Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/QDGJjbnFX4JWFcDzU0Sb-8yfyl8.roa
File: QDGJjbnFX4JWFcDzU0Sb-8yfyl8.roa (raw, json)
Hash identifier: XT8F8TLDF28W7ZP1z/wEnliir0uXXaC/ODnUnpFVTf8=
Subject key identifier: 40:31:89:8D:B9:C5:5F:82:56:15:C0:F3:53:44:9B:FB:CC:9F:CA:5F
Certificate issuer: /CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Certificate serial: 0186784D4CCAA1BCA1B07DC07C5288E93369
Authority key identifier: A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/QDGJjbnFX4JWFcDzU0Sb-8yfyl8.roa
Signing time: Wed 22 Feb 2023 08:46:17 +0000
ROA not before: Wed 22 Feb 2023 08:46:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56911
IP address blocks: 185.139.181.0/24 maxlen: 24
185.139.180.0/24 maxlen: 24
185.139.182.0/24 maxlen: 24
195.177.112.0/24 maxlen: 24
195.177.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:78:4d:4c:ca:a1:bc:a1:b0:7d:c0:7c:52:88:e9:33:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Validity
Not Before: Feb 22 08:46:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4031898db9c55f825615c0f353449bfbcc9fca5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:97:c4:fe:ea:62:16:63:ff:e8:f3:65:46:dc:
05:68:6f:6a:a7:3d:de:3d:db:1c:10:f7:34:c5:67:
11:29:63:b8:e8:ea:65:9d:4a:3d:a1:f0:32:ba:93:
97:d3:4b:3d:52:2c:00:ba:77:63:cc:0a:18:7c:87:
59:38:f1:cf:3c:47:48:04:be:0e:25:a9:0f:fb:10:
ae:85:ff:46:72:d5:db:ae:8f:e5:35:c7:ce:e2:3a:
fb:67:e2:17:a0:6e:d2:42:88:e3:71:db:85:df:e6:
37:ba:52:a7:86:01:b0:97:34:26:44:7d:ec:06:f2:
77:93:59:36:6e:28:f9:87:6b:60:22:5a:c4:cb:c2:
88:0f:9b:50:fa:35:92:e8:87:f5:55:b0:ca:da:e3:
39:5e:6a:8d:c0:63:f7:8b:c6:4c:f6:14:d7:93:11:
3d:af:85:3e:26:0e:f5:7e:8c:da:d4:af:39:43:4c:
f4:c4:c8:51:84:60:27:81:47:81:8f:a1:fd:26:3a:
16:70:7f:68:17:6d:63:af:81:4d:2f:31:2b:29:0a:
c3:9d:10:f7:9d:7b:6d:f7:fc:12:79:f5:ea:45:15:
6a:11:fb:0b:41:ca:4b:80:65:05:44:4b:21:b8:fb:
cb:db:90:6c:a9:78:3a:be:c4:d1:86:7e:df:1f:09:
1c:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:31:89:8D:B9:C5:5F:82:56:15:C0:F3:53:44:9B:FB:CC:9F:CA:5F
X509v3 Authority Key Identifier:
keyid:A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/QDGJjbnFX4JWFcDzU0Sb-8yfyl8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/o3F-pUuVlC-tgalD7bHBD535Svs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.139.180.0-185.139.182.255
195.177.112.0/24
195.177.114.0/24
Signature Algorithm: sha256WithRSAEncryption
92:e7:79:8d:a2:0a:6f:09:41:c9:f9:70:61:09:4d:be:58:87:
71:11:fd:60:79:4f:99:5e:8d:40:91:97:ae:96:b7:7f:da:44:
bd:3a:d3:1c:8a:de:49:58:cb:72:4b:1b:0a:6a:dc:1d:5a:8d:
07:d8:f4:8e:d7:a6:21:11:38:05:ae:cb:9c:41:40:ce:cd:39:
6a:31:19:49:e6:1e:93:38:6c:af:2f:ac:13:74:2b:82:cb:9b:
28:ec:b0:1a:96:4e:3d:9f:f2:9b:76:bd:04:29:f9:2e:c3:e9:
f1:8d:31:cb:0b:e9:98:51:c6:c3:57:ba:23:c1:da:fe:fb:e9:
d9:e6:92:79:c9:b8:a2:c1:76:06:4b:b0:6c:d1:c1:79:a6:c8:
15:93:43:2d:89:ee:70:48:b5:eb:27:56:cf:62:86:03:40:7d:
e1:cb:12:06:4e:27:3a:2a:f2:62:86:f8:5e:14:02:2a:16:80:
72:a1:19:e8:fd:06:21:a5:bb:3b:3f:a8:d8:20:12:3f:06:83:
ae:c3:12:17:12:96:14:54:2e:48:c5:d2:fd:84:e1:63:21:8d:
13:cc:e9:5a:9f:25:da:7d:9e:ec:e5:7d:29:9e:ff:9d:c3:3e:
ef:46:13:c6:01:d2:be:9f:0f:c7:af:8a:cd:33:6d:4a:69:c8:
5f:4e:34:6e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYZ4TUzKobyhsH3AfFKI6TNpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzE3ZWE1NGI5NTk0MmZhZDgxYTk0M2VkYjFjMTBmOWRm
OTRhZmIwHhcNMjMwMjIyMDg0NjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDMxODk4ZGI5YzU1ZjgyNTYxNWMwZjM1MzQ0OWJmYmNjOWZjYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5fE/upiFmP/6PNlRtwFaG9qpz3e
PdscEPc0xWcRKWO46OplnUo9ofAyupOX00s9UiwAundjzAoYfIdZOPHPPEdIBL4O
JakP+xCuhf9GctXbro/lNcfO4jr7Z+IXoG7SQojjcduF3+Y3ulKnhgGwlzQmRH3s
BvJ3k1k2bij5h2tgIlrEy8KID5tQ+jWS6If1VbDK2uM5XmqNwGP3i8ZM9hTXkxE9
r4U+Jg71foza1K85Q0z0xMhRhGAngUeBj6H9JjoWcH9oF21jr4FNLzErKQrDnRD3
nXtt9/wSefXqRRVqEfsLQcpLgGUFREshuPvL25BsqXg6vsTRhn7fHwkcHwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFEAxiY25xV+CVhXA81NEm/vMn8pfMB8GA1UdIwQY
MBaAFKNxfqVLlZQvrYGpQ+2xwQ+d+Ur7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTct
MTU3YWQwYWM1MjBhLzEvUURHSmpibkZYNEpXRmNEelUwU2ItOHlmeWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTctMTU3YWQwYWM1MjBh
LzEvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAK5i7QD
BAC5i7YDBADDsXADBADDsXIwDQYJKoZIhvcNAQELBQADggEBAJLneY2iCm8JQcn5
cGEJTb5Yh3ER/WB5T5lejUCRl66Wt3/aRL060xyK3klYy3JLGwpq3B1ajQfY9I7X
piEROAWuy5xBQM7NOWoxGUnmHpM4bK8vrBN0K4LLmyjssBqWTj2f8pt2vQQp+S7D
6fGNMcsL6ZhRxsNXuiPB2v776dnmknnJuKLBdgZLsGzRwXmmyBWTQy2J7nBItesn
Vs9ihgNAfeHLEgZOJzoq8mKG+F4UAioWgHKhGej9BiGluzs/qNggEj8Gg67DEhcS
lhRULkjF0v2E4WMhjRPM6VqfJdp9nuzlfSme/53DPu9GE8YB0r6fD8evis0zbUpp
yF9ONG4=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:33 2023 by rpki-client on console-ams.rpki-client.org