Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/qVN-3Vktadb4_uA9YWzNhKRWikc.roa
File: qVN-3Vktadb4_uA9YWzNhKRWikc.roa (raw, json)
Hash identifier: 3BBQhnH/CWNzFptzn7Ei8emrR6hHZ52E1ny0broGx6U=
Subject key identifier: A9:53:7E:DD:59:2D:69:D6:F8:FE:E0:3D:61:6C:CD:84:A4:56:8A:47
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018AFE916D2B921B41FC6DD6CBD3A91A6C1F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/qVN-3Vktadb4_uA9YWzNhKRWikc.roa
Signing time: Thu 05 Oct 2023 06:40:58 +0000
ROA not before: Thu 05 Oct 2023 06:40:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 185.255.99.0/24 maxlen: 24
89.39.242.0/24 maxlen: 24
194.56.152.0/23 maxlen: 24
185.243.140.0/22 maxlen: 24
94.231.198.0/24 maxlen: 24
194.56.153.0/24 maxlen: 24
185.212.11.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
195.149.127.0/24 maxlen: 24
193.46.211.0/24 maxlen: 24
91.242.71.0/24 maxlen: 24
45.149.160.0/22 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.75.0/24 maxlen: 24
89.40.161.0/24 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/24 maxlen: 24
185.15.136.0/23 maxlen: 24
80.94.80.0/23 maxlen: 24
45.67.117.0/24 maxlen: 24
45.15.64.0/22 maxlen: 24
194.180.238.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
89.32.126.0/24 maxlen: 24
92.118.108.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fe:91:6d:2b:92:1b:41:fc:6d:d6:cb:d3:a9:1a:6c:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Oct 5 06:40:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a9537edd592d69d6f8fee03d616ccd84a4568a47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:90:df:e2:e5:ae:5c:07:26:23:f9:60:5d:dc:
44:a6:b0:ef:7a:d2:22:0d:92:5d:f1:94:1f:9c:6d:
a6:13:75:4e:6e:db:f6:55:05:9a:9e:a6:69:ac:af:
33:42:2f:c3:64:2d:39:80:67:dc:f6:2e:2b:0b:5e:
69:cb:34:fa:83:15:cd:3a:e2:65:fd:ed:25:28:98:
da:c2:bf:0b:4d:f9:62:48:4a:39:0e:b3:ba:25:8b:
f5:f8:84:2c:ed:f1:1e:98:b7:e4:60:61:68:07:1e:
ee:67:d6:12:54:2c:3c:07:e1:a7:5b:d0:47:ad:2b:
d2:b2:0e:02:13:33:00:d2:d2:b6:19:44:37:0d:ff:
73:58:11:2d:c8:d0:d3:40:45:bf:ea:0f:a7:62:00:
c4:2e:cd:97:f5:35:89:26:5e:89:aa:d5:07:1f:a0:
0b:7a:93:eb:98:0a:ff:7e:55:99:dc:43:0d:c8:04:
40:e5:25:2d:55:5f:26:77:18:5f:db:ed:8c:49:15:
a7:41:a4:e2:e0:ef:f0:06:6f:08:01:3f:4a:8a:eb:
d5:39:48:66:68:2a:b1:03:42:6e:9d:98:49:b6:08:
db:c0:9b:b2:30:63:9f:1d:c7:b6:25:90:b0:52:69:
0e:a8:d2:d9:61:d2:e7:21:8e:58:e2:b6:1d:d4:d2:
26:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:53:7E:DD:59:2D:69:D6:F8:FE:E0:3D:61:6C:CD:84:A4:56:8A:47
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/qVN-3Vktadb4_uA9YWzNhKRWikc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.64.0/22
45.67.117.0/24
45.149.160.0/22
80.94.80.0/23
89.32.126.0/24
89.39.242.0/24
