Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/zfNOtZ8EcOsp429Xxloik6aC40g.roa
File: zfNOtZ8EcOsp429Xxloik6aC40g.roa (raw, json)
Hash identifier: G+M98cUaaS9PX6reUScUrk6UaCz++aRJCdMYntkibj0=
Subject key identifier: CD:F3:4E:B5:9F:04:70:EB:29:E3:6F:57:C6:5A:22:93:A6:82:E3:48
Certificate issuer: /CN=5353a9a85fa11fc4bf156fab4d8d84a08e5d66f9
Certificate serial: 018570152B95A38E1BA48D99B7F47273CB4F
Authority key identifier: 53:53:A9:A8:5F:A1:1F:C4:BF:15:6F:AB:4D:8D:84:A0:8E:5D:66:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U1OpqF-hH8S_FW-rTY2EoI5dZvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/zfNOtZ8EcOsp429Xxloik6aC40g.roa
Signing time: Mon 02 Jan 2023 01:25:13 +0000
ROA not before: Mon 02 Jan 2023 01:25:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 24642
IP address blocks: 77.233.32.0/19 maxlen: 19
81.18.160.0/20 maxlen: 20
2001:1aa8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:15:2b:95:a3:8e:1b:a4:8d:99:b7:f4:72:73:cb:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5353a9a85fa11fc4bf156fab4d8d84a08e5d66f9
Validity
Not Before: Jan 2 01:25:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cdf34eb59f0470eb29e36f57c65a2293a682e348
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:ab:0e:29:f6:e9:2b:f9:e6:17:71:c0:12:a7:
aa:5b:c4:b6:ba:af:8c:d1:c2:00:84:47:e5:af:cb:
a0:a2:6b:75:f8:4e:18:39:25:1f:72:e5:88:65:62:
7c:55:46:d0:49:98:6b:aa:da:39:21:fa:98:76:fd:
ab:87:40:87:8f:dd:b2:10:cc:78:c7:81:93:b6:73:
cb:d7:19:16:3e:52:f1:fd:e9:d1:96:34:ca:e9:c1:
6e:b3:28:79:f5:a8:b7:8a:53:38:b0:15:95:66:c4:
c0:b1:f7:06:8f:4b:98:f9:93:2e:6b:90:fd:d8:8d:
a3:40:50:af:46:51:2a:c6:0e:a2:be:1e:b9:5f:92:
84:f5:50:0e:0c:49:d6:22:7f:2b:19:9e:6f:31:55:
fb:aa:3f:4d:45:bc:ea:d0:36:0e:61:3c:d4:00:7f:
e1:ad:85:61:19:21:4d:e6:15:fb:4b:6e:f3:90:f8:
29:00:17:08:fb:45:b3:70:e2:29:b3:e9:f9:15:02:
68:99:e5:54:fe:de:d2:2b:97:79:00:b7:9a:13:b8:
80:b5:04:de:10:11:f7:e6:05:19:c7:05:78:2a:8d:
bb:4a:b4:6a:4a:73:38:09:f7:f8:6d:3e:07:0c:72:
ee:dd:1e:6b:1d:88:ed:1f:f2:66:1d:7c:b7:4c:4a:
49:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:F3:4E:B5:9F:04:70:EB:29:E3:6F:57:C6:5A:22:93:A6:82:E3:48
X509v3 Authority Key Identifier:
keyid:53:53:A9:A8:5F:A1:1F:C4:BF:15:6F:AB:4D:8D:84:A0:8E:5D:66:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1OpqF-hH8S_FW-rTY2EoI5dZvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/zfNOtZ8EcOsp429Xxloik6aC40g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/U1OpqF-hH8S_FW-rTY2EoI5dZvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.233.32.0/19
81.18.160.0/20
IPv6:
2001:1aa8::/32
