Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZOAi6Z8rR8z7nMVh-pNesWOommk.roa
File: ZOAi6Z8rR8z7nMVh-pNesWOommk.roa (raw, json)
Hash identifier: GtxibibgEW3Zex4RSQqaO8ESR618stm6dv02N7u9sYc=
Subject key identifier: 64:E0:22:E9:9F:2B:47:CC:FB:9C:C5:61:FA:93:5E:B1:63:A8:9A:69
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018E66A1D3D2D424E84C1C22F0743028B015
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZOAi6Z8rR8z7nMVh-pNesWOommk.roa
Signing time: Fri 22 Mar 2024 14:47:45 +0000
ROA not before: Fri 22 Mar 2024 14:47:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207279
IP address blocks: 2.59.253.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.91.0/24 maxlen: 24
79.110.51.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
92.119.198.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
109.206.239.0/24 maxlen: 24
178.215.225.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.222.160.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
185.222.162.0/24 maxlen: 24
185.246.223.0/24 maxlen: 24
193.25.217.0/24 maxlen: 24
193.37.40.0/24 maxlen: 24
193.37.42.0/24 maxlen: 24
193.37.44.0/24 maxlen: 24
193.222.97.0/24 maxlen: 24
193.222.99.0/24 maxlen: 24
194.55.187.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:66:a1:d3:d2:d4:24:e8:4c:1c:22:f0:74:30:28:b0:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 22 14:47:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=64e022e99f2b47ccfb9cc561fa935eb163a89a69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:f8:1c:b1:12:a9:ff:9d:97:02:40:47:f0:6e:
16:15:30:a0:2f:8e:8b:cd:f6:6b:f5:a3:07:2c:af:
e2:93:33:2a:dc:f6:24:9f:22:cb:8f:39:16:14:43:
ce:46:44:d0:ec:3e:9b:fd:19:6f:91:15:71:b7:e9:
f9:a0:81:f6:ba:d1:20:4f:f3:f6:cb:e0:0c:37:5d:
40:f8:13:d2:90:e1:49:ae:d2:9e:c3:8b:d3:49:06:
d8:80:05:b0:6d:01:3f:1e:30:9f:ae:47:db:e4:b2:
23:a1:09:28:d1:3c:f8:b4:af:fb:43:c2:dd:6d:2f:
07:83:93:96:c7:4e:0c:cc:f9:f8:96:06:2b:3f:d4:
53:99:87:df:7e:8d:1c:10:81:af:90:2a:02:7f:2a:
da:ad:32:84:5f:3a:a7:1a:a1:7f:c0:4d:ac:1f:53:
d8:77:a2:21:96:90:22:55:1f:aa:8d:73:b8:b4:bb:
1c:5e:b8:e7:24:7f:c8:4b:1d:42:a0:36:9a:ae:e8:
a6:9e:f9:62:89:a8:1a:14:dd:7b:f0:84:97:ba:ba:
e6:bc:51:02:05:ea:5d:9b:23:d3:21:b4:36:10:34:
e4:95:13:c9:f8:f3:f1:f8:b6:a2:e9:ec:a5:d0:49:
12:33:7b:4d:a8:0c:54:5e:3b:0d:e7:b5:63:df:73:
c8:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:E0:22:E9:9F:2B:47:CC:FB:9C:C5:61:FA:93:5E:B1:63:A8:9A:69
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZOAi6Z8rR8z7nMVh-pNesWOommk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
45.84.91.0/24
45.88.64.0/24
45.88.91.0/24
79.110.51.0/24
83.219.97.0/24
92.119.198.0/24
92.249.50.0/24
94.154.162.0/24
109.206.239.0/24
