Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/QGIMc4GQVPG4CKCYMVBKXBoNWLw.roa
File: QGIMc4GQVPG4CKCYMVBKXBoNWLw.roa (raw, json)
Hash identifier: FcbMHW5X6TfOER27gXw6+x+sKoEcrt+J6+4rBswIDF4=
Subject key identifier: 40:62:0C:73:81:90:54:F1:B8:08:A0:98:31:50:4A:5C:1A:0D:58:BC
Certificate issuer: /CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Certificate serial: 01946E5EAF17C279509B4ABE4F41DA291787
Authority key identifier: 01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/QGIMc4GQVPG4CKCYMVBKXBoNWLw.roa
Signing time: Thu 16 Jan 2025 09:08:06 +0000
ROA not before: Thu 16 Jan 2025 09:08:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29226
IP address blocks: 83.217.24.0/24 maxlen: 24
83.217.25.0/24 maxlen: 24
83.217.26.0/24 maxlen: 24
185.30.16.0/24 maxlen: 24
185.30.17.0/24 maxlen: 24
185.30.18.0/24 maxlen: 24
185.30.19.0/24 maxlen: 24
212.8.236.0/24 maxlen: 24
212.8.238.0/24 maxlen: 24
212.8.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6e:5e:af:17:c2:79:50:9b:4a:be:4f:41:da:29:17:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Validity
Not Before: Jan 16 09:08:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40620c73819054f1b808a09831504a5c1a0d58bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:7e:06:29:6b:e7:10:0f:0b:f3:23:cf:12:00:
87:3c:1c:2c:98:d5:c7:79:42:c5:1b:ac:54:b5:7f:
46:f1:6d:31:0d:91:b4:20:93:c5:18:f0:a7:7d:52:
6b:ae:5b:6f:33:69:d2:89:03:43:f0:06:f9:2f:d8:
f3:4b:d0:7d:77:d1:a1:c7:d2:22:5e:fc:cb:1d:6a:
74:b8:6c:1e:47:24:4a:c5:ff:f6:64:b5:97:8d:85:
d3:db:0f:fc:79:52:a3:0f:bd:25:05:a0:ad:04:77:
57:7a:c7:89:6d:3a:0e:92:ab:28:cc:c2:2a:af:4f:
02:1c:30:b6:df:62:6d:18:df:f7:93:4a:20:b8:18:
de:c3:33:12:ab:64:f0:ac:35:d6:53:66:2d:86:70:
76:78:f9:c1:fb:2f:89:35:20:e0:c7:b8:56:5b:61:
ba:4c:6a:b2:0e:6a:d9:49:ec:d4:88:a7:d6:7c:35:
a8:36:36:51:b3:c9:34:ab:b2:d1:11:76:41:fe:f6:
e0:36:a4:26:ca:af:66:10:97:2f:6e:5b:64:85:d8:
64:39:f0:89:0b:27:69:d8:5e:67:98:59:76:eb:0c:
99:f1:7f:a3:48:5b:03:39:51:76:95:d1:75:13:30:
34:fd:84:6b:a6:1d:1f:f5:97:de:a5:85:14:e5:5f:
23:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:62:0C:73:81:90:54:F1:B8:08:A0:98:31:50:4A:5C:1A:0D:58:BC
X509v3 Authority Key Identifier:
keyid:01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/QGIMc4GQVPG4CKCYMVBKXBoNWLw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/AW5eMfqHFqqlThj83P7T_JTbkLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.217.24.0-83.217.26.255
