Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/QHKmlXSD5vmhWQOzV7tobYB6ESM.roa
File: QHKmlXSD5vmhWQOzV7tobYB6ESM.roa (raw, json)
Hash identifier: ZgsUjJ2t052KgCMxbEW+U/UayF+2wnl5fnP/xqL88LA=
Subject key identifier: 40:72:A6:95:74:83:E6:F9:A1:59:03:B3:57:BB:68:6D:80:7A:11:23
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0188073F0147BECCD3FC164C1708E865A581
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/QHKmlXSD5vmhWQOzV7tobYB6ESM.roa
Signing time: Wed 10 May 2023 19:59:09 +0000
ROA not before: Wed 10 May 2023 19:59:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 54339
IP address blocks: 89.37.188.0/22 maxlen: 24
89.37.228.0/22 maxlen: 24
89.37.236.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:07:3f:01:47:be:cc:d3:fc:16:4c:17:08:e8:65:a5:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: May 10 19:59:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4072a6957483e6f9a15903b357bb686d807a1123
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d6:98:34:a0:37:46:97:f0:ac:f2:78:c0:bc:
a8:db:49:94:fa:3d:b4:d9:84:c1:51:1e:ba:72:0a:
d0:e6:87:6c:d9:fa:bf:14:89:6e:2a:60:91:76:a9:
29:55:99:b8:29:9a:2a:0a:8b:80:dc:ff:8b:c3:a3:
f3:53:a1:55:48:00:cc:55:ee:70:13:19:04:b5:1c:
c3:82:33:b4:5e:9c:e6:63:a8:22:bf:29:02:04:7a:
ae:59:0d:43:b0:5a:74:d3:c7:56:b9:66:0b:5f:04:
e3:51:c4:45:21:1a:31:0d:b6:a1:f6:d8:8d:f9:7c:
2c:a3:72:1e:88:dd:91:42:03:70:e8:c9:a7:ed:9f:
b0:23:b4:40:43:92:62:f6:fd:3f:48:9b:47:ad:64:
a6:99:13:74:2a:42:a1:f9:e5:42:ff:4b:a6:bc:82:
76:48:79:bf:f1:e1:ab:af:65:8a:8a:21:3c:d3:0c:
c2:ba:1f:b7:38:3d:57:67:e9:10:e1:30:8c:ab:8a:
bd:01:f2:66:15:8d:de:13:b4:6b:d5:42:7b:5a:c5:
1a:8b:81:7e:de:5b:a3:68:73:aa:85:42:d5:d4:8c:
33:6a:05:f0:fa:6d:3d:84:1a:c2:19:5e:9e:49:c0:
94:5e:f3:e8:f8:23:50:9d:c2:31:8d:11:cb:47:ba:
7c:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:72:A6:95:74:83:E6:F9:A1:59:03:B3:57:BB:68:6D:80:7A:11:23
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/QHKmlXSD5vmhWQOzV7tobYB6ESM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.37.188.0/22
89.37.228.0/22
89.37.236.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:34:1b:e8:df:ac:7a:72:9c:60:3b:12:f6:41:59:36:a5:de:
f8:4f:3f:b6:a3:f6:41:5c:a5:16:c2:5d:dd:dd:52:a9:54:bb:
db:f4:cf:65:00:be:84:5f:29:92:0b:49:3d:2d:30:19:46:a9:
e6:b4:3d:45:6a:74:d5:03:57:11:fc:9f:b9:2a:46:25:22:b0:
c3:72:37:ff:07:28:fa:f6:06:91:71:3c:51:cd:7e:df:40:41:
2c:db:15:b1:88:6b:88:05:e0:12:c6:a5:69:6f:a8:c8:64:ff:
05:52:67:c6:da:68:1b:6e:89:59:34:f9:ae:31:07:12:68:27:
e2:97:7c:82:23:b9:a8:a4:b5:04:a4:4b:ed:ed:2d:8e:73:d6:
30:e2:bd:54:70:5d:3b:86:5f:99:cc:6a:66:80:c1:a7:e9:8f:
5b:f6:08:56:88:e7:14:ea:23:80:8c:73:38:84:d5:cf:d1:8b:
d2:05:5a:85:0a:4e:fe:67:79:6a:4d:e0:32:30:61:e0:10:ad:
4d:22:ab:40:fc:53:68:fa:2b:4e:a1:19:75:90:38:19:78:c7:
6b:0f:4d:8e:1d:78:58:73:80:b4:8a:80:99:59:0a:36:3b:84:
5b:8a:38:59:ca:5b:a5:58:da:69:cf:8d:e6:40:63:dd:48:c1:
1f:73:19:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYgHPwFHvszT/BZMFwjoZaWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNTEwMTk1OTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDcyYTY5NTc0ODNlNmY5YTE1OTAzYjM1N2JiNjg2ZDgwN2ExMTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNaYNKA3RpfwrPJ4wLyo20mU+j20
2YTBUR66cgrQ5ods2fq/FIluKmCRdqkpVZm4KZoqCouA3P+Lw6PzU6FVSADMVe5w
ExkEtRzDgjO0XpzmY6givykCBHquWQ1DsFp008dWuWYLXwTjUcRFIRoxDbah9tiN
+Xwso3IeiN2RQgNw6Mmn7Z+wI7RAQ5Ji9v0/SJtHrWSmmRN0KkKh+eVC/0umvIJ2
SHm/8eGrr2WKiiE80wzCuh+3OD1XZ+kQ4TCMq4q9AfJmFY3eE7Rr1UJ7WsUai4F+
3lujaHOqhULV1IwzagXw+m09hBrCGV6eScCUXvPo+CNQncIxjRHLR7p8zwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEByppV0g+b5oVkDs1e7aG2AehEjMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvUUhLbWxYU0Q1dm1oV1FPelY3dG9iWUI2RVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCWSW8AwQC
WSXkAwQCWSXsMA0GCSqGSIb3DQEBCwUAA4IBAQCaNBvo36x6cpxgOxL2QVk2pd74
Tz+2o/ZBXKUWwl3d3VKpVLvb9M9lAL6EXymSC0k9LTAZRqnmtD1FanTVA1cR/J+5
KkYlIrDDcjf/Byj69gaRcTxRzX7fQEEs2xWxiGuIBeASxqVpb6jIZP8FUmfG2mgb
bolZNPmuMQcSaCfil3yCI7mopLUEpEvt7S2Oc9Yw4r1UcF07hl+ZzGpmgMGn6Y9b
9ghWiOcU6iOAjHM4hNXP0YvSBVqFCk7+Z3lqTeAyMGHgEK1NIqtA/FNo+itOoRl1
kDgZeMdrD02OHXhYc4C0ioCZWQo2O4RbijhZylulWNppz43mQGPdSMEfcxkf
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org