Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/QS0x9V4zeiB8amU-fQzmPwKOd7g.roa
File: QS0x9V4zeiB8amU-fQzmPwKOd7g.roa (raw, json)
Hash identifier: gST3Fz5ovVQHriGVxV1FDGI9DRZstR7e26TMrJGQp8w=
Subject key identifier: 41:2D:31:F5:5E:33:7A:20:7C:6A:65:3E:7D:0C:E6:3F:02:8E:77:B8
Certificate issuer: /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial: 01856F42C652F769887EC4866F473F6D192D
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/QS0x9V4zeiB8amU-fQzmPwKOd7g.roa
Signing time: Sun 01 Jan 2023 21:35:25 +0000
ROA not before: Sun 01 Jan 2023 21:35:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 45.85.188.0/23 maxlen: 23
91.212.45.0/24 maxlen: 24
195.82.132.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:42:c6:52:f7:69:88:7e:c4:86:6f:47:3f:6d:19:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Validity
Not Before: Jan 1 21:35:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=412d31f55e337a207c6a653e7d0ce63f028e77b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:4f:18:93:36:3e:69:fa:8d:3a:0a:7e:3e:8f:
a3:5e:90:38:ee:69:b2:35:4d:6f:19:e4:bd:7c:a9:
98:b4:f2:9c:6b:e6:9e:d1:3d:a4:a9:0d:3f:65:67:
b6:ea:aa:74:9f:b3:bd:e7:ed:1b:19:f0:98:25:8a:
0d:e6:db:d8:b9:6a:16:f7:12:94:f8:4f:23:dc:90:
30:55:5b:15:3e:f4:a5:d7:26:00:d3:69:e4:e0:0d:
b1:52:80:f9:8c:30:7b:7b:10:a8:9f:34:0f:83:ba:
41:7e:75:d9:6b:df:40:ef:59:2c:fc:e7:ec:e4:31:
9a:93:ac:9f:3f:44:c6:3a:ad:4d:2a:33:c6:2e:39:
ed:73:d7:7c:23:68:6a:c3:26:69:dd:5e:dd:30:1a:
bd:c8:2d:5e:da:9c:ca:00:9b:51:7c:e4:82:bb:7f:
7b:9f:ce:45:81:08:8c:73:69:bf:59:83:d5:22:5b:
49:44:4a:f4:2a:38:8d:ce:da:ce:cf:a7:f5:80:52:
3c:cd:b1:c2:b2:10:8d:0b:99:67:af:b2:7d:0c:56:
e4:f4:af:aa:8c:4e:33:fb:03:97:32:4a:32:e2:5c:
70:e5:f6:bd:df:d3:f1:9b:d2:1e:4d:e1:20:01:dc:
81:fc:bc:12:a4:e7:06:22:09:99:1b:c1:b4:9a:48:
a1:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:2D:31:F5:5E:33:7A:20:7C:6A:65:3E:7D:0C:E6:3F:02:8E:77:B8
X509v3 Authority Key Identifier:
keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/QS0x9V4zeiB8amU-fQzmPwKOd7g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.188.0/23
91.212.45.0/24
195.82.132.0/23
Signature Algorithm: sha256WithRSAEncryption
59:67:03:af:61:76:c2:75:7b:1e:c1:82:ed:0a:9f:b8:9e:6c:
0d:f0:f6:da:31:ee:21:3e:6e:25:1c:26:ae:34:c7:db:48:ed:
d3:67:e8:8d:ad:96:05:6a:f1:fb:3b:1b:92:00:d4:67:4d:66:
5d:32:4e:0b:c6:b8:40:70:41:9b:33:24:f7:87:3d:42:b5:15:
7e:54:1e:09:eb:56:a5:b5:f5:f5:42:c0:d4:c0:d5:e0:0b:5b:
4f:37:9d:c7:65:d6:77:44:74:14:6a:5a:2b:bf:af:89:e2:92:
65:48:1a:d1:e7:46:78:de:c0:b5:20:99:13:14:3f:58:cd:08:
1e:2a:04:9c:f9:99:1f:24:a1:dd:9f:0c:09:ba:f3:2d:38:7f:
ba:b9:56:9d:d6:d7:d2:b2:d7:a8:12:6c:3b:ed:84:31:0a:36:
8c:d3:d1:13:54:9d:4f:31:b5:bc:5f:b6:46:8a:6c:bb:04:d4:
7f:e3:29:a2:4b:9e:5e:22:a0:19:d8:94:66:09:44:0c:e1:2a:
44:21:f9:3e:96:19:7a:f2:5e:7b:01:f3:5d:3c:96:8f:5c:36:
17:e9:4c:76:99:dd:c4:88:da:15:64:6a:ab:16:7f:65:07:29:
e7:f7:96:c2:b3:19:73:b2:bd:6c:3e:f9:44:32:0d:05:7e:55:
02:15:48:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVvQsZS92mIfsSGb0c/bRktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjMwMTAxMjEzNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTJkMzFmNTVlMzM3YTIwN2M2YTY1M2U3ZDBjZTYzZjAyOGU3N2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E8YkzY+afqNOgp+Po+jXpA47mmy
NU1vGeS9fKmYtPKca+ae0T2kqQ0/ZWe26qp0n7O95+0bGfCYJYoN5tvYuWoW9xKU
+E8j3JAwVVsVPvSl1yYA02nk4A2xUoD5jDB7exConzQPg7pBfnXZa99A71ks/Ofs
5DGak6yfP0TGOq1NKjPGLjntc9d8I2hqwyZp3V7dMBq9yC1e2pzKAJtRfOSCu397
n85FgQiMc2m/WYPVIltJREr0KjiNztrOz6f1gFI8zbHCshCNC5lnr7J9DFbk9K+q
jE4z+wOXMkoy4lxw5fa939Pxm9IeTeEgAdyB/LwSpOcGIgmZG8G0mkih2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEEtMfVeM3ogfGplPn0M5j8Cjne4MB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvUVMweDlWNHplaUI4YW1VLWZRem1Qd0tPZDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLVW8AwQA
W9QtAwQBw1KEMA0GCSqGSIb3DQEBCwUAA4IBAQBZZwOvYXbCdXsewYLtCp+4nmwN
8PbaMe4hPm4lHCauNMfbSO3TZ+iNrZYFavH7OxuSANRnTWZdMk4LxrhAcEGbMyT3
hz1CtRV+VB4J61altfX1QsDUwNXgC1tPN53HZdZ3RHQUalorv6+J4pJlSBrR50Z4
3sC1IJkTFD9YzQgeKgSc+ZkfJKHdnwwJuvMtOH+6uVad1tfSsteoEmw77YQxCjaM
09ETVJ1PMbW8X7ZGimy7BNR/4ymiS55eIqAZ2JRmCUQM4SpEIfk+lhl68l57AfNd
PJaPXDYX6Ux2md3EiNoVZGqrFn9lBynn95bCsxlzsr1sPvlEMg0FflUCFUg/
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:02 2023 by rpki-client on console-fra.rpki-client.org