Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/qWtUyFxDtEbwnAkMf_om-XUhtQg.roa
File: qWtUyFxDtEbwnAkMf_om-XUhtQg.roa (raw, json)
Hash identifier: ZuuReHrlaHO08QPWxsow/XsI9aIKeL7CgaeUZ87gxn8=
Subject key identifier: A9:6B:54:C8:5C:43:B4:46:F0:9C:09:0C:7F:FA:26:F9:75:21:B5:08
Certificate issuer: /CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
Certificate serial: 018CF8236E4E26B7249C2B05924CEAFD3C0D
Authority key identifier: 3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/qWtUyFxDtEbwnAkMf_om-XUhtQg.roa
Signing time: Thu 11 Jan 2024 10:48:40 +0000
ROA not before: Thu 11 Jan 2024 10:48:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39305
IP address blocks: 185.151.214.0/23 maxlen: 24
89.40.176.0/22 maxlen: 22
194.247.36.0/24 maxlen: 24
45.84.52.0/22 maxlen: 22
77.75.228.0/24 maxlen: 24
62.106.73.0/24 maxlen: 24
193.57.227.0/24 maxlen: 24
91.211.64.0/22 maxlen: 22
91.238.63.0/24 maxlen: 24
185.88.9.0/24 maxlen: 24
94.24.24.0/22 maxlen: 22
185.182.107.0/24 maxlen: 24
94.24.30.0/23 maxlen: 23
193.57.226.0/24 maxlen: 24
2a0e:9780::/29 maxlen: 29
2a0c:7140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f8:23:6e:4e:26:b7:24:9c:2b:05:92:4c:ea:fd:3c:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
Validity
Not Before: Jan 11 10:48:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a96b54c85c43b446f09c090c7ffa26f97521b508
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:be:81:7f:c9:2f:93:3f:72:4c:76:50:42:dd:
02:ce:1a:f9:ef:07:aa:96:55:c6:52:1e:73:15:31:
a8:35:3f:87:bb:f2:23:e6:80:84:a1:1a:ed:25:b4:
48:5b:26:b9:8e:5b:68:aa:e4:74:ea:84:3b:b0:83:
53:88:b0:3a:ec:11:6b:e7:86:7e:7a:a0:9d:88:45:
0b:d3:b7:a1:52:cd:b6:f8:b1:3a:14:db:e5:cb:52:
31:36:f9:74:0e:a3:49:46:f7:9a:01:17:e6:55:62:
41:cd:06:39:a3:6b:72:68:5f:39:64:39:ad:ef:c3:
df:f6:0b:78:70:98:38:74:ce:cc:f4:26:25:85:a2:
c8:52:50:d9:16:9a:1c:f5:f6:e0:59:62:5c:e1:2a:
2f:85:24:2a:32:c5:4f:42:6d:49:f2:c8:6b:ca:b7:
de:d1:c1:b0:58:b6:bc:d2:be:bd:98:89:1b:0e:44:
ac:e1:3e:41:3c:e5:99:46:3c:e0:1d:ee:ad:a1:40:
ef:9c:36:20:fd:5e:6b:24:1d:ba:ad:c1:20:e8:96:
62:9d:6e:45:2e:69:fb:10:8f:51:54:93:4f:5e:7e:
cd:89:63:12:1a:54:a0:25:f5:43:f2:ac:9d:b9:2b:
85:ef:c4:94:da:a5:cb:44:05:a1:47:9b:14:ce:f7:
2b:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:6B:54:C8:5C:43:B4:46:F0:9C:09:0C:7F:FA:26:F9:75:21:B5:08
X509v3 Authority Key Identifier:
keyid:3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/qWtUyFxDtEbwnAkMf_om-XUhtQg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.52.0/22
62.106.73.0/24
77.75.228.0/24
89.40.176.0/22
91.211.64.0/22
91.238.63.0/24
94.24.24.0/22
94.24.30.0/23
185.88.9.0/24
