Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/QwRU46HMW0vLR3yrtaYLE92DqmM.roa
File: QwRU46HMW0vLR3yrtaYLE92DqmM.roa (raw, json)
Hash identifier: K6tdeV2hAV3Yyk7OlJpTYqm4pPa3A48nKitW0wFPL/s=
Subject key identifier: 43:04:54:E3:A1:CC:5B:4B:CB:47:7C:AB:B5:A6:0B:13:DD:83:AA:63
Certificate issuer: /CN=f12465bd246f22311ce9b05eeb49f7b7914b2a0a
Certificate serial: 018CC5DC06CC07B7094F40624A83A8B0F172
Authority key identifier: F1:24:65:BD:24:6F:22:31:1C:E9:B0:5E:EB:49:F7:B7:91:4B:2A:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8SRlvSRvIjEc6bBe60n3t5FLKgo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/QwRU46HMW0vLR3yrtaYLE92DqmM.roa
Signing time: Mon 01 Jan 2024 16:29:40 +0000
ROA not before: Mon 01 Jan 2024 16:29:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204056
IP address blocks: 185.141.217.0/24 maxlen: 24
185.141.216.0/24 maxlen: 24
185.141.219.0/24 maxlen: 24
185.141.218.0/24 maxlen: 24
2a07:2700::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:06:cc:07:b7:09:4f:40:62:4a:83:a8:b0:f1:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f12465bd246f22311ce9b05eeb49f7b7914b2a0a
Validity
Not Before: Jan 1 16:29:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=430454e3a1cc5b4bcb477cabb5a60b13dd83aa63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:5c:80:29:2c:ca:1e:14:54:cf:ed:d0:6a:88:
1f:a5:ff:27:cc:14:3d:d5:8d:f1:6a:a3:a2:b3:f1:
94:6d:62:4e:a9:72:f2:35:de:71:c5:3c:e7:56:e6:
ea:3d:ad:b7:98:70:51:8d:21:0d:17:8e:02:83:d2:
92:f2:51:45:9b:a7:f6:b7:a7:0f:dc:1f:c4:30:cd:
d6:b2:b0:28:45:f0:a2:52:a1:87:9b:7e:af:82:1a:
04:10:0e:85:a0:05:ef:96:e9:a0:71:69:23:13:f6:
c7:4f:8b:b0:15:e3:a6:6c:18:90:b1:5d:a1:27:0a:
f8:2a:47:ac:a2:1f:a6:cc:bb:df:7a:11:9e:a0:19:
1b:8b:4c:b2:0c:0d:b9:0e:38:cc:5e:04:f9:a4:90:
f0:1a:2e:90:8e:5e:b6:41:ad:90:e9:f0:8e:81:04:
1d:d0:fe:10:73:e8:59:35:e1:d9:7e:a8:1d:7c:25:
0d:a5:78:a3:ea:34:f1:25:7c:60:59:70:b9:fd:9b:
7e:66:8f:90:50:e2:cb:eb:4e:49:f5:c7:6a:01:3f:
8d:0b:64:a5:63:6f:73:d9:75:f2:c9:9c:80:25:d2:
b2:d3:d1:9d:39:e8:4e:45:50:33:47:ab:cd:93:7d:
b1:db:c6:40:06:4b:b3:fd:82:eb:fc:91:55:94:17:
a8:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:04:54:E3:A1:CC:5B:4B:CB:47:7C:AB:B5:A6:0B:13:DD:83:AA:63
X509v3 Authority Key Identifier:
keyid:F1:24:65:BD:24:6F:22:31:1C:E9:B0:5E:EB:49:F7:B7:91:4B:2A:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8SRlvSRvIjEc6bBe60n3t5FLKgo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/QwRU46HMW0vLR3yrtaYLE92DqmM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/8SRlvSRvIjEc6bBe60n3t5FLKgo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.141.216.0/22
