Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/dq_GLRPNyOmTZDYPtA8TmaBfpm8.roa
File: dq_GLRPNyOmTZDYPtA8TmaBfpm8.roa (raw, json)
Hash identifier: /PUSK3wiNHIgsyEW+LmWXrHujfM1c8rOeWZL2j5cqnA=
Subject key identifier: 76:AF:C6:2D:13:CD:C8:E9:93:64:36:0F:B4:0F:13:99:A0:5F:A6:6F
Certificate issuer: /CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Certificate serial: 018D07FA4DC4C15D4FCCB267079F6BB01F3E
Authority key identifier: EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/dq_GLRPNyOmTZDYPtA8TmaBfpm8.roa
Signing time: Sun 14 Jan 2024 12:37:40 +0000
ROA not before: Sun 14 Jan 2024 12:37:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207616
IP address blocks: 185.190.26.0/24 maxlen: 24
91.193.56.0/23 maxlen: 24
2a0f:6280::/30 maxlen: 48
2a0f:6284::/30 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:07:fa:4d:c4:c1:5d:4f:cc:b2:67:07:9f:6b:b0:1f:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Validity
Not Before: Jan 14 12:37:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=76afc62d13cdc8e99364360fb40f1399a05fa66f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:96:d1:be:5d:b5:4d:72:d7:3e:a0:0c:6a:4a:
52:07:3e:a4:c1:11:e1:b0:41:60:15:6c:47:4c:59:
59:5c:04:76:d9:77:74:18:6c:6f:38:e1:80:e5:48:
4e:ad:5d:00:27:38:1a:dd:2d:41:5b:8b:0b:ac:11:
bc:97:a1:22:35:65:a4:11:8e:4e:28:bc:15:85:ef:
a2:de:bc:81:dd:d9:86:16:bb:4d:79:92:e0:c4:9d:
9e:8f:64:74:86:6f:cc:86:72:0e:c9:fd:66:37:1d:
57:53:a1:c0:32:ea:26:13:40:8d:ad:28:ed:2f:b5:
d6:52:b0:4f:7f:b1:98:29:32:09:d0:b9:44:2c:34:
c4:08:76:28:fa:72:07:eb:3e:8d:d9:4b:d8:04:48:
01:f7:02:d8:9e:5e:9d:ba:0d:f9:66:80:4d:fa:ec:
0a:1e:97:99:7a:70:96:05:ba:02:2b:23:30:d4:3d:
af:fc:4a:8d:10:15:50:14:96:80:6a:e2:99:dc:a9:
13:45:87:62:df:43:2f:1c:f6:cb:65:8e:ca:1e:eb:
5b:21:ba:44:65:e0:4f:ff:bf:bd:cc:82:85:61:e8:
1d:94:a7:70:88:63:77:0b:74:0d:67:bd:12:32:4d:
59:a1:05:de:3b:1f:8b:25:b4:34:89:03:c3:96:2d:
64:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:AF:C6:2D:13:CD:C8:E9:93:64:36:0F:B4:0F:13:99:A0:5F:A6:6F
X509v3 Authority Key Identifier:
keyid:EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/dq_GLRPNyOmTZDYPtA8TmaBfpm8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/7vvoNpp7vAOob75jm376oCtxcoc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.193.56.0/23
185.190.26.0/24
IPv6:
2a0f:6280::/29
Signature Algorithm: sha256WithRSAEncryption
