Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/QAbqtm4m08n7Mxmf-j1IuOUoPFY.roa
File: QAbqtm4m08n7Mxmf-j1IuOUoPFY.roa (raw, json)
Hash identifier: d30ckkcSo8YzjycFtnZQcEks6MAp7nsWCINcbu/ouA0=
Subject key identifier: 40:06:EA:B6:6E:26:D3:C9:FB:33:19:9F:FA:3D:48:B8:E5:28:3C:56
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 0188CA74FD42D7E7BD648A825871FE1EA76F
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/QAbqtm4m08n7Mxmf-j1IuOUoPFY.roa
Signing time: Sat 17 Jun 2023 17:44:04 +0000
ROA not before: Sat 17 Jun 2023 17:44:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.73.0/24 maxlen: 24
109.230.72.0/24 maxlen: 24
109.230.76.0/22 maxlen: 22
109.230.75.0/24 maxlen: 24
109.230.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:ca:74:fd:42:d7:e7:bd:64:8a:82:58:71:fe:1e:a7:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jun 17 17:44:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4006eab66e26d3c9fb33199ffa3d48b8e5283c56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:29:bf:33:fb:e3:d4:67:8f:c8:20:a8:78:f1:
66:ed:28:9c:bd:c0:ab:b4:69:5e:34:d8:ad:0a:09:
f4:ce:e7:42:33:39:22:b5:f2:86:79:cb:00:c8:c5:
a8:e5:2b:62:9c:8d:26:c3:00:ad:9d:c6:f6:ba:24:
e6:a2:c8:52:de:29:9a:bd:b9:ba:77:46:5d:6b:43:
91:cc:4d:68:1b:21:69:61:02:49:4b:82:d4:e9:7e:
66:9f:6c:70:41:b6:13:28:97:10:84:e4:3d:76:e2:
42:1e:08:3f:1d:ba:50:b5:5a:43:77:c7:7b:db:5e:
b0:f3:3f:c5:94:2d:c8:ba:96:01:16:c5:a3:82:7e:
d5:77:00:26:7a:bc:a4:9a:9b:dd:9b:1a:60:11:1b:
3c:d9:da:66:e9:a2:9c:4e:95:08:1b:64:d3:c7:75:
54:1a:40:39:0b:1d:1a:5e:e0:20:fa:25:7d:91:f3:
5f:bd:95:45:25:65:8b:a1:b4:ac:ac:df:e1:b2:02:
34:8e:7a:cd:e7:ce:84:d5:70:e0:4e:09:0c:f5:5d:
28:dd:d6:76:03:79:7d:c2:58:89:1f:1b:a1:41:62:
05:5c:8c:d2:74:40:b3:1c:90:0c:dd:b4:d4:46:c5:
33:33:ca:d9:ca:fa:0c:de:27:8d:84:1e:60:c5:e3:
4b:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:06:EA:B6:6E:26:D3:C9:FB:33:19:9F:FA:3D:48:B8:E5:28:3C:56
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/QAbqtm4m08n7Mxmf-j1IuOUoPFY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.72.0/21
Signature Algorithm: sha256WithRSAEncryption
2c:c5:e9:3e:53:25:fa:3d:a3:76:71:5c:78:df:eb:0f:4a:f9:
41:d4:a7:f7:a3:66:38:d6:f0:8f:ad:6d:8e:f4:2c:20:84:4c:
b5:5f:9e:89:b2:bd:5d:50:9b:50:b1:2d:46:b8:80:6e:10:04:
a8:d6:a2:49:32:17:24:ab:04:0d:ca:65:f6:39:11:44:91:26:
3d:cd:56:9d:1b:70:4e:4c:6f:61:ea:ce:b4:e4:8c:28:bc:ca:
0d:5d:2e:16:ba:43:4f:51:a1:9a:fa:f9:9b:69:f8:b8:49:a6:
6d:54:7d:ce:c8:98:64:48:d5:d8:2e:0d:c5:f3:c1:6b:ee:08:
bb:b4:24:08:a9:5f:a8:25:65:5f:51:47:59:93:dd:a1:56:62:
0b:d8:87:40:b3:c6:b5:dd:29:2e:98:dc:43:d3:08:6b:ce:5c:
57:8f:01:12:19:2d:79:d7:5c:3b:8a:9b:93:19:b4:6d:35:29:
dd:62:d6:32:ee:e6:d0:59:63:cb:fa:34:97:32:53:62:7e:20:
44:71:ea:c1:ab:43:ee:dd:21:3c:10:ea:11:a6:5b:ca:be:8a:
d0:a3:7e:88:fc:e5:9b:7b:d5:e5:ac:ad:30:81:a7:a2:00:11:
e7:a2:aa:4d:13:27:1c:fc:88:be:16:be:22:df:3c:92:14:cf:
f9:0c:93:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYjKdP1C1+e9ZIqCWHH+HqdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwNjE3MTc0NDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDA2ZWFiNjZlMjZkM2M5ZmIzMzE5OWZmYTNkNDhiOGU1MjgzYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnym/M/vj1GePyCCoePFm7SicvcCr
tGleNNitCgn0zudCMzkitfKGecsAyMWo5StinI0mwwCtncb2uiTmoshS3imavbm6
d0Zda0ORzE1oGyFpYQJJS4LU6X5mn2xwQbYTKJcQhOQ9duJCHgg/HbpQtVpDd8d7
216w8z/FlC3IupYBFsWjgn7VdwAmerykmpvdmxpgERs82dpm6aKcTpUIG2TTx3VU
GkA5Cx0aXuAg+iV9kfNfvZVFJWWLobSsrN/hsgI0jnrN586E1XDgTgkM9V0o3dZ2
A3l9wliJHxuhQWIFXIzSdECzHJAM3bTURsUzM8rZyvoM3ieNhB5gxeNL0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAG6rZuJtPJ+zMZn/o9SLjlKDxWMB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEvUUFicXRtNG0wOG43TXhtZi1qMUl1T1VvUEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbeZIMA0G
CSqGSIb3DQEBCwUAA4IBAQAsxek+UyX6PaN2cVx43+sPSvlB1Kf3o2Y41vCPrW2O
9CwghEy1X56Jsr1dUJtQsS1GuIBuEASo1qJJMhckqwQNymX2ORFEkSY9zVadG3BO
TG9h6s605IwovMoNXS4WukNPUaGa+vmbafi4SaZtVH3OyJhkSNXYLg3F88Fr7gi7
tCQIqV+oJWVfUUdZk92hVmIL2IdAs8a13SkumNxD0whrzlxXjwESGS1511w7ipuT
GbRtNSndYtYy7ubQWWPL+jSXMlNifiBEcerBq0Pu3SE8EOoRplvKvorQo36I/OWb
e9XlrK0wgaeiABHnoqpNEycc/Ii+Fr4i3zySFM/5DJOO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:45 2024 by rpki-client on console-fra.rpki-client.org