Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QCtAJwOTIEPLp8fXcY39grCENGI.roa
File: QCtAJwOTIEPLp8fXcY39grCENGI.roa (raw, json)
Hash identifier: /T1LxveeQfjL0b7ki1hyc7a4SftlhK5uiZy6HeP8tVQ=
Subject key identifier: 40:2B:40:27:03:93:20:43:CB:A7:C7:D7:71:8D:FD:82:B0:84:34:62
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188E777A0975312D9D3099FCEACA88826D4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QCtAJwOTIEPLp8fXcY39grCENGI.roa
Signing time: Fri 23 Jun 2023 08:55:56 +0000
ROA not before: Fri 23 Jun 2023 08:55:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 83.143.112.0/24 maxlen: 24
85.217.145.0/24 maxlen: 24
83.143.113.0/24 maxlen: 24
185.222.163.0/24 maxlen: 24
45.128.99.0/24 maxlen: 24
87.121.69.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
194.48.249.0/24 maxlen: 24
194.48.251.0/24 maxlen: 24
85.209.132.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:e7:77:a0:97:53:12:d9:d3:09:9f:ce:ac:a8:88:26:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 23 08:55:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=402b402703932043cba7c7d7718dfd82b0843462
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:1c:66:36:21:01:03:4c:73:62:b2:56:77:1a:
74:7b:c3:58:f7:06:85:f4:43:7e:50:36:93:dc:f3:
4b:c2:c1:7b:86:95:75:8d:75:94:e4:2a:b2:89:7b:
29:f3:64:4e:34:fb:d0:71:80:49:80:ad:91:7c:f9:
48:8a:97:e6:8b:33:65:6c:9a:88:7f:c2:20:45:db:
5d:45:20:cd:96:c1:53:cd:fb:9c:b6:14:c4:3f:14:
ca:ec:39:62:db:5c:fc:d2:65:fb:1a:29:00:00:a9:
e2:9f:df:35:b6:57:c4:a6:5c:b0:3e:18:c1:4d:c2:
bd:40:ad:c1:5e:85:ad:3e:43:03:60:e9:f3:09:fa:
f7:d2:63:22:9c:ca:32:3d:8c:4c:f4:ec:be:30:63:
c7:4a:58:5a:42:ff:60:36:5e:4c:fc:87:cd:ad:32:
ac:97:57:16:79:f7:23:1a:e5:e8:24:a4:1a:1e:9e:
6b:bd:3c:41:8b:31:16:ba:f2:58:75:f0:73:2a:9e:
36:e0:f9:a0:f5:df:fa:c6:fb:a5:f1:4d:db:89:ee:
f2:f5:9c:bb:cf:64:76:99:fb:fe:0d:d3:0c:8c:dd:
6c:bf:03:52:14:10:e0:4c:0c:76:85:e5:8c:4d:fb:
11:d9:00:ac:c0:58:aa:38:33:c4:4b:e5:6b:e3:37:
94:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:2B:40:27:03:93:20:43:CB:A7:C7:D7:71:8D:FD:82:B0:84:34:62
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QCtAJwOTIEPLp8fXcY39grCENGI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.99.0/24
83.143.112.0/23
85.209.132.0/24
85.217.145.0/24
87.121.69.0/24
176.125.252.0/24
185.222.163.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
194.48.249.0/24
194.48.251.0/24
Signature Algorithm: sha256WithRSAEncryption
81:f2:78:95:54:67:70:7f:bc:7d:fe:d7:32:cb:5b:5d:a7:74:
23:46:03:85:d2:a1:9c:7a:b5:35:84:1e:c8:c9:da:45:39:f5:
74:96:99:3e:0f:31:c1:18:c3:29:af:24:c1:f7:78:74:7e:85:
36:26:92:09:b0:0a:63:bd:c3:80:6a:fe:ea:8a:b2:b1:0d:ca:
32:97:a6:17:dd:28:c5:e1:a0:46:6b:01:9e:13:c4:e0:c1:9b:
b7:55:5d:2a:96:e7:bf:b0:cf:53:5e:1c:82:64:49:b3:87:0e:
16:3e:ae:f5:72:02:8c:0f:22:d7:be:5b:17:86:3b:3b:61:5f:
76:cf:a4:5c:5c:55:3c:77:a0:eb:dd:70:3c:1c:4d:c6:67:54:
af:b7:d0:2a:08:db:0b:aa:14:1b:0a:54:d2:1d:3f:8c:9f:ce:
16:1b:4f:03:2c:97:52:23:b8:f0:ac:dc:69:ba:a1:7a:e5:c3:
ce:9e:d3:05:ef:6a:b8:0e:58:1b:a1:f0:9a:64:f4:9b:88:27:
af:44:ea:2f:b5:9a:87:02:55:ba:a8:6b:66:70:d8:62:d0:87:
a6:72:45:16:b1:1a:7a:30:48:e3:9a:13:8c:09:95:a2:97:a1:
ce:52:18:ad:e4:02:a2:c1:07:d7:42:b3:e2:aa:d6:a0:b7:b5:
69:1c:2b:75
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYjnd6CXUxLZ0wmfzqyoiCbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjIzMDg1NTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDJiNDAyNzAzOTMyMDQzY2JhN2M3ZDc3MThkZmQ4MmIwODQzNDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhxmNiEBA0xzYrJWdxp0e8NY9waF
9EN+UDaT3PNLwsF7hpV1jXWU5CqyiXsp82RONPvQcYBJgK2RfPlIipfmizNlbJqI
f8IgRdtdRSDNlsFTzfucthTEPxTK7Dli21z80mX7GikAAKnin981tlfEplywPhjB
TcK9QK3BXoWtPkMDYOnzCfr30mMinMoyPYxM9Oy+MGPHSlhaQv9gNl5M/IfNrTKs
l1cWefcjGuXoJKQaHp5rvTxBizEWuvJYdfBzKp424Pmg9d/6xvul8U3bie7y9Zy7
z2R2mfv+DdMMjN1svwNSFBDgTAx2heWMTfsR2QCswFiqODPES+Vr4zeU3QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEArQCcDkyBDy6fH13GN/YKwhDRiMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUUN0QUp3T1RJRVBMcDhmWGNZMzlnckNFTkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALYBjAwQB
U49wAwQAVdGEAwQAVdmRAwQAV3lFAwQAsH38AwQAud6jAwQAwSoiAwQAwS88AwQA
wS8/AwQAwjD5AwQAwjD7MA0GCSqGSIb3DQEBCwUAA4IBAQCB8niVVGdwf7x9/tcy
y1tdp3QjRgOF0qGcerU1hB7IydpFOfV0lpk+DzHBGMMpryTB93h0foU2JpIJsApj
vcOAav7qirKxDcoyl6YX3SjF4aBGawGeE8TgwZu3VV0qlue/sM9TXhyCZEmzhw4W
Pq71cgKMDyLXvlsXhjs7YV92z6RcXFU8d6Dr3XA8HE3GZ1Svt9AqCNsLqhQbClTS
HT+Mn84WG08DLJdSI7jwrNxpuqF65cPOntMF72q4DlgbofCaZPSbiCevROovtZqH
AlW6qGtmcNhi0IemckUWsRp6MEjjmhOMCZWil6HOUhit5AKiwQfXQrPiqtagt7Vp
HCt1
-----END CERTIFICATE-----
Generated at Tue May 13 17:10:23 2025 by rpki-client