Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/KQmOE_UWhG2SIwKVLtUaFCIdSjk.roa
File: KQmOE_UWhG2SIwKVLtUaFCIdSjk.roa (raw, json)
Hash identifier: dHcYm7u2Nak1SeabHZgjxlUFIv2Mh/9FoPFX6ZAwPo4=
Subject key identifier: 29:09:8E:13:F5:16:84:6D:92:23:02:95:2E:D5:1A:14:22:1D:4A:39
Certificate issuer: /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial: 018CC9BC3BE47AD1D19412FA99D91DC59E7B
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/KQmOE_UWhG2SIwKVLtUaFCIdSjk.roa
Signing time: Tue 02 Jan 2024 10:33:25 +0000
ROA not before: Tue 02 Jan 2024 10:33:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207287
IP address blocks: 109.197.35.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:3b:e4:7a:d1:d1:94:12:fa:99:d9:1d:c5:9e:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Validity
Not Before: Jan 2 10:33:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=29098e13f516846d922302952ed51a14221d4a39
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:39:7c:5f:d4:e1:fb:1c:62:b9:d6:0f:ec:b1:
82:e5:19:8e:a8:8d:6c:b1:00:fa:7b:1e:ea:4e:14:
ad:8d:96:4c:53:f9:7f:7e:01:13:1e:29:dc:2a:7d:
2a:ba:89:d2:e0:90:8c:e8:bf:65:16:cb:00:2d:b8:
20:0c:58:a3:c8:34:fc:4b:48:0d:d9:2c:b7:57:1e:
3f:0a:fb:71:db:63:59:c2:65:15:87:81:1a:39:ba:
71:81:3b:44:76:e3:43:31:10:00:46:d9:0b:d5:7c:
a9:16:c7:b6:22:99:1f:1e:2c:13:99:1f:e9:3c:42:
90:a1:21:4f:68:e5:fe:43:f8:64:00:1f:e7:63:25:
2d:d9:97:27:09:28:dc:9f:ad:82:78:23:d5:c2:97:
2e:e6:de:28:81:71:ca:b5:01:ab:cd:8b:48:8a:01:
ab:b9:8c:8d:c0:f2:75:df:61:e2:be:23:3a:79:dd:
a9:e0:1b:db:71:69:5a:66:d4:84:91:56:8b:ab:3a:
6c:84:bf:21:ff:cf:9a:94:f5:fe:31:69:64:08:92:
3b:b5:dd:8b:ec:71:16:33:d8:55:15:0e:ec:07:8d:
45:a6:30:c3:16:14:88:36:d2:98:ec:aa:be:77:16:
9c:f8:02:5d:e3:d2:9e:bb:77:27:4f:9c:c7:78:6b:
8d:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:09:8E:13:F5:16:84:6D:92:23:02:95:2E:D5:1A:14:22:1D:4A:39
X509v3 Authority Key Identifier:
keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/KQmOE_UWhG2SIwKVLtUaFCIdSjk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.197.35.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:a7:b1:5f:4d:5d:84:53:dc:4e:55:a8:44:b3:02:fe:fd:2e:
53:5f:fb:f4:a4:b6:47:bb:0d:35:de:f8:7f:a6:0a:8f:f1:89:
2e:d1:61:33:f4:0f:6c:24:7f:9e:fa:45:cb:09:7c:f3:fe:64:
a7:72:12:70:2e:88:f0:94:86:b0:4c:4a:01:a6:ee:5f:80:8f:
9f:71:ca:e4:ec:72:08:62:7a:e1:fe:4e:35:a3:1e:63:d9:60:
4e:f3:57:ae:95:a3:f5:a0:0d:4d:b5:7e:ce:8e:87:3c:b2:49:
cc:9b:8b:e5:0c:d9:6a:74:d2:a8:e9:d8:12:0f:df:94:77:85:
6c:0c:13:e7:c0:dc:81:d3:fb:81:ea:47:be:ad:4d:95:9c:02:
e3:c5:f0:18:68:1b:3f:18:5a:1e:65:7b:71:a8:1c:5f:a0:7d:
e4:1e:46:cb:97:77:7f:9a:ff:ce:5d:8a:0a:5b:70:9a:f6:8a:
1a:be:b4:ce:6c:0b:70:a1:5d:4a:f4:70:a0:45:aa:bd:29:29:
55:d4:75:c2:4c:bc:fe:f0:00:d9:dc:62:c0:f9:4d:12:9e:5f:
9e:69:11:27:30:ba:7c:6f:74:0c:bd:3b:e9:0a:6c:9f:e7:1c:
63:8b:17:90:4a:5d:b3:f3:7a:b6:47:82:f4:b5:bc:b5:67:c1:
81:c1:e1:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDvketHRlBL6mdkdxZ57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTFhMmM5ZmM4ZGU5Njc5YmIxNTg1ODFiMTBjZWFlZTkx
ZmY3OTEwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA5OGUxM2Y1MTY4NDZkOTIyMzAyOTUyZWQ1MWExNDIyMWQ0YTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzl8X9Th+xxiudYP7LGC5RmOqI1s
sQD6ex7qThStjZZMU/l/fgETHincKn0quonS4JCM6L9lFssALbggDFijyDT8S0gN
2Sy3Vx4/Cvtx22NZwmUVh4EaObpxgTtEduNDMRAARtkL1XypFse2IpkfHiwTmR/p
PEKQoSFPaOX+Q/hkAB/nYyUt2ZcnCSjcn62CeCPVwpcu5t4ogXHKtQGrzYtIigGr
uYyNwPJ132HiviM6ed2p4BvbcWlaZtSEkVaLqzpshL8h/8+alPX+MWlkCJI7td2L
7HEWM9hVFQ7sB41FpjDDFhSINtKY7Kq+dxac+AJd49Keu3cnT5zHeGuNLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkJjhP1FoRtkiMClS7VGhQiHUo5MB8GA1UdIwQY
MBaAFKgRosn8jelnm7FYWBsQzq7pH/eRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYt
MGNjNGMwMDAwODU4LzEvS1FtT0VfVVdoRzJTSXdLVkx0VWFGQ0lkU2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYtMGNjNGMwMDAwODU4
LzEvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbcUjMA0G
CSqGSIb3DQEBCwUAA4IBAQCbp7FfTV2EU9xOVahEswL+/S5TX/v0pLZHuw013vh/
pgqP8Yku0WEz9A9sJH+e+kXLCXzz/mSnchJwLojwlIawTEoBpu5fgI+fccrk7HII
Ynrh/k41ox5j2WBO81eulaP1oA1NtX7Ojoc8sknMm4vlDNlqdNKo6dgSD9+Ud4Vs
DBPnwNyB0/uB6ke+rU2VnALjxfAYaBs/GFoeZXtxqBxfoH3kHkbLl3d/mv/OXYoK
W3Ca9ooavrTObAtwoV1K9HCgRaq9KSlV1HXCTLz+8ADZ3GLA+U0Snl+eaREnMLp8
b3QMvTvpCmyf5xxjixeQSl2z83q2R4L0tby1Z8GBweF/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:59 2024 by rpki-client on console-fra.rpki-client.org