Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/8d7e7c-db7a-465f-8032-255100f2016a/1/QSFgxS-RHrZ4o21GhJQvMa6qD-E.roa
File: QSFgxS-RHrZ4o21GhJQvMa6qD-E.roa (raw, json)
Hash identifier: g+9gIYfE9zgv4CD5vf6mN4l4eTDe2kmE/79BnSpwhJI=
Subject key identifier: 41:21:60:C5:2F:91:1E:B6:78:A3:6D:46:84:94:2F:31:AE:AA:0F:E1
Certificate issuer: /CN=073a6d3de5c125c1fe8b5fbe89584656e5861a2d
Certificate serial: 018C25D3BA2288CE5C4D951F27C51AAB3F9E
Authority key identifier: 07:3A:6D:3D:E5:C1:25:C1:FE:8B:5F:BE:89:58:46:56:E5:86:1A:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BzptPeXBJcH-i1--iVhGVuWGGi0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/8d7e7c-db7a-465f-8032-255100f2016a/1/QSFgxS-RHrZ4o21GhJQvMa6qD-E.roa
Signing time: Fri 01 Dec 2023 14:41:21 +0000
ROA not before: Fri 01 Dec 2023 14:41:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35625
IP address blocks: 185.117.18.0/24 maxlen: 24
2a01:6600:2e00::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:25:d3:ba:22:88:ce:5c:4d:95:1f:27:c5:1a:ab:3f:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=073a6d3de5c125c1fe8b5fbe89584656e5861a2d
Validity
Not Before: Dec 1 14:41:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=412160c52f911eb678a36d4684942f31aeaa0fe1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:cf:ef:9b:91:16:97:2f:cc:61:4e:e3:77:ea:
6c:e4:b9:c2:d5:e2:57:2c:22:a5:bd:fe:d1:bd:a0:
02:c9:4d:e4:79:3a:e5:ba:36:3a:f1:ec:69:c1:2b:
63:e3:c3:02:c4:99:56:b3:36:76:f0:f1:3f:f3:59:
26:66:ef:be:77:d6:8a:df:0c:fe:98:ab:03:70:51:
8f:1b:9a:e7:89:cc:10:9d:1c:5c:4c:03:ff:d7:fb:
44:d4:98:8e:9e:1a:d3:fa:6a:f1:80:e2:f2:12:22:
68:ab:ac:3e:e7:91:ac:65:9f:02:4f:57:ce:f9:db:
e5:f0:3a:d3:00:19:26:fa:32:7a:b3:65:65:ee:e7:
b4:14:fd:06:29:95:1e:6f:61:59:8f:e7:dd:f0:1a:
a2:05:e8:5e:b1:91:0f:ab:3e:8c:91:7c:c4:9e:18:
8b:37:5c:41:d2:cd:5e:3b:ba:20:ac:60:93:9d:c2:
8b:83:23:c1:09:d2:1d:dc:41:f9:1d:a2:5f:1b:a8:
a1:0c:49:6f:14:9d:6e:d9:c2:84:92:8c:65:8d:50:
22:2d:df:54:a6:db:26:5d:cd:80:1b:0b:b7:31:4d:
ba:6e:af:8f:8c:ad:56:67:95:4d:42:fa:3d:14:3e:
b8:4e:9a:91:51:d9:54:6c:b2:d4:45:ed:f6:a7:8f:
2e:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:21:60:C5:2F:91:1E:B6:78:A3:6D:46:84:94:2F:31:AE:AA:0F:E1
X509v3 Authority Key Identifier:
keyid:07:3A:6D:3D:E5:C1:25:C1:FE:8B:5F:BE:89:58:46:56:E5:86:1A:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BzptPeXBJcH-i1--iVhGVuWGGi0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8d7e7c-db7a-465f-8032-255100f2016a/1/QSFgxS-RHrZ4o21GhJQvMa6qD-E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8d7e7c-db7a-465f-8032-255100f2016a/1/BzptPeXBJcH-i1--iVhGVuWGGi0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.117.18.0/24
