Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ZXbPureTDiO4v4uC9hfxvbMdnSI.roa
File: ZXbPureTDiO4v4uC9hfxvbMdnSI.roa (raw, json)
Hash identifier: yuNe87+UlfCV7m1+JzljWs/8wIV46R2T2RRMpZ2nzus=
Subject key identifier: 65:76:CF:BA:B7:93:0E:23:B8:BF:8B:82:F6:17:F1:BD:B3:1D:9D:22
Certificate issuer: /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial: 3D4FC70F
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ZXbPureTDiO4v4uC9hfxvbMdnSI.roa
Signing time: Sat 01 Jan 2022 06:55:12 +0000
ROA not before: Sat 01 Jan 2022 06:55:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29486
IP address blocks: 178.21.128.0/21 maxlen: 21
31.24.128.0/21 maxlen: 21
81.27.32.0/20 maxlen: 20
2a00:1c90::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1028638479 (0x3d4fc70f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Validity
Not Before: Jan 1 06:55:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6576cfbab7930e23b8bf8b82f617f1bdb31d9d22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:44:0a:03:dd:c7:49:8d:5d:0f:54:70:8f:f5:
26:d0:02:c4:88:20:f2:92:fd:77:2e:81:d6:77:97:
4c:85:ec:34:b0:e8:15:d8:59:2f:66:44:d6:8f:e3:
36:1a:4d:1c:7c:40:ab:49:eb:a6:dd:44:38:2f:be:
de:86:da:94:21:bd:0d:36:a9:bb:fe:9b:7f:f1:ff:
69:5a:69:7c:7b:13:d2:db:39:22:13:a8:d6:ec:6b:
75:c4:2c:bb:3b:1b:ec:5c:f7:0c:98:c2:0d:58:96:
23:76:44:9d:6d:8c:e5:53:24:e8:fd:72:5e:d9:ad:
e0:e3:1a:0b:a7:f8:59:4a:7b:2e:e9:69:a9:6d:30:
17:54:1f:20:f4:8b:ff:0f:9e:3b:6d:72:6e:30:bf:
e2:43:38:13:4b:88:9a:ef:ac:3e:9f:6c:40:11:39:
db:06:8f:5c:d5:d8:ee:70:43:3a:af:58:31:96:c8:
a1:84:bc:74:de:0d:0a:bc:82:c1:f4:a6:18:e7:c7:
de:3f:ef:1c:ad:2e:3f:86:3b:3c:74:7c:9b:6d:65:
b0:a9:7b:be:8d:4b:11:22:e3:47:e8:21:c4:06:83:
42:b6:f6:ff:59:d6:1b:44:fb:88:1f:e2:f0:48:89:
35:9d:c8:ff:40:51:f5:f2:b4:c7:5a:aa:f6:6e:53:
0b:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:76:CF:BA:B7:93:0E:23:B8:BF:8B:82:F6:17:F1:BD:B3:1D:9D:22
X509v3 Authority Key Identifier:
keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ZXbPureTDiO4v4uC9hfxvbMdnSI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.128.0/21
81.27.32.0/20
178.21.128.0/21
IPv6:
2a00:1c90::/32
Signature Algorithm: sha256WithRSAEncryption
26:34:55:05:dd:cf:9e:06:83:df:dd:8f:c7:12:9b:b5:39:67:
c2:26:8c:02:b0:7c:0b:71:81:84:d2:76:dc:ff:5f:23:d5:f4:
78:f3:38:1e:a8:31:bd:21:75:67:eb:a2:8d:78:c5:52:36:ad:
