Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/QZa53JTNbuQv_85X58ns5woml2g.roa
File: QZa53JTNbuQv_85X58ns5woml2g.roa (raw, json)
Hash identifier: hIZ1spkuOmd4HKthwlvdd+yx6INqtSavzgturDzbpKM=
Subject key identifier: 41:96:B9:DC:94:CD:6E:E4:2F:FF:CE:57:E7:C9:EC:E7:0A:26:97:68
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 018A6A3EB13DBD626CBA0B5481A809E44A53
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/QZa53JTNbuQv_85X58ns5woml2g.roa
Signing time: Wed 06 Sep 2023 11:26:48 +0000
ROA not before: Wed 06 Sep 2023 11:26:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209235
IP address blocks: 45.141.242.0/24 maxlen: 24
45.141.255.0/24 maxlen: 24
2a09:c0c0::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:6a:3e:b1:3d:bd:62:6c:ba:0b:54:81:a8:09:e4:4a:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Sep 6 11:26:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4196b9dc94cd6ee42fffce57e7c9ece70a269768
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:70:ed:28:4e:16:62:9d:43:1d:c6:0d:14:2e:
8e:3b:8c:60:1b:8c:59:46:9d:66:39:75:30:24:f3:
28:5a:c1:89:06:7d:2b:c1:12:98:d2:47:6b:b7:b8:
33:af:26:64:4b:32:16:8f:8c:9e:fe:7a:50:e2:1e:
16:3e:de:76:73:1e:e2:fe:1c:55:27:09:67:d9:de:
f8:3f:57:dd:f5:3c:6e:46:4f:4e:0a:f6:7b:99:ed:
f7:00:95:e8:1f:23:2f:b2:ec:d4:12:4f:13:85:c0:
78:86:fd:19:ce:05:4a:08:ed:b5:bb:bf:f9:24:54:
3f:81:3e:bd:1f:4d:91:11:59:09:9a:f9:d8:6f:eb:
f0:35:76:cd:3a:5e:19:ce:d3:13:0f:cc:e0:9b:1b:
bf:8f:33:71:fa:32:87:54:03:0d:0c:fa:b7:89:b8:
7e:16:fa:78:1b:eb:dd:d6:e1:77:e9:69:32:aa:4e:
aa:c7:cc:20:cf:a1:c3:a2:30:fb:ba:20:d2:49:2e:
87:9a:40:4f:32:8b:a6:62:6e:9f:07:39:53:51:9d:
73:27:8b:21:ea:9c:1b:d1:70:40:8c:ea:4a:bf:f3:
f6:f5:82:f5:b4:a2:64:d8:ef:41:13:65:7a:18:89:
1c:fd:25:21:5d:12:95:ea:f9:7c:57:c9:5c:9b:8c:
8e:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:96:B9:DC:94:CD:6E:E4:2F:FF:CE:57:E7:C9:EC:E7:0A:26:97:68
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/QZa53JTNbuQv_85X58ns5woml2g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.242.0/24
45.141.255.0/24
IPv6:
2a09:c0c0::/29
Signature Algorithm: sha256WithRSAEncryption
86:6d:07:11:3e:56:39:d6:38:95:d4:8f:0d:0b:cd:d2:82:44:
49:f5:b7:e7:a0:80:d1:e0:8a:bb:cf:78:db:2a:93:fd:bf:23:
71:3a:f8:fa:82:39:46:4d:bf:9b:49:91:8a:db:e9:d8:93:72:
00:75:f1:41:64:2a:04:94:ae:ba:b5:bd:53:7e:77:1b:fb:a1:
ba:7c:2a:07:d2:59:60:5f:e2:c9:5f:a4:41:8e:c7:c3:b9:be:
33:2a:39:db:94:46:72:70:8c:3c:91:df:44:08:33:c8:64:87:
53:4d:8b:10:a9:43:b8:76:29:18:90:45:09:82:fe:da:a9:8d:
38:40:c5:42:b1:18:d1:87:0c:a7:57:6f:6e:6e:23:81:b8:79:
80:a9:a1:a4:b1:99:c3:ac:45:2f:9c:65:9e:57:96:b9:a3:6b:
56:02:f1:1f:20:4d:5f:7e:1e:bc:22:c9:2b:54:b4:3b:2e:15:
50:52:a0:67:0d:dc:f9:95:c0:29:aa:c6:05:1d:63:34:11:7b:
db:75:3d:df:54:30:26:c6:b0:e8:8a:88:9f:c7:a9:31:1e:68:
68:c3:66:da:67:37:d3:5a:e3:d0:e2:3a:f5:ed:8f:5b:78:db:
9b:85:2f:bc:cc:c8:b6:63:43:21:3b:45:af:9c:4c:66:75:fc:
8c:d1:52:02
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYpqPrE9vWJsugtUgagJ5EpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjMwOTA2MTEyNjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTk2YjlkYzk0Y2Q2ZWU0MmZmZmNlNTdlN2M5ZWNlNzBhMjY5NzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHDtKE4WYp1DHcYNFC6OO4xgG4xZ
Rp1mOXUwJPMoWsGJBn0rwRKY0kdrt7gzryZkSzIWj4ye/npQ4h4WPt52cx7i/hxV
Jwln2d74P1fd9TxuRk9OCvZ7me33AJXoHyMvsuzUEk8ThcB4hv0ZzgVKCO21u7/5
JFQ/gT69H02REVkJmvnYb+vwNXbNOl4ZztMTD8zgmxu/jzNx+jKHVAMNDPq3ibh+
Fvp4G+vd1uF36Wkyqk6qx8wgz6HDojD7uiDSSS6HmkBPMoumYm6fBzlTUZ1zJ4sh
6pwb0XBAjOpKv/P29YL1tKJk2O9BE2V6GIkc/SUhXRKV6vl8V8lcm4yOLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEGWudyUzW7kL//OV+fJ7OcKJpdoMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvUVphNTNKVE5idVF2Xzg1WDU4bnM1d29tbDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALY3yAwQA
LY3/MA0EAgACMAcDBQMqCcDAMA0GCSqGSIb3DQEBCwUAA4IBAQCGbQcRPlY51jiV
1I8NC83SgkRJ9bfnoIDR4Iq7z3jbKpP9vyNxOvj6gjlGTb+bSZGK2+nYk3IAdfFB
ZCoElK66tb1Tfncb+6G6fCoH0llgX+LJX6RBjsfDub4zKjnblEZycIw8kd9ECDPI
ZIdTTYsQqUO4dikYkEUJgv7aqY04QMVCsRjRhwynV29ubiOBuHmAqaGksZnDrEUv
nGWeV5a5o2tWAvEfIE1ffh68IskrVLQ7LhVQUqBnDdz5lcApqsYFHWM0EXvbdT3f
VDAmxrDoioifx6kxHmhow2baZzfTWuPQ4jr17Y9beNubhS+8zMi2Y0MhO0WvnExm
dfyM0VIC
-----END CERTIFICATE-----
Generated at Sun Apr 27 18:53:55 2025 by rpki-client