Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/qsjXo4mNYifckNWBmofLPT-asSg.roa
File: qsjXo4mNYifckNWBmofLPT-asSg.roa (raw, json)
Hash identifier: FHVOIT9rlDs2E37TEAs9YqlWwa2G7RR2bUfu/I4aYKc=
Subject key identifier: AA:C8:D7:A3:89:8D:62:27:DC:90:D5:81:9A:87:CB:3D:3F:9A:B1:28
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 01896478F03BBDD3B3F8E5DD95209BA722FF
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/qsjXo4mNYifckNWBmofLPT-asSg.roa
Signing time: Mon 17 Jul 2023 15:29:54 +0000
ROA not before: Mon 17 Jul 2023 15:29:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 45.80.223.0/24 maxlen: 24
45.80.222.0/24 maxlen: 24
45.80.221.0/24 maxlen: 24
92.119.192.0/24 maxlen: 24
45.159.85.0/24 maxlen: 24
193.32.164.0/24 maxlen: 24
193.32.166.0/24 maxlen: 24
193.32.165.0/24 maxlen: 24
45.129.130.0/24 maxlen: 24
45.129.129.0/24 maxlen: 24
45.129.131.0/24 maxlen: 24
193.32.167.0/24 maxlen: 24
45.136.69.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:78:f0:3b:bd:d3:b3:f8:e5:dd:95:20:9b:a7:22:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Jul 17 15:29:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aac8d7a3898d6227dc90d5819a87cb3d3f9ab128
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:57:0a:82:94:a9:3f:a7:62:bf:13:39:9d:ee:
1b:4f:28:3d:9d:5a:0c:20:53:9c:b4:e6:5d:f3:ba:
25:2a:55:ab:fe:c1:fd:c8:81:c2:ce:1b:60:16:b2:
36:67:4e:c3:1f:fe:ef:e6:c9:00:62:3a:1f:bb:d8:
d1:c0:a8:9a:2e:73:e7:45:67:00:c8:e4:37:49:d8:
e4:3b:f7:25:64:6f:a3:e2:87:78:ce:aa:e6:4d:13:
92:ea:44:d7:41:27:c8:23:b9:3c:5a:70:96:8d:3d:
b4:f9:95:74:69:20:7e:91:7b:d8:44:38:3f:ed:72:
cd:de:43:e6:8c:a7:c4:16:4e:5b:db:db:9c:cc:0f:
80:3e:43:38:15:55:e6:d2:36:15:bf:e7:3f:80:4b:
bd:63:1a:04:05:a3:0e:3b:a0:d8:c9:aa:69:ad:8f:
fa:bf:9b:48:76:90:9b:5a:cd:b7:4b:2d:75:0f:8a:
58:72:4b:88:b6:74:91:46:e9:05:5e:dc:fa:82:25:
c3:4c:4a:e1:0b:65:3e:a3:0c:35:97:0c:e3:98:22:
6c:f0:4b:16:a1:4d:b1:9f:45:14:04:1c:b6:14:4d:
94:3c:5b:e8:d9:7c:77:c7:c3:0d:a1:98:80:84:2e:
6c:57:e1:e3:3b:af:ef:96:12:d0:3a:ef:db:87:f5:
9d:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:C8:D7:A3:89:8D:62:27:DC:90:D5:81:9A:87:CB:3D:3F:9A:B1:28
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/qsjXo4mNYifckNWBmofLPT-asSg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.80.221.0-45.80.223.255
