Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/qZMjq5zWObGUihlD7FnbWMCiYhQ.roa
File: qZMjq5zWObGUihlD7FnbWMCiYhQ.roa (raw, json)
Hash identifier: zfDDZWbN02SNtDxMD+I936PDkdEJsosIRFGeRpxUJHE=
Subject key identifier: A9:93:23:AB:9C:D6:39:B1:94:8A:19:43:EC:59:DB:58:C0:A2:62:14
Certificate issuer: /CN=227e9581a69acf8119320e1379857a513bd238db
Certificate serial: 1883C8F3
Authority key identifier: 22:7E:95:81:A6:9A:CF:81:19:32:0E:13:79:85:7A:51:3B:D2:38:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/In6Vgaaaz4EZMg4TeYV6UTvSONs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/qZMjq5zWObGUihlD7FnbWMCiYhQ.roa
Signing time: Sat 01 Jan 2022 11:54:50 +0000
ROA not before: Sat 01 Jan 2022 11:54:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 199324
IP address blocks: 185.187.40.0/22 maxlen: 24
185.21.24.0/22 maxlen: 24
2a00:54e0::/32 maxlen: 32
2a0b:9580::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 411289843 (0x1883c8f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=227e9581a69acf8119320e1379857a513bd238db
Validity
Not Before: Jan 1 11:54:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a99323ab9cd639b1948a1943ec59db58c0a26214
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:d1:5e:6e:9e:6a:42:c6:bc:39:ce:c5:04:4b:
5b:c5:eb:94:4e:25:46:26:0c:cb:ac:2e:92:cb:ad:
4d:52:48:83:03:49:af:c2:37:d9:b1:0a:bc:34:e6:
23:1b:c3:91:3c:f3:cc:da:55:a4:12:44:0e:17:ba:
8a:52:38:70:6a:eb:11:29:8c:de:37:11:e8:6a:ad:
3c:11:69:7f:70:5c:8f:72:4a:6a:70:3b:56:89:e4:
c9:6e:fc:42:d4:69:e8:c8:d6:69:a7:d0:f0:1f:3e:
44:b8:d7:84:4d:fb:b4:f7:28:c3:6f:ca:ae:8e:6c:
2d:d7:f1:bf:e5:e1:c3:e9:4c:46:94:e9:ed:00:87:
de:30:86:f2:f3:18:2c:ac:e9:8e:b6:28:e3:f5:16:
68:80:65:bb:05:e9:60:99:91:2b:f7:23:f8:ae:d7:
0a:17:22:23:39:4e:3c:71:17:d5:66:e8:d7:e9:b5:
ba:6d:5e:9a:b2:e3:26:bc:dd:1f:23:76:9e:16:b7:
d7:68:b6:ba:60:0f:e0:5b:16:82:8e:b4:b0:2c:88:
34:09:9e:f0:0c:0f:ef:c3:38:d3:fe:1a:42:23:33:
9b:1b:0d:45:f2:30:c1:0c:b6:af:13:06:a3:2d:c7:
8e:6a:77:6c:90:27:72:58:9e:8c:1b:be:7f:88:c3:
23:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:93:23:AB:9C:D6:39:B1:94:8A:19:43:EC:59:DB:58:C0:A2:62:14
X509v3 Authority Key Identifier:
keyid:22:7E:95:81:A6:9A:CF:81:19:32:0E:13:79:85:7A:51:3B:D2:38:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/In6Vgaaaz4EZMg4TeYV6UTvSONs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/qZMjq5zWObGUihlD7FnbWMCiYhQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/In6Vgaaaz4EZMg4TeYV6UTvSONs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.21.24.0/22
185.187.40.0/22
IPv6:
2a00:54e0::/32
2a0b:9580::/32
