Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/qt_hnLKPxm-idx-kjtnJgnLlGkU.roa
File: qt_hnLKPxm-idx-kjtnJgnLlGkU.roa (raw, json)
Hash identifier: 9kIeTxlErXMRvUMuKrVVSE7xaJXSP5tNlV41qzLK3/g=
Subject key identifier: AA:DF:E1:9C:B2:8F:C6:6F:A2:77:1F:A4:8E:D9:C9:82:72:E5:1A:45
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018870EA52D296271227F0A6ECB548A69007
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/qt_hnLKPxm-idx-kjtnJgnLlGkU.roa
Signing time: Wed 31 May 2023 08:26:24 +0000
ROA not before: Wed 31 May 2023 08:26:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/24 maxlen: 24
185.149.12.0/23 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
89.46.96.0/22 maxlen: 24
89.46.96.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:70:ea:52:d2:96:27:12:27:f0:a6:ec:b5:48:a6:90:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: May 31 08:26:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aadfe19cb28fc66fa2771fa48ed9c98272e51a45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:d8:9e:e2:e9:16:2b:44:60:aa:5a:59:7e:a0:
40:88:24:39:58:25:b5:e6:e1:e8:b8:ab:f2:4a:a7:
bf:28:00:f2:41:f5:e5:20:d3:fb:1f:f1:83:f1:a6:
61:d1:4a:c8:77:48:ad:2b:df:ee:fd:07:5f:91:08:
eb:6d:75:6a:2a:f6:af:67:33:37:d8:45:64:07:68:
79:b1:6d:a2:91:9f:27:fe:a2:cf:08:ea:75:a9:cb:
b3:c2:e1:bf:53:49:3d:50:cc:61:13:21:c8:58:e7:
69:4f:25:db:1f:e5:dc:79:d1:f5:7f:66:f4:16:d8:
d7:cd:08:3f:14:f1:06:0a:69:81:f1:17:d1:6a:d3:
0e:ab:11:15:88:64:6f:a3:ff:00:57:0e:41:07:42:
ec:e9:6a:f9:58:fb:ae:8a:fc:da:3f:8e:11:b8:e7:
42:a8:24:ec:b8:10:50:95:6a:89:35:14:9d:fe:51:
c6:9b:63:05:47:60:58:b5:06:53:01:bc:87:5f:e6:
b0:16:8b:58:b3:88:36:06:4d:39:35:d3:d0:bf:37:
15:93:2e:2d:ab:62:4a:51:16:71:a6:64:bf:11:24:
17:27:c5:06:4e:94:78:94:a9:f8:c0:84:21:42:a3:
0c:ce:f5:b4:5a:7f:dd:73:04:7b:3e:fa:7c:5c:58:
0f:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:DF:E1:9C:B2:8F:C6:6F:A2:77:1F:A4:8E:D9:C9:82:72:E5:1A:45
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/qt_hnLKPxm-idx-kjtnJgnLlGkU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
45:ad:89:37:a1:67:9c:08:5a:04:72:ae:db:5f:65:a4:5c:b0:
cf:86:2c:21:da:9e:46:bb:eb:e9:b2:aa:41:16:9f:65:97:61:
94:48:3e:03:43:f6:c4:98:a2:65:03:48:46:04:60:1b:28:15:
a4:36:0c:d3:47:d7:08:f4:49:3e:15:f2:25:3d:ea:0c:15:b7:
f9:3a:c2:fa:af:29:a5:fb:7c:15:f6:de:0d:0e:1b:e8:a9:46:
10:3c:d3:49:53:34:0f:79:a8:0b:7f:c3:9a:b7:01:f1:ea:54:
9e:f2:db:07:43:36:7c:67:b0:52:c6:40:eb:54:db:c3:62:84:
63:97:c0:bd:db:82:49:70:91:e3:3d:bd:60:80:6f:ea:cd:c2:
63:36:7a:47:21:e1:30:ae:30:eb:c9:aa:a6:a1:e7:4b:8f:17:
d1:77:d9:b6:07:8d:46:6f:6c:2a:8f:21:fe:f9:a8:c3:6c:80:
6f:19:fc:67:67:04:4e:b5:b9:e9:90:58:9b:2d:db:9f:db:dd:
46:12:29:b7:7a:39:11:4b:a4:91:0f:3d:6a:c0:47:d7:23:d3:
5e:a4:e9:14:a3:1d:21:53:72:05:42:c3:3b:ea:1e:16:cf:8f:
e4:e0:fd:bb:06:01:cb:f9:59:fd:5f:84:62:76:77:b2:f2:78:
55:e4:11:b3
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYhw6lLSlicSJ/Cm7LVIppAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNTMxMDgyNjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWRmZTE5Y2IyOGZjNjZmYTI3NzFmYTQ4ZWQ5Yzk4MjcyZTUxYTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9ie4ukWK0RgqlpZfqBAiCQ5WCW1
5uHouKvySqe/KADyQfXlINP7H/GD8aZh0UrId0itK9/u/QdfkQjrbXVqKvavZzM3
2EVkB2h5sW2ikZ8n/qLPCOp1qcuzwuG/U0k9UMxhEyHIWOdpTyXbH+XcedH1f2b0
FtjXzQg/FPEGCmmB8RfRatMOqxEViGRvo/8AVw5BB0Ls6Wr5WPuuivzaP44RuOdC
qCTsuBBQlWqJNRSd/lHGm2MFR2BYtQZTAbyHX+awFotYs4g2Bk05NdPQvzcVky4t
q2JKURZxpmS/ESQXJ8UGTpR4lKn4wIQhQqMMzvW0Wn/dcwR7Pvp8XFgPtQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKrf4Zyyj8ZvoncfpI7ZyYJy5RpFMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvcXRfaG5MS1B4bS1pZHgta2p0bkpnbkxsR2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQFX2+AAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQBFrYk3oWec
CFoEcq7bX2WkXLDPhiwh2p5Gu+vpsqpBFp9ll2GUSD4DQ/bEmKJlA0hGBGAbKBWk
NgzTR9cI9Ek+FfIlPeoMFbf5OsL6ryml+3wV9t4NDhvoqUYQPNNJUzQPeagLf8Oa
twHx6lSe8tsHQzZ8Z7BSxkDrVNvDYoRjl8C924JJcJHjPb1ggG/qzcJjNnpHIeEw
rjDryaqmoedLjxfRd9m2B41Gb2wqjyH++ajDbIBvGfxnZwROtbnpkFibLduf291G
Eim3ejkRS6SRDz1qwEfXI9NepOkUox0hU3IFQsM76h4Wz4/k4P27BgHL+Vn9X4Ri
dney8nhV5BGz
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org