ab:15:6d:5f:f1:55:b8:93:f1:ef:e0:95:ae:96:25:bb:b2:e8:
ce:8a:61:14:c5:a3:6d:78:b9:82:e7:08:0e:f1:50:cb:f2:e5:
02:a5:54:a6:aa:52:84:c4:9a:d6:d6:a5:75:f9:0e:81:ae:66:
bc:6d:06:c2:21:94:83:77:5d:1c:b9:04:59:0d:e4:ec:86:76:
4c:98:ec:66:0c:4c:cb:7d:65:18:52:3d:85:e3:e5:72:20:35:
a5:08:7a:f6:3b:d3:f7:80:d2:47:d1:59:2d:a4:d1:92:7a:93:
43:9f:a8:f3:da:8d:09:d1:f3:67:1a:32:d3:2f:ab:3a:e9:ea:
46:46:29:31:7e:9a:58:d1:8f:95:05:d0:2f:35:29:1d:b7:08:
5a:d0:ad:66:a1:8b:47:18:9f:19:44:c8:97:94:29:eb:1b:a5:
dc:25:fc:e9:0e:ac:68:72:8e:83:0e:c0:a9:5d:49:b9:d4:5b:
6e:54:46:27:7f:c5:e5:a6:a8:ba:4b:40:af:72:8f:f1:15:5c:
aa:4f:58:c3
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEPU/HDzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTZlZDBmYjdiMzIwODMyYWMxNTgwNTM0YzdiMjYzZjMwNGU5ODFiMB4XDTIyMDEw
MTA2NTUxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjU3NmNmYmFiNzkz
MGUyM2I4YmY4YjgyZjYxN2YxYmRiMzFkOWQyMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVECgPdx0mNXQ9UcI/1JtACxIgg8pL9dy6B1neXTIXsNLDo
FdhZL2ZE1o/jNhpNHHxAq0nrpt1EOC++3obalCG9DTapu/6bf/H/aVppfHsT0ts5
IhOo1uxrdcQsuzsb7Fz3DJjCDViWI3ZEnW2M5VMk6P1yXtmt4OMaC6f4WUp7Lulp
qW0wF1QfIPSL/w+eO21ybjC/4kM4E0uImu+sPp9sQBE52waPXNXY7nBDOq9YMZbI
oYS8dN4NCryCwfSmGOfH3j/vHK0uP4Y7PHR8m21lsKl7vo1LESLjR+ghxAaDQrb2
/1nWG0T7iB/i8EiJNZ3I/0BR9fK0x1qq9m5TC60CAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBRlds+6t5MOI7i/i4L2F/G9sx2dIjAfBgNVHSMEGDAWgBS6btD7ezIIMqwV
gFNMeyY/ME6YGzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VtN1EtM3N5Q0RLc0ZZQlRUSHNtUHpCT21Ccy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjAvNDIwNDFkLTU5MzEtNDgyNC05MjU0LTE2MWYzNDIzODdkMS8x
L1pYYlB1cmVURGlPNHY0dUM5aGZ4dmJNZG5TSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAv
NDIwNDFkLTU5MzEtNDgyNC05MjU0LTE2MWYzNDIzODdkMS8xL3VtN1EtM3N5Q0RL
c0ZZQlRUSHNtUHpCT21Ccy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAx8YgAMEBFEbIAMEA7IVgDANBAIA
AjAHAwUAKgAckDANBgkqhkiG9w0BAQsFAAOCAQEAJjRVBd3PngaD392PxxKbtTln
wiaMArB8C3GBhNJ23P9fI9X0ePM4HqgxvSF1Z+uijXjFUjatqxVtX/FVuJPx7+CV
rpYlu7LozophFMWjbXi5gucIDvFQy/LlAqVUpqpShMSa1taldfkOga5mvG0GwiGU
g3ddHLkEWQ3k7IZ2TJjsZgxMy31lGFI9hePlciA1pQh69jvT94DSR9FZLaTRknqT
Q5+o89qNCdHzZxoy0y+rOunqRkYpMX6aWNGPlQXQLzUpHbcIWtCtZqGLRxifGUTI
l5Qp6xul3CX86Q6saHKOgw7AqV1JudRbblRGJ3/F5aaouktAr3KP8RVcqk9Yww==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:03 2024 by rpki-client on console-fra.rpki-client.org