Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Zl3PGTTypIddqcZ47JybAC5lOEU.roa
File: Zl3PGTTypIddqcZ47JybAC5lOEU.roa (raw, json)
Hash identifier: lhk1kiqa/5Dfpyoj3B6WkKEpGQYN/GMSt/A6AH2ISwA=
Subject key identifier: 66:5D:CF:19:34:F2:A4:87:5D:A9:C6:78:EC:9C:9B:00:2E:65:38:45
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 01845B2C5B697DC6B7E64764417B12C56DA0
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Zl3PGTTypIddqcZ47JybAC5lOEU.roa
Signing time: Wed 09 Nov 2022 06:55:44 +0000
ROA not before: Wed 09 Nov 2022 06:55:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49581
IP address blocks: 62.182.171.0/24 maxlen: 24
62.182.170.0/24 maxlen: 24
62.182.169.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:5b:2c:5b:69:7d:c6:b7:e6:47:64:41:7b:12:c5:6d:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Nov 9 06:55:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=665dcf1934f2a4875da9c678ec9c9b002e653845
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c2:5a:3c:25:21:70:8b:65:74:23:12:e3:f2:
30:02:0b:fa:99:0e:f8:d6:b2:68:10:b8:d4:a4:6e:
ad:3e:6e:ac:dd:5a:5e:95:b9:43:d0:0d:06:40:42:
ec:dd:a8:2e:87:16:8f:59:37:69:cd:6d:ea:86:63:
e8:71:b2:8e:6b:2a:70:5d:9f:78:16:1e:3d:b3:51:
54:2f:51:66:79:14:bf:d2:24:90:7a:5d:1d:7a:5f:
4f:21:04:a4:ec:6a:56:29:9d:74:e4:41:06:06:5b:
0b:d5:df:3e:d1:84:d8:53:af:6a:d9:69:e6:8a:db:
d1:0e:93:1c:61:a5:f0:f5:c7:1f:4c:89:c1:24:be:
db:d8:ed:65:c3:6d:ac:68:0a:b8:b1:64:9f:a7:19:
24:d0:f4:07:13:b7:9e:a1:f5:5b:16:dc:30:90:26:
f9:65:d7:86:7e:37:54:94:9d:e4:8f:10:10:c4:59:
d8:32:41:5b:e6:a3:bd:e9:c8:e3:ec:3f:8e:6f:46:
1e:65:6c:22:0d:6a:b8:94:9b:c6:82:8b:93:f8:56:
1d:23:79:40:bd:b8:59:31:fd:88:ec:06:21:ea:e2:
eb:0a:c6:79:29:1a:f7:98:e1:21:ac:c1:25:9e:f3:
83:0e:b4:bb:c1:0e:74:96:d5:7c:37:8f:12:63:09:
f2:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:5D:CF:19:34:F2:A4:87:5D:A9:C6:78:EC:9C:9B:00:2E:65:38:45
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Zl3PGTTypIddqcZ47JybAC5lOEU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.169.0-62.182.171.255
Signature Algorithm: sha256WithRSAEncryption
2a:56:2c:ca:a6:b2:a1:89:8f:38:3d:ae:f4:81:e8:63:73:63:
64:5f:1a:40:5d:e6:b2:95:18:3b:2b:a2:db:7b:78:0c:4e:d5:
3d:fb:18:14:41:d4:6e:a5:2c:28:bf:f8:5e:98:11:9f:76:94:
a0:ce:84:63:ba:fc:02:04:ce:b8:a5:7e:3e:85:e7:58:93:fb:
ec:b7:39:ff:b2:64:31:86:bc:55:5f:70:75:8f:7a:b7:9d:50:
5f:3f:13:8f:c0:6f:a3:c6:bd:18:1f:3d:93:83:11:8e:d2:97:
fb:85:b1:c6:68:c9:65:4f:e5:70:06:ca:88:8d:59:4b:50:b4:
9f:43:d4:7a:04:d4:7c:69:33:57:23:27:85:83:f8:b0:01:ed:
64:b9:b2:a0:d5:2f:6c:ee:d4:fb:6b:34:9d:32:8a:f0:38:0e:
23:47:8a:2c:1e:a2:08:db:f3:9f:c6:f4:de:c4:89:ec:2d:81:
1f:12:c0:41:7a:50:52:66:39:dc:11:d6:91:16:7a:ee:2b:b9:
39:6b:93:c7:25:72:d8:79:1b:03:f7:9d:7e:c8:99:88:18:8d:
a2:2b:b3:3e:30:bb:6d:9f:32:a8:75:ad:50:24:f5:56:38:9f:
3f:cd:31:18:43:73:50:93:39:42:2a:f7:4f:0d:49:2e:dc:41:
e4:43:ed:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYRbLFtpfca35kdkQXsSxW2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjIxMTA5MDY1NTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjVkY2YxOTM0ZjJhNDg3NWRhOWM2NzhlYzljOWIwMDJlNjUzODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcJaPCUhcItldCMS4/IwAgv6mQ74
1rJoELjUpG6tPm6s3VpelblD0A0GQELs3aguhxaPWTdpzW3qhmPocbKOaypwXZ94
Fh49s1FUL1FmeRS/0iSQel0del9PIQSk7GpWKZ105EEGBlsL1d8+0YTYU69q2Wnm
itvRDpMcYaXw9ccfTInBJL7b2O1lw22saAq4sWSfpxkk0PQHE7eeofVbFtwwkCb5
ZdeGfjdUlJ3kjxAQxFnYMkFb5qO96cjj7D+Ob0YeZWwiDWq4lJvGgouT+FYdI3lA
vbhZMf2I7AYh6uLrCsZ5KRr3mOEhrMElnvODDrS7wQ50ltV8N48SYwnyqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGZdzxk08qSHXanGeOycmwAuZThFMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvWmwzUEdUVHlwSWRkcWNaNDdKeWJBQzVsT0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAA+tqkD
BAI+tqgwDQYJKoZIhvcNAQELBQADggEBACpWLMqmsqGJjzg9rvSB6GNzY2RfGkBd
5rKVGDsrott7eAxO1T37GBRB1G6lLCi/+F6YEZ92lKDOhGO6/AIEzrilfj6F51iT
++y3Of+yZDGGvFVfcHWPeredUF8/E4/Ab6PGvRgfPZODEY7Sl/uFscZoyWVP5XAG
yoiNWUtQtJ9D1HoE1HxpM1cjJ4WD+LAB7WS5sqDVL2zu1PtrNJ0yivA4DiNHiiwe
ogjb85/G9N7EiewtgR8SwEF6UFJmOdwR1pEWeu4ruTlrk8clcth5GwP3nX7ImYgY
jaIrsz4wu22fMqh1rVAk9VY4nz/NMRhDc1CTOUIq908NSS7cQeRD7Y8=
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:28:56 2025 by rpki-client