Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qE4dm-viRtrxEmrMiEU34Hh4i2Q.roa
File: qE4dm-viRtrxEmrMiEU34Hh4i2Q.roa (raw, json)
Hash identifier: domDzMHFAbwPtLcbEvDsFqx9VbQGQ+YWG13jpumb8Qs=
Subject key identifier: A8:4E:1D:9B:EB:E2:46:DA:F1:12:6A:CC:88:45:37:E0:78:78:8B:64
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0183D12F888395D80B7C1161D97BF8CA65CB
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qE4dm-viRtrxEmrMiEU34Hh4i2Q.roa
Signing time: Thu 13 Oct 2022 11:51:36 +0000
ROA not before: Thu 13 Oct 2022 11:51:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60808
IP address blocks: 85.8.164.0/22 maxlen: 24
5.34.208.0/20 maxlen: 24
188.253.96.0/19 maxlen: 24
185.215.246.0/24 maxlen: 24
193.36.84.0/23 maxlen: 23
185.36.192.0/22 maxlen: 24
2a05:ec80::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:d1:2f:88:83:95:d8:0b:7c:11:61:d9:7b:f8:ca:65:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 13 11:51:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a84e1d9bebe246daf1126acc884537e078788b64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:f5:e1:34:c9:1a:fa:f0:92:f9:39:23:bb:04:
b6:7e:0b:b3:6c:d4:24:f0:8f:da:21:f2:ee:50:c6:
65:fd:d6:65:95:cd:bb:1c:da:80:a0:4f:12:af:35:
07:e6:c3:20:3b:81:66:9c:fe:7a:c4:26:18:74:f9:
fe:1a:21:33:38:5b:13:d2:48:a9:b3:22:ac:c2:2d:
a4:fe:49:e9:42:d0:5c:b7:ad:0c:05:e9:bf:8f:56:
c5:e4:9c:f6:b9:78:f0:6c:cd:b1:9c:8d:69:20:75:
e3:e6:5f:db:90:47:69:b6:83:ec:09:ee:d9:43:15:
d6:11:5c:36:d8:c2:6c:69:10:f9:49:ca:bc:34:9d:
4b:7d:6f:bd:0e:5c:2a:1a:9a:0a:23:4b:1a:7e:f7:
7d:7d:93:dc:10:82:4a:3e:6f:07:5a:f2:ce:b5:ba:
06:24:02:7a:c1:61:1d:2c:cc:41:17:02:7f:80:7a:
d5:f3:91:72:22:7b:81:60:fd:44:45:c8:1c:16:1d:
b6:70:ad:4c:a3:1e:d3:25:b4:e5:32:57:f9:0a:73:
6e:db:53:1b:87:17:a2:7c:af:94:04:bc:c9:94:a1:
f4:6f:c7:83:4a:1a:cf:28:65:23:89:8b:72:60:29:
75:ab:42:85:a6:51:dc:9b:1b:4c:5f:c6:8a:be:1c:
20:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:4E:1D:9B:EB:E2:46:DA:F1:12:6A:CC:88:45:37:E0:78:78:8B:64
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qE4dm-viRtrxEmrMiEU34Hh4i2Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
85.8.164.0/22
185.36.192.0/22
185.215.246.0/24
188.253.96.0/19
193.36.84.0/23
IPv6:
2a05:ec80::/29
Signature Algorithm: sha256WithRSAEncryption
d8:e9:26:a2:47:f0:3f:18:df:79:c7:08:ff:37:ae:54:0b:fc:
d1:7f:47:e6:6a:d8:59:e9:4a:1d:c1:f0:ad:d0:b2:ce:96:d5:
69:1e:28:0a:15:34:64:f8:37:0c:c8:82:98:cb:ed:f5:42:63:
1a:54:a0:9e:11:cc:2e:bd:63:30:69:5d:ad:e0:7d:3f:e4:c1:
bb:04:ce:2f:1d:c6:8b:21:ec:18:e9:f6:3c:ad:5a:13:86:3a:
96:09:ad:db:0a:6b:66:37:4a:2e:7c:38:9b:be:31:0d:8a:25:
94:1f:88:9e:df:35:31:e6:ac:4c:8e:87:ce:2e:fc:64:df:14:
68:ac:f1:5f:9d:a6:ef:bc:8b:bf:3e:56:bc:b5:d2:bb:8d:7b:
2e:44:bd:20:b7:17:61:d3:8e:eb:13:76:6e:0a:71:d4:e5:3b:
85:ff:c4:d7:fe:cc:59:f8:aa:1f:bc:87:77:4d:a1:64:b6:52:
27:fc:32:4d:ab:0e:fd:38:10:44:59:e7:d8:42:a4:ab:74:21:
5b:f0:04:32:85:4d:64:a3:8f:fa:5b:47:90:3f:de:a8:f7:06:
9d:2b:3a:a9:87:1f:df:53:35:8d:6b:b9:d9:f4:09:f8:52:ef:
d3:9b:ae:bb:ec:38:08:45:15:98:b1:df:d3:04:bc:13:45:ac:
12:4e:22:cb
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYPRL4iDldgLfBFh2Xv4ymXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMDEzMTE1MTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODRlMWQ5YmViZTI0NmRhZjExMjZhY2M4ODQ1MzdlMDc4Nzg4YjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/XhNMka+vCS+TkjuwS2fguzbNQk
8I/aIfLuUMZl/dZllc27HNqAoE8SrzUH5sMgO4FmnP56xCYYdPn+GiEzOFsT0kip
syKswi2k/knpQtBct60MBem/j1bF5Jz2uXjwbM2xnI1pIHXj5l/bkEdptoPsCe7Z
QxXWEVw22MJsaRD5Scq8NJ1LfW+9DlwqGpoKI0safvd9fZPcEIJKPm8HWvLOtboG
JAJ6wWEdLMxBFwJ/gHrV85FyInuBYP1ERcgcFh22cK1Mox7TJbTlMlf5CnNu21Mb
hxeifK+UBLzJlKH0b8eDShrPKGUjiYtyYCl1q0KFplHcmxtMX8aKvhwguwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKhOHZvr4kba8RJqzIhFN+B4eItkMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvcUU0ZG0tdmlSdHJ4RW1yTWlFVTM0SGg0aTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEBSLQAwQC
VQikAwQCuSTAAwQAudf2AwQFvP1gAwQBwSRUMA0EAgACMAcDBQMqBeyAMA0GCSqG
SIb3DQEBCwUAA4IBAQDY6SaiR/A/GN95xwj/N65UC/zRf0fmathZ6UodwfCt0LLO
ltVpHigKFTRk+DcMyIKYy+31QmMaVKCeEcwuvWMwaV2t4H0/5MG7BM4vHcaLIewY
6fY8rVoThjqWCa3bCmtmN0oufDibvjENiiWUH4ie3zUx5qxMjofOLvxk3xRorPFf
nabvvIu/Pla8tdK7jXsuRL0gtxdh047rE3ZuCnHU5TuF/8TX/sxZ+KofvId3TaFk
tlIn/DJNqw79OBBEWefYQqSrdCFb8AQyhU1ko4/6W0eQP96o9wadKzqphx/fUzWN
a7nZ9An4Uu/Tm6677DgIRRWYsd/TBLwTRawSTiLL
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:25 2023 by rpki-client on console-ams.rpki-client.org