Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/qqkRYmIOuOCB0PX7pL-wFPKgWes.roa
File: qqkRYmIOuOCB0PX7pL-wFPKgWes.roa (raw, json)
Hash identifier: jR6A5y+CMNtN+m/Oc443ZoLAiSL9InHph1aCIks1G/Y=
Subject key identifier: AA:A9:11:62:62:0E:B8:E0:81:D0:F5:FB:A4:BF:B0:14:F2:A0:59:EB
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0193FDF6F00B3AE4B30352A0002D9AADD413
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/qqkRYmIOuOCB0PX7pL-wFPKgWes.roa
Signing time: Wed 25 Dec 2024 13:17:18 +0000
ROA not before: Wed 25 Dec 2024 13:17:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210644
IP address blocks: 83.147.232.0/22 maxlen: 24
83.147.252.0/24 maxlen: 24
83.147.253.0/24 maxlen: 24
83.147.254.0/24 maxlen: 24
91.186.216.0/24 maxlen: 24
91.186.217.0/24 maxlen: 24
91.186.218.0/24 maxlen: 24
91.186.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:fd:f6:f0:0b:3a:e4:b3:03:52:a0:00:2d:9a:ad:d4:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 25 13:17:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aaa91162620eb8e081d0f5fba4bfb014f2a059eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:0f:d3:b7:0a:12:62:74:2e:98:a8:45:e2:e8:
e8:9b:2b:56:ee:1c:09:a7:23:b6:28:cb:3c:f5:8b:
ac:b8:09:cb:f7:f2:2a:9d:e7:7d:30:71:82:ed:3a:
71:b7:16:1d:c4:07:2a:44:66:2a:e0:6d:d0:5f:29:
ed:ae:97:bd:d6:16:c1:bc:50:7c:ab:0e:ba:14:38:
c9:80:99:f2:11:60:4f:04:e7:aa:ab:73:2c:ae:be:
c0:65:de:52:9e:56:89:aa:1f:fa:c7:1c:f1:bc:7c:
de:23:ce:ec:6f:30:05:a5:02:63:17:c1:82:b7:57:
3a:7e:df:64:9c:8d:53:7e:41:09:ff:dd:f8:3f:8e:
5f:70:9d:f7:36:a8:7e:18:12:73:c3:c4:09:a6:75:
26:e9:e7:33:01:55:cd:ac:ad:cd:0a:a4:28:06:dd:
17:63:be:4e:f7:b8:8d:70:45:67:a5:c9:13:6a:0c:
f6:26:ec:90:94:6c:03:2e:e2:7c:6f:c2:05:05:4e:
50:44:c4:9f:24:80:1d:e7:21:8e:bf:1d:bb:e0:ef:
7d:dd:29:6d:3f:ff:20:56:5a:48:13:c5:39:a6:5c:
35:fa:43:e2:ca:42:fb:4a:1a:d9:cc:67:89:e5:43:
0d:f6:2e:2d:b1:91:cc:b2:ba:19:44:c5:3d:be:2c:
64:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:A9:11:62:62:0E:B8:E0:81:D0:F5:FB:A4:BF:B0:14:F2:A0:59:EB
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/qqkRYmIOuOCB0PX7pL-wFPKgWes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.232.0/22
83.147.252.0-83.147.254.255
91.186.216.0/22
Signature Algorithm: sha256WithRSAEncryption
52:90:08:f4:41:04:5e:c8:bc:f2:b5:12:95:94:14:60:11:25:
c9:af:1f:56:3c:49:e5:59:e7:b7:68:97:fa:f6:92:ed:70:1d:
d9:1a:2e:80:e4:c3:33:72:0b:90:02:71:9b:a5:c8:0e:52:14:
eb:9b:d0:36:9f:51:7f:71:71:46:e4:d1:2a:f0:f4:00:4c:c9:
b1:a0:97:65:52:37:05:f1:87:c9:7e:78:0c:4f:3e:89:2c:82:
51:f7:db:ba:95:e8:61:aa:45:57:69:8a:a5:56:3d:0e:64:a6:
30:53:1b:a9:a7:f6:ee:56:cc:66:5b:5b:b8:89:93:86:4e:88:
7c:b0:cc:0b:cf:68:13:d3:7e:fa:ba:49:c1:8a:18:23:c0:b5:
8e:64:68:d8:49:e4:1e:f8:86:60:a9:97:d3:d9:34:56:d0:1f:
f0:53:61:ab:71:84:a5:e9:da:bb:4c:c8:4a:9e:a9:40:39:e5:
56:2c:eb:4e:df:b4:48:94:4b:b0:3a:9e:76:5a:58:2d:76:1e:
d0:e0:8e:97:22:88:cf:8d:cd:72:c9:18:a2:b2:9f:b5:b5:ac:
13:7d:eb:2e:61:74:7a:a1:e9:0d:3f:fb:a5:d2:be:3b:83:45:
85:fa:9f:09:89:25:a3:ee:b5:56:01:b3:0e:54:20:7e:30:96:
fb:b5:e7:43
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZP99vALOuSzA1KgAC2ardQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjI1MTMxNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWE5MTE2MjYyMGViOGUwODFkMGY1ZmJhNGJmYjAxNGYyYTA1OWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyg/TtwoSYnQumKhF4ujomytW7hwJ
pyO2KMs89YusuAnL9/Iqned9MHGC7TpxtxYdxAcqRGYq4G3QXyntrpe91hbBvFB8
qw66FDjJgJnyEWBPBOeqq3Msrr7AZd5SnlaJqh/6xxzxvHzeI87sbzAFpQJjF8GC
t1c6ft9knI1TfkEJ/934P45fcJ33Nqh+GBJzw8QJpnUm6eczAVXNrK3NCqQoBt0X
Y75O97iNcEVnpckTagz2JuyQlGwDLuJ8b8IFBU5QRMSfJIAd5yGOvx274O993Slt
P/8gVlpIE8U5plw1+kPiykL7ShrZzGeJ5UMN9i4tsZHMsroZRMU9vixkAwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKqpEWJiDrjggdD1+6S/sBTyoFnrMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvcXFrUlltSU91T0NCMFBYN3BMLXdGUEtnV2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCU5PoMAwD
BAJTk/wDBABTk/4DBAJbutgwDQYJKoZIhvcNAQELBQADggEBAFKQCPRBBF7IvPK1
EpWUFGARJcmvH1Y8SeVZ57dol/r2ku1wHdkaLoDkwzNyC5ACcZulyA5SFOub0Daf
UX9xcUbk0Srw9ABMybGgl2VSNwXxh8l+eAxPPoksglH327qV6GGqRVdpiqVWPQ5k
pjBTG6mn9u5WzGZbW7iJk4ZOiHywzAvPaBPTfvq6ScGKGCPAtY5kaNhJ5B74hmCp
l9PZNFbQH/BTYatxhKXp2rtMyEqeqUA55VYs607ftEiUS7A6nnZaWC12HtDgjpci
iM+NzXLJGKKyn7W1rBN96y5hdHqh6Q0/+6XSvjuDRYX6nwmJJaPutVYBsw5UIH4w
lvu150M=
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:46:21 2025 by rpki-client