Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zj_vFMN_zukQ7Z0YMzBJO1uabec.roa
File: zj_vFMN_zukQ7Z0YMzBJO1uabec.roa (raw, json)
Hash identifier: rz8UL7lNs/dt8jAJYlDWNKXlqLgqjg82hSdWxqwSyDg=
Subject key identifier: CE:3F:EF:14:C3:7F:CE:E9:10:ED:9D:18:33:30:49:3B:5B:9A:6D:E7
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0193013E058E478B638161CCD57BCB893FB8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zj_vFMN_zukQ7Z0YMzBJO1uabec.roa
Signing time: Wed 06 Nov 2024 11:31:02 +0000
ROA not before: Wed 06 Nov 2024 11:31:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 174
IP address blocks: 31.13.193.0/24 maxlen: 24
31.13.225.0/24 maxlen: 24
37.60.141.0/24 maxlen: 24
87.120.107.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.120.191.0/24 maxlen: 24
87.121.32.0/24 maxlen: 24
87.121.70.0/23 maxlen: 24
87.121.88.0/23 maxlen: 24
87.121.144.0/23 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.46.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.61.0/24 maxlen: 24
94.156.92.0/24 maxlen: 24
94.156.162.0/23 maxlen: 24
94.156.164.0/23 maxlen: 24
94.156.170.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
212.73.149.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:01:3e:05:8e:47:8b:63:81:61:cc:d5:7b:cb:89:3f:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 6 11:31:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ce3fef14c37fcee910ed9d183330493b5b9a6de7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f4:7d:66:fb:2d:8f:c1:28:2c:34:d5:60:0f:
58:f9:98:68:dd:1f:af:71:b7:07:96:ef:4f:22:39:
a6:5c:dc:c0:dc:a3:e6:73:18:c1:29:c3:d8:85:06:
6c:e4:cd:6d:da:d5:76:3e:0b:60:16:e6:ad:a8:00:
2d:52:ec:b0:9d:51:7f:2b:3c:0e:33:01:cc:b0:ab:
13:f9:67:92:9f:7d:19:65:b0:5d:96:6d:80:eb:3f:
35:a4:57:df:e6:e6:08:9c:16:b4:56:d1:ac:1d:ed:
ab:b0:7c:b4:45:34:ee:27:63:ef:4c:d1:b6:65:f9:
ca:f1:55:e6:0f:f4:65:3b:16:65:44:1f:b6:6d:36:
05:7f:4d:dc:7b:95:21:3b:b7:9a:eb:f2:2e:36:e0:
09:4c:55:ae:1c:fb:99:65:8d:b5:d2:23:ee:41:18:
fc:d4:b2:98:0e:91:67:9f:c6:46:a0:2f:a4:6e:68:
8f:97:94:61:67:4c:93:79:ca:ff:98:4d:e4:ac:4d:
2b:10:22:91:c9:0b:07:71:6b:3f:24:f1:76:fc:0f:
cd:9a:28:77:9d:53:e9:c9:a0:e0:6a:0a:87:3f:31:
2e:40:63:8b:78:f8:bd:60:e8:81:f8:ff:48:0b:c6:
c5:ff:39:85:25:1f:6f:53:e4:67:b0:df:b1:ae:6f:
8b:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:3F:EF:14:C3:7F:CE:E9:10:ED:9D:18:33:30:49:3B:5B:9A:6D:E7
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zj_vFMN_zukQ7Z0YMzBJO1uabec.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.193.0/24
31.13.225.0/24
37.60.141.0/24
87.120.107.0/24
