Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/Qfst3izszBTiFYFk2D0vZlrgYnw.roa
File: Qfst3izszBTiFYFk2D0vZlrgYnw.roa (raw, json)
Hash identifier: nPfk1WqWL2TJ9v0GEXBBo8LlSB2Sk/ansnlTVT+iCNA=
Subject key identifier: 41:FB:2D:DE:2C:EC:CC:14:E2:15:81:64:D8:3D:2F:66:5A:E0:62:7C
Certificate issuer: /CN=8dc69c6bbe89e7c0479b617744a4424f66674944
Certificate serial: 0189EFEDFDAE85031754A28020FF35EED44C
Authority key identifier: 8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/Qfst3izszBTiFYFk2D0vZlrgYnw.roa
Signing time: Sun 13 Aug 2023 17:24:58 +0000
ROA not before: Sun 13 Aug 2023 17:24:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199239
IP address blocks: 91.92.115.0/24 maxlen: 24
85.202.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ef:ed:fd:ae:85:03:17:54:a2:80:20:ff:35:ee:d4:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8dc69c6bbe89e7c0479b617744a4424f66674944
Validity
Not Before: Aug 13 17:24:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41fb2dde2ceccc14e2158164d83d2f665ae0627c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:30:83:f7:93:89:cb:0c:99:c6:59:a2:67:ef:
09:08:54:08:e6:7e:fb:fc:6a:f2:e6:e6:ea:d6:c1:
10:9e:30:5c:da:15:2c:36:95:8c:21:85:b5:58:a2:
d1:93:08:dd:39:1a:5b:b4:ff:db:c9:79:63:07:9c:
2e:a8:74:42:57:42:55:62:d3:71:cc:36:cc:ed:7e:
fa:ba:61:e9:87:9c:18:4c:d8:c5:ba:7e:f8:fc:02:
30:18:a1:1b:e3:7b:1e:fb:b6:28:96:28:47:e6:34:
f6:a2:57:4a:82:84:d5:1a:e3:a6:76:6c:bc:8a:41:
ee:6a:ef:c1:93:97:ec:3c:8a:cd:f6:e9:88:b4:6b:
b9:e2:f8:78:8a:b9:35:69:d6:28:26:95:38:cf:32:
a5:13:e0:93:e7:38:29:3b:f9:a4:98:ff:d6:2a:3c:
24:71:fa:82:97:10:81:6f:97:bb:c2:96:73:b1:42:
1b:68:ee:e2:ad:35:a3:78:e8:11:6e:a2:bd:eb:fb:
ab:64:c1:2e:e8:8c:8e:0b:ff:b1:16:c1:0b:a2:40:
fb:95:fc:c1:81:bc:1c:1b:d5:78:75:f1:c1:a1:0a:
33:a6:85:b8:92:e8:4e:41:f6:4c:e6:93:2a:2c:99:
bf:12:e0:75:84:52:ad:26:fb:df:d4:0e:ae:6f:36:
c7:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:FB:2D:DE:2C:EC:CC:14:E2:15:81:64:D8:3D:2F:66:5A:E0:62:7C
X509v3 Authority Key Identifier:
keyid:8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/Qfst3izszBTiFYFk2D0vZlrgYnw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.202.95.0/24
91.92.115.0/24
Signature Algorithm: sha256WithRSAEncryption
11:fe:ab:ca:2e:cd:e4:b0:4f:8d:ac:49:c4:f3:a8:a9:be:fd:
32:eb:c1:68:a1:70:70:6c:ac:94:3d:24:f5:62:f3:3a:15:5c:
32:64:99:45:f1:cf:32:56:50:fd:81:1a:fc:e3:ef:8b:27:fb:
ff:fc:da:6d:a9:00:3f:f9:7e:03:ad:92:85:71:fd:91:5d:43:
43:81:58:d5:91:e9:6e:f7:0d:59:89:22:47:8a:3f:c7:dc:4d:
72:de:e8:ba:fa:a7:6a:d4:52:3c:05:80:d8:76:42:cd:68:01:
49:43:32:8a:33:10:1f:dc:79:d9:f3:13:09:b6:86:b1:46:11:
af:6c:ee:a6:66:99:4a:df:5b:49:37:8a:83:fd:ca:2a:d4:ac:
d0:31:0e:5f:b5:22:16:1d:d3:10:06:b7:53:06:b1:ac:41:07:
a5:9d:eb:19:43:99:36:25:80:49:7d:d8:dd:b7:d1:f3:c1:9c:
f1:58:76:de:7e:e6:2a:34:d4:c4:93:c7:0c:e8:33:50:39:1f:
aa:b8:82:ff:37:57:25:3d:91:23:9f:84:de:59:b7:04:50:3f:
e6:c7:a1:aa:68:e6:32:f8:1c:3b:31:a8:6a:74:92:e0:1e:62:
1b:9d:ca:f7:92:42:23:e3:5d:3a:05:fe:21:cc:e9:e7:fb:f7:
f8:49:60:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYnv7f2uhQMXVKKAIP817tRMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzY5YzZiYmU4OWU3YzA0NzliNjE3NzQ0YTQ0MjRmNjY2
NzQ5NDQwHhcNMjMwODEzMTcyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWZiMmRkZTJjZWNjYzE0ZTIxNTgxNjRkODNkMmY2NjVhZTA2MjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzCD95OJywyZxlmiZ+8JCFQI5n77
/Gry5ubq1sEQnjBc2hUsNpWMIYW1WKLRkwjdORpbtP/byXljB5wuqHRCV0JVYtNx
zDbM7X76umHph5wYTNjFun74/AIwGKEb43se+7YolihH5jT2oldKgoTVGuOmdmy8
ikHuau/Bk5fsPIrN9umItGu54vh4irk1adYoJpU4zzKlE+CT5zgpO/mkmP/WKjwk
cfqClxCBb5e7wpZzsUIbaO7irTWjeOgRbqK96/urZMEu6IyOC/+xFsELokD7lfzB
gbwcG9V4dfHBoQozpoW4kuhOQfZM5pMqLJm/EuB1hFKtJvvf1A6ubzbHlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEH7Ld4s7MwU4hWBZNg9L2Za4GJ8MB8GA1UdIwQY
MBaAFI3GnGu+iefAR5thd0SkQk9mZ0lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzct
YmI1Y2FhYzJlOTAzLzEvUWZzdDNpenN6QlRpRllGazJEMHZabHJnWW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzctYmI1Y2FhYzJlOTAz
LzEvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcpfAwQA
W1xzMA0GCSqGSIb3DQEBCwUAA4IBAQAR/qvKLs3ksE+NrEnE86ipvv0y68FooXBw
bKyUPST1YvM6FVwyZJlF8c8yVlD9gRr84++LJ/v//NptqQA/+X4DrZKFcf2RXUND
gVjVkelu9w1ZiSJHij/H3E1y3ui6+qdq1FI8BYDYdkLNaAFJQzKKMxAf3HnZ8xMJ
toaxRhGvbO6mZplK31tJN4qD/coq1KzQMQ5ftSIWHdMQBrdTBrGsQQelnesZQ5k2
JYBJfdjdt9HzwZzxWHbefuYqNNTEk8cM6DNQOR+quIL/N1clPZEjn4TeWbcEUD/m
x6GqaOYy+Bw7MahqdJLgHmIbncr3kkIj4106Bf4hzOnn+/f4SWDr
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:49:57 2025 by rpki-client