IPv6:
2a01:6600:2e00::/40
Signature Algorithm: sha256WithRSAEncryption
22:07:31:58:5c:fc:c1:88:6a:88:d7:65:5e:a9:bc:85:d4:d0:
28:fd:24:92:30:22:22:4c:fc:36:17:6e:b2:67:00:d2:ed:03:
8a:f2:37:51:81:b3:e5:ea:40:21:e2:45:92:29:d2:7e:33:2a:
3e:0e:2b:d7:14:89:9d:85:ff:64:b8:71:3a:d0:ec:6a:d1:0d:
ef:a8:d4:78:c3:4a:d0:97:fa:09:8a:42:61:3d:ba:57:62:66:
36:1d:1b:51:aa:75:9a:c1:e2:40:a1:a6:d8:41:86:47:21:18:
f2:2b:13:f5:3c:d7:9f:2e:d1:4d:d9:61:a0:e0:7e:ef:b0:19:
25:ab:55:93:b8:78:81:ad:c9:8a:b1:0c:9c:67:1e:15:b9:ad:
4a:a8:b3:18:1c:b4:bf:21:3a:0d:e2:c2:67:78:7b:48:97:5b:
20:91:48:2d:12:a1:28:53:bf:88:b9:1e:ea:1c:a1:0a:5b:75:
14:ec:6c:c0:b9:2a:b6:f6:c0:a7:65:eb:a5:29:14:21:c9:80:
5a:3f:d2:5e:84:37:6f:44:29:a8:1a:dd:1f:91:11:d6:cb:22:
06:2f:a3:56:30:6f:d6:83:9b:07:d0:6e:ea:8a:e1:c8:10:b0:
b6:ec:ed:46:2f:73:88:9a:f5:e0:0f:9d:a5:f0:66:9d:cc:16:
d0:d1:be:8c
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYwl07oiiM5cTZUfJ8Uaqz+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2E2ZDNkZTVjMTI1YzFmZThiNWZiZTg5NTg0NjU2ZTU4
NjFhMmQwHhcNMjMxMjAxMTQ0MTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTIxNjBjNTJmOTExZWI2NzhhMzZkNDY4NDk0MmYzMWFlYWEwZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM/vm5EWly/MYU7jd+ps5LnC1eJX
LCKlvf7RvaACyU3keTrlujY68expwStj48MCxJlWszZ28PE/81kmZu++d9aK3wz+
mKsDcFGPG5rnicwQnRxcTAP/1/tE1JiOnhrT+mrxgOLyEiJoq6w+55GsZZ8CT1fO
+dvl8DrTABkm+jJ6s2Vl7ue0FP0GKZUeb2FZj+fd8BqiBehesZEPqz6MkXzEnhiL
N1xB0s1eO7ogrGCTncKLgyPBCdId3EH5HaJfG6ihDElvFJ1u2cKEkoxljVAiLd9U
ptsmXc2AGwu3MU26bq+PjK1WZ5VNQvo9FD64TpqRUdlUbLLURe32p48uvwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFEEhYMUvkR62eKNtRoSULzGuqg/hMB8GA1UdIwQY
MBaAFAc6bT3lwSXB/otfvolYRlblhhotMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnpwdFBlWEJKY0gtaTEtLWlWaEdWdVdHR2kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS84ZDdlN2MtZGI3YS00NjVmLTgwMzIt
MjU1MTAwZjIwMTZhLzEvUVNGZ3hTLVJIclo0bzIxR2hKUXZNYTZxRC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS84ZDdlN2MtZGI3YS00NjVmLTgwMzItMjU1MTAwZjIwMTZh
LzEvQnpwdFBlWEJKY0gtaTEtLWlWaEdWdVdHR2kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuXUSMA4E
AgACMAgDBgAqAWYALjANBgkqhkiG9w0BAQsFAAOCAQEAIgcxWFz8wYhqiNdlXqm8
hdTQKP0kkjAiIkz8NhdusmcA0u0DivI3UYGz5epAIeJFkinSfjMqPg4r1xSJnYX/
ZLhxOtDsatEN76jUeMNK0Jf6CYpCYT26V2JmNh0bUap1msHiQKGm2EGGRyEY8isT
9TzXny7RTdlhoOB+77AZJatVk7h4ga3JirEMnGceFbmtSqizGBy0vyE6DeLCZ3h7
SJdbIJFILRKhKFO/iLke6hyhClt1FOxswLkqtvbAp2XrpSkUIcmAWj/SXoQ3b0Qp
qBrdH5ER1ssiBi+jVjBv1oObB9Bu6orhyBCwtuztRi9ziJr14A+dpfBmncwW0NG+
jA==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:52 2023 by rpki-client on console.sobornost.net