Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/qHeWvR5B-RRF-rd818OhdR8t024.roa
File: qHeWvR5B-RRF-rd818OhdR8t024.roa (raw, json)
Hash identifier: 0BZsfZNfdg3Nol/exQ7Cye0tc+P0nxTneR3B+VkcAhc=
Subject key identifier: A8:77:96:BD:1E:41:F9:14:45:FA:B7:7C:D7:C3:A1:75:1F:2D:D3:6E
Certificate issuer: /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial: 01829AFD839F8FA7E1A67E39328A252C0A58
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/qHeWvR5B-RRF-rd818OhdR8t024.roa
Signing time: Sun 14 Aug 2022 06:14:41 +0000
ROA not before: Sun 14 Aug 2022 06:14:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 328543
IP address blocks: 185.249.60.0/22 maxlen: 23
45.159.176.0/22 maxlen: 22
2a0c:640::/29 maxlen: 29
2a0d:2480::/29 maxlen: 29
2a0c:f480::/29 maxlen: 29
2a0c:9380::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:9a:fd:83:9f:8f:a7:e1:a6:7e:39:32:8a:25:2c:0a:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
Validity
Not Before: Aug 14 06:14:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a87796bd1e41f91445fab77cd7c3a1751f2dd36e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:f4:72:19:f2:2b:3a:2b:6a:7b:e3:15:f7:be:
50:03:f2:f5:a5:3e:82:b0:32:9e:1b:fa:45:cd:2f:
09:39:c6:3d:09:29:15:a0:f6:c5:67:9d:7b:78:09:
65:be:fa:45:12:fc:35:a4:9e:44:9a:7b:1a:6d:45:
32:2c:92:17:82:15:6d:8f:1d:7b:ed:00:ce:fc:92:
ff:fb:e9:e0:74:78:a0:82:a0:b8:a1:ff:b0:79:44:
bf:d1:99:db:55:d3:51:1b:c1:b9:b4:e1:ff:b6:35:
40:9b:7d:57:b3:42:82:ef:af:36:df:1f:f7:47:4a:
6d:5e:3b:48:65:7c:7d:86:53:1a:af:3e:fe:fa:2d:
8d:1c:2b:2a:20:21:7f:05:f9:fd:5a:1a:46:76:b7:
cd:3b:93:dd:8c:70:c5:0f:bd:62:e1:90:56:4f:fb:
ad:9e:e3:25:1b:28:ab:4e:a4:bf:04:a2:ee:4c:11:
a5:6b:06:00:91:ef:8f:1a:d8:e4:5f:d3:0f:6c:fd:
84:eb:f9:64:b7:22:ed:04:5a:f7:ee:6d:8e:91:7a:
2f:b7:c2:1e:36:53:00:1c:22:1e:9c:3b:b2:46:e7:
96:9b:7f:bd:2e:97:80:3e:e8:a7:31:8c:6f:bb:6b:
7c:05:4d:f6:b4:25:e0:f2:e9:2e:f5:49:51:39:de:
a0:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:77:96:BD:1E:41:F9:14:45:FA:B7:7C:D7:C3:A1:75:1F:2D:D3:6E
X509v3 Authority Key Identifier:
keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/qHeWvR5B-RRF-rd818OhdR8t024.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.176.0/22
185.249.60.0/22
IPv6:
2a0c:640::/29
2a0c:9380::/29
2a0c:f480::/29
2a0d:2480::/29
Signature Algorithm: sha256WithRSAEncryption
ba:86:b5:9f:9e:a3:5a:2d:13:92:3c:b2:74:cc:f7:af:c0:84:
bf:7b:db:a5:23:ac:70:e2:b1:68:81:94:af:4e:82:9e:fa:82:
ee:df:ed:d1:68:81:20:1e:a1:5e:6e:10:de:52:49:1a:6a:49:
44:a9:b0:c6:0f:a3:5e:b4:cd:80:c6:e0:73:a4:b6:31:a3:18:
d0:97:b4:1c:45:74:5c:ff:55:4e:e6:19:10:4a:05:cc:89:6d:
f1:3d:95:0c:b8:dc:25:c5:86:d5:e4:99:08:72:58:4b:fe:9f:
81:5e:8b:cb:27:a6:28:63:3d:c7:7a:49:56:2a:61:e3:5f:fc:
8a:8b:5b:9a:ca:ec:a0:58:85:cb:23:d8:9b:c8:f5:2d:0f:8f:
78:8d:99:2a:dd:ef:e6:24:5b:9a:51:cc:cd:0e:a6:c6:6b:b8:
94:be:d8:e8:c4:20:03:f0:6b:67:4f:ef:d9:79:e1:8d:1d:43:
e4:4b:c0:f0:c9:f0:ae:fe:a6:2e:27:60:25:4e:ec:09:dc:d5:
b0:5d:5e:34:b8:fb:c4:31:cb:f6:ea:8f:a8:e1:9d:73:d6:83:
47:64:f4:3a:75:f4:fa:f1:7b:43:61:72:28:ed:67:0c:ea:66:
82:93:7c:30:83:1f:e3:67:bc:cf:b7:2b:20:de:8f:51:fb:9e:
27:03:6a:f2
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYKa/YOfj6fhpn45MoolLApYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjIwODE0MDYxNDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODc3OTZiZDFlNDFmOTE0NDVmYWI3N2NkN2MzYTE3NTFmMmRkMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4vRyGfIrOitqe+MV975QA/L1pT6C
sDKeG/pFzS8JOcY9CSkVoPbFZ517eAllvvpFEvw1pJ5EmnsabUUyLJIXghVtjx17
7QDO/JL/++ngdHiggqC4of+weUS/0ZnbVdNRG8G5tOH/tjVAm31Xs0KC76823x/3
R0ptXjtIZXx9hlMarz7++i2NHCsqICF/Bfn9WhpGdrfNO5PdjHDFD71i4ZBWT/ut
nuMlGyirTqS/BKLuTBGlawYAke+PGtjkX9MPbP2E6/lktyLtBFr37m2OkXovt8Ie
NlMAHCIenDuyRueWm3+9LpeAPuinMYxvu2t8BU32tCXg8uku9UlROd6ghwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKh3lr0eQfkURfq3fNfDoXUfLdNuMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvcUhlV3ZSNUItUlJGLXJkODE4T2hkUjh0MDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODASBAIAATAMAwQCLZ+wAwQC
ufk8MCIEAgACMBwDBQMqDAZAAwUDKgyTgAMFAyoM9IADBQMqDSSAMA0GCSqGSIb3
DQEBCwUAA4IBAQC6hrWfnqNaLROSPLJ0zPevwIS/e9ulI6xw4rFogZSvToKe+oLu
3+3RaIEgHqFebhDeUkkaaklEqbDGD6NetM2AxuBzpLYxoxjQl7QcRXRc/1VO5hkQ
SgXMiW3xPZUMuNwlxYbV5JkIclhL/p+BXovLJ6YoYz3HeklWKmHjX/yKi1uayuyg
WIXLI9ibyPUtD494jZkq3e/mJFuaUczNDqbGa7iUvtjoxCAD8GtnT+/ZeeGNHUPk
S8DwyfCu/qYuJ2AlTuwJ3NWwXV40uPvEMcv26o+o4Z1z1oNHZPQ6dfT68XtDYXIo
7WcM6maCk3wwgx/jZ7zPtysg3o9R+54nA2ry
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:46:00 2025 by rpki-client