Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Q8I2F87wknNTkFCuWsfGwXItAgA.roa
File: Q8I2F87wknNTkFCuWsfGwXItAgA.roa (raw, json)
Hash identifier: fea2LbkNlS499tcpMHojbQuILSkJZNWRFzO1jM1/6Ic=
Subject key identifier: 43:C2:36:17:CE:F0:92:73:53:90:50:AE:5A:C7:C6:C1:72:2D:02:00
Certificate issuer: /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial: 09546153
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Q8I2F87wknNTkFCuWsfGwXItAgA.roa
Signing time: Sat 01 Jan 2022 07:57:36 +0000
ROA not before: Sat 01 Jan 2022 07:57:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12871
IP address blocks: 195.64.64.0/20 maxlen: 20
84.39.0.0/19 maxlen: 19
213.197.24.0/24 maxlen: 24
213.197.30.0/24 maxlen: 24
213.197.31.0/24 maxlen: 24
94.229.48.0/20 maxlen: 20
213.148.224.0/19 maxlen: 19
213.148.249.128/26 maxlen: 26
213.148.249.0/27 maxlen: 27
213.197.0.0/18 maxlen: 18
128.127.32.0/20 maxlen: 20
37.188.64.0/20 maxlen: 20
46.227.232.0/21 maxlen: 21
109.72.32.0/20 maxlen: 20
141.105.0.0/20 maxlen: 20
2001:838::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 156524883 (0x9546153)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Validity
Not Before: Jan 1 07:57:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=43c23617cef09273539050ae5ac7c6c1722d0200
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:8f:fd:b1:42:d7:8a:6e:11:11:7e:81:73:b4:
a2:26:0b:e4:b6:09:2e:ac:3a:3d:0a:2b:ce:15:fb:
39:2f:8e:86:31:00:58:fe:e5:3b:d4:2b:39:3a:aa:
78:69:b6:af:c4:8e:20:23:08:40:35:d9:85:28:15:
e8:3f:47:c0:50:e3:62:6b:e3:1f:c4:d9:36:01:e5:
9e:58:82:37:1f:c0:1b:2d:a0:de:58:da:08:f1:34:
2b:04:23:3c:c1:24:ea:39:05:be:1d:62:6c:3a:6b:
94:d2:24:69:f0:e7:db:fe:75:ea:18:42:e6:58:4b:
27:84:b6:64:6e:c2:08:50:be:13:c6:d9:b9:36:89:
19:89:54:90:37:4f:c1:98:14:58:99:2e:bc:37:6d:
6b:c8:79:05:0e:23:fd:03:9b:78:dd:f9:2f:ce:8c:
1c:af:e8:c1:1d:24:64:63:d9:df:a2:ad:3c:dd:23:
ff:23:98:57:e5:b8:90:ff:88:40:97:0c:c3:97:28:
9d:ad:13:bb:d5:38:58:69:0c:39:aa:89:98:18:45:
a0:3a:48:38:f3:63:a0:fa:16:bc:a4:9a:c4:f2:9d:
23:13:f4:2e:c3:f1:de:8a:78:59:9e:00:df:ba:d3:
6a:16:3f:cd:ea:40:93:77:da:58:7b:54:13:08:c5:
a4:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:C2:36:17:CE:F0:92:73:53:90:50:AE:5A:C7:C6:C1:72:2D:02:00
X509v3 Authority Key Identifier:
keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Q8I2F87wknNTkFCuWsfGwXItAgA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.188.64.0/20
46.227.232.0/21
84.39.0.0/19
94.229.48.0/20
109.72.32.0/20
128.127.32.0/20
141.105.0.0/20
195.64.64.0/20
213.148.224.0/19
213.197.0.0/18
IPv6:
2001:838::/29
Signature Algorithm: sha256WithRSAEncryption
