Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qOqCiyLUDiG5A6IXjl_aPO9uGrw.roa
File: qOqCiyLUDiG5A6IXjl_aPO9uGrw.roa (raw, json)
Hash identifier: T7QGFdOVG5AYOp2/3klpDPx+OOvGc2qcbZC6A4LeStU=
Subject key identifier: A8:EA:82:8B:22:D4:0E:21:B9:03:A2:17:8E:5F:DA:3C:EF:6E:1A:BC
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01849FC0FEA60054CF438E3732240D393363
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qOqCiyLUDiG5A6IXjl_aPO9uGrw.roa
Signing time: Tue 22 Nov 2022 14:32:16 +0000
ROA not before: Tue 22 Nov 2022 14:32:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207713
IP address blocks: 5.44.42.0/24 maxlen: 24
45.80.128.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:9f:c0:fe:a6:00:54:cf:43:8e:37:32:24:0d:39:33:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Nov 22 14:32:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a8ea828b22d40e21b903a2178e5fda3cef6e1abc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:9f:4b:63:fb:3c:2a:68:50:71:e3:7c:e3:eb:
91:3b:0f:13:35:28:71:95:21:e6:a2:ac:5d:7e:5f:
bd:00:10:14:64:af:4e:24:3f:ff:0f:54:9d:02:99:
bd:a0:59:2d:5c:73:45:07:ba:d8:f7:eb:63:4a:92:
9a:eb:15:50:af:d7:60:45:72:f8:7a:93:75:3e:62:
70:13:ed:56:75:ab:69:e6:d5:54:30:24:bd:6b:1d:
b9:ef:9c:dd:f2:c0:0a:f6:a2:c3:df:a7:7f:17:b1:
74:ab:a1:9a:63:4d:b8:b5:54:f4:bf:5b:f9:dc:a9:
72:ca:a3:6f:c7:84:6b:af:85:ca:bb:ac:ce:8e:71:
e6:bd:41:8a:97:29:b3:47:57:ae:97:7e:da:13:bf:
f3:eb:4f:a9:9c:6d:54:66:95:61:7b:13:42:73:69:
5e:5b:cf:41:db:77:30:19:17:d7:94:89:61:66:d5:
3a:bc:a9:0a:d1:c0:f2:a3:c0:82:ad:d7:e4:4f:77:
27:7f:10:71:1d:29:43:ef:d2:15:b2:bd:de:51:e6:
62:70:48:b8:ab:a4:40:b5:0b:a2:8b:29:dc:16:2b:
02:08:80:ec:06:b2:15:cc:fd:e8:35:df:96:fb:4f:
03:bd:e1:b9:91:a5:c7:e6:2e:74:bf:0a:c1:2f:7b:
47:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:EA:82:8B:22:D4:0E:21:B9:03:A2:17:8E:5F:DA:3C:EF:6E:1A:BC
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qOqCiyLUDiG5A6IXjl_aPO9uGrw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.42.0/24
45.80.128.0/24
Signature Algorithm: sha256WithRSAEncryption
30:f0:4d:9d:9b:93:ae:50:ab:4d:93:7e:09:f5:7e:b8:bd:4b:
56:a8:2d:c1:7d:39:21:b8:2a:43:64:b4:70:87:1d:84:e1:35:
bc:ca:33:af:2c:dd:19:25:92:0f:5e:77:a1:47:90:c8:bb:dc:
77:fa:cc:91:19:bf:b7:5e:e2:74:26:7f:6a:c6:fe:c6:58:a5:
a5:9d:a7:94:e8:18:f6:05:fd:8f:7b:7e:fa:5d:84:c1:c7:4d:
f7:2b:6c:a8:25:74:b3:b6:52:01:ec:d4:1e:b1:b3:b7:94:94:
c0:9e:c5:11:bb:eb:b1:4f:fe:2c:57:c8:c8:88:35:43:94:4a:
cf:01:05:7e:df:90:b2:d3:d5:99:97:06:5c:58:09:80:f7:f4:
c1:9b:85:83:c4:9d:b3:81:8d:c1:dc:3f:6e:e9:11:e4:89:d0:
09:b5:d4:38:b2:c8:6a:4c:90:6c:03:e0:10:24:0a:0f:87:bd:
39:63:0d:c3:96:63:40:e7:64:63:45:dd:04:ec:2f:22:0a:53:
73:13:ec:b0:46:70:13:66:30:39:45:ac:af:62:ae:c7:2b:2b:
cf:4e:65:e8:05:26:bc:d0:4f:eb:cc:0d:b8:ed:e8:ec:68:b2:
c2:36:84:ca:bb:89:c8:98:af:7e:01:00:af:6a:c2:ae:f8:a5:
99:d3:5a:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYSfwP6mAFTPQ443MiQNOTNjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMTIyMTQzMjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVhODI4YjIyZDQwZTIxYjkwM2EyMTc4ZTVmZGEzY2VmNmUxYWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA559LY/s8KmhQceN84+uROw8TNShx
lSHmoqxdfl+9ABAUZK9OJD//D1SdApm9oFktXHNFB7rY9+tjSpKa6xVQr9dgRXL4
epN1PmJwE+1Wdatp5tVUMCS9ax2575zd8sAK9qLD36d/F7F0q6GaY024tVT0v1v5
3KlyyqNvx4Rrr4XKu6zOjnHmvUGKlymzR1eul37aE7/z60+pnG1UZpVhexNCc2le
W89B23cwGRfXlIlhZtU6vKkK0cDyo8CCrdfkT3cnfxBxHSlD79IVsr3eUeZicEi4
q6RAtQuiiyncFisCCIDsBrIVzP3oNd+W+08DveG5kaXH5i50vwrBL3tH9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKjqgosi1A4huQOiF45f2jzvbhq8MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvcU9xQ2l5TFVEaUc1QTZJWGpsX2FQTzl1R3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABSwqAwQA
LVCAMA0GCSqGSIb3DQEBCwUAA4IBAQAw8E2dm5OuUKtNk34J9X64vUtWqC3BfTkh
uCpDZLRwhx2E4TW8yjOvLN0ZJZIPXnehR5DIu9x3+syRGb+3XuJ0Jn9qxv7GWKWl
naeU6Bj2Bf2Pe376XYTBx033K2yoJXSztlIB7NQesbO3lJTAnsURu+uxT/4sV8jI
iDVDlErPAQV+35Cy09WZlwZcWAmA9/TBm4WDxJ2zgY3B3D9u6RHkidAJtdQ4sshq
TJBsA+AQJAoPh705Yw3DlmNA52RjRd0E7C8iClNzE+ywRnATZjA5RayvYq7HKyvP
TmXoBSa80E/rzA247ejsaLLCNoTKu4nImK9+AQCvasKu+KWZ01od
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:55 2024 by rpki-client on console-fra.rpki-client.org