Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/QWId9ezYkZlaWEyJ8WaLnJ3cN1o.roa
File: QWId9ezYkZlaWEyJ8WaLnJ3cN1o.roa (raw, json)
Hash identifier: 7Uxz7tZ9j/KJYoEJLtFc4oY+gse50RBegV0wuMhVEDE=
Subject key identifier: 41:62:1D:F5:EC:D8:91:99:5A:58:4C:89:F1:66:8B:9C:9D:DC:37:5A
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B57F2A58727C080A24145ADFB25F3B
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/QWId9ezYkZlaWEyJ8WaLnJ3cN1o.roa
Signing time: Thu 02 Jan 2025 15:49:53 +0000
ROA not before: Thu 02 Jan 2025 15:49:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 83.147.248.0/22 maxlen: 22
91.186.200.0/23 maxlen: 24
91.186.202.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:7f:2a:58:72:7c:08:0a:24:14:5a:df:b2:5f:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=41621df5ecd891995a584c89f1668b9c9ddc375a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:44:86:a7:ee:e5:b9:14:00:9d:95:19:bf:44:
e3:b8:46:71:4c:4c:e8:33:8c:65:05:ee:44:9a:1c:
37:2e:bd:a3:a5:58:9c:80:96:92:9f:5c:0c:0e:e5:
ff:44:7b:17:5a:79:58:63:66:1e:7d:85:5e:d8:ab:
4a:27:9c:0f:3f:f0:05:91:ed:cf:12:06:c0:4d:84:
dd:bf:9a:06:45:4c:11:71:2c:81:5a:32:8a:64:7b:
10:13:d1:c8:ae:fe:c3:eb:32:3b:28:70:5a:fb:b4:
74:03:bf:d9:5a:d9:a3:ec:00:8b:a7:e5:b4:dd:a6:
72:8d:a8:70:f5:e2:14:70:b2:3f:81:83:f8:0f:03:
09:1f:23:2e:5a:f5:0c:1c:8b:41:22:8b:f5:f8:49:
e3:21:1d:43:a2:a1:c1:50:b3:e0:d3:8a:c1:68:9f:
4e:3c:cc:f0:1d:90:c5:0c:ce:72:d2:f5:50:bc:f7:
e2:fa:81:69:c8:cd:92:12:b5:94:47:d3:e1:61:d3:
b7:ac:ed:e1:d4:bd:d2:9f:49:8b:78:75:9a:05:23:
84:f7:78:0a:7c:ed:c8:91:50:54:5b:3d:db:75:66:
17:4e:4e:ea:32:07:e8:aa:a2:47:f2:1f:45:b0:46:
27:67:6b:ae:4c:36:15:5a:6c:2c:1d:0f:ff:cf:99:
79:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:62:1D:F5:EC:D8:91:99:5A:58:4C:89:F1:66:8B:9C:9D:DC:37:5A
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/QWId9ezYkZlaWEyJ8WaLnJ3cN1o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.248.0/22
91.186.200.0/22
Signature Algorithm: sha256WithRSAEncryption
61:ad:ef:02:69:bb:80:37:c7:fd:02:0a:05:c9:e1:e1:60:2b:
00:6c:99:7f:a3:40:83:34:10:ad:27:34:e4:5f:b6:92:aa:b2:
5c:4e:a6:ac:f7:4f:7f:25:59:af:c3:14:bb:38:97:79:4a:b1:
34:24:64:d1:86:84:d9:cc:8c:7d:df:5b:ef:3f:81:39:0d:ae:
ff:5c:6a:59:44:c4:cb:d9:ad:d3:f5:25:d8:0f:06:b9:20:05:
03:18:33:10:65:45:15:88:47:0b:1c:12:46:1b:9e:c4:0d:be:
98:59:f8:26:b2:99:26:cc:5c:81:8e:36:84:d0:ac:48:ca:5f:
2a:17:00:72:0e:89:11:5a:86:fc:11:c5:73:e7:0d:7d:77:f3:
0a:8d:7e:f6:37:65:d7:e5:45:44:be:ef:88:55:31:7b:49:9d:
c7:a3:6d:1b:3c:05:9d:a5:aa:df:ae:16:9a:3b:97:16:fb:bb:
c8:7e:95:0c:46:b1:ba:48:1e:d3:ae:98:6a:bd:9e:fd:d8:e7:
ac:8a:ed:8c:28:78:e8:7a:0b:a1:f7:47:05:01:95:71:c4:ef:
58:ff:e8:62:11:d4:b5:b2:4c:16:7a:02:7a:95:a1:98:fd:b0:
47:7f:39:44:52:ff:52:cc:ed:4e:81:4b:29:24:7e:b2:b6:b5:
bb:8a:1a:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntX8qWHJ8CAokFFrfsl87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTYyMWRmNWVjZDg5MTk5NWE1ODRjODlmMTY2OGI5YzlkZGMzNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUSGp+7luRQAnZUZv0TjuEZxTEzo
M4xlBe5Emhw3Lr2jpVicgJaSn1wMDuX/RHsXWnlYY2YefYVe2KtKJ5wPP/AFke3P
EgbATYTdv5oGRUwRcSyBWjKKZHsQE9HIrv7D6zI7KHBa+7R0A7/ZWtmj7ACLp+W0
3aZyjahw9eIUcLI/gYP4DwMJHyMuWvUMHItBIov1+EnjIR1DoqHBULPg04rBaJ9O
PMzwHZDFDM5y0vVQvPfi+oFpyM2SErWUR9PhYdO3rO3h1L3Sn0mLeHWaBSOE93gK
fO3IkVBUWz3bdWYXTk7qMgfoqqJH8h9FsEYnZ2uuTDYVWmwsHQ//z5l5zQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEFiHfXs2JGZWlhMifFmi5yd3DdaMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvUVdJZDllellrWmxhV0V5SjhXYUxuSjNjTjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5P4AwQC
W7rIMA0GCSqGSIb3DQEBCwUAA4IBAQBhre8CabuAN8f9AgoFyeHhYCsAbJl/o0CD
NBCtJzTkX7aSqrJcTqas909/JVmvwxS7OJd5SrE0JGTRhoTZzIx931vvP4E5Da7/
XGpZRMTL2a3T9SXYDwa5IAUDGDMQZUUViEcLHBJGG57EDb6YWfgmspkmzFyBjjaE
0KxIyl8qFwByDokRWob8EcVz5w19d/MKjX72N2XX5UVEvu+IVTF7SZ3Ho20bPAWd
parfrhaaO5cW+7vIfpUMRrG6SB7TrphqvZ792Oesiu2MKHjoeguh90cFAZVxxO9Y
/+hiEdS1skwWegJ6laGY/bBHfzlEUv9SzO1OgUspJH6ytrW7ihpg
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:42:48 2025 by rpki-client