Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/qAfXU6rdibD271ctw1MCOQV5ARQ.roa
File: qAfXU6rdibD271ctw1MCOQV5ARQ.roa (raw, json)
Hash identifier: j871Wp5hFVEsmZqZ9YLnZqr8Lub2flo5b1FlLzkSE7E=
Subject key identifier: A8:07:D7:53:AA:DD:89:B0:F6:EF:57:2D:C3:53:02:39:05:79:01:14
Certificate issuer: /CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Certificate serial: 018D2D6E2D2ABF6EF60157E75F51A64E6752
Authority key identifier: F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/qAfXU6rdibD271ctw1MCOQV5ARQ.roa
Signing time: Sun 21 Jan 2024 19:10:11 +0000
ROA not before: Sun 21 Jan 2024 19:10:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212667
IP address blocks: 94.158.188.0/24 maxlen: 24
194.32.240.0/24 maxlen: 24
195.69.148.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:6e:2d:2a:bf:6e:f6:01:57:e7:5f:51:a6:4e:67:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Validity
Not Before: Jan 21 19:10:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a807d753aadd89b0f6ef572dc353023905790114
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:de:7c:68:7e:4e:7d:d7:9f:4e:0b:c4:a5:3d:
a8:60:98:69:d3:5c:ba:9f:41:fe:2f:24:e9:38:55:
74:2c:91:43:a5:b0:11:43:9e:d3:3f:66:be:10:36:
91:2d:89:f4:d6:63:ec:4f:0b:e8:f9:be:35:7a:8a:
3d:69:88:12:50:56:33:2a:49:9c:8a:cb:76:26:bd:
24:2c:62:6f:ca:70:6d:f7:9b:d3:2a:68:4b:33:cf:
c5:1b:cd:82:cf:3c:47:ee:df:a5:12:ab:7e:d3:c1:
39:2b:88:5b:67:3f:dc:7f:dd:e2:22:6c:f4:de:55:
2e:d4:1e:44:e3:f2:97:cc:a5:07:9f:fe:b5:dd:33:
cb:71:ed:8a:44:c9:af:89:80:67:bb:ee:01:dc:e2:
9e:9b:43:a0:92:4d:ef:b7:92:2e:0e:9a:f4:48:60:
04:8a:32:53:6d:0d:01:71:73:a6:32:30:9b:60:8b:
a4:b1:1f:3c:b5:0f:83:94:2d:81:5f:5d:ce:3a:20:
c0:0a:a3:4f:0c:2b:3a:5b:ed:7d:74:4e:e3:34:ce:
90:6b:3e:b0:bc:ed:11:29:a1:84:df:bb:94:de:24:
2c:aa:d0:e5:57:dd:c1:d2:b3:62:d7:dc:c2:cc:9b:
ec:03:8b:58:21:87:49:48:1c:61:ce:cb:bc:a4:7a:
54:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:07:D7:53:AA:DD:89:B0:F6:EF:57:2D:C3:53:02:39:05:79:01:14
X509v3 Authority Key Identifier:
keyid:F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/qAfXU6rdibD271ctw1MCOQV5ARQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1-XpUa2biRJzmKEMt2ArW1NAM0D4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.158.188.0/24
194.32.240.0/24
195.69.148.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:c0:05:19:62:08:4b:17:48:a3:d2:7b:6b:e5:1e:cd:f4:0b:
7a:80:04:0b:9f:68:58:94:97:6e:7b:44:8b:f4:4d:45:f2:40:
c0:c0:85:d6:a0:f8:56:a3:f6:ae:47:90:37:6a:31:a3:b3:12:
12:cd:ab:45:6c:33:3d:1b:81:d7:a6:12:cb:3c:93:62:c4:37:
20:03:02:67:06:1f:10:36:08:ca:85:4d:a8:51:8b:80:26:88:
02:27:59:da:e8:69:9d:b3:93:11:65:b6:c0:12:0d:5a:38:47:
99:37:81:12:f1:d3:cf:5b:99:79:53:c8:56:c7:96:ee:20:82:
1b:3f:e7:ea:13:08:a3:f7:43:8a:f4:0e:a0:8d:8f:a2:77:2a:
c7:b7:30:7d:f5:13:31:74:1a:ce:60:10:f6:fb:82:37:44:7e:
dd:8c:a3:7a:fe:cf:82:b1:23:cc:62:ec:e7:b6:0f:62:7a:45:
a2:6f:77:5b:15:03:95:28:97:96:87:a9:86:68:51:c7:58:bc:
07:f5:93:cd:64:00:f6:f7:cc:70:1a:51:3a:ad:09:99:9f:5e:
ae:d8:6b:36:9d:9c:12:66:8d:11:7d:ff:c3:d3:65:27:d4:3f:
2d:e9:9c:93:f9:6a:fa:d0:fc:f7:11:86:16:ad:a1:8d:cf:34:
a1:01:71:63
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY0tbi0qv272AVfnX1GmTmdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5N2E1NDZiNjZlMjQ0OWNlNjI4NDMyZGQ4MGFkNmQ0ZDAw
Y2QwM2UwHhcNMjQwMTIxMTkxMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODA3ZDc1M2FhZGQ4OWIwZjZlZjU3MmRjMzUzMDIzOTA1NzkwMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmd58aH5OfdefTgvEpT2oYJhp01y6
n0H+LyTpOFV0LJFDpbARQ57TP2a+EDaRLYn01mPsTwvo+b41eoo9aYgSUFYzKkmc
ist2Jr0kLGJvynBt95vTKmhLM8/FG82CzzxH7t+lEqt+08E5K4hbZz/cf93iImz0
3lUu1B5E4/KXzKUHn/613TPLce2KRMmviYBnu+4B3OKem0Ogkk3vt5IuDpr0SGAE
ijJTbQ0BcXOmMjCbYIuksR88tQ+DlC2BX13OOiDACqNPDCs6W+19dE7jNM6Qaz6w
vO0RKaGE37uU3iQsqtDlV93B0rNi19zCzJvsA4tYIYdJSBxhzsu8pHpUFwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKgH11Oq3Ymw9u9XLcNTAjkFeQEUMB8GA1UdIwQY
MBaAFPl6VGtm4kSc5ihDLdgK1tTQDNA+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YcFVhMmJpUkp6bUtFTXQyQXJXMU5BTTBENC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdl
LTBiMWI2NjQxYjhhMi8xL3FBZlhVNnJkaWJEMjcxY3R3MU1DT1FWNUFSUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdlLTBiMWI2NjQxYjhh
Mi8xLzEtWHBVYTJiaVJKem1LRU10MkFyVzFOQU0wRDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABenrwD
BADCIPADBADDRZQwDQYJKoZIhvcNAQELBQADggEBAKDABRliCEsXSKPSe2vlHs30
C3qABAufaFiUl257RIv0TUXyQMDAhdag+Faj9q5HkDdqMaOzEhLNq0VsMz0bgdem
Ess8k2LENyADAmcGHxA2CMqFTahRi4AmiAInWdroaZ2zkxFltsASDVo4R5k3gRLx
089bmXlTyFbHlu4gghs/5+oTCKP3Q4r0DqCNj6J3Kse3MH31EzF0Gs5gEPb7gjdE
ft2Mo3r+z4KxI8xi7Oe2D2J6RaJvd1sVA5Uol5aHqYZoUcdYvAf1k81kAPb3zHAa
UTqtCZmfXq7YazadnBJmjRF9/8PTZSfUPy3pnJP5avrQ/PcRhhatoY3PNKEBcWM=
-----END CERTIFICATE-----
Generated at Mon Feb 5 20:17:03 2024 by rpki-client on console-fra.rpki-client.org