Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/sQjayBt5XRlk5y1464fgcKx0W9k.roa
File: sQjayBt5XRlk5y1464fgcKx0W9k.roa (raw, json)
Hash identifier: krgXRIpQhY26cRGQ5r9vEm2oB+ra4ROc1pV3sShFGk8=
Subject key identifier: B1:08:DA:C8:1B:79:5D:19:64:E7:2D:78:EB:87:E0:70:AC:74:5B:D9
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0189CF313E3F7093E151CA085BCF7AFE1AA6
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/sQjayBt5XRlk5y1464fgcKx0W9k.roa
Signing time: Mon 07 Aug 2023 08:50:58 +0000
ROA not before: Mon 07 Aug 2023 08:50:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 62.182.170.0/24 maxlen: 24
185.65.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:cf:31:3e:3f:70:93:e1:51:ca:08:5b:cf:7a:fe:1a:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Aug 7 08:50:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b108dac81b795d1964e72d78eb87e070ac745bd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:29:89:a3:75:8a:ab:19:c2:c4:e4:13:cc:22:
f1:a3:92:aa:60:5e:30:d6:b2:ab:2e:0a:c0:d7:29:
6a:a5:f3:60:f5:9e:fb:dc:b9:cd:75:34:b4:18:89:
87:9c:79:9f:ed:ba:b0:d7:35:e5:6b:54:71:0c:e2:
6f:a6:9f:6a:1f:f8:71:95:60:ba:26:ff:ff:1b:43:
e4:8d:81:37:bf:d6:34:4d:04:14:29:c7:58:33:07:
30:e8:72:cc:6f:95:6f:ff:ab:de:a9:4d:a3:3d:eb:
67:8c:60:2c:61:c6:22:b5:e0:e1:9b:ad:f7:44:28:
93:c4:34:a1:9a:bb:43:a6:6f:cb:19:06:8b:78:33:
2a:32:cf:e5:ba:95:7d:0c:68:cb:f4:42:ab:3b:8d:
43:ee:b7:82:d2:2c:de:43:f3:33:72:f1:14:f9:e7:
92:6d:76:b5:81:64:6d:f9:7a:97:dc:a5:fb:6e:99:
60:7c:f1:a3:18:fc:18:b6:3c:b9:c8:bc:82:00:a0:
37:11:ea:01:06:00:be:df:cb:ab:88:86:57:ab:76:
5d:59:de:79:d3:5a:51:5b:7d:d2:b5:5e:a4:90:82:
72:c0:5e:1b:14:6e:03:0f:4e:47:9f:76:9c:51:d7:
ed:98:2d:a7:59:04:80:56:5f:ca:82:ff:39:16:9c:
54:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:08:DA:C8:1B:79:5D:19:64:E7:2D:78:EB:87:E0:70:AC:74:5B:D9
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/sQjayBt5XRlk5y1464fgcKx0W9k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.170.0/24
185.65.68.0/24
Signature Algorithm: sha256WithRSAEncryption
73:cc:0e:26:60:b4:6a:c3:5b:5e:03:28:01:89:eb:cd:ba:d4:
8f:e5:c8:70:8a:10:e8:2f:88:5b:10:11:69:bd:85:e4:e8:bc:
e4:f6:04:a9:58:0e:8f:c8:fd:11:1d:aa:2d:bf:43:4d:8b:4e:
f3:d4:12:40:62:5e:71:a0:76:20:95:f9:eb:7e:cb:6c:8f:8a:
55:f5:cd:8b:9a:d3:f7:da:02:57:02:e9:c9:62:f5:42:ca:9b:
7f:f7:46:9d:27:a1:c0:3a:f6:80:80:ee:ec:41:8b:89:ab:88:
95:17:27:f9:f9:ad:e0:41:f8:6b:18:7d:c8:1e:f4:c1:e5:9c:
c4:86:d6:cd:e7:ee:76:4d:4c:13:b3:70:28:3f:db:15:4e:6f:
73:d5:34:92:c2:96:8f:63:0f:5f:af:85:4b:9e:00:79:d7:2d:
a5:37:16:d9:3e:c4:da:08:71:ff:6e:d2:4d:d6:14:1e:a7:2e:
16:41:45:cc:d2:05:a8:35:94:4c:05:21:3d:b1:4f:5f:a2:5f:
eb:5c:86:1d:3c:98:84:4a:f7:73:50:bf:0e:55:e2:5f:5f:f4:
1d:75:b5:1d:c8:eb:0e:10:74:e7:57:14:33:86:12:07:d6:ba:
d3:14:8d:8f:3b:a7:90:9d:7d:1b:c1:97:34:65:f1:ec:ad:ca:
2f:4a:05:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYnPMT4/cJPhUcoIW896/hqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwODA3MDg1MDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTA4ZGFjODFiNzk1ZDE5NjRlNzJkNzhlYjg3ZTA3MGFjNzQ1YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlimJo3WKqxnCxOQTzCLxo5KqYF4w
1rKrLgrA1ylqpfNg9Z773LnNdTS0GImHnHmf7bqw1zXla1RxDOJvpp9qH/hxlWC6
Jv//G0PkjYE3v9Y0TQQUKcdYMwcw6HLMb5Vv/6veqU2jPetnjGAsYcYiteDhm633
RCiTxDShmrtDpm/LGQaLeDMqMs/lupV9DGjL9EKrO41D7reC0izeQ/MzcvEU+eeS
bXa1gWRt+XqX3KX7bplgfPGjGPwYtjy5yLyCAKA3EeoBBgC+38uriIZXq3ZdWd55
01pRW33StV6kkIJywF4bFG4DD05Hn3acUdftmC2nWQSAVl/Kgv85FpxUBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLEI2sgbeV0ZZOcteOuH4HCsdFvZMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvc1FqYXlCdDVYUmxrNXkxNDY0ZmdjS3gwVzlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPraqAwQA
uUFEMA0GCSqGSIb3DQEBCwUAA4IBAQBzzA4mYLRqw1teAygBievNutSP5chwihDo
L4hbEBFpvYXk6Lzk9gSpWA6PyP0RHaotv0NNi07z1BJAYl5xoHYglfnrfstsj4pV
9c2LmtP32gJXAunJYvVCypt/90adJ6HAOvaAgO7sQYuJq4iVFyf5+a3gQfhrGH3I
HvTB5ZzEhtbN5+52TUwTs3AoP9sVTm9z1TSSwpaPYw9fr4VLngB51y2lNxbZPsTa
CHH/btJN1hQepy4WQUXM0gWoNZRMBSE9sU9fol/rXIYdPJiESvdzUL8OVeJfX/Qd
dbUdyOsOEHTnVxQzhhIH1rrTFI2PO6eQnX0bwZc0ZfHsrcovSgXo
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:15:26 2025 by rpki-client