7b:d3:be:cc:01:43:33:6d:53:29:e4:8b:6e:2b:04:9b:c4:93:
39:ed:e2:3d:b9:32:76:c0:23:1f:5b:db:95:08:67:84:40:5c:
a7:06:74:4c:44:20:6f:f9:6c:d8:03:42:42:8a:7f:1d:07:07:
28:58:66:68:1c:a8:f8:ad:bd:98:21:3f:58:92:6b:c0:11:28:
a3:88:5c:b0:dd:2e:54:97:43:f0:95:3f:f2:8f:c2:69:7e:17:
58:5e:ca:47:2d:aa:88:1b:07:82:9b:68:93:40:c7:2b:e2:71:
69:f1:9a:b0:70:1b:1c:e7:79:04:0c:a8:ed:d9:86:98:f8:3c:
5b:bc:d7:1f:d4:12:46:11:e8:97:c1:c0:c6:e8:ca:7b:37:2a:
54:04:ae:68:4f:0b:f7:54:f5:ec:a6:1f:1d:4f:33:8b:03:9d:
07:fb:70:a3:66:82:1f:74:9c:94:03:19:03:7f:bb:bb:dc:b3:
36:fe:e7:5c:1c:4c:3b:24:40:4f:e4:71:01:f3:a7:4b:b6:68:
d2:12:d1:57:85:ce:42:60:3d:78:1b:e6:65:bf:b8:6e:e0:47:
a1:18:3f:07:ab:7f:2c:75:b5:c0:2b:29:a7:dd:34:c2:aa:7b:
4a:8c:72:10:02:d0:a0:d6:88:9b:2b:d4:ef:62:ea:f9:aa:59:
f6:45:e7:4b
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIECVRhUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MWVlZDQwOTEzODNkOWVkNDA1NmQ5ZjRlZmY3ZDI2MjJkZGNlMjA1MB4XDTIyMDEw
MTA3NTczNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDNjMjM2MTdjZWYw
OTI3MzUzOTA1MGFlNWFjN2M2YzE3MjJkMDIwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJOP/bFC14puERF+gXO0oiYL5LYJLqw6PQorzhX7OS+OhjEA
WP7lO9QrOTqqeGm2r8SOICMIQDXZhSgV6D9HwFDjYmvjH8TZNgHlnliCNx/AGy2g
3ljaCPE0KwQjPMEk6jkFvh1ibDprlNIkafDn2/516hhC5lhLJ4S2ZG7CCFC+E8bZ
uTaJGYlUkDdPwZgUWJkuvDdta8h5BQ4j/QObeN35L86MHK/owR0kZGPZ36KtPN0j
/yOYV+W4kP+IQJcMw5cona0Tu9U4WGkMOaqJmBhFoDpIOPNjoPoWvKSaxPKdIxP0
LsPx3op4WZ4A37rTahY/zepAk3faWHtUEwjFpG8CAwEAAaOCAk4wggJKMB0GA1Ud
DgQWBBRDwjYXzvCSc1OQUK5ax8bBci0CADAfBgNVHSMEGDAWgBSB7tQJE4PZ7UBW
2fTv99JiLdziBTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dlN1VDUk9EMmUxQVZ0bjA3X2ZTWWkzYzRnVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvNGE5Y2M0LTJiOWEtNGVmMi1hMzNhLTg3MmIzNzEwYzJhMS8x
L1E4STJGODd3a25OVGtGQ3VXc2ZHd1hJdEFnQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
NGE5Y2M0LTJiOWEtNGVmMi1hMzNhLTg3MmIzNzEwYzJhMS8xL2dlN1VDUk9EMmUx
QVZ0bjA3X2ZTWWkzYzRnVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBk
BggrBgEFBQcBBwEB/wRVMFMwQgQCAAEwPAMEBCW8QAMEAy7j6AMEBVQnAAMEBF7l
MAMEBG1IIAMEBIB/IAMEBI1pAAMEBMNAQAMEBdWU4AMEBtXFADANBAIAAjAHAwUD
IAEIODANBgkqhkiG9w0BAQsFAAOCAQEAe9O+zAFDM21TKeSLbisEm8STOe3iPbky
dsAjH1vblQhnhEBcpwZ0TEQgb/ls2ANCQop/HQcHKFhmaByo+K29mCE/WJJrwBEo
o4hcsN0uVJdD8JU/8o/CaX4XWF7KRy2qiBsHgptok0DHK+JxafGasHAbHOd5BAyo
7dmGmPg8W7zXH9QSRhHol8HAxujKezcqVASuaE8L91T17KYfHU8ziwOdB/two2aC
H3SclAMZA3+7u9yzNv7nXBxMOyRAT+RxAfOnS7Zo0hLRV4XOQmA9eBvmZb+4buBH
oRg/B6t/LHW1wCspp900wqp7SoxyEALQoNaImyvU72Lq+apZ9kXnSw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:17 2024 by rpki-client on console-ams.rpki-client.org