Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/QrjS5gzXKUdBWV_HqXZw6xUADmE.roa
File: QrjS5gzXKUdBWV_HqXZw6xUADmE.roa (raw, json)
Hash identifier: 1D5kxUPZKnJorXJqFO1gBK8enW1jczi0i74ybfnIZ2U=
Subject key identifier: 42:B8:D2:E6:0C:D7:29:47:41:59:5F:C7:A9:76:70:EB:15:00:0E:61
Certificate issuer: /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial: 018B948B9806548EA952BC3C36DD435BAAC0
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/QrjS5gzXKUdBWV_HqXZw6xUADmE.roa
Signing time: Fri 03 Nov 2023 09:37:38 +0000
ROA not before: Fri 03 Nov 2023 09:37:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20668
IP address blocks: 193.169.142.0/23 maxlen: 23
185.206.53.0/24 maxlen: 24
185.206.52.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:94:8b:98:06:54:8e:a9:52:bc:3c:36:dd:43:5b:aa:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Validity
Not Before: Nov 3 09:37:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=42b8d2e60cd7294741595fc7a97670eb15000e61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:e2:aa:c4:af:53:97:f6:bc:7f:da:fc:19:96:
46:25:cd:4b:5a:fe:e9:25:37:27:55:0d:9c:63:a0:
84:95:2a:82:ce:9c:d8:c2:c5:54:a0:dc:78:ad:9b:
b7:8e:52:ef:7f:2e:5a:77:69:08:0c:65:7a:4e:12:
90:00:5a:2a:21:e6:50:9d:68:b5:85:10:fe:88:0e:
b5:1b:ee:08:d8:7f:b1:1c:ba:f4:f3:b2:78:46:b7:
7b:48:aa:8a:93:51:08:ce:31:16:72:e2:80:28:47:
61:a8:a6:71:60:e0:63:b7:e6:a4:47:09:ba:b0:75:
8d:23:c2:86:76:cf:0d:d0:63:d6:20:11:99:89:ca:
06:f0:f8:a0:f1:a0:6a:37:69:25:6d:84:81:72:96:
85:ff:af:76:47:8f:44:b0:70:73:d3:99:b5:9f:cd:
17:26:0b:52:33:b0:46:3c:d4:30:85:af:ad:70:23:
f7:6a:59:78:6f:41:b8:8a:33:85:4a:06:5b:c2:89:
77:5d:69:74:01:31:5a:f2:52:2b:cb:cd:53:e9:13:
4e:26:e0:db:66:89:22:bf:a6:10:50:a4:c9:bc:ce:
0f:56:49:be:93:09:97:e4:4f:6c:5a:b6:0f:48:f7:
8a:28:49:c8:f6:8d:52:60:2c:98:85:07:92:2b:db:
f9:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:B8:D2:E6:0C:D7:29:47:41:59:5F:C7:A9:76:70:EB:15:00:0E:61
X509v3 Authority Key Identifier:
keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/QrjS5gzXKUdBWV_HqXZw6xUADmE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.206.52.0/23
193.169.142.0/23
Signature Algorithm: sha256WithRSAEncryption
61:1a:41:3c:69:14:64:50:b1:e1:e1:2f:dd:ab:8d:00:d5:88:
e7:08:12:3e:69:22:d7:f9:6f:c7:3b:c2:8d:51:0b:ef:a9:40:
a1:3d:2a:12:ab:51:04:b9:42:4f:53:6f:71:2f:95:73:77:5a:
f6:ff:37:09:44:10:29:a3:36:f0:a8:dc:57:ec:e3:55:da:1c:
80:8d:ca:1d:bc:09:3f:05:1c:d3:ed:5a:f3:90:04:e2:a6:dc:
d5:a3:89:66:22:67:7d:d4:35:88:5d:4a:ff:8d:b8:e4:b1:1a:
c7:2b:d9:02:38:d6:07:19:94:d5:8b:2d:5a:a6:df:7e:c3:db:
fb:f4:19:2b:68:84:c5:f1:40:11:0c:bc:37:62:80:c5:4f:be:
cc:74:27:3e:0b:ca:0a:02:4a:4e:38:25:c3:25:8f:ea:68:d3:
b2:bd:60:d8:b9:cb:62:3b:e2:c9:64:cd:9d:8c:01:c7:f3:f8:
5e:c4:9e:aa:d7:c8:f2:91:ac:95:76:93:60:7d:81:3e:9e:53:
05:83:4d:41:f9:9b:52:99:77:9d:df:4b:4a:84:0f:bc:51:c9:
cd:a6:e9:98:c2:0e:00:bd:8e:5d:29:ae:7b:3e:88:50:58:12:
68:0a:c3:15:21:54:22:39:f6:c9:8d:11:85:fd:6e:78:58:fa:
65:b7:cd:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYuUi5gGVI6pUrw8Nt1DW6rAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjMxMTAzMDkzNzM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmI4ZDJlNjBjZDcyOTQ3NDE1OTVmYzdhOTc2NzBlYjE1MDAwZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+KqxK9Tl/a8f9r8GZZGJc1LWv7p
JTcnVQ2cY6CElSqCzpzYwsVUoNx4rZu3jlLvfy5ad2kIDGV6ThKQAFoqIeZQnWi1
hRD+iA61G+4I2H+xHLr087J4Rrd7SKqKk1EIzjEWcuKAKEdhqKZxYOBjt+akRwm6
sHWNI8KGds8N0GPWIBGZicoG8Pig8aBqN2klbYSBcpaF/692R49EsHBz05m1n80X
JgtSM7BGPNQwha+tcCP3all4b0G4ijOFSgZbwol3XWl0ATFa8lIry81T6RNOJuDb
Zokiv6YQUKTJvM4PVkm+kwmX5E9sWrYPSPeKKEnI9o1SYCyYhQeSK9v53QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEK40uYM1ylHQVlfx6l2cOsVAA5hMB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvUXJqUzVnelhLVWRCV1ZfSHFYWnc2eFVBRG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuc40AwQB
wamOMA0GCSqGSIb3DQEBCwUAA4IBAQBhGkE8aRRkULHh4S/dq40A1YjnCBI+aSLX
+W/HO8KNUQvvqUChPSoSq1EEuUJPU29xL5Vzd1r2/zcJRBApozbwqNxX7ONV2hyA
jcodvAk/BRzT7VrzkATiptzVo4lmImd91DWIXUr/jbjksRrHK9kCONYHGZTViy1a
pt9+w9v79BkraITF8UARDLw3YoDFT77MdCc+C8oKAkpOOCXDJY/qaNOyvWDYucti
O+LJZM2djAHH8/hexJ6q18jykayVdpNgfYE+nlMFg01B+ZtSmXed30tKhA+8UcnN
pumYwg4AvY5dKa57PohQWBJoCsMVIVQiOfbJjRGF/W54WPplt82j
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:46 2024 by rpki-client on console-fra.rpki-client.org