Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/QcjjKTUfcZrUle8OTiOumiMVvIk.roa
File: QcjjKTUfcZrUle8OTiOumiMVvIk.roa (raw, json)
Hash identifier: MxloS7FU+NELno7VsSxFY9NNWEDNBmyn9jV5TZuKByo=
Subject key identifier: 41:C8:E3:29:35:1F:71:9A:D4:95:EF:0E:4E:23:AE:9A:23:15:BC:89
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018703EC8FF2AE9447DA0F5ACD656D4231E5
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/QcjjKTUfcZrUle8OTiOumiMVvIk.roa
Signing time: Tue 21 Mar 2023 11:27:27 +0000
ROA not before: Tue 21 Mar 2023 11:27:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 54339
IP address blocks: 176.114.88.0/22 maxlen: 22
176.114.94.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:03:ec:8f:f2:ae:94:47:da:0f:5a:cd:65:6d:42:31:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Mar 21 11:27:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41c8e329351f719ad495ef0e4e23ae9a2315bc89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:dd:9f:15:dc:62:6a:ca:1f:a1:e8:d0:78:1a:
71:d6:70:73:83:ea:01:c5:de:77:db:2c:4e:7f:d5:
99:51:b4:51:f2:55:3d:5c:79:e1:39:05:f6:22:39:
52:4f:e5:6f:e0:e7:dc:db:c5:29:ef:23:fd:89:cf:
e6:12:22:83:bb:ae:6b:26:a0:ad:fd:6c:ab:45:7e:
d8:fc:92:f9:52:1f:dc:82:f2:bc:5e:c8:31:3f:86:
66:ff:0b:41:8f:bd:e5:5a:da:c9:65:9b:a8:fd:17:
76:f7:f1:f2:06:db:2a:c9:b7:ae:43:5e:0f:7a:2f:
48:46:7d:f2:04:5e:52:41:6a:a9:97:07:01:07:8b:
e1:f5:1e:36:a6:ec:5f:5d:cd:f3:e3:e6:98:d4:ba:
07:67:69:db:54:54:e9:08:67:50:b0:fe:31:51:70:
02:e1:06:29:03:bd:5f:4f:5c:62:52:ac:a7:08:99:
bd:35:ee:b1:53:f7:72:cd:20:69:27:4d:7e:f6:fe:
1d:ae:2a:2e:08:0c:9d:2a:d1:f5:fa:c0:ac:bc:b2:
ca:da:95:f9:82:04:ae:b5:f4:c6:48:ea:65:8c:dc:
69:25:1b:b0:7a:21:c5:78:59:73:0e:2a:69:9e:e8:
e6:17:8f:bf:0e:37:48:d9:d3:50:b2:dc:01:58:b5:
f0:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:C8:E3:29:35:1F:71:9A:D4:95:EF:0E:4E:23:AE:9A:23:15:BC:89
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/QcjjKTUfcZrUle8OTiOumiMVvIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.88.0/22
176.114.94.0/23
Signature Algorithm: sha256WithRSAEncryption
33:fe:87:08:d8:d4:8b:ec:69:2b:6a:38:01:43:1a:b5:8f:58:
65:d5:ee:1e:e4:5f:8a:0a:1c:2e:8d:8a:2e:e4:79:9d:3a:5c:
c3:48:7c:9d:75:7d:1f:4e:37:2c:3f:cc:2f:9e:47:f1:02:d2:
bf:2d:5f:97:13:2b:3e:a5:34:c6:45:56:ac:ed:9d:6b:e6:6c:
da:d2:28:02:0d:09:a5:25:03:73:10:c8:7d:24:1d:40:d8:41:
48:fd:5c:d4:ef:6f:03:44:3a:49:54:20:aa:72:3a:f7:5d:c7:
83:10:45:c2:1b:5c:9c:78:1a:0b:04:a7:41:00:df:4a:8e:a3:
54:6d:3a:16:ae:49:30:49:4d:d8:92:0c:28:51:57:d5:2c:be:
37:4f:88:7f:70:74:b0:26:b1:9a:a3:c1:97:c1:e3:f1:79:80:
36:9d:44:9d:99:42:a5:02:95:e4:f8:7b:e1:50:81:39:73:13:
7b:0e:be:83:2a:6a:76:f0:0b:b2:0b:5a:02:51:4b:28:11:1c:
81:6e:e7:c5:8c:b2:69:71:db:50:03:d8:30:3a:8c:83:23:4f:
99:0c:ec:80:3a:e5:ad:45:8a:c6:1a:c5:87:57:e3:7c:91:48:
8d:52:66:d1:41:94:49:2d:55:16:c5:84:ad:18:68:60:38:e6:
46:dc:2f:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYcD7I/yrpRH2g9azWVtQjHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMzIxMTEyNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWM4ZTMyOTM1MWY3MTlhZDQ5NWVmMGU0ZTIzYWU5YTIzMTViYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh92fFdxiasofoejQeBpx1nBzg+oB
xd532yxOf9WZUbRR8lU9XHnhOQX2IjlST+Vv4Ofc28Up7yP9ic/mEiKDu65rJqCt
/WyrRX7Y/JL5Uh/cgvK8XsgxP4Zm/wtBj73lWtrJZZuo/Rd29/HyBtsqybeuQ14P
ei9IRn3yBF5SQWqplwcBB4vh9R42puxfXc3z4+aY1LoHZ2nbVFTpCGdQsP4xUXAC
4QYpA71fT1xiUqynCJm9Ne6xU/dyzSBpJ01+9v4driouCAydKtH1+sCsvLLK2pX5
ggSutfTGSOpljNxpJRuweiHFeFlzDippnujmF4+/DjdI2dNQstwBWLXwowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHI4yk1H3Ga1JXvDk4jrpojFbyJMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvUWNqaktUVWZjWnJVbGU4T1RpT3VtaU1WdklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsHJYAwQB
sHJeMA0GCSqGSIb3DQEBCwUAA4IBAQAz/ocI2NSL7GkrajgBQxq1j1hl1e4e5F+K
ChwujYou5HmdOlzDSHyddX0fTjcsP8wvnkfxAtK/LV+XEys+pTTGRVas7Z1r5mza
0igCDQmlJQNzEMh9JB1A2EFI/VzU728DRDpJVCCqcjr3XceDEEXCG1yceBoLBKdB
AN9KjqNUbToWrkkwSU3YkgwoUVfVLL43T4h/cHSwJrGao8GXwePxeYA2nUSdmUKl
ApXk+HvhUIE5cxN7Dr6DKmp28AuyC1oCUUsoERyBbufFjLJpcdtQA9gwOoyDI0+Z
DOyAOuWtRYrGGsWHV+N8kUiNUmbRQZRJLVUWxYStGGhgOOZG3C9S
-----END CERTIFICATE-----
Generated at Mon Apr 28 01:10:43 2025 by rpki-client