Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Qlufc2snkvvSY_uLsT6_0dEFQUg.roa
File: Qlufc2snkvvSY_uLsT6_0dEFQUg.roa (raw, json)
Hash identifier: Dy/HNncWxGA7/v8N+hsxdDOhkc5KnwaY+mUcHK2PPKY=
Subject key identifier: 42:5B:9F:73:6B:27:92:FB:D2:63:FB:8B:B1:3E:BF:D1:D1:05:41:48
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0185BD10A0FB315BCBAD4767BEC1DB744BEC
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Qlufc2snkvvSY_uLsT6_0dEFQUg.roa
Signing time: Tue 17 Jan 2023 00:11:01 +0000
ROA not before: Tue 17 Jan 2023 00:11:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 31.43.174.0/23 maxlen: 24
185.149.15.0/24 maxlen: 24
89.46.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:bd:10:a0:fb:31:5b:cb:ad:47:67:be:c1:db:74:4b:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 17 00:11:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=425b9f736b2792fbd263fb8bb13ebfd1d1054148
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:7e:bf:f3:62:67:76:d8:d2:b3:e3:54:e8:90:
94:d6:8a:a8:81:fc:49:d8:9e:62:32:be:2c:7d:a9:
e5:29:8e:01:6d:c4:05:de:fd:33:d9:66:64:cc:c1:
95:87:5f:9d:1e:1d:d6:13:88:27:e6:d5:83:dc:9e:
23:01:88:67:34:f6:b9:5f:be:57:72:75:06:f5:f3:
bd:ce:bc:f3:d4:40:37:2e:8a:ba:c2:70:b0:f7:f4:
ae:99:2b:50:d1:be:08:a5:00:e9:3a:95:7b:6b:c0:
b8:60:a4:c0:10:bc:fd:74:af:01:f8:5c:66:c9:e9:
c0:d8:e7:f8:2f:43:87:b3:69:2b:bd:4d:61:b8:ff:
3a:bd:b5:b4:9a:fd:f8:cc:c7:fc:d2:75:e5:bd:03:
5a:f2:87:6c:b5:04:b2:85:0a:29:c6:0b:16:1d:f0:
5a:47:ae:08:ab:6b:5c:f3:46:5c:a6:e9:f8:47:ef:
8b:d6:5b:19:cc:ce:92:44:a7:20:97:55:75:46:5b:
90:de:b7:0c:bf:ca:b0:b8:41:8b:78:b9:f8:27:a2:
bd:b9:63:e2:f9:fc:dc:55:ab:f7:b9:95:85:37:27:
76:4c:91:24:44:fd:33:1b:70:ab:4d:07:73:23:f8:
06:6a:9c:83:bc:4d:80:f1:46:04:e4:eb:33:ec:3a:
c1:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:5B:9F:73:6B:27:92:FB:D2:63:FB:8B:B1:3E:BF:D1:D1:05:41:48
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Qlufc2snkvvSY_uLsT6_0dEFQUg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.174.0/23
89.46.99.0/24
185.149.15.0/24
Signature Algorithm: sha256WithRSAEncryption
01:cd:81:5d:19:e5:c1:4f:b0:91:c7:6d:b7:12:42:3a:1c:bc:
c4:d1:db:c2:80:99:6c:2d:fe:56:3d:70:1a:1d:c2:d1:f1:7c:
f4:0a:03:bb:2f:b6:a4:e3:64:4d:ac:fc:9a:c1:12:99:0a:1b:
c5:30:09:19:90:78:ba:4c:ec:21:26:96:9b:5f:99:fc:07:6d:
ba:14:e9:f0:81:b7:a5:a5:ad:51:19:75:eb:6e:07:a1:f5:8d:
6d:c1:a0:cd:4c:8f:12:ba:7f:8a:b0:d8:20:9b:7a:b6:c5:46:
05:36:0e:35:5a:04:f1:ac:f3:2f:0d:82:f6:f5:00:25:ad:09:
4e:0e:57:b7:bd:bf:77:01:47:af:e8:0a:0f:78:e0:22:71:f2:
85:94:b7:c2:cf:f1:1f:7b:c8:c0:a1:19:85:33:c9:20:bb:e6:
9c:4c:59:b9:29:4a:28:3b:83:cf:34:d5:b4:3f:20:7e:03:e6:
79:f9:7c:07:c6:24:61:5e:49:f0:15:53:57:7e:ed:80:8d:76:
c9:97:4a:e7:1e:82:ec:35:b0:4c:0b:f7:a0:69:34:e6:b8:98:
8a:9d:27:8c:5f:19:0e:b8:f3:79:d1:30:e7:18:36:af:d2:50:
fc:1d:a7:bb:c1:b3:2a:ed:8e:34:f4:60:e0:be:18:da:7a:6d:
c3:76:84:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYW9EKD7MVvLrUdnvsHbdEvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTE3MDAxMTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjViOWY3MzZiMjc5MmZiZDI2M2ZiOGJiMTNlYmZkMWQxMDU0MTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH6/82JndtjSs+NU6JCU1oqogfxJ
2J5iMr4sfanlKY4BbcQF3v0z2WZkzMGVh1+dHh3WE4gn5tWD3J4jAYhnNPa5X75X
cnUG9fO9zrzz1EA3Loq6wnCw9/SumStQ0b4IpQDpOpV7a8C4YKTAELz9dK8B+Fxm
yenA2Of4L0OHs2krvU1huP86vbW0mv34zMf80nXlvQNa8odstQSyhQopxgsWHfBa
R64Iq2tc80Zcpun4R++L1lsZzM6SRKcgl1V1RluQ3rcMv8qwuEGLeLn4J6K9uWPi
+fzcVav3uZWFNyd2TJEkRP0zG3CrTQdzI/gGapyDvE2A8UYE5Osz7DrBDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEJbn3NrJ5L70mP7i7E+v9HRBUFIMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvUWx1ZmMyc25rdnZTWV91THNUNl8wZEVGUVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBHyuuAwQA
WS5jAwQAuZUPMA0GCSqGSIb3DQEBCwUAA4IBAQABzYFdGeXBT7CRx223EkI6HLzE
0dvCgJlsLf5WPXAaHcLR8Xz0CgO7L7ak42RNrPyawRKZChvFMAkZkHi6TOwhJpab
X5n8B226FOnwgbelpa1RGXXrbgeh9Y1twaDNTI8Sun+KsNggm3q2xUYFNg41WgTx
rPMvDYL29QAlrQlODle3vb93AUev6AoPeOAicfKFlLfCz/Efe8jAoRmFM8kgu+ac
TFm5KUooO4PPNNW0PyB+A+Z5+XwHxiRhXknwFVNXfu2AjXbJl0rnHoLsNbBMC/eg
aTTmuJiKnSeMXxkOuPN50TDnGDav0lD8Hae7wbMq7Y409GDgvhjaem3DdoTT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org