Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ZgVlPAxg_6Z3ER-7zvB-5vmMpNY.roa
File: ZgVlPAxg_6Z3ER-7zvB-5vmMpNY.roa (raw, json)
Hash identifier: tnWI47wf76AS3FbZ5+38Rh7LZeRUIPx18Ipe6Obrukg=
Subject key identifier: 66:05:65:3C:0C:60:FF:A6:77:11:1F:BB:CE:F0:7E:E6:F9:8C:A4:D6
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018A83D553C865F23BC70CC483EFA6443354
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ZgVlPAxg_6Z3ER-7zvB-5vmMpNY.roa
Signing time: Mon 11 Sep 2023 10:41:50 +0000
ROA not before: Mon 11 Sep 2023 10:41:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9050
IP address blocks: 94.176.164.0/23 maxlen: 24
85.204.79.0/24 maxlen: 24
94.177.107.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:83:d5:53:c8:65:f2:3b:c7:0c:c4:83:ef:a6:44:33:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Sep 11 10:41:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6605653c0c60ffa677111fbbcef07ee6f98ca4d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:13:8d:f3:07:f9:8f:ce:21:cb:f3:62:e1:7a:
4f:8a:c7:c3:50:d9:45:a7:b8:07:2a:0c:9d:43:d7:
df:aa:ec:c9:9c:51:42:40:7d:fd:79:05:66:7b:a0:
63:ac:73:4c:f7:f5:e5:6e:de:5d:a4:d5:b8:01:76:
2c:03:cc:65:65:a3:b1:7b:d9:25:50:cc:09:74:5b:
31:70:63:39:ba:b9:48:0e:c9:23:6d:fb:1f:64:f2:
53:ed:ae:23:70:72:d8:67:99:4d:b3:31:ae:a2:77:
8e:51:d1:7f:df:b6:f5:97:85:5e:39:05:87:d5:33:
e7:10:e5:3e:57:0b:f9:51:74:56:4e:cf:b4:6b:f4:
5a:b3:5e:27:03:40:99:90:96:7e:a8:bf:00:2a:91:
ce:3c:38:c5:83:f7:ce:b0:7b:be:e7:b6:de:3f:c1:
60:78:f3:07:e8:65:ca:cd:8c:0d:ec:1c:3b:f9:71:
51:7c:ed:b2:83:34:f7:de:a3:31:36:f3:b6:5f:3a:
5b:f8:7e:95:da:e8:89:be:09:0a:ea:8b:ff:0a:c8:
d6:59:b3:79:9d:3e:b4:b7:de:d7:6b:51:63:03:31:
d3:45:e1:93:49:5c:80:30:43:f9:36:83:1b:e6:d7:
99:05:26:f9:c3:1d:d4:a9:a0:db:2c:66:b0:7d:23:
6c:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:05:65:3C:0C:60:FF:A6:77:11:1F:BB:CE:F0:7E:E6:F9:8C:A4:D6
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ZgVlPAxg_6Z3ER-7zvB-5vmMpNY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.79.0/24
94.176.164.0/23
94.177.107.0/24
Signature Algorithm: sha256WithRSAEncryption
89:50:ff:96:c5:c2:07:ef:84:c9:80:b8:5f:10:5e:9e:45:9e:
8e:cf:22:8a:1e:63:63:02:20:5f:58:0a:57:d0:ce:30:26:cc:
1f:78:4e:18:1e:1f:6b:6a:35:bc:8c:61:77:37:be:f6:37:b4:
c3:f4:39:fa:7d:8f:02:71:70:8b:13:b5:57:d8:29:3d:eb:ac:
66:eb:9b:19:6f:28:f5:f4:05:75:ca:8f:f7:05:5e:c8:a8:7e:
68:00:65:0d:ab:b5:88:77:f2:52:ef:79:d2:fe:8a:62:3b:d3:
90:66:5b:c9:cd:ed:81:f5:c4:1b:57:58:98:ff:cb:48:d1:74:
8b:12:6b:49:3f:24:f5:c0:c0:22:97:a1:80:3f:a1:2d:b8:da:
69:70:be:d8:d6:b4:51:58:36:44:40:65:a1:b1:ab:33:17:ae:
94:2e:fa:85:7a:2f:c2:e7:c0:01:33:ca:16:89:f5:e4:ed:91:
35:f6:8f:7a:bc:33:0e:e5:16:93:7e:49:d9:37:2b:5e:fd:23:
db:d8:4c:80:48:ef:bd:88:ee:86:f5:e8:08:e0:a0:ef:78:ef:
a9:21:49:8a:3e:93:82:cb:28:7a:41:ae:ff:ef:c0:ed:84:2d:
06:7d:bf:0d:9e:5c:95:e8:80:dd:5b:ab:34:e0:4a:b2:a8:9d:
39:87:bc:5a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYqD1VPIZfI7xwzEg++mRDNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwOTExMTA0MTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjA1NjUzYzBjNjBmZmE2NzcxMTFmYmJjZWYwN2VlNmY5OGNhNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxON8wf5j84hy/Ni4XpPisfDUNlF
p7gHKgydQ9ffquzJnFFCQH39eQVme6BjrHNM9/Xlbt5dpNW4AXYsA8xlZaOxe9kl
UMwJdFsxcGM5urlIDskjbfsfZPJT7a4jcHLYZ5lNszGuoneOUdF/37b1l4VeOQWH
1TPnEOU+Vwv5UXRWTs+0a/Ras14nA0CZkJZ+qL8AKpHOPDjFg/fOsHu+57beP8Fg
ePMH6GXKzYwN7Bw7+XFRfO2ygzT33qMxNvO2Xzpb+H6V2uiJvgkK6ov/CsjWWbN5
nT60t97Xa1FjAzHTReGTSVyAMEP5NoMb5teZBSb5wx3UqaDbLGawfSNsxQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGYFZTwMYP+mdxEfu87wfub5jKTWMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1pnVmxQQXhnXzZaM0VSLTd6dkItNXZtTXBOWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABVzE8D
BAFesKQDBABesWswDQYJKoZIhvcNAQELBQADggEBAIlQ/5bFwgfvhMmAuF8QXp5F
no7PIooeY2MCIF9YClfQzjAmzB94ThgeH2tqNbyMYXc3vvY3tMP0Ofp9jwJxcIsT
tVfYKT3rrGbrmxlvKPX0BXXKj/cFXsiofmgAZQ2rtYh38lLvedL+imI705BmW8nN
7YH1xBtXWJj/y0jRdIsSa0k/JPXAwCKXoYA/oS242mlwvtjWtFFYNkRAZaGxqzMX
rpQu+oV6L8LnwAEzyhaJ9eTtkTX2j3q8Mw7lFpN+Sdk3K179I9vYTIBI772I7ob1
6AjgoO9476khSYo+k4LLKHpBrv/vwO2ELQZ9vw2eXJXogN1bqzTgSrKonTmHvFo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:42 2024 by rpki-client on console-fra.rpki-client.org