Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/qgDrg7H67k7G9o0iiO503mVcBkY.roa
File: qgDrg7H67k7G9o0iiO503mVcBkY.roa (raw, json)
Hash identifier: OZjSzckA7N0kY9pp94eS+JkXY3IQKvbF7ySXs3knp2g=
Subject key identifier: AA:00:EB:83:B1:FA:EE:4E:C6:F6:8D:22:88:EE:74:DE:65:5C:06:46
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 0183228631C80083E576FCBBF6CA5256A500
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/qgDrg7H67k7G9o0iiO503mVcBkY.roa
Signing time: Fri 09 Sep 2022 13:52:43 +0000
ROA not before: Fri 09 Sep 2022 13:52:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212953
IP address blocks: 213.226.117.0/24 maxlen: 24
176.98.41.0/24 maxlen: 24
84.54.12.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:22:86:31:c8:00:83:e5:76:fc:bb:f6:ca:52:56:a5:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Sep 9 13:52:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=aa00eb83b1faee4ec6f68d2288ee74de655c0646
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b8:53:03:90:b1:cb:30:32:5e:93:20:c7:33:
c2:a9:0d:20:d0:93:26:42:d4:67:7c:47:06:2a:68:
b0:41:2b:66:3d:06:c3:d5:89:a6:ba:5d:01:96:64:
2e:3e:f7:fa:ca:08:f9:ab:78:c0:b8:6c:b7:ad:5b:
0a:89:12:2c:56:0f:c5:88:6f:aa:69:9d:88:3b:1e:
59:57:84:93:3f:a7:41:ae:72:75:bc:3f:c2:24:ae:
67:12:0f:2c:c7:cf:f7:32:a7:90:a8:b4:2f:74:cd:
90:11:9a:a0:81:e1:c7:8d:db:db:f7:4e:be:4b:7d:
fc:52:f0:36:0a:bd:04:a0:37:f2:3e:4b:bc:fc:54:
57:d4:31:ce:59:25:7e:6b:3c:f0:68:74:44:8c:76:
a3:07:4f:25:19:fb:4f:56:96:7a:bf:a6:0f:6a:e0:
1d:5f:8f:87:f7:f1:c4:13:98:b9:82:f1:47:a7:bf:
98:01:3e:fc:51:10:e2:4a:c2:52:fa:ad:04:1c:01:
b1:e2:9e:68:9b:38:a8:d1:74:52:1e:13:56:ed:87:
95:e5:b3:da:5c:84:3d:89:ce:90:82:09:71:21:3c:
0f:19:95:1b:06:60:4a:ca:c3:ad:3e:dc:ab:52:bc:
7d:ed:e9:aa:21:38:dd:7d:7e:fe:a0:0c:5b:d5:ac:
68:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:00:EB:83:B1:FA:EE:4E:C6:F6:8D:22:88:EE:74:DE:65:5C:06:46
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/qgDrg7H67k7G9o0iiO503mVcBkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.12.0/24
176.98.41.0/24
213.226.117.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:4d:3d:ed:7b:86:d3:37:fb:03:1d:4c:62:85:3f:d1:c1:85:
75:89:80:4e:87:f2:0c:43:62:41:e1:1e:88:ff:52:92:50:32:
05:e9:13:49:c1:aa:b8:64:bd:8f:9d:6d:90:cf:4f:4d:b8:89:
53:e9:63:01:e9:60:0d:74:7d:07:fd:36:3f:c4:9f:e1:a6:67:
82:03:77:b4:f0:07:35:72:97:df:90:83:db:07:92:9b:07:ee:
fb:e5:2e:19:a0:52:09:e3:8f:74:5b:9f:de:4c:56:10:bc:55:
80:59:cf:7b:a6:33:6b:82:b9:15:97:5f:de:7a:21:82:e6:ac:
95:e6:de:d4:ce:fe:da:29:20:6e:af:f6:43:27:03:4e:a7:78:
07:ca:a1:f0:a4:18:90:c8:78:b3:69:f7:12:92:85:97:82:28:
e4:f5:f3:9d:6e:43:97:25:5c:5e:8a:96:ae:a7:a7:dc:e3:05:
e6:a4:6d:0a:8e:1c:a9:ef:df:65:6e:57:1f:04:b2:52:86:26:
57:c2:39:d8:59:12:40:ab:ad:e5:ed:bc:2e:2d:bc:9b:c9:51:
b1:d1:15:ea:29:81:06:f8:96:50:0c:d5:cf:00:c3:ce:3e:7c:
dc:8d:c3:25:d0:9c:dc:be:1a:02:a3:86:a6:c6:07:0f:2b:e4:
ba:04:f3:51
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYMihjHIAIPldvy79spSVqUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjIwOTA5MTM1MjQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTAwZWI4M2IxZmFlZTRlYzZmNjhkMjI4OGVlNzRkZTY1NWMwNjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLhTA5CxyzAyXpMgxzPCqQ0g0JMm
QtRnfEcGKmiwQStmPQbD1Ymmul0BlmQuPvf6ygj5q3jAuGy3rVsKiRIsVg/FiG+q
aZ2IOx5ZV4STP6dBrnJ1vD/CJK5nEg8sx8/3MqeQqLQvdM2QEZqggeHHjdvb906+
S338UvA2Cr0EoDfyPku8/FRX1DHOWSV+azzwaHREjHajB08lGftPVpZ6v6YPauAd
X4+H9/HEE5i5gvFHp7+YAT78URDiSsJS+q0EHAGx4p5omzio0XRSHhNW7YeV5bPa
XIQ9ic6QgglxITwPGZUbBmBKysOtPtyrUrx97emqITjdfX7+oAxb1axoqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKoA64Ox+u5OxvaNIojudN5lXAZGMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvcWdEcmc3SDY3azdHOW8waWlPNTAzbVZjQmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVDYMAwQA
sGIpAwQA1eJ1MA0GCSqGSIb3DQEBCwUAA4IBAQBMTT3te4bTN/sDHUxihT/RwYV1
iYBOh/IMQ2JB4R6I/1KSUDIF6RNJwaq4ZL2PnW2Qz09NuIlT6WMB6WANdH0H/TY/
xJ/hpmeCA3e08Ac1cpffkIPbB5KbB+775S4ZoFIJ4490W5/eTFYQvFWAWc97pjNr
grkVl1/eeiGC5qyV5t7Uzv7aKSBur/ZDJwNOp3gHyqHwpBiQyHizafcSkoWXgijk
9fOdbkOXJVxeipaup6fc4wXmpG0Kjhyp799lblcfBLJShiZXwjnYWRJAq63l7bwu
LbybyVGx0RXqKYEG+JZQDNXPAMPOPnzcjcMl0JzcvhoCo4amxgcPK+S6BPNR
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:57:42 2025 by rpki-client