178.215.225.0/24
178.215.227.0/24
178.215.236.0/24
185.222.160.0-185.222.162.255
185.246.223.0/24
193.25.217.0/24
193.37.40.0/24
193.37.42.0/24
193.37.44.0/24
193.222.97.0/24
193.222.99.0/24
194.55.187.0/24
194.55.225.0/24
194.180.38.0/24
Signature Algorithm: sha256WithRSAEncryption
38:14:3a:10:a9:ac:9c:ef:21:78:7d:89:3f:f9:cc:d3:09:cc:
c3:f7:3b:35:d9:11:00:dc:81:22:58:7b:c1:1e:fd:8b:aa:80:
c4:ee:e3:70:19:e6:87:4e:1d:15:51:00:d1:c9:f3:82:e0:7f:
07:b7:f0:a9:ba:01:86:e2:2c:08:69:85:d2:f7:18:f8:81:4e:
cd:01:5c:fb:bd:a6:72:bd:a9:04:42:cb:1d:e1:4b:53:74:96:
c5:04:36:91:d3:b4:90:3b:e8:28:bb:43:01:08:d1:e1:15:c9:
98:21:65:f1:3b:ed:2d:d5:2c:53:7b:1c:4d:49:9e:a5:5b:30:
fe:a9:d2:00:ae:12:df:7c:ed:ed:22:5c:e9:12:a1:3b:27:09:
b7:60:dd:c4:e4:cf:c5:33:b8:29:d1:06:61:4a:9b:85:fa:80:
d9:3e:dd:c4:fc:3f:fd:34:07:37:e3:10:45:41:6c:69:9a:eb:
34:fb:9d:de:67:ab:9b:a5:75:62:1f:b8:60:eb:db:5e:3e:f7:
49:eb:3b:9d:ba:be:33:70:6c:ff:30:94:61:f6:b8:d9:52:5a:
4d:12:ab:91:bd:44:f1:3b:40:6e:8d:35:22:45:5f:c6:18:95:
6b:43:22:60:fe:1d:a4:9b:dd:59:ad:7b:30:9c:40:c9:25:68:
aa:41:53:fd
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY5modPS1CToTBwi8HQwKLAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzIyMTQ0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGUwMjJlOTlmMmI0N2NjZmI5Y2M1NjFmYTkzNWViMTYzYTg5YTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/gcsRKp/52XAkBH8G4WFTCgL46L
zfZr9aMHLK/ikzMq3PYknyLLjzkWFEPORkTQ7D6b/RlvkRVxt+n5oIH2utEgT/P2
y+AMN11A+BPSkOFJrtKew4vTSQbYgAWwbQE/HjCfrkfb5LIjoQko0Tz4tK/7Q8Ld
bS8Hg5OWx04MzPn4lgYrP9RTmYfffo0cEIGvkCoCfyrarTKEXzqnGqF/wE2sH1PY
d6IhlpAiVR+qjXO4tLscXrjnJH/ISx1CoDaaruimnvliiagaFN178ISXurrmvFEC
BepdmyPTIbQ2EDTklRPJ+PPx+Lai6eyl0EkSM3tNqAxUXjsN57Vj33PIewIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGTgIumfK0fM+5zFYfqTXrFjqJppMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWk9BaTZaOHJSOHo3bk1WaC1wTmVzV09vbW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG1BggrBgEFBQcBBwEB/wSBpTCBojCBnwQCAAEwgZgDBAAC
O/0DBAAtVFsDBAAtWEADBAAtWFsDBABPbjMDBABT22EDBABcd8YDBABc+TIDBABe
mqIDBABtzu8DBACy1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogMEALn23wME
AMEZ2QMEAMElKAMEAMElKgMEAMElLAMEAMHeYQMEAMHeYwMEAMI3uwMEAMI34QME
AMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAOBQ6EKmsnO8heH2JP/nM0wnMw/c7NdkR
ANyBIlh7wR79i6qAxO7jcBnmh04dFVEA0cnzguB/B7fwqboBhuIsCGmF0vcY+IFO
zQFc+72mcr2pBELLHeFLU3SWxQQ2kdO0kDvoKLtDAQjR4RXJmCFl8TvtLdUsU3sc
TUmepVsw/qnSAK4S33zt7SJc6RKhOycJt2DdxOTPxTO4KdEGYUqbhfqA2T7dxPw/
/TQHN+MQRUFsaZrrNPud3merm6V1Yh+4YOvbXj73Ses7nbq+M3Bs/zCUYfa42VJa
TRKrkb1E8TtAbo01IkVfxhiVa0MiYP4dpJvdWa17MJxAySVoqkFT/Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:36 2024 by rpki-client on console-ams.rpki-client.org