87.120.187.0/24
87.120.191.0/24
87.121.32.0/24
87.121.70.0/23
87.121.88.0/23
87.121.144.0/23
93.123.45.0-93.123.47.255
94.156.11.0/24
94.156.61.0/24
94.156.92.0/24
94.156.162.0-94.156.165.255
94.156.170.0/24
141.98.1.0/24
212.73.149.0/24
Signature Algorithm: sha256WithRSAEncryption
86:38:92:07:8c:fa:a6:1f:c2:51:0a:3a:a8:3b:91:a9:6a:2a:
10:55:db:43:1a:2d:6c:ad:d0:74:e0:4c:c9:7b:79:2a:58:32:
77:ac:71:8c:80:78:a2:52:71:87:69:fa:67:3a:66:2b:a3:67:
71:3f:21:dd:7a:25:d1:34:40:65:12:d3:9c:67:1b:d7:bb:06:
8e:8c:bb:ba:a3:ed:fd:1d:6c:d6:7f:cd:23:8c:b7:49:4b:da:
77:db:70:62:2d:bb:46:27:dd:31:fa:f2:c7:d8:18:12:64:40:
25:e3:98:e8:8c:a2:ef:1f:9e:73:aa:5a:c1:e3:bf:99:e6:7b:
19:82:05:85:b1:9c:05:cc:ff:c8:b7:87:44:b7:ed:87:59:e1:
e8:5e:36:69:de:01:b4:cd:a3:8e:84:df:c1:47:12:0c:e3:27:
6b:35:75:f8:05:09:2b:e0:c6:f3:12:fa:0e:e0:40:b7:d9:5d:
c9:42:32:93:32:b1:4f:4b:c0:40:0e:8b:75:e3:e6:34:f0:9c:
9d:1d:8e:2d:8c:a4:86:89:da:46:9d:0c:92:db:fa:01:b1:6b:
81:dd:ca:5c:c3:21:c2:0e:1e:32:ec:e5:30:66:0b:b3:4a:74:
c5:18:d2:d9:02:56:ed:39:7a:46:1e:7b:b0:de:22:16:f9:82:
b5:9e:29:aa
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZMBPgWOR4tjgWHM1XvLiT+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTA2MTEzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTNmZWYxNGMzN2ZjZWU5MTBlZDlkMTgzMzMwNDkzYjViOWE2ZGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfR9Zvstj8EoLDTVYA9Y+Zho3R+v
cbcHlu9PIjmmXNzA3KPmcxjBKcPYhQZs5M1t2tV2PgtgFuatqAAtUuywnVF/KzwO
MwHMsKsT+WeSn30ZZbBdlm2A6z81pFff5uYInBa0VtGsHe2rsHy0RTTuJ2PvTNG2
ZfnK8VXmD/RlOxZlRB+2bTYFf03ce5UhO7ea6/IuNuAJTFWuHPuZZY210iPuQRj8
1LKYDpFnn8ZGoC+kbmiPl5RhZ0yTecr/mE3krE0rECKRyQsHcWs/JPF2/A/Nmih3
nVPpyaDgagqHPzEuQGOLePi9YOiB+P9IC8bF/zmFJR9vU+RnsN+xrm+LiQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFM4/7xTDf87pEO2dGDMwSTtbmm3nMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvempfdkZNTl96dWtRN1owWU16QkpPMXVhYmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAB8N
wQMEAB8N4QMEACU8jQMEAFd4awMEAFd4uwMEAFd4vwMEAFd5IAMEAVd5RgMEAVd5
WAMEAVd5kDAMAwQAXXstAwQEXXsgAwQAXpwLAwQAXpw9AwQAXpxcMAwDBAFenKID
BAFenKQDBABenKoDBACNYgEDBADUSZUwDQYJKoZIhvcNAQELBQADggEBAIY4kgeM
+qYfwlEKOqg7kalqKhBV20MaLWyt0HTgTMl7eSpYMnescYyAeKJScYdp+mc6Ziuj
Z3E/Id16JdE0QGUS05xnG9e7Bo6Mu7qj7f0dbNZ/zSOMt0lL2nfbcGItu0Yn3TH6
8sfYGBJkQCXjmOiMou8fnnOqWsHjv5nmexmCBYWxnAXM/8i3h0S37YdZ4eheNmne
AbTNo46E38FHEgzjJ2s1dfgFCSvgxvMS+g7gQLfZXclCMpMysU9LwEAOi3Xj5jTw
nJ0dji2MpIaJ2kadDJLb+gGxa4HdylzDIcIOHjLs5TBmC7NKdMUY0tkCVu05ekYe
e7DeIhb5grWeKao=
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:37:26 2025 by rpki-client