Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/24q7MdxlWwOTr5pt_dJkordaxL4.roa
File: 24q7MdxlWwOTr5pt_dJkordaxL4.roa (raw, json)
Hash identifier: Y34LetpZKnpRAhSKYe22k0tLz9xDm/lMUeZmU9ybm4Y=
Subject key identifier: DB:8A:BB:31:DC:65:5B:03:93:AF:9A:6D:FD:D2:64:A2:B7:5A:C4:BE
Certificate issuer: /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial: 018431B7A4C6C2B2A7AD46D34D51C2758E22
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/24q7MdxlWwOTr5pt_dJkordaxL4.roa
Signing time: Tue 01 Nov 2022 05:43:49 +0000
ROA not before: Tue 01 Nov 2022 05:43:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44854
IP address blocks: 45.113.236.0/23 maxlen: 24
103.229.81.0/24 maxlen: 24
185.219.6.0/24 maxlen: 24
103.243.124.0/22 maxlen: 24
27.123.244.0/22 maxlen: 22
93.114.180.0/23 maxlen: 24
2a10:e300:35::/48 maxlen: 48
2a10:e300::/32 maxlen: 48
2a10:e300:26::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:31:b7:a4:c6:c2:b2:a7:ad:46:d3:4d:51:c2:75:8e:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Validity
Not Before: Nov 1 05:43:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=db8abb31dc655b0393af9a6dfdd264a2b75ac4be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:6e:6e:16:b5:d9:37:75:72:4d:69:7d:a2:00:
f0:a6:92:00:06:c8:9a:f5:1a:5a:0f:40:cb:b3:83:
1b:cc:46:99:39:32:e2:68:65:28:c6:81:ee:d4:00:
de:4c:c1:e4:15:80:22:47:aa:b1:06:19:95:23:71:
c4:8b:39:80:d3:6d:fc:90:af:15:10:43:18:71:10:
20:9a:c4:33:1a:ae:08:09:c8:26:9f:98:a4:e8:5e:
76:db:c0:90:0a:a6:c4:54:16:d6:73:df:ef:6a:ca:
40:38:1d:da:03:75:62:0c:f5:9f:44:0a:4d:06:e5:
bf:40:5e:72:4f:85:2c:91:27:9f:f6:3b:53:f3:b0:
ff:0e:e9:a5:19:f2:81:c4:20:5f:08:6f:6d:cb:1c:
d0:62:59:47:41:fd:89:11:ee:03:0a:bc:e1:66:59:
58:8e:2b:77:a8:34:12:b9:5f:64:bd:de:b6:36:4b:
62:57:f0:1a:e0:39:ce:d9:98:f5:ac:04:0b:b0:a2:
6d:f5:54:37:f5:83:04:f2:b7:fa:7d:7a:c0:08:b9:
0a:ac:8b:a1:7b:7e:dd:36:0e:fe:4a:87:64:28:36:
88:a0:6b:a5:13:7f:7f:2a:44:3b:cf:2f:19:e3:77:
69:e6:77:84:c2:5b:fd:d4:3b:f2:3d:b5:4a:b4:b4:
14:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:8A:BB:31:DC:65:5B:03:93:AF:9A:6D:FD:D2:64:A2:B7:5A:C4:BE
X509v3 Authority Key Identifier:
keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/24q7MdxlWwOTr5pt_dJkordaxL4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
27.123.244.0/22
45.113.236.0/23
93.114.180.0/23
103.229.81.0/24
103.243.124.0/22
185.219.6.0/24
IPv6:
2a10:e300::/32
Signature Algorithm: sha256WithRSAEncryption
af:26:60:db:ac:7e:cb:d3:94:6a:10:0b:82:c7:66:ec:f7:b1:
52:bf:b0:f8:1d:13:86:c2:76:ca:e7:bd:e3:ba:08:d1:07:84:
f7:c6:7b:0b:c6:32:7c:cb:8e:dc:34:db:8b:52:7e:32:c0:cd:
56:45:ff:da:48:ad:dc:5c:7a:a0:80:7f:0c:03:fd:a2:b9:05:
6f:96:38:3f:fb:2f:f1:d5:4a:8e:6d:28:36:9f:20:d6:c7:27:
fc:6e:03:12:ee:9a:79:3e:8d:99:ad:eb:82:d3:90:99:28:6f:
53:f0:15:79:f6:dc:d7:11:14:5c:8b:37:bb:07:29:85:76:bd:
39:e1:78:ec:35:f5:c0:47:a1:4c:e6:99:8f:a0:7f:b3:3e:1a:
4b:0a:06:d7:9e:b9:ea:be:29:a3:34:dd:55:a2:1f:d2:24:01:
5b:8f:13:03:a1:e8:a9:0d:61:d6:54:be:f2:67:0d:cc:79:64:
af:40:0f:b7:fa:c6:33:ba:9b:0c:e2:53:fd:06:94:09:ab:30:
6f:63:27:3b:71:fe:5e:09:7c:f8:fa:ae:cf:f4:64:05:f4:ad:
3b:44:11:b4:92:46:90:5f:ad:3d:7c:37:cb:bf:28:00:15:41:
f4:6a:94:20:8d:5d:00:aa:09:43:0e:b0:05:de:a3:30:36:f8:
58:82:d9:0c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYQxt6TGwrKnrUbTTVHCdY4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjIxMTAxMDU0MzQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhhYmIzMWRjNjU1YjAzOTNhZjlhNmRmZGQyNjRhMmI3NWFjNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhW5uFrXZN3VyTWl9ogDwppIABsia
9RpaD0DLs4MbzEaZOTLiaGUoxoHu1ADeTMHkFYAiR6qxBhmVI3HEizmA0238kK8V
EEMYcRAgmsQzGq4ICcgmn5ik6F5228CQCqbEVBbWc9/vaspAOB3aA3ViDPWfRApN
BuW/QF5yT4UskSef9jtT87D/DumlGfKBxCBfCG9tyxzQYllHQf2JEe4DCrzhZllY
jit3qDQSuV9kvd62NktiV/Aa4DnO2Zj1rAQLsKJt9VQ39YME8rf6fXrACLkKrIuh
e37dNg7+SodkKDaIoGulE39/KkQ7zy8Z43dp5neEwlv91DvyPbVKtLQUJwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNuKuzHcZVsDk6+abf3SZKK3WsS+MB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvMjRxN01keGxXd09UcjVwdF9kSmtvcmRheEw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCG3v0AwQB
LXHsAwQBXXK0AwQAZ+VRAwQCZ/N8AwQAudsGMA0EAgACMAcDBQAqEOMAMA0GCSqG
SIb3DQEBCwUAA4IBAQCvJmDbrH7L05RqEAuCx2bs97FSv7D4HROGwnbK573jugjR
B4T3xnsLxjJ8y47cNNuLUn4ywM1WRf/aSK3cXHqggH8MA/2iuQVvljg/+y/x1UqO
bSg2nyDWxyf8bgMS7pp5Po2ZreuC05CZKG9T8BV59tzXERRcize7BymFdr054Xjs
NfXAR6FM5pmPoH+zPhpLCgbXnrnqvimjNN1Voh/SJAFbjxMDoeipDWHWVL7yZw3M
eWSvQA+3+sYzupsM4lP9BpQJqzBvYyc7cf5eCXz4+q7P9GQF9K07RBG0kkaQX609
fDfLvygAFUH0apQgjV0AqglDDrAF3qMwNvhYgtkM
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:15 2024 by rpki-client on console-ams.rpki-client.org