Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/Qa89vuLY7ySeBpVox6g9O9Y2x58.roa
File: Qa89vuLY7ySeBpVox6g9O9Y2x58.roa (raw, json)
Hash identifier: fDDS4N9HG/HFDq+acHCn4unGSxRMR3jQVLHjMYapPRs=
Subject key identifier: 41:AF:3D:BE:E2:D8:EF:24:9E:06:95:68:C7:A8:3D:3B:D6:36:C7:9F
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 01856D386B096CB8C8334795ECE4D2E0A5CB
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/Qa89vuLY7ySeBpVox6g9O9Y2x58.roa
Signing time: Sun 01 Jan 2023 12:04:51 +0000
ROA not before: Sun 01 Jan 2023 12:04:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 78.136.204.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:38:6b:09:6c:b8:c8:33:47:95:ec:e4:d2:e0:a5:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jan 1 12:04:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41af3dbee2d8ef249e069568c7a83d3bd636c79f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:d9:b7:11:00:72:a1:f3:c0:11:9a:f0:ce:a4:
4e:6a:e8:1f:01:a3:69:7f:b0:d4:fc:d0:b7:f1:a9:
79:1c:95:41:08:0e:6a:9e:e1:90:2b:70:a8:01:42:
31:f0:2e:e5:1c:d4:ab:88:b4:64:87:ab:97:ae:b0:
32:d0:a1:9c:b6:9d:88:d3:b9:47:3d:b2:a5:7d:ae:
25:3d:26:ff:ae:f3:43:27:11:2d:3e:8a:7b:09:46:
a9:c1:ca:7d:d0:d1:1b:8e:84:2a:41:83:a7:47:bb:
ca:3a:cc:f6:4d:bd:a4:d0:7e:91:34:50:fc:d0:42:
f3:aa:9b:74:46:72:f1:08:f7:b1:66:72:b1:71:44:
fe:ec:50:55:a9:03:6d:f3:c1:71:8f:d6:3d:d5:54:
ae:3d:79:e7:52:11:67:75:bd:95:b5:9e:f3:80:3e:
e4:6c:55:07:34:44:92:c4:85:68:16:21:50:5c:6d:
fc:90:e4:39:fc:9a:5b:84:4b:04:71:83:35:3a:df:
d7:41:ca:35:f6:a5:2d:48:3e:3b:44:48:24:04:4d:
c9:c8:9f:45:f7:cb:37:d3:de:8c:5f:2e:eb:77:24:
fb:4e:6c:65:ef:bd:d4:b9:a2:7f:f0:7e:2f:d4:fa:
d5:01:f1:88:05:c9:23:cd:03:9e:58:8b:04:90:48:
74:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:AF:3D:BE:E2:D8:EF:24:9E:06:95:68:C7:A8:3D:3B:D6:36:C7:9F
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/Qa89vuLY7ySeBpVox6g9O9Y2x58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.204.0/22
Signature Algorithm: sha256WithRSAEncryption
70:6a:fe:d6:39:db:80:1c:66:99:fa:c2:9a:de:ab:f5:24:45:
34:8d:b2:82:00:b6:28:e1:ec:04:79:27:4e:e5:3f:5c:e6:bf:
e6:01:fd:44:e5:27:6a:c9:a4:e4:e8:6c:ba:8c:b5:b3:00:60:
f6:9b:40:ca:15:a2:89:51:fd:26:05:9a:0a:d5:c4:13:bb:e5:
52:65:dd:72:ac:ce:a5:57:31:7a:9a:da:f9:5d:1d:5c:01:94:
fb:c0:f7:48:6d:20:cd:59:92:6d:ed:d7:97:04:2f:6c:86:ba:
a4:97:12:21:75:81:b9:cb:cf:24:5a:37:fa:73:f6:c2:20:28:
7a:32:df:eb:0a:7d:eb:cb:4f:17:cf:c3:b6:c5:fd:af:cd:56:
2c:e2:50:80:86:2b:82:12:01:1c:49:0e:65:12:f7:57:11:8e:
6f:37:0b:e3:1c:18:89:87:31:0e:ca:12:93:9f:2a:fe:e1:a4:
2e:ef:17:20:d0:60:b2:49:ad:ea:19:9e:fe:47:34:e4:9b:69:
7d:fe:96:f7:2b:a4:bb:9b:89:37:e2:08:bb:15:87:94:65:47:
57:d9:6c:3c:b8:79:fd:ed:7b:fa:66:e8:8f:1d:a9:c3:22:71:
55:c1:93:66:82:24:a1:77:22:f2:0f:fb:65:f4:3b:b1:4c:2c:
5f:99:7e:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtOGsJbLjIM0eV7OTS4KXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMwMTAxMTIwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWFmM2RiZWUyZDhlZjI0OWUwNjk1NjhjN2E4M2QzYmQ2MzZjNzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdm3EQByofPAEZrwzqROaugfAaNp
f7DU/NC38al5HJVBCA5qnuGQK3CoAUIx8C7lHNSriLRkh6uXrrAy0KGctp2I07lH
PbKlfa4lPSb/rvNDJxEtPop7CUapwcp90NEbjoQqQYOnR7vKOsz2Tb2k0H6RNFD8
0ELzqpt0RnLxCPexZnKxcUT+7FBVqQNt88Fxj9Y91VSuPXnnUhFndb2VtZ7zgD7k
bFUHNESSxIVoFiFQXG38kOQ5/JpbhEsEcYM1Ot/XQco19qUtSD47REgkBE3JyJ9F
98s3096MXy7rdyT7Tmxl773UuaJ/8H4v1PrVAfGIBckjzQOeWIsEkEh05QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGvPb7i2O8kngaVaMeoPTvWNsefMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvUWE4OXZ1TFk3eVNlQnBWb3g2ZzlPOVkyeDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTojMMA0G
CSqGSIb3DQEBCwUAA4IBAQBwav7WOduAHGaZ+sKa3qv1JEU0jbKCALYo4ewEeSdO
5T9c5r/mAf1E5SdqyaTk6Gy6jLWzAGD2m0DKFaKJUf0mBZoK1cQTu+VSZd1yrM6l
VzF6mtr5XR1cAZT7wPdIbSDNWZJt7deXBC9shrqklxIhdYG5y88kWjf6c/bCICh6
Mt/rCn3ry08Xz8O2xf2vzVYs4lCAhiuCEgEcSQ5lEvdXEY5vNwvjHBiJhzEOyhKT
nyr+4aQu7xcg0GCySa3qGZ7+RzTkm2l9/pb3K6S7m4k34gi7FYeUZUdX2Ww8uHn9
7Xv6ZuiPHanDInFVwZNmgiShdyLyD/tl9DuxTCxfmX6m
-----END CERTIFICATE-----
Generated at Fri May 2 15:40:35 2025 by rpki-client