Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/QlrJiqrgrQGbg7lUHKf40QRCQrA.roa
File: QlrJiqrgrQGbg7lUHKf40QRCQrA.roa (raw, json)
Hash identifier: Wt7t5Z8W2N/HgWwCxYqLrKHTpDF8ejROaib0aRd+5fo=
Subject key identifier: 42:5A:C9:8A:AA:E0:AD:01:9B:83:B9:54:1C:A7:F8:D1:04:42:42:B0
Certificate issuer: /CN=0c4579a4028829d37acac65f66c056063251e57e
Certificate serial: 018EEC0D8ADFE74307628FDD3892346D51DF
Authority key identifier: 0C:45:79:A4:02:88:29:D3:7A:CA:C6:5F:66:C0:56:06:32:51:E5:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DEV5pAKIKdN6ysZfZsBWBjJR5X4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/QlrJiqrgrQGbg7lUHKf40QRCQrA.roa
Signing time: Wed 17 Apr 2024 12:34:54 +0000
ROA not before: Wed 17 Apr 2024 12:34:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6424
IP address blocks: 82.215.71.0/24 maxlen: 24
193.109.184.0/21 maxlen: 24
193.109.184.0/24 maxlen: 24
193.109.186.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:ec:0d:8a:df:e7:43:07:62:8f:dd:38:92:34:6d:51:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c4579a4028829d37acac65f66c056063251e57e
Validity
Not Before: Apr 17 12:34:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=425ac98aaae0ad019b83b9541ca7f8d1044242b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:85:84:d1:08:5c:4a:7c:b0:03:c5:e2:6d:f1:
92:88:8e:04:a7:c1:ea:77:22:4b:28:66:18:de:86:
47:cd:03:66:85:ef:4b:18:4b:c2:db:94:2f:25:b6:
2b:05:fb:05:95:cc:35:cc:98:7b:4e:4d:e9:1f:29:
0a:d5:46:fa:86:6f:09:e0:96:d7:1a:fe:f8:94:5a:
d9:93:9b:57:9c:44:f6:c4:3d:8a:c3:a8:f8:1c:8f:
dc:82:73:ec:cd:ca:14:c7:fd:9c:d5:7b:ba:b6:a5:
ae:09:57:5c:7b:a8:cc:6f:a3:da:9b:f8:66:b3:30:
8d:66:09:9c:70:5b:f5:97:4d:71:ea:fc:2f:86:13:
44:c5:b5:b4:65:78:aa:59:1a:14:0a:85:31:1d:de:
c8:d2:4c:61:67:79:3d:f4:81:8c:55:c3:82:fb:06:
99:01:05:38:2f:13:08:68:2a:26:5a:80:98:41:34:
e2:51:bd:3d:2d:5a:d5:ed:ef:ec:cb:3b:59:55:ee:
d4:e3:94:37:b3:2b:96:04:fb:f0:aa:f6:e0:5d:50:
77:8f:e0:03:f8:27:51:2d:ea:b1:52:78:b5:66:5b:
75:91:c6:47:db:17:ad:25:2c:b6:fb:5c:bf:22:c8:
9c:f0:03:8a:3f:75:ff:d0:09:00:ae:b9:13:bd:58:
7e:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:5A:C9:8A:AA:E0:AD:01:9B:83:B9:54:1C:A7:F8:D1:04:42:42:B0
X509v3 Authority Key Identifier:
keyid:0C:45:79:A4:02:88:29:D3:7A:CA:C6:5F:66:C0:56:06:32:51:E5:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DEV5pAKIKdN6ysZfZsBWBjJR5X4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/QlrJiqrgrQGbg7lUHKf40QRCQrA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/DEV5pAKIKdN6ysZfZsBWBjJR5X4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.215.71.0/24