Signature Algorithm: sha256WithRSAEncryption
20:ca:22:90:34:8c:14:0b:cb:dc:c8:3d:34:db:e5:71:c3:ae:
b1:fd:10:f8:2c:22:0f:bb:c2:11:ce:a1:bf:85:11:78:85:56:
4d:84:69:23:70:d8:04:f9:7e:78:ca:e0:78:8b:97:ac:1f:58:
21:6f:2b:8f:d9:bf:d1:3b:15:8b:a0:00:2e:b1:d3:36:1d:75:
46:e9:ab:32:f1:03:02:c9:d9:ef:50:52:66:04:24:22:66:17:
86:b4:1b:86:2e:ee:ba:f6:76:aa:e4:2a:43:a9:48:56:b6:34:
68:59:ab:52:f7:f2:08:5c:a8:c7:6e:dc:8d:26:53:bd:e7:f2:
17:93:2f:c6:0a:90:30:a9:22:52:44:b6:47:f2:a2:62:99:5a:
51:e2:b0:77:cd:40:9a:b5:00:c2:73:e3:02:f3:59:91:08:9f:
a5:18:56:20:dc:2a:34:7e:8a:10:2e:81:a4:fc:b9:59:22:9b:
7f:04:2a:06:ba:3b:f7:ef:e1:3c:62:44:77:3e:47:34:d8:bc:
d7:83:25:38:63:dd:5f:95:db:a9:8e:dc:b6:ba:92:56:14:e3:
1e:79:29:18:78:8b:67:33:2c:69:c4:9b:2b:62:0c:89:b1:b6:
df:e4:a5:c5:77:20:de:6e:2f:c6:10:aa:eb:a2:8b:f9:ef:02:
1a:86:4b:44
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVwFSuVo44bpI2Zt/Ryc8tPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTNhOWE4NWZhMTFmYzRiZjE1NmZhYjRkOGQ4NGEwOGU1
ZDY2ZjkwHhcNMjMwMTAyMDEyNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGYzNGViNTlmMDQ3MGViMjllMzZmNTdjNjVhMjI5M2E2ODJlMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6sOKfbpK/nmF3HAEqeqW8S2uq+M
0cIAhEflr8ugomt1+E4YOSUfcuWIZWJ8VUbQSZhrqto5IfqYdv2rh0CHj92yEMx4
x4GTtnPL1xkWPlLx/enRljTK6cFusyh59ai3ilM4sBWVZsTAsfcGj0uY+ZMua5D9
2I2jQFCvRlEqxg6ivh65X5KE9VAODEnWIn8rGZ5vMVX7qj9NRbzq0DYOYTzUAH/h
rYVhGSFN5hX7S27zkPgpABcI+0WzcOIps+n5FQJomeVU/t7SK5d5ALeaE7iAtQTe
EBH35gUZxwV4Ko27SrRqSnM4Cff4bT4HDHLu3R5rHYjtH/JmHXy3TEpJ2wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM3zTrWfBHDrKeNvV8ZaIpOmguNIMB8GA1UdIwQY
MBaAFFNTqahfoR/EvxVvq02NhKCOXWb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFPcHFGLWhIOFNfRlctclRZMkVvSTVkWnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9iOTI5Y2UtZWMxNy00ZDUwLWE2YWUt
NzlkOTM0ZTRhOTlhLzEvemZOT3RaOEVjT3NwNDI5WHhsb2lrNmFDNDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9iOTI5Y2UtZWMxNy00ZDUwLWE2YWUtNzlkOTM0ZTRhOTlh
LzEvVTFPcHFGLWhIOFNfRlctclRZMkVvSTVkWnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFTekgAwQE
URKgMA0EAgACMAcDBQAgARqoMA0GCSqGSIb3DQEBCwUAA4IBAQAgyiKQNIwUC8vc
yD002+Vxw66x/RD4LCIPu8IRzqG/hRF4hVZNhGkjcNgE+X54yuB4i5esH1ghbyuP
2b/ROxWLoAAusdM2HXVG6asy8QMCydnvUFJmBCQiZheGtBuGLu669naq5CpDqUhW
tjRoWatS9/IIXKjHbtyNJlO95/IXky/GCpAwqSJSRLZH8qJimVpR4rB3zUCatQDC
c+MC81mRCJ+lGFYg3Co0fooQLoGk/LlZIpt/BCoGujv37+E8YkR3Pkc02LzXgyU4
Y91fldupjty2upJWFOMeeSkYeItnMyxpxJsrYgyJsbbf5KXFdyDebi/GEKrroov5
7wIahktE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:45 2024 by rpki-client on console-ams.rpki-client.org