Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/QPKUh4OynBwpsN28jHGS4hU9np0.roa
File: QPKUh4OynBwpsN28jHGS4hU9np0.roa (raw, json)
Hash identifier: g93iRZLpjyjasALvzDSAdzchM/H042MNnt6fut3+YnM=
Subject key identifier: 40:F2:94:87:83:B2:9C:1C:29:B0:DD:BC:8C:71:92:E2:15:3D:9E:9D
Certificate issuer: /CN=509df728d1b46634054972d2945fda58073b5762
Certificate serial: 08A6ABB9
Authority key identifier: 50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/QPKUh4OynBwpsN28jHGS4hU9np0.roa
Signing time: Sat 01 Jan 2022 10:54:59 +0000
ROA not before: Sat 01 Jan 2022 10:54:59 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208972
IP address blocks: 45.12.52.0/24 maxlen: 24
45.12.55.0/24 maxlen: 24
45.12.53.0/24 maxlen: 24
45.12.54.0/24 maxlen: 24
2a0a:4940::/30 maxlen: 30
2a0a:4944::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 145140665 (0x8a6abb9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=509df728d1b46634054972d2945fda58073b5762
Validity
Not Before: Jan 1 10:54:59 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=40f2948783b29c1c29b0ddbc8c7192e2153d9e9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:49:e2:2d:3c:8b:33:d4:31:9b:85:e7:ac:c2:
33:89:ab:95:4f:ba:e3:8c:1d:47:16:71:73:4e:fc:
78:8b:83:bd:cf:69:a0:25:b2:ef:bb:8a:a6:57:d3:
6f:5d:d2:ca:05:b1:1a:45:e6:84:49:aa:ac:ec:4b:
a5:ca:af:f8:cf:b1:94:27:d9:bc:85:0b:4e:bb:bd:
6e:9b:ec:8f:3f:42:53:72:02:34:07:53:28:ae:15:
27:d1:23:b3:2c:37:23:7c:03:d5:82:c6:b6:00:27:
9b:e5:4b:cc:36:41:fc:27:a0:49:77:7e:d4:fc:c4:
52:34:1e:b0:a2:56:8f:1d:d7:2f:00:73:0c:b7:9d:
b8:76:67:bd:18:6b:17:ca:6c:ee:fe:d6:4b:fd:80:
88:b2:e1:90:0b:01:9c:7a:43:46:56:21:75:97:df:
c9:57:d9:04:ca:2f:aa:e7:ac:3b:51:cb:03:5e:6a:
b5:fd:91:22:d3:ca:79:b2:13:aa:ec:a2:3c:52:03:
41:61:4f:d8:90:fe:b0:a8:55:25:42:71:9b:97:62:
33:29:f8:b0:0d:e4:be:59:cc:37:ce:70:bb:6a:cb:
9a:0d:f6:09:2b:d5:0e:4b:53:b1:03:48:cc:2f:ec:
be:62:5d:84:53:d0:b1:24:c7:0a:20:a9:c6:71:6c:
64:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:F2:94:87:83:B2:9C:1C:29:B0:DD:BC:8C:71:92:E2:15:3D:9E:9D
X509v3 Authority Key Identifier:
keyid:50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/QPKUh4OynBwpsN28jHGS4hU9np0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.52.0/22
IPv6:
2a0a:4940::/29
Signature Algorithm: sha256WithRSAEncryption
6a:a5:58:fb:76:e1:59:25:4a:f5:3c:4b:19:88:e1:72:99:b0:
8b:9a:62:4f:c5:17:b2:3a:8d:bb:9a:02:6e:9f:60:82:4f:41:
