Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/Q9mkn-tdEg_q1vAb2yz22saV28A.roa
File: Q9mkn-tdEg_q1vAb2yz22saV28A.roa (raw, json)
Hash identifier: 00p+lOhD2+EWi8FsqPMh4uDYg9NygVC23oNXUInPn40=
Subject key identifier: 43:D9:A4:9F:EB:5D:12:0F:EA:D6:F0:1B:DB:2C:F6:DA:C6:95:DB:C0
Certificate issuer: /CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Certificate serial: 0188FD820AE4E277CF5E8D8C4A50143C065B
Authority key identifier: A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/Q9mkn-tdEg_q1vAb2yz22saV28A.roa
Signing time: Tue 27 Jun 2023 15:38:58 +0000
ROA not before: Tue 27 Jun 2023 15:38:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56911
IP address blocks: 185.139.180.0/24 maxlen: 24
195.177.112.0/24 maxlen: 24
195.177.115.0/24 maxlen: 24
195.177.114.0/24 maxlen: 24
195.177.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:fd:82:0a:e4:e2:77:cf:5e:8d:8c:4a:50:14:3c:06:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Validity
Not Before: Jun 27 15:38:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43d9a49feb5d120fead6f01bdb2cf6dac695dbc0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:53:5b:70:e5:8f:61:c3:ab:ba:a4:1e:43:4f:
bb:a6:cd:37:e9:56:20:f6:25:5a:ea:84:68:b1:68:
55:eb:6f:73:59:42:ae:ac:fb:e4:b1:c5:43:11:ba:
6a:39:db:a8:ff:45:0a:60:61:26:3e:6d:69:67:ef:
f3:34:94:aa:a6:40:23:c7:84:f9:7d:cc:1c:6d:32:
18:f3:0c:2c:89:3c:5e:46:be:c0:80:fb:b9:90:e2:
18:29:53:e8:5c:f7:e8:cc:cc:5d:b2:3f:ab:8e:96:
3e:63:59:30:09:59:35:21:01:b7:4f:86:b4:ab:a6:
f7:c0:cd:50:1d:4b:ca:64:f9:69:a1:44:1d:ee:f4:
52:ae:53:9b:6a:ab:15:d6:7b:bc:5e:91:eb:84:d4:
45:f5:31:fb:9c:6a:e8:6c:ee:22:5e:b3:1c:1b:b0:
bd:0d:1a:62:69:4c:19:7c:5d:81:62:33:53:17:7a:
6b:a2:93:bd:8a:e5:98:5c:59:65:27:92:a5:66:81:
29:35:ea:62:18:e8:f5:60:9f:84:70:e9:f4:d4:11:
6f:b6:18:c1:71:d3:a9:de:59:f4:6a:49:41:ee:3e:
28:3e:1b:c5:19:fc:6d:15:ee:da:ac:f6:5c:e9:67:
1a:c0:dd:47:ac:20:0e:ab:03:60:a5:1c:16:e3:21:
af:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:D9:A4:9F:EB:5D:12:0F:EA:D6:F0:1B:DB:2C:F6:DA:C6:95:DB:C0
X509v3 Authority Key Identifier:
keyid:A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/Q9mkn-tdEg_q1vAb2yz22saV28A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/o3F-pUuVlC-tgalD7bHBD535Svs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.139.180.0/24
195.177.112.0/22
Signature Algorithm: sha256WithRSAEncryption
93:80:61:cd:b7:c0:63:4b:4e:d0:6d:27:c0:9a:b7:33:db:41:
fe:ab:1d:51:05:6e:6c:e0:66:1a:7e:91:cc:2e:25:3f:e9:10:
7d:38:7c:6e:11:74:a2:39:7c:2c:bb:96:c6:24:1a:e1:73:79:
95:9c:d1:8e:16:eb:af:ab:52:da:2d:dc:4f:29:d7:15:f9:54:
a8:01:f7:ab:db:ac:a8:72:26:18:ce:65:14:d8:83:90:21:28:
ca:10:4a:f8:b6:39:6f:21:de:ec:22:7a:8b:66:d7:35:54:e2:
83:14:88:1b:9f:cd:e2:4f:b7:04:a8:1c:86:f0:48:92:36:cb:
ef:1a:e9:97:23:ac:d6:03:85:e7:f5:e7:92:c6:50:23:0f:40:
1b:56:c0:1a:9e:ac:82:12:0d:60:05:a5:94:d0:3f:ce:0b:cb:
c9:82:3f:ec:1a:6e:f6:d3:d5:dc:c8:e6:32:11:d7:50:f9:d2:
14:47:01:99:0c:42:b4:f7:41:46:9c:0e:e1:86:0f:66:30:c5:
bb:01:82:8e:0e:3f:8e:2d:19:7b:7f:c5:78:17:6d:6d:b9:54:
59:e3:a3:98:71:d6:fc:d2:16:73:96:4b:4f:53:f4:eb:eb:64:
1a:8e:99:52:e5:64:40:07:6b:b4:27:9d:8c:a9:5d:b7:1a:18:
26:e6:88:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYj9ggrk4nfPXo2MSlAUPAZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzE3ZWE1NGI5NTk0MmZhZDgxYTk0M2VkYjFjMTBmOWRm
OTRhZmIwHhcNMjMwNjI3MTUzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Q5YTQ5ZmViNWQxMjBmZWFkNmYwMWJkYjJjZjZkYWM2OTVkYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVNbcOWPYcOruqQeQ0+7ps036VYg
9iVa6oRosWhV629zWUKurPvkscVDEbpqOduo/0UKYGEmPm1pZ+/zNJSqpkAjx4T5
fcwcbTIY8wwsiTxeRr7AgPu5kOIYKVPoXPfozMxdsj+rjpY+Y1kwCVk1IQG3T4a0
q6b3wM1QHUvKZPlpoUQd7vRSrlObaqsV1nu8XpHrhNRF9TH7nGrobO4iXrMcG7C9
DRpiaUwZfF2BYjNTF3propO9iuWYXFllJ5KlZoEpNepiGOj1YJ+EcOn01BFvthjB
cdOp3ln0aklB7j4oPhvFGfxtFe7arPZc6WcawN1HrCAOqwNgpRwW4yGvTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEPZpJ/rXRIP6tbwG9ss9trGldvAMB8GA1UdIwQY
MBaAFKNxfqVLlZQvrYGpQ+2xwQ+d+Ur7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTct
MTU3YWQwYWM1MjBhLzEvUTlta24tdGRFZ19xMXZBYjJ5ejIyc2FWMjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTctMTU3YWQwYWM1MjBh
LzEvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYu0AwQC
w7FwMA0GCSqGSIb3DQEBCwUAA4IBAQCTgGHNt8BjS07QbSfAmrcz20H+qx1RBW5s
4GYafpHMLiU/6RB9OHxuEXSiOXwsu5bGJBrhc3mVnNGOFuuvq1LaLdxPKdcV+VSo
Afer26yociYYzmUU2IOQISjKEEr4tjlvId7sInqLZtc1VOKDFIgbn83iT7cEqByG
8EiSNsvvGumXI6zWA4Xn9eeSxlAjD0AbVsAanqyCEg1gBaWU0D/OC8vJgj/sGm72
09XcyOYyEddQ+dIURwGZDEK090FGnA7hhg9mMMW7AYKODj+OLRl7f8V4F21tuVRZ
46OYcdb80hZzlktPU/Tr62QajplS5WRAB2u0J52MqV23Ghgm5ohN
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:29:03 2025 by rpki-client