185.151.214.0/23
185.182.107.0/24
193.57.226.0/23
194.247.36.0/24
IPv6:
2a0c:7140::/29
2a0e:9780::/29
Signature Algorithm: sha256WithRSAEncryption
7e:08:b4:d9:c7:63:87:21:b0:1b:0b:36:8f:23:aa:3c:5a:b0:
69:27:58:d8:ab:21:7b:7e:78:c2:6d:bd:46:ac:3f:ee:83:e4:
87:dd:80:f7:66:fe:5b:e5:d0:bc:9f:e2:23:09:1f:81:b0:e3:
e6:e2:91:63:23:88:74:cb:0f:92:c1:50:27:eb:95:84:ee:69:
01:1c:66:6c:8d:18:72:e3:c3:a7:ef:c7:64:c9:59:67:87:a1:
fa:08:f5:49:02:c6:4a:98:d7:45:09:98:d4:21:95:c1:66:00:
e3:7d:11:80:d5:75:12:f6:25:33:62:93:42:f8:a7:d7:d5:b9:
63:f8:16:4c:7d:a8:d7:05:a4:76:33:c2:43:11:40:d7:a1:5f:
7f:3d:68:c0:2b:cf:04:d1:28:26:8f:de:a4:ad:e6:de:3b:96:
bb:0a:69:1b:7c:27:3e:9a:54:2e:6e:88:ed:de:18:36:90:12:
08:8f:9d:26:38:84:0e:65:a3:b8:f0:e0:fa:c0:51:88:a0:29:
80:7c:26:20:5d:59:b7:37:9a:64:b5:e4:3e:93:fa:26:5c:86:
97:7e:c2:62:37:d2:22:6e:1a:79:1c:17:22:98:fb:78:2d:55:
f1:f0:79:d9:b3:2f:8e:49:9e:07:57:4b:6c:46:76:f8:67:0a:
d5:5a:63:f9
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYz4I25OJrcknCsFkkzq/TwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMjMwNzUyZjNiYTAwMjZmYmIyMGM1ZTRjOTYzYjExMjlh
YzlkMzQwHhcNMjQwMTExMTA0ODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZiNTRjODVjNDNiNDQ2ZjA5YzA5MGM3ZmZhMjZmOTc1MjFiNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr6Bf8kvkz9yTHZQQt0Czhr57weq
llXGUh5zFTGoNT+Hu/Ij5oCEoRrtJbRIWya5jltoquR06oQ7sINTiLA67BFr54Z+
eqCdiEUL07ehUs22+LE6FNvly1IxNvl0DqNJRveaARfmVWJBzQY5o2tyaF85ZDmt
78Pf9gt4cJg4dM7M9CYlhaLIUlDZFpoc9fbgWWJc4SovhSQqMsVPQm1J8shryrfe
0cGwWLa80r69mIkbDkSs4T5BPOWZRjzgHe6toUDvnDYg/V5rJB26rcEg6JZinW5F
Lmn7EI9RVJNPXn7NiWMSGlSgJfVD8qyduSuF78SU2qXLRAWhR5sUzvcrswIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFKlrVMhcQ7RG8JwJDH/6Jvl1IbUIMB8GA1UdIwQY
MBaAFD8jB1LzugAm+7IMXkyWOxEprJ00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjkt
ZGQyMjUzMGUxNWE0LzEvcVd0VXlGeER0RWJ3bkFrTWZfb20tWFVodFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjktZGQyMjUzMGUxNWE0
LzEvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQCLVQ0AwQA
PmpJAwQATUvkAwQCWSiwAwQCW9NAAwQAW+4/AwQCXhgYAwQBXhgeAwQAuVgJAwQB
uZfWAwQAubZrAwQBwTniAwQAwvckMBQEAgACMA4DBQMqDHFAAwUDKg6XgDANBgkq
hkiG9w0BAQsFAAOCAQEAfgi02cdjhyGwGws2jyOqPFqwaSdY2Kshe354wm29Rqw/
7oPkh92A92b+W+XQvJ/iIwkfgbDj5uKRYyOIdMsPksFQJ+uVhO5pARxmbI0YcuPD
p+/HZMlZZ4eh+gj1SQLGSpjXRQmY1CGVwWYA430RgNV1EvYlM2KTQvin19W5Y/gW
TH2o1wWkdjPCQxFA16Fffz1owCvPBNEoJo/epK3m3juWuwppG3wnPppULm6I7d4Y
NpASCI+dJjiEDmWjuPDg+sBRiKApgHwmIF1ZtzeaZLXkPpP6JlyGl37CYjfSIm4a
eRwXIpj7eC1V8fB52bMvjkmeB1dLbEZ2+GcK1Vpj+Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:27 2024 by rpki-client on console-fra.rpki-client.org