89.40.161.0/24
91.242.71.0-91.242.73.255
91.242.75.0/24
91.242.103.0/24
92.118.108.0/24
94.231.198.0/24
176.126.223.0/24
185.15.136.0/23
185.40.105.0/24
185.173.247.0/24
185.212.11.0/24
185.243.140.0/22
185.255.99.0/24
193.46.211.0/24
194.56.152.0/23
194.180.238.0/24
194.213.10.0/24
194.242.28.0/23
195.138.103.0-195.138.104.255
195.149.127.0/24
Signature Algorithm: sha256WithRSAEncryption
26:2e:18:4a:45:3f:c8:f7:6b:9a:11:04:16:56:c2:e0:a7:9d:
cf:c1:39:38:b1:d1:54:55:dd:a6:dd:05:5f:6f:50:d6:08:56:
cb:44:a0:a8:a1:ac:b8:80:ec:60:90:50:9b:c6:de:8d:ed:19:
2d:15:72:6d:e6:7c:0d:74:c2:a5:e1:53:11:10:e9:d1:24:32:
25:8c:a4:0b:c9:61:ce:f5:ad:9c:65:7a:0f:f5:2a:89:b1:d6:
bf:f8:81:78:52:18:31:a8:20:86:a0:e6:fd:9e:aa:f2:8b:aa:
8b:04:01:17:14:1c:0a:3b:d5:01:2a:72:c0:77:89:6b:fb:2e:
a8:11:48:5c:38:4e:39:78:9b:97:66:64:9c:44:98:66:57:a9:
27:2a:28:8b:a3:5b:c3:b0:24:7d:21:78:21:16:a7:c5:95:1d:
f0:7b:44:29:fb:7c:1c:d7:86:3e:2a:3a:e5:ed:d2:dc:fd:7d:
dd:fb:1b:da:39:b7:b3:8b:60:35:e9:87:a5:91:0c:e5:25:8f:
33:d3:72:64:92:31:8b:75:78:47:b7:b7:85:d8:d5:4b:88:d5:
c1:cc:f1:1d:85:86:20:1e:df:cd:89:d9:63:04:08:b9:11:fc:
fe:02:b5:e6:06:1c:33:f3:8e:53:6c:ab:21:f0:cb:58:c1:09:
89:b3:fa:04
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYr+kW0rkhtB/G3Wy9OpGmwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMDA1MDY0MDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTUzN2VkZDU5MmQ2OWQ2ZjhmZWUwM2Q2MTZjY2Q4NGE0NTY4YTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Df4uWuXAcmI/lgXdxEprDvetIi
DZJd8ZQfnG2mE3VObtv2VQWanqZprK8zQi/DZC05gGfc9i4rC15pyzT6gxXNOuJl
/e0lKJjawr8LTfliSEo5DrO6JYv1+IQs7fEemLfkYGFoBx7uZ9YSVCw8B+GnW9BH
rSvSsg4CEzMA0tK2GUQ3Df9zWBEtyNDTQEW/6g+nYgDELs2X9TWJJl6JqtUHH6AL
epPrmAr/flWZ3EMNyARA5SUtVV8mdxhf2+2MSRWnQaTi4O/wBm8IAT9KiuvVOUhm
aCqxA0JunZhJtgjbwJuyMGOfHce2JZCwUmkOqNLZYdLnIY5Y4rYd1NIm8wIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFKlTft1ZLWnW+P7gPWFszYSkVopHMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvcVZOLTNWa3RhZGI0X3VBOVlXek5oS1JXaWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBswQCAAEwgawDBAIt
D0ADBAAtQ3UDBAItlaADBAFQXlADBABZIH4DBABZJ/IDBABZKKEwDAMEAFvyRwME
AVvySAMEAFvySwMEAFvyZwMEAFx2bAMEAF7nxgMEALB+3wMEAbkPiAMEALkoaQME
ALmt9wMEALnUCwMEArnzjAMEALn/YwMEAMEu0wMEAcI4mAMEAMK07gMEAMLVCgME
AcLyHDAMAwQAw4pnAwQAw4poAwQAw5V/MA0GCSqGSIb3DQEBCwUAA4IBAQAmLhhK
RT/I92uaEQQWVsLgp53PwTk4sdFUVd2m3QVfb1DWCFbLRKCooay4gOxgkFCbxt6N
7RktFXJt5nwNdMKl4VMREOnRJDIljKQLyWHO9a2cZXoP9SqJsda/+IF4UhgxqCCG
oOb9nqryi6qLBAEXFBwKO9UBKnLAd4lr+y6oEUhcOE45eJuXZmScRJhmV6knKiiL
o1vDsCR9IXghFqfFlR3we0Qp+3wc14Y+Kjrl7dLc/X3d+xvaObezi2A16YelkQzl
JY8z03JkkjGLdXhHt7eF2NVLiNXBzPEdhYYgHt/NidljBAi5Efz+ArXmBhwz845T
bKsh8MtYwQmJs/oE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org