Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/c8ae79-6d7b-4776-80b7-420492cd1afd/1/QGT53h-2hxBk0k4Jw78uciWl9dA.roa
File: QGT53h-2hxBk0k4Jw78uciWl9dA.roa (raw, json)
Hash identifier: akLh8pkZ4w977a8rKjeaAAowK45K2au7I0qcNtbtusE=
Subject key identifier: 40:64:F9:DE:1F:B6:87:10:64:D2:4E:09:C3:BF:2E:72:25:A5:F5:D0
Certificate issuer: /CN=7ed24c5d344fb92bcf4cf6e1e569f51ae41aa87c
Certificate serial: 0194236993D9217A1ADF1161027B648E18F9
Authority key identifier: 7E:D2:4C:5D:34:4F:B9:2B:CF:4C:F6:E1:E5:69:F5:1A:E4:1A:A8:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ftJMXTRPuSvPTPbh5Wn1GuQaqHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/c8ae79-6d7b-4776-80b7-420492cd1afd/1/QGT53h-2hxBk0k4Jw78uciWl9dA.roa
Signing time: Wed 01 Jan 2025 19:48:29 +0000
ROA not before: Wed 01 Jan 2025 19:48:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48603
IP address blocks: 45.147.92.0/24 maxlen: 24
45.147.93.0/24 maxlen: 24
2a0f:f800::/29 maxlen: 31
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:93:d9:21:7a:1a:df:11:61:02:7b:64:8e:18:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7ed24c5d344fb92bcf4cf6e1e569f51ae41aa87c
Validity
Not Before: Jan 1 19:48:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4064f9de1fb6871064d24e09c3bf2e7225a5f5d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:b7:85:79:89:3a:51:8a:30:5c:d2:a1:a8:88:
bf:79:02:36:62:c6:bd:d7:8e:2a:9f:d2:62:22:62:
7b:6a:97:5c:5d:9a:7e:b7:6e:2e:35:a9:25:4a:45:
5f:ec:bd:e0:7f:81:18:ee:86:9e:9d:8b:e5:83:53:
f1:1f:37:93:42:b9:e2:8a:50:f4:05:5a:45:aa:15:
ef:ca:e8:16:47:d5:3c:b8:70:51:ee:0e:61:82:99:
c6:21:dd:79:e8:c1:53:e1:3c:62:4b:cf:b5:5c:cd:
09:19:f2:2d:a3:93:4f:47:fb:10:8a:b6:a2:72:94:
c3:57:d2:2a:ac:db:d2:7b:8f:71:e1:5e:4b:0d:24:
84:b5:c7:a4:a1:da:e5:ad:31:25:9d:25:3f:17:94:
cd:46:ff:2b:42:cf:fc:a2:26:e5:76:66:2c:71:7b:
a5:5c:fc:bf:43:69:29:b5:00:62:25:6a:24:4e:67:
cb:f5:26:a4:c6:d6:57:56:10:7e:f3:c7:1c:53:fc:
bd:89:da:b6:8a:fe:11:3a:3b:ef:06:71:3c:98:0b:
55:85:b5:2c:e3:7b:47:1d:c8:79:a0:11:d6:98:6e:
d6:2b:a9:79:eb:7e:7c:86:d1:93:27:ae:04:0e:68:
14:1a:bb:48:c2:c0:1b:ab:46:b6:17:28:ff:8a:5c:
86:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:64:F9:DE:1F:B6:87:10:64:D2:4E:09:C3:BF:2E:72:25:A5:F5:D0
X509v3 Authority Key Identifier:
keyid:7E:D2:4C:5D:34:4F:B9:2B:CF:4C:F6:E1:E5:69:F5:1A:E4:1A:A8:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ftJMXTRPuSvPTPbh5Wn1GuQaqHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/c8ae79-6d7b-4776-80b7-420492cd1afd/1/QGT53h-2hxBk0k4Jw78uciWl9dA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/c8ae79-6d7b-4776-80b7-420492cd1afd/1/ftJMXTRPuSvPTPbh5Wn1GuQaqHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.147.92.0/23