185.30.16.0/22
212.8.236.0/24
212.8.238.0/23
Signature Algorithm: sha256WithRSAEncryption
96:bf:30:25:80:d2:80:d7:26:eb:53:bd:e9:b8:4e:00:cc:1f:
64:96:25:72:68:dd:05:52:5d:38:f4:45:59:da:2d:b0:74:a8:
a3:04:1c:f1:69:3b:27:4e:18:f4:1d:d3:84:62:08:15:b3:75:
8e:de:e3:bb:58:5f:d3:a9:cd:d5:59:9a:ba:55:68:45:48:3e:
b3:f3:64:db:07:4f:5d:6d:4e:40:d0:9d:cc:37:2f:d0:65:a7:
45:a2:49:dd:02:23:c8:a8:55:84:34:86:82:f7:52:e3:fd:45:
5b:5b:77:6d:69:48:e2:d4:ff:23:a6:c3:c6:3d:76:d8:2f:88:
28:04:ce:ae:4e:13:25:5c:20:9e:79:ff:40:a5:00:b2:23:4f:
78:64:f3:5b:e4:09:d8:32:65:7f:c9:ff:e6:ec:11:7e:13:d1:
46:a4:5d:8c:3c:09:4e:63:f5:08:c3:f3:e5:a8:23:f5:2a:1d:
49:21:c9:cb:5e:e7:5b:37:f1:7b:82:d6:b1:54:91:b0:56:17:
47:92:2d:dc:e0:89:25:34:ed:f9:f4:a0:41:13:7c:5d:28:6c:
78:d7:53:26:09:18:3c:0e:e4:c4:10:a8:a9:ca:c6:56:df:d7:
be:4f:09:97:88:ae:f0:6e:9f:53:d8:23:0b:d1:2a:7b:6b:c7:
fd:44:d6:93
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZRuXq8XwnlQm0q+T0HaKReHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNmU1ZTMxZmE4NzE2YWFhNTRlMThmY2RjZmVkM2ZjOTRk
YjkwYjUwHhcNMjUwMTE2MDkwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDYyMGM3MzgxOTA1NGYxYjgwOGEwOTgzMTUwNGE1YzFhMGQ1OGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH4GKWvnEA8L8yPPEgCHPBwsmNXH
eULFG6xUtX9G8W0xDZG0IJPFGPCnfVJrrltvM2nSiQND8Ab5L9jzS9B9d9Ghx9Ii
XvzLHWp0uGweRyRKxf/2ZLWXjYXT2w/8eVKjD70lBaCtBHdXeseJbToOkqsozMIq
r08CHDC232JtGN/3k0oguBjewzMSq2TwrDXWU2YthnB2ePnB+y+JNSDgx7hWW2G6
TGqyDmrZSezUiKfWfDWoNjZRs8k0q7LREXZB/vbgNqQmyq9mEJcvbltkhdhkOfCJ
Cydp2F5nmFl26wyZ8X+jSFsDOVF2ldF1EzA0/YRrph0f9ZfepYUU5V8jPQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFEBiDHOBkFTxuAigmDFQSlwaDVi8MB8GA1UdIwQY
MBaAFAFuXjH6hxaqpU4Y/Nz+0/yU25C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYt
Yzk2YzJjZTg1OWU1LzEvUUdJTWM0R1FWUEc0Q0tDWU1WQktYQm9OV0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYtYzk2YzJjZTg1OWU1
LzEvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBANT2RgD
BABT2RoDBAK5HhADBADUCOwDBAHUCO4wDQYJKoZIhvcNAQELBQADggEBAJa/MCWA
0oDXJutTvem4TgDMH2SWJXJo3QVSXTj0RVnaLbB0qKMEHPFpOydOGPQd04RiCBWz
dY7e47tYX9OpzdVZmrpVaEVIPrPzZNsHT11tTkDQncw3L9Blp0WiSd0CI8ioVYQ0
hoL3UuP9RVtbd21pSOLU/yOmw8Y9dtgviCgEzq5OEyVcIJ55/0ClALIjT3hk81vk
CdgyZX/J/+bsEX4T0UakXYw8CU5j9QjD8+WoI/UqHUkhycte51s38XuC1rFUkbBW
F0eSLdzgiSU07fn0oEETfF0obHjXUyYJGDwO5MQQqKnKxlbf175PCZeIrvBun1PY
IwvRKntrx/1E1pM=
-----END CERTIFICATE-----
Generated at Thu Apr 17 13:24:32 2025 by rpki-client