Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/QH7hTauEXZsmbxtlO80kzWnBj74.roa
File: QH7hTauEXZsmbxtlO80kzWnBj74.roa (raw, json)
Hash identifier: cPNFL3nrWR+Q7C2ooLDS+dWO/eVwoKI2LKozUoMhfCg=
Subject key identifier: 40:7E:E1:4D:AB:84:5D:9B:26:6F:1B:65:3B:CD:24:CD:69:C1:8F:BE
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019390EC5F3EAF74ECCD72DE7EDD4530EFFB
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/QH7hTauEXZsmbxtlO80kzWnBj74.roa
Signing time: Wed 04 Dec 2024 09:07:10 +0000
ROA not before: Wed 04 Dec 2024 09:07:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210644
IP address blocks: 83.147.248.0/24 maxlen: 24
83.147.249.0/24 maxlen: 24
83.147.250.0/24 maxlen: 24
83.147.251.0/24 maxlen: 24
91.186.216.0/24 maxlen: 24
91.186.217.0/24 maxlen: 24
91.186.218.0/24 maxlen: 24
91.186.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:90:ec:5f:3e:af:74:ec:cd:72:de:7e:dd:45:30:ef:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 4 09:07:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=407ee14dab845d9b266f1b653bcd24cd69c18fbe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:2e:43:bd:a3:05:86:3c:24:82:ac:1e:b5:b6:
d9:86:f5:4a:df:e4:ae:21:c8:65:9a:8e:84:ae:d2:
19:20:73:36:83:3c:26:b6:02:79:ac:6b:2f:8e:3b:
cd:e9:6e:00:72:66:4f:92:a6:c9:67:1f:45:a5:1d:
5c:fa:5a:a5:25:5e:e4:9a:89:2f:99:0d:a5:2a:07:
61:2c:c2:32:57:16:3c:43:d9:98:dc:a7:2f:53:d6:
07:49:4f:98:97:bf:e0:02:76:9f:b7:24:ad:aa:88:
2f:f3:e9:cb:63:a6:09:19:4a:60:6e:73:ac:bd:c0:
06:12:dd:6e:3b:e1:25:71:95:29:91:43:78:fc:d6:
00:e2:8a:26:10:a0:a6:4a:b8:3e:24:b7:ad:bf:7e:
0d:f5:2f:7c:7d:7a:12:26:4f:e4:55:55:92:20:93:
69:df:f4:40:1e:14:c1:ee:07:e8:46:a5:a7:81:20:
f3:24:04:16:c7:88:ea:eb:e6:fa:5f:b6:f5:a2:75:
1d:18:8b:45:a9:69:4f:c2:79:3b:c1:ec:64:c8:b1:
d0:aa:85:07:7f:aa:8c:ea:d0:dd:9b:15:17:85:35:
13:70:d2:2f:31:32:0d:d2:87:95:43:5b:05:29:b9:
83:29:ac:da:ac:59:14:3c:b3:d3:47:a3:ca:5a:50:
16:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:7E:E1:4D:AB:84:5D:9B:26:6F:1B:65:3B:CD:24:CD:69:C1:8F:BE
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/QH7hTauEXZsmbxtlO80kzWnBj74.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.248.0/22
91.186.216.0/22
Signature Algorithm: sha256WithRSAEncryption
57:cd:89:f6:49:6c:a5:ff:31:30:cc:d5:ec:ed:47:ff:09:30:
a7:b0:c1:0c:fa:21:3b:9d:a1:b5:35:19:07:72:8f:12:52:73:
21:1f:6b:1f:c4:e0:0c:ea:28:3e:9f:e8:9e:8a:02:31:12:bd:
42:e2:c9:c4:59:b9:b7:87:50:2a:e6:82:9a:79:e2:83:48:b8:
a5:c9:49:19:65:5a:36:6e:c4:bc:dc:97:a5:83:3d:00:2c:74:
16:0d:bd:a9:39:45:c5:8f:fb:7d:2d:1e:f3:43:b4:36:27:e4:
44:40:42:d9:33:08:c3:c2:9f:2b:61:06:3c:9c:12:41:12:36:
40:44:a2:2d:4d:12:3f:d3:1a:ab:48:fd:aa:40:58:cd:82:6a:
a1:83:69:76:9d:38:3a:db:0c:75:7d:72:b4:63:07:8c:17:8a:
84:56:d3:0c:ab:e6:de:50:6a:8b:8c:08:66:36:ea:e3:bb:92:
f9:c1:e5:23:87:28:c1:77:99:f3:cb:67:13:4e:2d:93:b5:58:
d0:65:9a:dc:61:55:5d:c3:1a:91:86:05:19:86:ac:80:5b:c3:
d3:fd:f8:bd:7c:1f:7e:87:da:d8:b5:9f:a9:24:47:58:6a:c1:
33:b9:61:22:1b:6d:c1:bd:38:61:1d:4f:65:69:74:22:ee:03:
d3:1d:cf:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZOQ7F8+r3TszXLeft1FMO/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjA0MDkwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdlZTE0ZGFiODQ1ZDliMjY2ZjFiNjUzYmNkMjRjZDY5YzE4ZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoC5DvaMFhjwkgqwetbbZhvVK3+Su
Ichlmo6ErtIZIHM2gzwmtgJ5rGsvjjvN6W4AcmZPkqbJZx9FpR1c+lqlJV7kmokv
mQ2lKgdhLMIyVxY8Q9mY3KcvU9YHSU+Yl7/gAnaftyStqogv8+nLY6YJGUpgbnOs
vcAGEt1uO+ElcZUpkUN4/NYA4oomEKCmSrg+JLetv34N9S98fXoSJk/kVVWSIJNp
3/RAHhTB7gfoRqWngSDzJAQWx4jq6+b6X7b1onUdGItFqWlPwnk7wexkyLHQqoUH
f6qM6tDdmxUXhTUTcNIvMTIN0oeVQ1sFKbmDKazarFkUPLPTR6PKWlAW1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEB+4U2rhF2bJm8bZTvNJM1pwY++MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvUUg3aFRhdUVYWnNtYnh0bE84MGt6V25Cajc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5P4AwQC
W7rYMA0GCSqGSIb3DQEBCwUAA4IBAQBXzYn2SWyl/zEwzNXs7Uf/CTCnsMEM+iE7
naG1NRkHco8SUnMhH2sfxOAM6ig+n+ieigIxEr1C4snEWbm3h1Aq5oKaeeKDSLil
yUkZZVo2bsS83Jelgz0ALHQWDb2pOUXFj/t9LR7zQ7Q2J+REQELZMwjDwp8rYQY8
nBJBEjZARKItTRI/0xqrSP2qQFjNgmqhg2l2nTg62wx1fXK0YweMF4qEVtMMq+be
UGqLjAhmNurju5L5weUjhyjBd5nzy2cTTi2TtVjQZZrcYVVdwxqRhgUZhqyAW8PT
/fi9fB9+h9rYtZ+pJEdYasEzuWEiG23BvThhHU9laXQi7gPTHc+e
-----END CERTIFICATE-----
Generated at Sat Apr 19 15:19:08 2025 by rpki-client