ab:95:ee:2b:37:b3:71:6e:29:95:75:9d:da:cc:16:1b:cd:44:
08:5b:b2:d6:ce:28:41:fb:08:2d:6c:61:5c:bf:d0:45:b1:95:
9f:2f:c3:8b:36:7a:f7:d0:03:24:75:18:ba:5e:9b:d3:53:9d:
3e:e5:25:b6:b9:0f:bf:b9:00:76:b4:0c:5b:c4:44:46:41:ae:
66:71:70:e4:e2:25:3e:8f:e3:0e:20:c8:ff:0a:2a:3d:8a:20:
83:8c:fd:1c:1d:e1:30:c7:c9:c4:4d:7c:af:2b:ba:af:45:fc:
8b:33:2f:97:ef:9d:8e:b0:a0:bd:7f:99:c1:36:0b:d7:d8:14:
a2:78:bb:d9:13:58:09:a9:94:17:c0:17:9e:fa:ca:e5:9f:86:
fe:04:16:f3:a6:35:e7:13:1c:52:da:d1:f2:09:aa:42:ca:0e:
2c:2f:fe:d9:9a:12:18:7b:83:7f:a2:04:c3:8c:81:51:83:a8:
85:6b:84:42:78:98:eb:d5:8b:35:25:29:c9:fa:b3:c9:20:08:
2a:27:e8:4f:a8:9b:96:4b:bf:83:3e:73:b4:c5:5e:43:c6:00:
81:35:dc:92:25:04:88:13:a1:c8:d2:81:3d:da:cc:bf:4f:14:
54:aa:47:c2:29:ab:f2:a8:b2:fd:10:97:f1:db:e4:9d:9c:35:
e4:0e:ab:ef
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY0H+k3EwV1PzLJnB59rsB8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZmJlODM2OWE3YmJjMDNhODZmYmU2MzliN2VmYWEwMmI3
MTcyODcwHhcNMjQwMTE0MTIzNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmFmYzYyZDEzY2RjOGU5OTM2NDM2MGZiNDBmMTM5OWEwNWZhNjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJbRvl21TXLXPqAMakpSBz6kwRHh
sEFgFWxHTFlZXAR22Xd0GGxvOOGA5UhOrV0AJzga3S1BW4sLrBG8l6EiNWWkEY5O
KLwVhe+i3ryB3dmGFrtNeZLgxJ2ej2R0hm/MhnIOyf1mNx1XU6HAMuomE0CNrSjt
L7XWUrBPf7GYKTIJ0LlELDTECHYo+nIH6z6N2UvYBEgB9wLYnl6dug35ZoBN+uwK
HpeZenCWBboCKyMw1D2v/EqNEBVQFJaAauKZ3KkTRYdi30MvHPbLZY7KHutbIbpE
ZeBP/7+9zIKFYegdlKdwiGN3C3QNZ70SMk1ZoQXeOx+LJbQ0iQPDli1kqwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHavxi0Tzcjpk2Q2D7QPE5mgX6ZvMB8GA1UdIwQY
MBaAFO776Daae7wDqG++Y5t++qArcXKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYt
ZGExYjU4NjE4ODQxLzEvZHFfR0xSUE55T21UWkRZUHRBOFRtYUJmcG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYtZGExYjU4NjE4ODQx
LzEvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW8E4AwQA
ub4aMA0EAgACMAcDBQMqD2KAMA0GCSqGSIb3DQEBCwUAA4IBAQCrle4rN7NxbimV
dZ3azBYbzUQIW7LWzihB+wgtbGFcv9BFsZWfL8OLNnr30AMkdRi6XpvTU50+5SW2
uQ+/uQB2tAxbxERGQa5mcXDk4iU+j+MOIMj/Cio9iiCDjP0cHeEwx8nETXyvK7qv
RfyLMy+X752OsKC9f5nBNgvX2BSieLvZE1gJqZQXwBee+srln4b+BBbzpjXnExxS
2tHyCapCyg4sL/7ZmhIYe4N/ogTDjIFRg6iFa4RCeJjr1Ys1JSnJ+rPJIAgqJ+hP
qJuWS7+DPnO0xV5DxgCBNdySJQSIE6HI0oE92sy/TxRUqkfCKavyqLL9EJfx2+Sd
nDXkDqvv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:18 2024 by rpki-client on console-fra.rpki-client.org