Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qomxOlT3o4k76XJENLbvgOPH250.roa
File: qomxOlT3o4k76XJENLbvgOPH250.roa (raw, json)
Hash identifier: /vDidkdVIwBVwC75n+OicAtsG2NcZ8tyqGy9NNWJnrw=
Subject key identifier: AA:89:B1:3A:54:F7:A3:89:3B:E9:72:44:34:B6:EF:80:E3:C7:DB:9D
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 019223FEB8BCD13360DF47B1097D4D7659A0
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qomxOlT3o4k76XJENLbvgOPH250.roa
Signing time: Tue 24 Sep 2024 12:25:48 +0000
ROA not before: Tue 24 Sep 2024 12:25:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215540
IP address blocks: 31.129.22.0/24 maxlen: 24
45.95.232.0/24 maxlen: 24
45.95.233.0/24 maxlen: 24
45.129.185.0/24 maxlen: 24
92.118.112.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
185.247.184.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:23:fe:b8:bc:d1:33:60:df:47:b1:09:7d:4d:76:59:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Sep 24 12:25:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aa89b13a54f7a3893be9724434b6ef80e3c7db9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:1a:85:66:1f:6a:f2:7d:89:6b:3a:fc:5c:78:
cf:3b:e3:a3:a5:28:f9:90:c9:ba:a2:e1:2e:ba:c2:
7f:1f:12:48:d3:7b:1f:72:5b:a3:65:d2:4b:a2:10:
1f:7f:16:51:ff:a0:74:ce:14:a5:bb:10:63:e0:93:
50:cc:3a:de:81:29:ff:ed:e7:e0:39:c7:db:ea:57:
e8:1b:aa:2e:34:90:ce:31:94:6b:44:23:38:36:89:
57:15:49:3a:97:94:75:2f:b9:85:81:00:91:63:97:
f7:62:7d:4f:ac:cf:e3:7b:b8:ee:d8:fa:98:df:79:
53:db:00:fc:a3:f7:eb:f0:0d:79:5c:92:01:e0:81:
91:0e:05:dd:5b:54:33:05:d0:43:62:db:50:69:0f:
16:17:11:eb:07:f5:b7:07:6b:cd:68:83:ab:32:e7:
e0:18:7c:e1:38:38:57:f0:3b:a1:51:36:00:9a:bc:
19:08:61:f7:b7:f0:d9:af:ae:14:20:7e:d7:2e:76:
ae:0f:d5:c3:73:08:9d:db:4a:30:1e:e9:09:f2:74:
e3:eb:38:fd:3f:9e:d3:13:6b:33:2a:a2:49:b2:a0:
f8:c0:8e:a7:b2:cf:c2:9e:dc:20:39:3f:74:c7:8e:
b6:06:99:df:33:c7:a5:43:39:5b:0a:3e:8a:8b:89:
4d:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:89:B1:3A:54:F7:A3:89:3B:E9:72:44:34:B6:EF:80:E3:C7:DB:9D
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qomxOlT3o4k76XJENLbvgOPH250.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.22.0/24
45.95.232.0/23
45.129.185.0/24
92.118.112.0/24
141.98.233.0-141.98.234.255
185.247.184.0/24
Signature Algorithm: sha256WithRSAEncryption
44:dc:79:60:fe:ff:3f:0c:de:10:d7:fe:bf:53:91:fc:92:d5:
c4:b5:d2:19:e2:4a:57:94:87:24:67:cb:fb:b9:7c:a2:1e:d5:
4c:b1:3d:26:0a:61:e9:b3:cd:34:a5:24:49:61:33:bb:44:ea:
6b:1a:a4:9c:2f:71:b3:a1:72:b3:e8:2f:4d:d6:42:3d:96:e7:
3f:9d:05:dd:6f:51:95:57:5a:6c:53:8d:e4:c0:32:f9:5a:86:
e0:13:3a:e3:5b:10:e9:3a:a6:5a:cc:11:05:eb:98:2e:44:a6:
27:28:66:a2:22:7d:29:c0:4e:e7:14:ac:74:2e:2e:16:90:04:
24:2b:ef:49:af:c5:da:76:d2:05:6b:f9:b6:41:23:74:ba:2e:
01:de:30:97:b7:bd:33:10:99:1f:be:a5:2c:21:bb:21:07:0e:
03:50:7b:df:98:f4:83:73:35:37:a4:65:e8:44:a8:fc:bc:1d:
47:b0:14:7f:56:6f:d2:8a:d3:86:d3:f2:d1:63:f5:b1:ec:40:
b0:7c:27:06:9a:8b:cb:77:2b:8a:c3:0f:f9:ec:95:08:7b:e1:
21:f5:89:27:eb:5f:15:46:f2:e9:82:c3:36:97:58:b8:6f:ad:
01:17:74:c4:c2:f0:0f:15:aa:89:46:1a:07:29:a7:9c:f1:da:
4a:ac:53:1d
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZIj/ri80TNg30exCX1NdlmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwOTI0MTIyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTg5YjEzYTU0ZjdhMzg5M2JlOTcyNDQzNGI2ZWY4MGUzYzdkYjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBqFZh9q8n2Jazr8XHjPO+OjpSj5
kMm6ouEuusJ/HxJI03sfclujZdJLohAffxZR/6B0zhSluxBj4JNQzDregSn/7efg
Ocfb6lfoG6ouNJDOMZRrRCM4NolXFUk6l5R1L7mFgQCRY5f3Yn1PrM/je7ju2PqY
33lT2wD8o/fr8A15XJIB4IGRDgXdW1QzBdBDYttQaQ8WFxHrB/W3B2vNaIOrMufg
GHzhODhX8DuhUTYAmrwZCGH3t/DZr64UIH7XLnauD9XDcwid20owHukJ8nTj6zj9
P57TE2szKqJJsqD4wI6nss/CntwgOT90x462BpnfM8elQzlbCj6Ki4lNIwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFKqJsTpU96OJO+lyRDS274Djx9udMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvcW9teE9sVDNvNGs3NlhKRU5MYnZnT1BIMjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAH4EWAwQB
LV/oAwQALYG5AwQAXHZwMAwDBACNYukDBACNYuoDBAC597gwDQYJKoZIhvcNAQEL
BQADggEBAETceWD+/z8M3hDX/r9TkfyS1cS10hniSleUhyRny/u5fKIe1UyxPSYK
YemzzTSlJElhM7tE6msapJwvcbOhcrPoL03WQj2W5z+dBd1vUZVXWmxTjeTAMvla
huATOuNbEOk6plrMEQXrmC5EpicoZqIifSnATucUrHQuLhaQBCQr70mvxdp20gVr
+bZBI3S6LgHeMJe3vTMQmR++pSwhuyEHDgNQe9+Y9INzNTekZehEqPy8HUewFH9W
b9KK04bT8tFj9bHsQLB8Jwaai8t3K4rDD/nslQh74SH1iSfrXxVG8umCwzaXWLhv
rQEXdMTC8A8VqolGGgcpp5zx2kqsUx0=
-----END CERTIFICATE-----
Generated at Tue Oct 8 18:03:47 2024 by rpki-client on console-ams.rpki-client.org