Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/QXA99S1k6Asan8-BTrNul16ObrU.roa
File: QXA99S1k6Asan8-BTrNul16ObrU.roa (raw, json)
Hash identifier: UnHi0qW3/ULjmDWS+QsHP22dQs7SpyUU73eE860LPNc=
Subject key identifier: 41:70:3D:F5:2D:64:E8:0B:1A:9F:CF:81:4E:B3:6E:97:5E:8E:6E:B5
Certificate issuer: /CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
Certificate serial: 018CC56E431C17F668E436BB8BD866F2C3E4
Authority key identifier: E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/QXA99S1k6Asan8-BTrNul16ObrU.roa
Signing time: Mon 01 Jan 2024 14:29:46 +0000
ROA not before: Mon 01 Jan 2024 14:29:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203020
IP address blocks: 109.196.160.0/22 maxlen: 32
80.65.216.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:43:1c:17:f6:68:e4:36:bb:8b:d8:66:f2:c3:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
Validity
Not Before: Jan 1 14:29:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=41703df52d64e80b1a9fcf814eb36e975e8e6eb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:14:27:16:73:7d:d8:3d:52:b0:c6:8f:70:ab:
a7:8f:b3:83:2d:8d:3f:23:9d:2a:4f:75:18:cb:92:
a6:99:8a:ee:19:00:0d:fc:a8:e8:c4:e9:fd:e5:15:
a1:fa:24:bf:b8:60:04:67:f9:0c:98:52:47:6f:e2:
3c:dc:4a:00:78:bf:86:59:1f:bd:3f:5e:29:d2:06:
ab:fc:95:0e:64:fb:79:1d:3c:2b:ba:7f:38:6f:75:
9e:60:0d:df:ea:d1:bd:e2:f3:d2:81:fd:af:16:89:
25:2b:ed:ef:3d:fb:5d:b4:0a:53:a9:ab:5a:db:54:
85:23:94:3d:82:0c:af:79:6b:b8:38:a4:c9:7a:c4:
10:1d:3f:fc:38:a4:6d:38:92:1a:2c:84:05:6c:b5:
6d:e7:47:e8:f3:58:a5:d8:e0:d0:f0:13:62:eb:17:
f7:47:db:b8:57:1e:61:e6:b7:11:89:09:b0:e9:70:
0d:a6:e8:f5:93:db:c9:19:94:57:fd:ac:cf:15:57:
37:01:4d:20:9a:41:b9:81:ef:c9:c4:66:d0:c8:a8:
3a:b1:33:bb:9e:bd:92:f0:8e:c6:5b:27:07:f9:06:
60:18:47:d2:64:62:92:22:c9:a0:e0:ad:96:cc:27:
46:9a:41:a4:1a:7a:ab:bd:54:2f:f2:bc:c9:4b:77:
28:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:70:3D:F5:2D:64:E8:0B:1A:9F:CF:81:4E:B3:6E:97:5E:8E:6E:B5
X509v3 Authority Key Identifier:
keyid:E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/QXA99S1k6Asan8-BTrNul16ObrU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.65.216.0/22
109.196.160.0/22
Signature Algorithm: sha256WithRSAEncryption
42:87:f5:cb:51:b3:7f:1b:51:d5:f0:e5:fb:71:0d:f3:46:eb:
12:66:e5:93:08:0c:a6:b4:0d:c2:63:fd:3d:f1:50:8f:85:c3:
1f:71:ed:75:32:21:62:e4:38:ee:03:24:ff:1a:8d:9b:ec:4e:
95:7f:06:e0:5c:b3:b0:ed:48:d6:cb:a0:54:2a:64:3a:dd:c4:
d2:0e:0a:68:98:5f:b1:dd:92:72:64:e7:96:c4:89:08:ec:cd:
4b:a3:b3:2b:c7:bb:a6:d3:a1:62:de:bf:0e:dd:0f:a5:81:f3:
67:de:49:4a:fb:81:25:3a:90:db:07:96:86:1a:e6:11:d1:bf:
72:55:af:b8:52:cb:e8:3c:a5:f1:ba:35:53:64:4c:e5:6e:29:
85:c0:c7:79:1d:b1:b8:db:55:aa:62:cd:15:7a:36:95:73:b1:
59:1e:4d:0a:ce:6e:c3:9c:2e:96:d8:91:b6:09:e1:20:e2:d6:
af:2b:3e:5a:7a:31:09:4c:2d:b2:06:5c:57:7c:95:15:3a:5c:
3b:78:aa:3a:e0:68:28:37:c9:7d:84:57:5c:8d:01:a8:4d:9d:
ba:63:61:cd:a1:91:70:23:1f:34:5e:25:d8:f7:64:79:73:d1:
7c:ac:b3:84:40:79:b4:e9:2e:f2:8c:1d:fb:22:4f:c9:d7:b5:
7d:d8:e6:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbkMcF/Zo5Da7i9hm8sPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYjlhM2NlMGY1OTM5MTA4MTljMzI3MWUxZThkMGJkMTM3
MWE2YmUwHhcNMjQwMTAxMTQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcwM2RmNTJkNjRlODBiMWE5ZmNmODE0ZWIzNmU5NzVlOGU2ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxQnFnN92D1SsMaPcKunj7ODLY0/
I50qT3UYy5KmmYruGQAN/KjoxOn95RWh+iS/uGAEZ/kMmFJHb+I83EoAeL+GWR+9
P14p0gar/JUOZPt5HTwrun84b3WeYA3f6tG94vPSgf2vFoklK+3vPftdtApTqata
21SFI5Q9ggyveWu4OKTJesQQHT/8OKRtOJIaLIQFbLVt50fo81il2ODQ8BNi6xf3
R9u4Vx5h5rcRiQmw6XANpuj1k9vJGZRX/azPFVc3AU0gmkG5ge/JxGbQyKg6sTO7
nr2S8I7GWycH+QZgGEfSZGKSIsmg4K2WzCdGmkGkGnqrvVQv8rzJS3coIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEFwPfUtZOgLGp/PgU6zbpdejm61MB8GA1UdIwQY
MBaAFOG5o84PWTkQgZwyceHo0L0Tcaa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTIt
YmE0YzU2ZDhjMGNlLzEvUVhBOTlTMWs2QXNhbjgtQlRyTnVsMTZPYnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTItYmE0YzU2ZDhjMGNl
LzEvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUEHYAwQC
bcSgMA0GCSqGSIb3DQEBCwUAA4IBAQBCh/XLUbN/G1HV8OX7cQ3zRusSZuWTCAym
tA3CY/098VCPhcMfce11MiFi5DjuAyT/Go2b7E6VfwbgXLOw7UjWy6BUKmQ63cTS
DgpomF+x3ZJyZOeWxIkI7M1Lo7Mrx7um06Fi3r8O3Q+lgfNn3klK+4ElOpDbB5aG
GuYR0b9yVa+4UsvoPKXxujVTZEzlbimFwMd5HbG421WqYs0VejaVc7FZHk0Kzm7D
nC6W2JG2CeEg4tavKz5aejEJTC2yBlxXfJUVOlw7eKo64GgoN8l9hFdcjQGoTZ26
Y2HNoZFwIx80XiXY92R5c9F8rLOEQHm06S7yjB37Ik/J17V92OZV
-----END CERTIFICATE-----
Generated at Mon Oct 7 08:47:21 2024 by rpki-client on console-ams.rpki-client.org