de:e0:e1:a3:15:61:ab:6e:7d:16:b8:31:aa:f9:53:d3:1b:36:
7d:45:a8:0f:7d:28:05:bf:09:f0:00:c9:70:73:9b:23:c2:72:
51:6b:9e:1c:1d:2f:1f:9d:3d:90:10:8e:d1:eb:59:3f:a4:29:
36:f5:41:03:27:36:f8:8e:ee:79:8c:c2:c4:78:a6:b8:93:7e:
05:6a:d7:8a:ed:22:96:e2:ac:c2:4b:24:37:91:7a:72:78:32:
f5:4f:19:f2:24:72:f7:c8:30:39:c7:33:f9:20:a7:56:f1:ba:
4f:ed:5f:22:34:97:d5:13:7e:45:37:ff:82:70:35:12:e9:7a:
14:b2:f4:d6:a5:95:42:cf:eb:49:dc:cd:f2:fd:51:26:f3:cc:
1e:07:ab:e4:ee:38:a7:a7:6e:cb:6b:ce:6e:55:0e:26:af:29:
5e:c5:bc:d5:08:70:e5:86:61:05:92:1e:db:b1:c1:f5:54:d2:
59:29:a8:94:fe:5d:c2:b7:e4:2c:26:fb:dd:fe:6e:ec:e8:69:
19:a6:35:f4:01:0c:26:f4:8a:7f:e0:29:f8:b9:28:eb:98:d6:
13:2a:77:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECKaruTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
MDlkZjcyOGQxYjQ2NjM0MDU0OTcyZDI5NDVmZGE1ODA3M2I1NzYyMB4XDTIyMDEw
MTEwNTQ1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDBmMjk0ODc4M2Iy
OWMxYzI5YjBkZGJjOGM3MTkyZTIxNTNkOWU5ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALxJ4i08izPUMZuF56zCM4mrlU+644wdRxZxc078eIuDvc9p
oCWy77uKplfTb13SygWxGkXmhEmqrOxLpcqv+M+xlCfZvIULTru9bpvsjz9CU3IC
NAdTKK4VJ9Ejsyw3I3wD1YLGtgAnm+VLzDZB/CegSXd+1PzEUjQesKJWjx3XLwBz
DLeduHZnvRhrF8ps7v7WS/2AiLLhkAsBnHpDRlYhdZffyVfZBMovquesO1HLA15q
tf2RItPKebITquyiPFIDQWFP2JD+sKhVJUJxm5diMyn4sA3kvlnMN85wu2rLmg32
CSvVDktTsQNIzC/svmJdhFPQsSTHCiCpxnFsZJcCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRA8pSHg7KcHCmw3byMcZLiFT2enTAfBgNVHSMEGDAWgBRQnfco0bRmNAVJ
ctKUX9pYBztXYjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1VKMzNLTkcwWmpRRlNYTFNsRl9hV0FjN1YySS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTQvYWNmY2I2LWQ3OGEtNDQ4YS1hNzYxLWRkM2I0ZjgzODFjNC8x
L1FQS1VoNE95bkJ3cHNOMjhqSEdTNGhVOW5wMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQv
YWNmY2I2LWQ3OGEtNDQ4YS1hNzYxLWRkM2I0ZjgzODFjNC8xL1VKMzNLTkcwWmpR
RlNYTFNsRl9hV0FjN1YySS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi0MNDANBAIAAjAHAwUDKgpJQDAN
BgkqhkiG9w0BAQsFAAOCAQEAaqVY+3bhWSVK9TxLGYjhcpmwi5piT8UXsjqNu5oC
bp9ggk9B3uDhoxVhq259FrgxqvlT0xs2fUWoD30oBb8J8ADJcHObI8JyUWueHB0v
H509kBCO0etZP6QpNvVBAyc2+I7ueYzCxHimuJN+BWrXiu0iluKswkskN5F6cngy
9U8Z8iRy98gwOccz+SCnVvG6T+1fIjSX1RN+RTf/gnA1Eul6FLL01qWVQs/rSdzN
8v1RJvPMHger5O44p6duy2vOblUOJq8pXsW81Qhw5YZhBZIe27HB9VTSWSmolP5d
wrfkLCb73f5u7OhpGaY19AEMJvSKf+Ap+Lko65jWEyp3nQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:05:56 2025 by rpki-client