Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/Q7j-ZVE8wUruc6trxB9dvvc1Taw.roa
File: Q7j-ZVE8wUruc6trxB9dvvc1Taw.roa (raw, json)
Hash identifier: 7gdr/7ZK9Avksl7AFzfOKoeu8g9Ew2q7lyXf64NrNL0=
Subject key identifier: 43:B8:FE:65:51:3C:C1:4A:EE:73:AB:6B:C4:1F:5D:BE:F7:35:4D:AC
Certificate issuer: /CN=4777da157768423fcba9217392ec7f483b3b9442
Certificate serial: 018DC6784E84296A2DA9CF86ECF754E87BC5
Authority key identifier: 47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/Q7j-ZVE8wUruc6trxB9dvvc1Taw.roa
Signing time: Tue 20 Feb 2024 12:23:09 +0000
ROA not before: Tue 20 Feb 2024 12:23:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8832
IP address blocks: 109.69.168.0/21 maxlen: 21
2a00:1498::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:c6:78:4e:84:29:6a:2d:a9:cf:86:ec:f7:54:e8:7b:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4777da157768423fcba9217392ec7f483b3b9442
Validity
Not Before: Feb 20 12:23:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=43b8fe65513cc14aee73ab6bc41f5dbef7354dac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:f3:8c:85:c1:4b:89:61:f9:c2:e2:91:4d:74:
d9:8f:bd:0f:30:be:00:69:87:20:f2:7d:bf:38:ea:
53:07:ae:c4:32:bd:a6:47:de:73:ff:c4:36:13:96:
e0:fb:6c:08:1f:48:1b:53:ef:a4:9f:f2:9f:ab:e6:
c4:d3:66:76:a0:9d:43:18:97:77:e6:be:eb:80:de:
03:52:39:02:8b:8e:e5:91:17:ef:42:0f:f3:74:f7:
1d:e4:3b:4b:45:10:70:d7:83:d2:ca:f2:fd:f7:96:
85:08:fa:e6:c0:89:5c:b8:f9:4d:65:9e:48:45:19:
66:0a:35:bd:68:48:13:57:57:e6:34:2d:d5:22:1e:
65:e3:5f:f3:d3:2c:74:b2:f6:0a:93:a7:53:ac:f6:
ee:ad:4e:43:7a:d8:5c:39:7b:5a:91:5c:2e:e0:68:
71:6f:fa:18:9c:d8:25:12:6f:02:b2:34:a1:ec:d5:
ee:08:ac:85:73:97:e2:43:19:f8:8a:b9:96:b2:2f:
9f:31:cd:11:32:7d:93:45:ff:44:8f:90:d8:78:76:
1b:3b:bd:c2:a0:76:ee:80:c7:d4:25:9c:d1:1a:94:
5d:3b:75:d4:10:19:73:8e:b4:3b:ef:37:a4:5b:8c:
5d:38:6f:c1:bc:a2:59:97:aa:ba:ba:ea:e5:70:fe:
ca:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:B8:FE:65:51:3C:C1:4A:EE:73:AB:6B:C4:1F:5D:BE:F7:35:4D:AC
X509v3 Authority Key Identifier:
keyid:47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/Q7j-ZVE8wUruc6trxB9dvvc1Taw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.69.168.0/21
IPv6:
2a00:1498::/32
Signature Algorithm: sha256WithRSAEncryption
01:b0:2d:fc:2f:1d:f9:17:1e:07:47:e4:be:93:1c:0b:62:9c:
b8:0d:3b:c4:6b:28:8b:c9:79:8b:25:d2:b6:9e:f1:a2:38:b5:
89:f0:b0:69:3c:cd:e4:83:ab:d8:fb:14:cd:1a:2f:f1:77:da:
0e:eb:c8:dc:a3:6e:10:3a:2c:dd:6c:28:3c:90:9d:bb:76:d7:
8c:ca:27:24:50:01:31:9c:ed:65:fd:37:e3:f2:f4:51:b7:6d:
88:de:8b:db:6d:6b:88:aa:d1:23:9b:09:82:01:51:83:99:47:
a9:f7:8f:25:1e:89:47:53:af:57:4b:fd:c7:5a:ff:65:5c:bb:
b4:0f:24:a3:08:d7:5e:59:cc:52:b8:a2:ac:05:8a:ac:bf:5d:
17:b5:f3:09:fa:e3:18:70:a6:1f:08:36:fb:5f:01:71:d8:ec:
a9:3b:6f:b4:bd:da:96:c0:4d:e9:35:e4:6b:1b:3b:15:23:da:
0e:00:7c:58:c7:77:17:d4:1f:d5:fb:6f:82:a8:63:4a:27:b9:
41:6d:0d:45:5c:4e:e4:85:fb:07:70:d8:ac:00:06:c8:08:35:
54:de:f0:c7:f5:32:e3:f0:a2:49:b9:b6:10:90:ab:8f:e4:1c:
99:af:dc:f8:8f:99:5b:7c:33:e9:45:ed:eb:c5:83:b5:22:86:
c3:57:c9:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3GeE6EKWotqc+G7PdU6HvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzdkYTE1Nzc2ODQyM2ZjYmE5MjE3MzkyZWM3ZjQ4M2Iz
Yjk0NDIwHhcNMjQwMjIwMTIyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2I4ZmU2NTUxM2NjMTRhZWU3M2FiNmJjNDFmNWRiZWY3MzU0ZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfOMhcFLiWH5wuKRTXTZj70PML4A
aYcg8n2/OOpTB67EMr2mR95z/8Q2E5bg+2wIH0gbU++kn/Kfq+bE02Z2oJ1DGJd3
5r7rgN4DUjkCi47lkRfvQg/zdPcd5DtLRRBw14PSyvL995aFCPrmwIlcuPlNZZ5I
RRlmCjW9aEgTV1fmNC3VIh5l41/z0yx0svYKk6dTrPburU5DethcOXtakVwu4Ghx
b/oYnNglEm8CsjSh7NXuCKyFc5fiQxn4irmWsi+fMc0RMn2TRf9Ej5DYeHYbO73C
oHbugMfUJZzRGpRdO3XUEBlzjrQ77zekW4xdOG/BvKJZl6q6uurlcP7KMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEO4/mVRPMFK7nOra8QfXb73NU2sMB8GA1UdIwQY
MBaAFEd32hV3aEI/y6khc5Lsf0g7O5RCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMt
ZjU3Zjg2ZGY0ZjE2LzEvUTdqLVpWRTh3VXJ1YzZ0cnhCOWR2dmMxVGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMtZjU3Zjg2ZGY0ZjE2
LzEvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbUWoMA0E
AgACMAcDBQAqABSYMA0GCSqGSIb3DQEBCwUAA4IBAQABsC38Lx35Fx4HR+S+kxwL
Ypy4DTvEayiLyXmLJdK2nvGiOLWJ8LBpPM3kg6vY+xTNGi/xd9oO68jco24QOizd
bCg8kJ27dteMyickUAExnO1l/Tfj8vRRt22I3ovbbWuIqtEjmwmCAVGDmUep948l
HolHU69XS/3HWv9lXLu0DySjCNdeWcxSuKKsBYqsv10XtfMJ+uMYcKYfCDb7XwFx
2OypO2+0vdqWwE3pNeRrGzsVI9oOAHxYx3cX1B/V+2+CqGNKJ7lBbQ1FXE7khfsH
cNisAAbICDVU3vDH9TLj8KJJubYQkKuP5ByZr9z4j5lbfDPpRe3rxYO1IobDV8k+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:32 2024 by rpki-client on console-ams.rpki-client.org