45.129.129.0-45.129.131.255
45.136.69.0/24
45.159.85.0/24
92.119.192.0/24
193.32.164.0/22
Signature Algorithm: sha256WithRSAEncryption
6c:9e:36:5c:30:05:07:67:e1:cc:aa:d9:f9:73:9a:1b:9a:39:
ad:af:8f:9f:33:74:6e:ce:d8:b1:de:86:ce:5a:31:f1:73:c2:
af:7b:bf:7e:9a:f8:20:a8:31:b4:ca:aa:29:c8:13:43:3a:4f:
2a:50:92:f5:85:9e:33:3e:5d:3f:e0:7b:25:ee:43:f0:e9:c1:
95:bc:c7:af:1f:95:3d:28:0e:f1:34:18:bd:68:b4:d9:a2:b3:
e4:03:03:6a:a8:35:9f:ab:01:f4:e6:41:73:5f:ec:b8:f8:27:
c1:98:f6:7d:da:cc:96:e1:60:d9:91:6b:91:21:20:b3:a3:ce:
e7:9e:10:94:2d:ab:5b:ff:66:ea:55:0d:79:7e:73:cc:4d:6e:
91:b6:57:2f:ed:4d:df:42:22:a9:2c:c4:c1:f8:21:7a:ab:ac:
3d:67:a8:0c:fb:b0:1f:dc:4c:8c:79:23:7b:00:54:46:ee:0f:
85:84:77:48:10:6c:8e:1e:8e:15:25:86:9b:5c:12:f2:24:fa:
0c:6d:b1:4d:91:75:2d:c4:c4:e1:90:0c:45:d0:ed:13:31:ef:
55:39:5d:1b:da:90:3e:a6:08:51:03:ad:0f:21:66:0b:f7:2c:
b7:ce:3f:c1:7b:39:f7:60:7a:55:c4:2d:fa:05:11:c9:bd:1f:
a9:e7:f6:d4
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYlkePA7vdOz+OXdlSCbpyL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwNzE3MTUyOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWM4ZDdhMzg5OGQ2MjI3ZGM5MGQ1ODE5YTg3Y2IzZDNmOWFiMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFcKgpSpP6divxM5ne4bTyg9nVoM
IFOctOZd87olKlWr/sH9yIHCzhtgFrI2Z07DH/7v5skAYjofu9jRwKiaLnPnRWcA
yOQ3SdjkO/clZG+j4od4zqrmTROS6kTXQSfII7k8WnCWjT20+ZV0aSB+kXvYRDg/
7XLN3kPmjKfEFk5b29uczA+APkM4FVXm0jYVv+c/gEu9YxoEBaMOO6DYyapprY/6
v5tIdpCbWs23Sy11D4pYckuItnSRRukFXtz6giXDTErhC2U+oww1lwzjmCJs8EsW
oU2xn0UUBBy2FE2UPFvo2Xx3x8MNoZiAhC5sV+HjO6/vlhLQOu/bh/WdeQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFKrI16OJjWIn3JDVgZqHyz0/mrEoMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvcXNqWG80bU5ZaWZja05XQm1vZkxQVC1hc1NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAAtUN0D
BAUtUMAwDAMEAC2BgQMEAi2BgAMEAC2IRQMEAC2fVQMEAFx3wAMEAsEgpDANBgkq
hkiG9w0BAQsFAAOCAQEAbJ42XDAFB2fhzKrZ+XOaG5o5ra+PnzN0bs7Ysd6Gzlox
8XPCr3u/fpr4IKgxtMqqKcgTQzpPKlCS9YWeMz5dP+B7Je5D8OnBlbzHrx+VPSgO
8TQYvWi02aKz5AMDaqg1n6sB9OZBc1/suPgnwZj2fdrMluFg2ZFrkSEgs6PO554Q
lC2rW/9m6lUNeX5zzE1ukbZXL+1N30IiqSzEwfghequsPWeoDPuwH9xMjHkjewBU
Ru4PhYR3SBBsjh6OFSWGm1wS8iT6DG2xTZF1LcTE4ZAMRdDtEzHvVTldG9qQPqYI
UQOtDyFmC/cst84/wXs592B6VcQt+gURyb0fqef21A==
-----END CERTIFICATE-----
Generated at Tue Apr 29 14:29:35 2025 by rpki-client