Signature Algorithm: sha256WithRSAEncryption
7f:62:6b:17:77:64:a2:bb:53:9a:c1:1e:ab:41:b3:45:7f:a3:
6d:dd:aa:f2:ee:b3:32:5b:cb:a5:04:94:de:b0:69:7c:d3:47:
d3:56:01:8b:3a:f1:d7:54:a4:e7:eb:a2:fc:95:2a:9d:94:63:
05:bc:fc:39:50:f7:e7:b9:ef:f1:d3:0a:00:d2:54:a9:a8:f3:
55:98:a7:43:8f:22:cf:2f:f1:eb:18:93:45:58:6a:a5:6f:a3:
ee:eb:cd:f0:36:59:5f:93:30:ed:9e:c2:d9:d6:5c:06:3d:9d:
14:c2:fc:55:8e:a8:bb:13:10:65:a9:21:dd:14:08:c1:fb:2e:
df:18:3f:ac:fb:76:1d:ef:b3:d2:3d:2d:e1:39:4a:bf:55:a3:
78:68:16:19:80:75:5a:43:c9:f2:e9:06:e1:64:7c:9c:7c:18:
98:6e:cd:41:80:e8:40:84:e4:4b:8d:42:06:76:6b:ac:13:fc:
a3:3a:b0:60:6d:69:cd:95:a7:83:4b:7a:77:1a:fa:01:3a:24:
24:5b:b2:25:b4:dc:be:51:db:65:9b:3a:1f:c4:af:d3:f4:b5:
28:61:38:f1:69:c4:b5:f9:dc:25:4b:c2:3e:82:84:a5:85:79:
2d:b7:16:55:a1:f5:a8:63:bd:d5:75:2d:68:f6:45:6b:42:1c:
97:fb:75:01
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEGIPI8zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MjdlOTU4MWE2OWFjZjgxMTkzMjBlMTM3OTg1N2E1MTNiZDIzOGRiMB4XDTIyMDEw
MTExNTQ1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTk5MzIzYWI5Y2Q2
MzliMTk0OGExOTQzZWM1OWRiNThjMGEyNjIxNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANrRXm6eakLGvDnOxQRLW8XrlE4lRiYMy6wuksutTVJIgwNJ
r8I32bEKvDTmIxvDkTzzzNpVpBJEDhe6ilI4cGrrESmM3jcR6GqtPBFpf3Bcj3JK
anA7VonkyW78QtRp6MjWaafQ8B8+RLjXhE37tPcow2/Kro5sLdfxv+Xhw+lMRpTp
7QCH3jCG8vMYLKzpjrYo4/UWaIBluwXpYJmRK/cj+K7XChciIzlOPHEX1Wbo1+m1
um1emrLjJrzdHyN2nha312i2umAP4FsWgo60sCyINAme8AwP78M40/4aQiMzmxsN
RfIwwQy2rxMGoy3Hjmp3bJAncliejBu+f4jDI50CAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBSpkyOrnNY5sZSKGUPsWdtYwKJiFDAfBgNVHSMEGDAWgBQifpWBpprPgRky
DhN5hXpRO9I42zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0luNlZnYWFhejRFWk1nNFRlWVY2VVR2U09Ocy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTUvMmI4M2ExLTc0OGQtNGY1NS04YjNiLWQ5ZGY0NWRiYmFkZi8x
L3FaTWpxNXpXT2JHVWlobEQ3Rm5iV01DaVloUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTUv
MmI4M2ExLTc0OGQtNGY1NS04YjNiLWQ5ZGY0NWRiYmFkZi8xL0luNlZnYWFhejRF
Wk1nNFRlWVY2VVR2U09Ocy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEArkVGAMEArm7KDAUBAIAAjAOAwUA
KgBU4AMFACoLlYAwDQYJKoZIhvcNAQELBQADggEBAH9iaxd3ZKK7U5rBHqtBs0V/
o23dqvLuszJby6UElN6waXzTR9NWAYs68ddUpOfrovyVKp2UYwW8/DlQ9+e57/HT
CgDSVKmo81WYp0OPIs8v8esYk0VYaqVvo+7rzfA2WV+TMO2ewtnWXAY9nRTC/FWO
qLsTEGWpId0UCMH7Lt8YP6z7dh3vs9I9LeE5Sr9Vo3hoFhmAdVpDyfLpBuFkfJx8
GJhuzUGA6ECE5EuNQgZ2a6wT/KM6sGBtac2Vp4NLenca+gE6JCRbsiW03L5R22Wb
Oh/Er9P0tShhOPFpxLX53CVLwj6ChKWFeS23FlWh9ahjvdV1LWj2RWtCHJf7dQE=
-----END CERTIFICATE-----
Generated at Sun Apr 27 21:30:53 2025 by rpki-client