Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZlEFjisYfbPFnw7fwWakEimDVEE.roa
File: ZlEFjisYfbPFnw7fwWakEimDVEE.roa (raw, json)
Hash identifier: KfHpV+k6auw4dg60NxRSZgVqAF1BUgcd8uoLBMTEGAI=
Subject key identifier: 66:51:05:8E:2B:18:7D:B3:C5:9F:0E:DF:C1:66:A4:12:29:83:54:41
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01877A9B78E62DE9B8C16F09D56B59AD2B48
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZlEFjisYfbPFnw7fwWakEimDVEE.roa
Signing time: Thu 13 Apr 2023 12:33:41 +0000
ROA not before: Thu 13 Apr 2023 12:33:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 185.221.67.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
171.22.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7a:9b:78:e6:2d:e9:b8:c1:6f:09:d5:6b:59:ad:2b:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 13 12:33:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6651058e2b187db3c59f0edfc166a41229835441
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:47:b2:81:26:0d:d8:51:3a:73:87:88:1c:a5:
a0:7c:4a:00:c6:44:d7:52:ba:d8:b6:1d:f6:86:1f:
9f:17:fd:db:2e:82:39:8e:f4:c7:82:6d:dc:b1:c8:
27:dc:02:be:2b:f9:19:25:4f:c7:d6:91:bc:31:70:
d4:33:48:01:9c:6e:1f:0d:97:bb:9d:20:db:16:a8:
7e:f9:fe:8c:01:68:60:59:c5:81:62:09:ec:3f:63:
b3:77:19:1a:d3:7f:b4:77:04:2f:b3:36:c6:72:e4:
e9:e2:0e:42:86:85:d8:89:d4:f2:07:ee:d9:91:62:
fb:13:d0:99:57:1a:d5:55:b3:bf:51:91:1a:e4:88:
37:49:eb:a2:88:cf:9f:ef:6e:7c:86:09:83:78:cb:
b3:51:e1:a9:2c:63:67:24:40:20:98:ac:ed:6e:d5:
a2:7b:60:f9:06:f2:6b:2c:be:3f:42:54:77:99:63:
22:4e:40:9c:01:7d:9a:fd:44:e1:65:9d:a0:04:1f:
16:14:b8:15:27:4a:8c:d8:b1:c8:97:ac:27:ea:a1:
57:e4:20:de:33:52:ea:f7:f6:d0:f6:79:af:e2:72:
7b:9f:62:4b:45:37:f7:73:4c:3d:40:f5:59:1b:0f:
b3:f3:bd:63:3a:d0:6b:ff:a8:ce:7c:60:78:f7:69:
b2:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:51:05:8E:2B:18:7D:B3:C5:9F:0E:DF:C1:66:A4:12:29:83:54:41
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZlEFjisYfbPFnw7fwWakEimDVEE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.22.19.0/24
185.221.67.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:47:de:b1:c2:8c:9b:ee:cf:cf:dd:08:fe:a9:8f:7f:66:28:
83:ea:27:5e:40:73:f0:cb:85:ba:03:e9:84:88:90:7e:d5:e7:
48:a7:5c:fe:5f:3d:2c:05:fb:45:52:6b:2e:61:f7:35:bf:92:
2c:a5:9a:91:11:6a:7d:d7:1a:d8:03:6e:0a:1e:2d:bb:35:e3:
40:11:73:33:51:c0:e7:0b:cf:c3:4a:9f:ac:58:87:90:41:7f:
e5:61:0c:05:3a:9d:e2:02:33:d1:0f:50:d6:a6:e1:f1:cc:bd:
c3:c3:d7:71:99:57:1b:4f:3b:0c:bb:e5:cf:62:59:1d:31:3c:
7d:d2:e2:f0:da:f6:61:93:a5:0b:03:c8:d1:dc:80:db:35:6c:
f1:ff:7b:ad:f1:90:85:d2:bd:3a:c2:44:b3:67:21:f7:9f:a3:
43:db:f6:8c:a8:01:03:46:cf:c2:06:ec:b8:0c:61:09:74:70:
ab:cb:bc:cb:d9:f5:32:be:e1:ba:63:76:2c:a4:d4:1a:d1:c2:
04:b4:1f:9d:1e:11:c5:82:7a:cd:68:6b:d8:d6:02:56:af:b1:
6a:3f:1b:db:da:87:01:29:b1:de:fa:73:67:b8:98:93:f0:3d:
c8:52:45:ed:30:7e:80:98:c0:3c:a9:37:cb:94:3a:47:fe:0e:
01:e3:13:cd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYd6m3jmLem4wW8J1WtZrStIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEzMTIzMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjUxMDU4ZTJiMTg3ZGIzYzU5ZjBlZGZjMTY2YTQxMjI5ODM1NDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEeygSYN2FE6c4eIHKWgfEoAxkTX
UrrYth32hh+fF/3bLoI5jvTHgm3cscgn3AK+K/kZJU/H1pG8MXDUM0gBnG4fDZe7
nSDbFqh++f6MAWhgWcWBYgnsP2Ozdxka03+0dwQvszbGcuTp4g5ChoXYidTyB+7Z
kWL7E9CZVxrVVbO/UZEa5Ig3SeuiiM+f7258hgmDeMuzUeGpLGNnJEAgmKztbtWi
e2D5BvJrLL4/QlR3mWMiTkCcAX2a/UThZZ2gBB8WFLgVJ0qM2LHIl6wn6qFX5CDe
M1Lq9/bQ9nmv4nJ7n2JLRTf3c0w9QPVZGw+z871jOtBr/6jOfGB492myBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGZRBY4rGH2zxZ8O38FmpBIpg1RBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWmxFRmppc1lmYlBGbnc3ZndXYWtFaW1EVkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAqxYTAwQA
ud1DAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQA8R96xwoyb7s/P3Qj+qY9/ZiiD
6ideQHPwy4W6A+mEiJB+1edIp1z+Xz0sBftFUmsuYfc1v5IspZqREWp91xrYA24K
Hi27NeNAEXMzUcDnC8/DSp+sWIeQQX/lYQwFOp3iAjPRD1DWpuHxzL3Dw9dxmVcb
TzsMu+XPYlkdMTx90uLw2vZhk6ULA8jR3IDbNWzx/3ut8ZCF0r06wkSzZyH3n6ND
2/aMqAEDRs/CBuy4DGEJdHCry7zL2fUyvuG6Y3YspNQa0cIEtB+dHhHFgnrNaGvY
1gJWr7FqPxvb2ocBKbHe+nNnuJiT8D3IUkXtMH6AmMA8qTfLlDpH/g4B4xPN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:14 2024 by rpki-client on console-fra.rpki-client.org