Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/GQxUtwZwc2Ix0pO8DAof9T7LT-w.roa
File: GQxUtwZwc2Ix0pO8DAof9T7LT-w.roa (raw, json)
Hash identifier: bqjVaRFz3bAI8cYab9IuL3lSrGSm9LV0qUd6qty82tg=
Subject key identifier: 19:0C:54:B7:06:70:73:62:31:D2:93:BC:0C:0A:1F:F5:3E:CB:4F:EC
Certificate issuer: /CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Certificate serial: 018CC94E56AE496D1D3BF890CAFD7D794478
Authority key identifier: 85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/GQxUtwZwc2Ix0pO8DAof9T7LT-w.roa
Signing time: Tue 02 Jan 2024 08:33:23 +0000
ROA not before: Tue 02 Jan 2024 08:33:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204119
IP address blocks: 84.38.64.0/21 maxlen: 21
195.42.114.0/23 maxlen: 23
84.38.76.0/22 maxlen: 22
2a00:5080::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4e:56:ae:49:6d:1d:3b:f8:90:ca:fd:7d:79:44:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Validity
Not Before: Jan 2 08:33:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=190c54b70670736231d293bc0c0a1ff53ecb4fec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:0a:4b:62:a0:ca:3d:42:d5:eb:3b:f2:75:85:
36:a6:43:22:de:2e:fe:2d:98:13:e7:28:c1:4b:b0:
a1:0d:ef:bb:b0:39:ea:f3:96:a4:82:93:9b:0f:09:
a2:b8:cb:58:4b:eb:3c:30:6f:2e:fb:6d:fc:69:19:
a7:34:4e:cb:6e:11:64:45:57:e4:3d:2d:11:b5:2b:
18:ad:16:dd:aa:ca:50:44:df:b3:fd:6b:1e:02:17:
e6:9f:9f:d9:db:b3:96:21:3c:a2:b3:20:14:eb:ad:
d1:4b:50:4d:5e:2d:be:27:28:d4:04:23:da:4d:4a:
5b:c4:5c:4c:7b:1b:1e:cf:0d:01:76:89:40:70:49:
c6:c7:3b:68:fa:14:1e:dd:d9:21:14:33:34:2f:ff:
8d:7d:0a:57:81:a3:aa:8f:aa:e6:6c:bd:86:3d:a4:
12:8f:d8:01:30:9f:03:17:36:59:fb:85:05:66:6a:
2d:ce:d8:6e:1c:29:ff:36:7c:4c:16:44:66:9a:90:
a5:b8:de:d6:e3:87:07:cb:65:fb:7b:86:a3:b5:6a:
64:16:80:a2:09:39:c7:04:f8:39:ca:2d:fd:05:8d:
5f:e5:63:fa:c6:7e:0e:84:60:bb:09:3c:3c:14:c7:
ea:cf:90:4f:44:e0:20:b7:ef:be:1c:46:c8:68:2f:
d5:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:0C:54:B7:06:70:73:62:31:D2:93:BC:0C:0A:1F:F5:3E:CB:4F:EC
X509v3 Authority Key Identifier:
keyid:85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/GQxUtwZwc2Ix0pO8DAof9T7LT-w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.64.0/21
84.38.76.0/22
195.42.114.0/23
IPv6:
2a00:5080::/32
Signature Algorithm: sha256WithRSAEncryption
91:7a:c8:91:53:95:9d:73:b5:5b:55:2b:ae:f7:5d:3f:74:2e:
fc:c1:95:c6:82:f8:c7:32:5e:90:20:63:fa:fa:d3:90:1e:97:
95:bc:1f:19:8e:15:d4:3a:bc:9a:bd:3e:86:e3:07:db:3f:87:
1d:27:ec:af:9c:60:41:59:28:81:65:72:b0:96:d9:4c:6b:a6:
12:47:6b:10:96:66:91:0c:ff:9b:5a:12:bd:e5:b9:ec:9f:6f:
47:be:8c:b8:bf:68:7e:0c:a9:c8:7b:c0:8b:1b:11:80:e0:3c:
9f:9e:38:ad:cf:d4:ce:bf:f5:94:e8:dd:89:95:08:19:03:02:
de:21:a5:eb:6f:88:1d:00:18:31:9d:f8:b2:54:30:99:0d:f8:
e7:8d:0e:0a:31:69:88:9e:cd:57:14:b9:e8:84:91:bf:8b:1b:
cd:74:c9:81:d1:9a:ef:2b:d0:95:44:20:a4:65:d2:b2:2d:23:
ae:18:16:aa:32:05:11:14:99:3f:2b:68:13:e6:57:c8:07:cf:
da:75:f3:47:02:68:f8:20:bb:99:89:19:88:5e:10:cc:4e:9e:
9d:c8:90:67:60:9e:68:de:37:e6:6c:72:84:60:e5:3c:07:7c:
6c:05:6f:2c:1a:58:1f:84:cd:fb:a4:74:30:ad:1c:9b:51:38:
7d:d4:ad:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzJTlauSW0dO/iQyv19eUR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YzM1MjVkNjhiNjExMTY1NjRlMTZlMWRkNGU1NmNiMDM1
YzljODUwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTBjNTRiNzA2NzA3MzYyMzFkMjkzYmMwYzBhMWZmNTNlY2I0ZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjApLYqDKPULV6zvydYU2pkMi3i7+
LZgT5yjBS7ChDe+7sDnq85akgpObDwmiuMtYS+s8MG8u+238aRmnNE7LbhFkRVfk
PS0RtSsYrRbdqspQRN+z/WseAhfmn5/Z27OWITyisyAU663RS1BNXi2+JyjUBCPa
TUpbxFxMexsezw0BdolAcEnGxzto+hQe3dkhFDM0L/+NfQpXgaOqj6rmbL2GPaQS
j9gBMJ8DFzZZ+4UFZmotzthuHCn/NnxMFkRmmpCluN7W44cHy2X7e4ajtWpkFoCi
CTnHBPg5yi39BY1f5WP6xn4OhGC7CTw8FMfqz5BPROAgt+++HEbIaC/V9wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBkMVLcGcHNiMdKTvAwKH/U+y0/sMB8GA1UdIwQY
MBaAFIXDUl1othEWVk4W4d1OVssDXJyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDkt
Njk0ZGJmYWRkYjhmLzEvR1F4VXR3WndjMkl4MHBPOERBb2Y5VDdMVC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDktNjk0ZGJmYWRkYjhm
LzEvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDVCZAAwQC
VCZMAwQBwypyMA0EAgACMAcDBQAqAFCAMA0GCSqGSIb3DQEBCwUAA4IBAQCResiR
U5Wdc7VbVSuu910/dC78wZXGgvjHMl6QIGP6+tOQHpeVvB8ZjhXUOryavT6G4wfb
P4cdJ+yvnGBBWSiBZXKwltlMa6YSR2sQlmaRDP+bWhK95bnsn29Hvoy4v2h+DKnI
e8CLGxGA4Dyfnjitz9TOv/WU6N2JlQgZAwLeIaXrb4gdABgxnfiyVDCZDfjnjQ4K
MWmIns1XFLnohJG/ixvNdMmB0ZrvK9CVRCCkZdKyLSOuGBaqMgURFJk/K2gT5lfI
B8/adfNHAmj4ILuZiRmIXhDMTp6dyJBnYJ5o3jfmbHKEYOU8B3xsBW8sGlgfhM37
pHQwrRybUTh91K2b
-----END CERTIFICATE-----
Generated at Mon Mar 18 17:22:16 2024 by rpki-client on console.sobornost.net