IPv6:
2a07:2700::/29
Signature Algorithm: sha256WithRSAEncryption
14:6a:b5:d0:75:ea:df:ea:a8:a5:26:0e:40:89:22:23:75:dc:
95:cf:fd:40:47:6b:ac:4a:21:4c:15:97:fa:67:a5:1c:21:76:
b8:42:02:9c:ab:74:20:31:47:d1:78:aa:c1:1e:1e:5b:09:04:
7b:94:52:f2:9d:2e:af:69:d9:b0:28:89:87:cd:fb:c0:51:ab:
4a:8a:d5:8b:2f:18:a5:b8:0e:55:60:0b:10:e3:61:ec:48:ba:
79:f4:f3:c8:7f:94:a5:41:db:77:a3:80:f1:ab:ce:5d:9a:63:
ad:cb:0a:63:65:fe:55:9f:45:63:95:08:73:46:64:3e:52:00:
53:d6:fd:be:0a:28:be:ee:cb:ee:c0:d1:d9:04:84:fa:b6:77:
41:e3:0c:79:1c:51:b6:4d:ca:1e:89:c4:af:08:bd:c5:78:aa:
83:43:14:3d:c1:33:b1:1d:1d:dd:e8:31:6d:a0:7a:9d:13:20:
d8:6a:98:24:2f:9d:03:d3:c8:10:66:9c:f6:0a:21:ba:13:fb:
d1:97:d1:06:da:b7:3d:6f:ef:da:3d:17:5c:c4:6d:a5:b1:ee:
f2:b5:84:53:d0:38:a1:ac:1e:b9:87:ba:bb:3a:de:a2:09:50:
b6:2d:18:a1:b1:b7:74:09:80:fa:9c:ba:19:84:c9:69:df:79:
95:ec:ac:f6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3AbMB7cJT0BiSoOosPFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMjQ2NWJkMjQ2ZjIyMzExY2U5YjA1ZWViNDlmN2I3OTE0
YjJhMGEwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzA0NTRlM2ExY2M1YjRiY2I0NzdjYWJiNWE2MGIxM2RkODNhYTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1yAKSzKHhRUz+3Qaogfpf8nzBQ9
1Y3xaqOis/GUbWJOqXLyNd5xxTznVubqPa23mHBRjSENF44Cg9KS8lFFm6f2t6cP
3B/EMM3WsrAoRfCiUqGHm36vghoEEA6FoAXvlumgcWkjE/bHT4uwFeOmbBiQsV2h
Jwr4Kkesoh+mzLvfehGeoBkbi0yyDA25DjjMXgT5pJDwGi6Qjl62Qa2Q6fCOgQQd
0P4Qc+hZNeHZfqgdfCUNpXij6jTxJXxgWXC5/Zt+Zo+QUOLL605J9cdqAT+NC2Sl
Y29z2XXyyZyAJdKy09GdOehORVAzR6vNk32x28ZABkuz/YLr/JFVlBeocwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEMEVOOhzFtLy0d8q7WmCxPdg6pjMB8GA1UdIwQY
MBaAFPEkZb0kbyIxHOmwXutJ97eRSyoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFNSbHZTUnZJakVjNmJCZTYwbjN0NUZMS2dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85NmZhNjgtZjJiMS00YWFmLWI1MGYt
OTFlMjdiOWNmYmE2LzEvUXdSVTQ2SE1XMHZMUjN5cnRhWUxFOTJEcW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85NmZhNjgtZjJiMS00YWFmLWI1MGYtOTFlMjdiOWNmYmE2
LzEvOFNSbHZTUnZJakVjNmJCZTYwbjN0NUZMS2dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY3YMA0E
AgACMAcDBQMqBycAMA0GCSqGSIb3DQEBCwUAA4IBAQAUarXQderf6qilJg5AiSIj
ddyVz/1AR2usSiFMFZf6Z6UcIXa4QgKcq3QgMUfReKrBHh5bCQR7lFLynS6vadmw
KImHzfvAUatKitWLLxiluA5VYAsQ42HsSLp59PPIf5SlQdt3o4Dxq85dmmOtywpj
Zf5Vn0VjlQhzRmQ+UgBT1v2+Cii+7svuwNHZBIT6tndB4wx5HFG2TcoeicSvCL3F
eKqDQxQ9wTOxHR3d6DFtoHqdEyDYapgkL50D08gQZpz2CiG6E/vRl9EG2rc9b+/a
PRdcxG2lse7ytYRT0DihrB65h7q7Ot6iCVC2LRihsbd0CYD6nLoZhMlp33mV7Kz2
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:08:47 2025 by rpki-client