Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/qna--lSQCbZUYl-ravMz5qq5NgQ.roa
File: qna--lSQCbZUYl-ravMz5qq5NgQ.roa (raw, json)
Hash identifier: UDIq8iAaTj3LEHhY9+GUC25B5bvDoqoMslNPi21JEos=
Subject key identifier: AA:76:BE:FA:54:90:09:B6:54:62:5F:AB:6A:F3:33:E6:AA:B9:36:04
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 018EBDA797F715CF761EFDD9317A8EFA4C64
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/qna--lSQCbZUYl-ravMz5qq5NgQ.roa
Signing time: Mon 08 Apr 2024 12:21:01 +0000
ROA not before: Mon 08 Apr 2024 12:21:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 62.233.45.0/24 maxlen: 24
146.19.108.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:bd:a7:97:f7:15:cf:76:1e:fd:d9:31:7a:8e:fa:4c:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Apr 8 12:21:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aa76befa549009b654625fab6af333e6aab93604
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:82:48:7e:43:de:db:dc:ec:d8:bc:5c:bf:2f:
aa:1e:72:36:e8:89:59:48:2b:6a:aa:23:7d:cb:cc:
2e:bb:1d:5c:73:b3:91:3e:99:af:fa:75:ca:2f:19:
9b:f6:62:32:e3:a9:ff:7a:9d:89:8c:72:0a:ff:a6:
a0:ca:15:fe:fa:55:74:94:29:99:e9:09:d3:ff:f7:
a4:38:48:ff:17:7c:7b:a4:93:1a:21:cf:42:45:5a:
98:2b:da:ff:b8:f6:7e:45:e8:db:0e:53:37:bb:68:
f5:94:29:cf:67:3f:5b:73:4e:28:37:de:d3:56:41:
db:7c:e9:13:63:49:69:83:4b:d6:51:b7:49:3a:e2:
21:67:c7:00:fe:a4:2a:ee:78:39:7f:2f:a2:98:db:
48:56:8b:60:27:b3:50:4d:c2:66:c3:79:8f:25:25:
3b:68:5c:5c:88:44:6c:9b:26:22:62:ff:33:ae:05:
af:db:8d:c8:6f:ba:5b:d3:52:a4:1c:82:68:a8:45:
87:70:c5:ff:df:89:d4:a7:7f:a7:c4:d6:14:a3:df:
6d:95:f6:a1:fe:cc:59:80:57:75:47:6f:5d:5d:a6:
7b:da:41:8b:de:99:91:a0:f6:21:00:44:4f:0c:7b:
36:43:30:30:fd:f0:38:a6:04:09:96:cb:7a:27:a7:
f9:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:76:BE:FA:54:90:09:B6:54:62:5F:AB:6A:F3:33:E6:AA:B9:36:04
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/qna--lSQCbZUYl-ravMz5qq5NgQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.233.45.0/24
146.19.108.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:55:5b:c5:b7:e3:0b:df:d7:87:8f:ec:69:c0:1f:f8:8b:81:
f5:4b:f4:a9:e4:db:70:ad:79:f3:9b:e8:d7:66:db:f2:81:f1:
5b:3e:65:e2:a4:30:ca:9f:81:60:7f:1b:ff:fd:34:17:9d:f7:
99:cb:db:7c:3e:83:1f:9c:53:e6:46:9f:f8:a2:13:59:ac:ce:
c0:32:8b:01:66:93:0f:5f:7b:87:0c:4f:3e:1c:b1:a5:29:12:
3f:1b:8e:af:ad:31:0d:b9:af:1f:94:b9:73:70:92:46:7a:c4:
e1:99:3f:03:33:de:79:cc:20:2f:c5:66:30:c6:e1:61:58:52:
4f:30:35:46:34:53:01:7b:bd:4f:e9:05:ac:98:ee:44:c7:3c:
54:c4:97:cf:56:c9:73:ca:72:cb:25:13:9c:af:32:87:3f:41:
05:28:8c:99:eb:14:68:c0:50:6c:e7:f1:47:25:a6:2f:86:a5:
ee:27:c7:79:04:f7:fb:65:b7:ae:5f:3a:20:b1:0a:05:c3:a6:
dc:bb:47:40:57:34:ea:70:14:1d:e1:30:1a:5a:04:42:27:e6:
41:97:a0:83:7d:1a:c4:39:c6:d3:3f:f4:1f:64:bc:e4:96:f3:
d1:38:81:9d:7b:26:ab:0f:80:b1:ed:dc:03:41:64:f3:21:6d:
6c:d5:e7:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY69p5f3Fc92Hv3ZMXqO+kxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwNDA4MTIyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc2YmVmYTU0OTAwOWI2NTQ2MjVmYWI2YWYzMzNlNmFhYjkzNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IJIfkPe29zs2Lxcvy+qHnI26IlZ
SCtqqiN9y8wuux1cc7ORPpmv+nXKLxmb9mIy46n/ep2JjHIK/6agyhX++lV0lCmZ
6QnT//ekOEj/F3x7pJMaIc9CRVqYK9r/uPZ+RejbDlM3u2j1lCnPZz9bc04oN97T
VkHbfOkTY0lpg0vWUbdJOuIhZ8cA/qQq7ng5fy+imNtIVotgJ7NQTcJmw3mPJSU7
aFxciERsmyYiYv8zrgWv243Ib7pb01KkHIJoqEWHcMX/34nUp3+nxNYUo99tlfah
/sxZgFd1R29dXaZ72kGL3pmRoPYhAERPDHs2QzAw/fA4pgQJlst6J6f5XwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKp2vvpUkAm2VGJfq2rzM+aquTYEMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvcW5hLS1sU1FDYlpVWWwtcmF2TXo1cXE1TmdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPuktAwQA
khNsMA0GCSqGSIb3DQEBCwUAA4IBAQB+VVvFt+ML39eHj+xpwB/4i4H1S/Sp5Ntw
rXnzm+jXZtvygfFbPmXipDDKn4Fgfxv//TQXnfeZy9t8PoMfnFPmRp/4ohNZrM7A
MosBZpMPX3uHDE8+HLGlKRI/G46vrTENua8flLlzcJJGesThmT8DM955zCAvxWYw
xuFhWFJPMDVGNFMBe71P6QWsmO5ExzxUxJfPVslzynLLJROcrzKHP0EFKIyZ6xRo
wFBs5/FHJaYvhqXuJ8d5BPf7ZbeuXzogsQoFw6bcu0dAVzTqcBQd4TAaWgRCJ+ZB
l6CDfRrEOcbTP/QfZLzklvPROIGdeyarD4Cx7dwDQWTzIW1s1efz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:31 2024 by rpki-client on console-fra.rpki-client.org