193.109.184.0/21
Signature Algorithm: sha256WithRSAEncryption
12:9d:8c:6e:cc:b9:16:ba:c6:eb:be:69:8f:06:ea:57:33:11:
99:30:c5:a0:6f:d2:0c:8a:0f:64:71:55:ad:7a:b0:47:4f:d5:
37:42:00:13:03:1d:46:c3:69:30:f6:eb:2c:4b:55:50:82:25:
8b:ec:97:b2:85:6e:b5:21:c8:27:f6:33:23:c7:28:58:2c:8b:
3f:59:ea:17:ba:ca:2c:a5:ee:fe:c9:88:ea:aa:56:c7:7e:6f:
21:7c:87:f1:fc:7d:97:e7:65:c0:c6:53:71:b2:c2:99:ff:74:
5b:92:a5:5b:1b:71:da:a2:7d:1a:4f:ab:f1:cb:a3:9b:3e:ef:
9c:3f:22:f0:a8:8f:4b:d8:0a:b2:48:46:0a:6d:d5:52:ad:b8:
ac:fc:65:f2:c4:40:d3:38:11:b8:43:17:e4:c8:b0:70:85:b7:
09:af:01:7a:9a:fc:0a:25:9e:26:95:e4:6a:52:2f:20:16:d8:
a6:1c:f9:d4:e1:19:ca:c7:b6:70:fb:79:10:aa:76:ec:c8:6d:
6b:4a:67:2f:3d:ae:9c:7f:6b:f0:31:3e:28:0e:d1:8a:7c:5a:
14:d3:2a:c0:18:2a:9c:fa:fb:bc:2d:e3:dd:bc:ff:43:08:75:
b8:70:3f:de:c9:ba:d8:4a:3a:bf:12:55:10:0d:0b:89:9c:81:
18:f6:84:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7sDYrf50MHYo/dOJI0bVHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNDU3OWE0MDI4ODI5ZDM3YWNhYzY1ZjY2YzA1NjA2MzI1
MWU1N2UwHhcNMjQwNDE3MTIzNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjVhYzk4YWFhZTBhZDAxOWI4M2I5NTQxY2E3ZjhkMTA0NDI0MmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYWE0QhcSnywA8XibfGSiI4Ep8Hq
dyJLKGYY3oZHzQNmhe9LGEvC25QvJbYrBfsFlcw1zJh7Tk3pHykK1Ub6hm8J4JbX
Gv74lFrZk5tXnET2xD2Kw6j4HI/cgnPszcoUx/2c1Xu6tqWuCVdce6jMb6Pam/hm
szCNZgmccFv1l01x6vwvhhNExbW0ZXiqWRoUCoUxHd7I0kxhZ3k99IGMVcOC+waZ
AQU4LxMIaComWoCYQTTiUb09LVrV7e/syztZVe7U45Q3syuWBPvwqvbgXVB3j+AD
+CdRLeqxUni1Zlt1kcZH2xetJSy2+1y/Isic8AOKP3X/0AkArrkTvVh+gQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEJayYqq4K0Bm4O5VByn+NEEQkKwMB8GA1UdIwQY
MBaAFAxFeaQCiCnTesrGX2bAVgYyUeV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREVWNXBBS0lLZE42eXNaZlpzQldCakpSNVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9lZGFlYjUtNWU2ZS00MTFiLTk5Y2It
M2M1MDE4MDc4MGIwLzEvUWxySmlxcmdyUUdiZzdsVUhLZjQwUVJDUXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9lZGFlYjUtNWU2ZS00MTFiLTk5Y2ItM2M1MDE4MDc4MGIw
LzEvREVWNXBBS0lLZE42eXNaZlpzQldCakpSNVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUtdHAwQD
wW24MA0GCSqGSIb3DQEBCwUAA4IBAQASnYxuzLkWusbrvmmPBupXMxGZMMWgb9IM
ig9kcVWterBHT9U3QgATAx1Gw2kw9ussS1VQgiWL7JeyhW61Icgn9jMjxyhYLIs/
WeoXusospe7+yYjqqlbHfm8hfIfx/H2X52XAxlNxssKZ/3RbkqVbG3Haon0aT6vx
y6ObPu+cPyLwqI9L2AqySEYKbdVSrbis/GXyxEDTOBG4QxfkyLBwhbcJrwF6mvwK
JZ4mleRqUi8gFtimHPnU4RnKx7Zw+3kQqnbsyG1rSmcvPa6cf2vwMT4oDtGKfFoU
0yrAGCqc+vu8LePdvP9DCHW4cD/eybrYSjq/ElUQDQuJnIEY9oQV
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:22 2025 by rpki-client