOWFlYTdhOWVjMjdjNTIyZjEzNDZhOTAxNzI5Njk1Nzc0MzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31+49FQPgAtlyXraPVFwCaRotkGT
PpZsfC+vVODOpqNLIbM5pNPles8G890rF+4rPbMF0pvCH2iceyUisYU8m3LrQH2j
sCO0QlOU5iAv1ae57Btqh2CDWGh3M9wwwymGyjY2fCwFWAZxKjAODDApofWFNqjQ
V6zhKQ7wSX//E2JtwgT4RT41ufoWN0tgiBoo98xpvNFQ2BG5g+IWgTdO8hF+P6my
1LJM+UULYcvoSE+wcn842JVubNxJcKefqc7KV/07WfgHJgAw+yVcyk8TaKrmJ141
05kNiRaUpT5aJBBRBioxw2CCDnluuh0c6gtKHlfahFAXBQHCDYYYJzx2WwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJpKmup6nsJ8Ui8TRqkBcpaVd0NTMB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvbWtxYTZucWV3bnhTTHhOR3FRRnlscFYzUTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCub4sAwQC
we5EAwQDw0IYMA0GCSqGSIb3DQEBCwUAA4IBAQBkzoYm1NR627iNHu1+GvXtWEct
iouj4TPxVqTrvfedVtfuXow+H4xg+6I4HB0snYgcguMAUtoEZBN/7XrDOrpKwdeF
PdDC4Hbm2ZwUiKvLZjMw4xOQo7u+WfsIxG8CUSabmlhjnAFQL7bZInNvQoI2RQxa
ca1e4JbrqeMjoRVBqmQ0M4rtkMeTPWo2wx1FH0oSniQd+SQAjFyufl1bp9C54pVk
l3E6T8gyDCioLMxWTFn/rULSPE7IPcZqNL6YykWpTDHBKRRZwjke4v6hFwC/GQQi
8tXaKr3ilp51cHXCokM+bX9pQBRifjXqE2CGBAtLlgXDoDKuJ7TTip/buqz9
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:46:13 2025 by rpki-client