Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/QC7qpKvZjaDK5dpmtEhD2gFj9_4.roa
File: QC7qpKvZjaDK5dpmtEhD2gFj9_4.roa (raw, json)
Hash identifier: LB4K/lM3sq2Ks1okTEETzD/pvuyE+fEVSSDNE3V4mzs=
Subject key identifier: 40:2E:EA:A4:AB:D9:8D:A0:CA:E5:DA:66:B4:48:43:DA:01:63:F7:FE
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0187984C2B26EE2B4F33FCBEED0DEE701462
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/QC7qpKvZjaDK5dpmtEhD2gFj9_4.roa
Signing time: Wed 19 Apr 2023 06:55:41 +0000
ROA not before: Wed 19 Apr 2023 06:55:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.32.0/21 maxlen: 24
109.111.52.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:98:4c:2b:26:ee:2b:4f:33:fc:be:ed:0d:ee:70:14:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Apr 19 06:55:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=402eeaa4abd98da0cae5da66b44843da0163f7fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:be:0a:63:4b:07:19:ee:d2:bf:a5:bb:fa:66:
b3:29:c6:bd:d9:c0:24:75:48:fa:0b:e7:8f:b6:cd:
49:73:45:79:c1:73:46:58:b2:0d:95:3b:42:c0:e0:
cb:d1:3d:34:1f:2a:c0:ff:f7:da:d1:74:97:b6:b4:
71:8e:62:ba:b1:a3:3a:9e:32:ce:61:2c:9a:2a:42:
a8:db:53:ca:e6:f2:2d:0d:4f:56:c5:69:5f:8a:45:
16:06:60:d6:55:3a:ac:89:b7:6e:9d:c6:98:6c:a6:
84:87:42:14:f3:4e:97:82:c2:bb:b8:52:ac:d9:ab:
11:d5:b5:fa:93:fb:ef:a5:b3:fd:6b:eb:40:2a:59:
a1:27:95:46:c8:42:7a:26:b6:1e:b6:62:5a:76:d7:
02:cd:bd:7b:a3:64:64:70:75:a0:dd:21:ab:76:4c:
fa:72:ae:c5:22:2b:1f:de:6a:77:71:63:63:fe:c6:
af:93:69:29:52:b1:37:ef:43:69:f9:aa:63:6e:0a:
29:0f:6e:f8:43:86:b2:bf:f7:89:b1:12:c2:59:a1:
02:f7:ef:b8:d6:0d:6a:b5:ca:99:da:af:ef:fc:21:
d7:5b:93:26:ab:4d:5d:85:1b:3c:7e:c3:71:17:e1:
91:9e:09:d6:2a:93:e9:b2:5f:4b:81:de:b7:4e:c1:
f7:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:2E:EA:A4:AB:D9:8D:A0:CA:E5:DA:66:B4:48:43:DA:01:63:F7:FE
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/QC7qpKvZjaDK5dpmtEhD2gFj9_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.32.0/21
109.111.52.0/22
Signature Algorithm: sha256WithRSAEncryption
6c:6f:82:78:9f:93:5b:80:c1:60:db:b9:6a:dd:e7:36:94:00:
4e:fe:ee:dc:d3:36:07:23:89:27:89:2a:a1:26:ad:d7:a0:47:
ad:13:7e:79:a0:6b:dc:83:9e:69:66:2d:03:e6:00:19:eb:bf:
7d:ea:98:e4:b1:47:72:06:7a:ea:f5:12:6a:4e:1f:32:60:5b:
8b:a7:69:01:0d:27:96:bf:a1:6c:47:ac:3a:9b:55:ab:68:79:
59:df:47:aa:f3:f8:8d:55:a7:0e:03:d9:17:82:7f:4c:66:f1:
fc:d8:f5:79:16:99:7d:3d:f7:4e:59:e8:28:6c:71:b6:f7:42:
27:73:c0:57:b2:43:e6:a1:b2:49:75:a4:fb:35:e9:44:0a:62:
64:39:fb:57:a9:fa:0d:3a:2e:ef:a2:6f:f2:38:55:b1:79:eb:
ee:0c:19:ef:e1:be:20:a1:b8:8c:6c:9f:69:09:af:06:e5:13:
38:d3:f9:c1:e8:a3:74:ed:17:68:8b:4f:0b:8c:4b:84:c9:fe:
25:5b:26:46:e5:5b:57:01:31:94:b2:10:24:06:a1:2a:b8:88:
7b:72:2a:6a:8a:36:a2:20:ee:99:fe:42:1c:4f:8e:28:9c:f9:
83:9a:ab:ef:37:3b:00:63:f2:b6:d4:ce:4d:32:9c:ab:6a:9f:
f1:84:94:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYeYTCsm7itPM/y+7Q3ucBRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwNDE5MDY1NTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDJlZWFhNGFiZDk4ZGEwY2FlNWRhNjZiNDQ4NDNkYTAxNjNmN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL4KY0sHGe7Sv6W7+mazKca92cAk
dUj6C+ePts1Jc0V5wXNGWLINlTtCwODL0T00HyrA//fa0XSXtrRxjmK6saM6njLO
YSyaKkKo21PK5vItDU9WxWlfikUWBmDWVTqsibduncaYbKaEh0IU806XgsK7uFKs
2asR1bX6k/vvpbP9a+tAKlmhJ5VGyEJ6JrYetmJadtcCzb17o2RkcHWg3SGrdkz6
cq7FIisf3mp3cWNj/savk2kpUrE370Np+apjbgopD274Q4ayv/eJsRLCWaEC9++4
1g1qtcqZ2q/v/CHXW5Mmq01dhRs8fsNxF+GRngnWKpPpsl9Lgd63TsH33QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEAu6qSr2Y2gyuXaZrRIQ9oBY/f+MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvUUM3cXBLdlpqYURLNWRwbXRFaEQyZ0ZqOV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCJYD4AwQD
X1IgAwQCbW80MA0GCSqGSIb3DQEBCwUAA4IBAQBsb4J4n5NbgMFg27lq3ec2lABO
/u7c0zYHI4kniSqhJq3XoEetE355oGvcg55pZi0D5gAZ67996pjksUdyBnrq9RJq
Th8yYFuLp2kBDSeWv6FsR6w6m1WraHlZ30eq8/iNVacOA9kXgn9MZvH82PV5Fpl9
PfdOWegobHG290Inc8BXskPmobJJdaT7NelECmJkOftXqfoNOi7vom/yOFWxeevu
DBnv4b4gobiMbJ9pCa8G5RM40/nB6KN07Rdoi08LjEuEyf4lWyZG5VtXATGUshAk
BqEquIh7cipqijaiIO6Z/kIcT44onPmDmqvvNzsAY/K21M5NMpyrap/xhJTQ
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:16:48 2025 by rpki-client