IPv6:
2a0f:f800::/29
Signature Algorithm: sha256WithRSAEncryption
b4:9b:3d:dd:ef:f6:67:1b:20:6f:78:9f:66:dc:30:4b:4a:bf:
78:49:1e:c6:fd:ab:9f:30:76:0a:81:17:50:d1:7a:c9:12:15:
78:f7:29:c1:cb:99:14:4a:5c:ad:c8:fb:51:c7:e6:bd:a2:b7:
9d:a7:ac:b3:56:fd:71:00:e1:35:5f:99:dc:ee:dc:60:fe:f9:
c3:c9:5e:8a:df:22:e4:cf:5d:9a:c6:c4:d1:b7:e4:64:69:42:
f1:02:4f:87:df:8d:32:a7:4c:89:e1:06:a5:13:bc:75:a9:b8:
72:4f:4f:6c:61:17:3b:97:0c:f5:18:d4:80:6a:f8:8b:d5:ad:
ad:1f:ed:4d:87:b8:7c:c3:ed:f6:1e:b7:6a:49:99:d4:10:99:
87:b5:cd:6d:20:9a:6c:45:54:3b:15:0b:36:ec:3d:92:6f:f5:
ae:c5:68:5b:77:b2:aa:2e:62:9f:7d:ab:db:6d:ec:b9:6b:fa:
a6:67:ac:34:98:9e:eb:50:e0:76:1c:5d:57:8d:46:ab:d5:3f:
db:b5:5f:f6:ed:5c:aa:67:2e:9f:7c:b1:dd:88:4b:10:d8:99:
1e:d1:f6:cd:86:a1:3c:1e:25:63:ad:42:1b:bd:fd:16:bf:ca:
8c:95:a4:e5:c6:bf:48:b4:b4:e4:45:a1:cc:7f:e3:c3:a2:1b:
09:d4:6a:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaZPZIXoa3xFhAntkjhj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZDI0YzVkMzQ0ZmI5MmJjZjRjZjZlMWU1NjlmNTFhZTQx
YWE4N2MwHhcNMjUwMTAxMTk0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDY0ZjlkZTFmYjY4NzEwNjRkMjRlMDljM2JmMmU3MjI1YTVmNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLeFeYk6UYowXNKhqIi/eQI2Ysa9
144qn9JiImJ7apdcXZp+t24uNaklSkVf7L3gf4EY7oaenYvlg1PxHzeTQrniilD0
BVpFqhXvyugWR9U8uHBR7g5hgpnGId156MFT4TxiS8+1XM0JGfIto5NPR/sQirai
cpTDV9IqrNvSe49x4V5LDSSEtcekodrlrTElnSU/F5TNRv8rQs/8oibldmYscXul
XPy/Q2kptQBiJWokTmfL9SakxtZXVhB+88ccU/y9idq2iv4ROjvvBnE8mAtVhbUs
43tHHch5oBHWmG7WK6l56358htGTJ64EDmgUGrtIwsAbq0a2Fyj/ilyGAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEBk+d4ftocQZNJOCcO/LnIlpfXQMB8GA1UdIwQY
MBaAFH7STF00T7krz0z24eVp9RrkGqh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnRKTVhUUlB1U3ZQVFBiaDVXbjFHdVFhcUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9jOGFlNzktNmQ3Yi00Nzc2LTgwYjct
NDIwNDkyY2QxYWZkLzEvUUdUNTNoLTJoeEJrMGs0Snc3OHVjaVdsOWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9jOGFlNzktNmQ3Yi00Nzc2LTgwYjctNDIwNDkyY2QxYWZk
LzEvZnRKTVhUUlB1U3ZQVFBiaDVXbjFHdVFhcUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLZNcMA0E
AgACMAcDBQMqD/gAMA0GCSqGSIb3DQEBCwUAA4IBAQC0mz3d7/ZnGyBveJ9m3DBL
Sr94SR7G/aufMHYKgRdQ0XrJEhV49ynBy5kUSlytyPtRx+a9oredp6yzVv1xAOE1
X5nc7txg/vnDyV6K3yLkz12axsTRt+RkaULxAk+H340yp0yJ4QalE7x1qbhyT09s
YRc7lwz1GNSAaviL1a2tH+1Nh7h8w+32HrdqSZnUEJmHtc1tIJpsRVQ7FQs27D2S
b/WuxWhbd7KqLmKffavbbey5a/qmZ6w0mJ7rUOB2HF1XjUar1T/btV/27VyqZy6f
fLHdiEsQ2Jke0fbNhqE8HiVjrUIbvf0Wv8qMlaTlxr9ItLTkRaHMf+PDohsJ1GpN
-----END CERTIFICATE-----
Generated at Tue Apr 22 19:36:54 2025 by rpki-client