Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/ZKCC--KBAa1IsjUUWJSb6EMS-1g.roa
File: ZKCC--KBAa1IsjUUWJSb6EMS-1g.roa (raw, json)
Hash identifier: Yzo4bnl0oiTY5K5Qka0YMGBEng2TYwDybZVjM32q7qA=
Subject key identifier: 64:A0:82:FB:E2:81:01:AD:48:B2:35:14:58:94:9B:E8:43:12:FB:58
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 01891155A9B54A192A06654E61644159B907
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/ZKCC--KBAa1IsjUUWJSb6EMS-1g.roa
Signing time: Sat 01 Jul 2023 12:02:53 +0000
ROA not before: Sat 01 Jul 2023 12:02:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.77.0/24 maxlen: 24
109.230.73.0/24 maxlen: 24
109.230.76.0/24 maxlen: 24
109.230.72.0/24 maxlen: 24
109.230.75.0/24 maxlen: 24
109.230.78.0/24 maxlen: 24
109.230.74.0/24 maxlen: 24
109.230.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:11:55:a9:b5:4a:19:2a:06:65:4e:61:64:41:59:b9:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jul 1 12:02:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=64a082fbe28101ad48b2351458949be84312fb58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:60:02:b6:37:82:fc:ef:37:01:b8:da:2f:62:
e7:6c:b4:a8:51:c8:72:1c:59:a9:78:e9:ab:0f:b0:
7a:f2:c7:58:35:0c:bb:fa:05:47:4e:30:e3:fd:05:
47:10:94:ab:bf:d6:e8:a2:60:32:aa:bd:6c:af:38:
8f:3e:17:9f:47:57:06:cd:c0:00:8f:6b:45:0e:02:
59:a9:9d:db:1f:fb:1f:02:5f:77:f1:96:0e:95:91:
78:34:db:86:82:7e:b6:f4:c9:5a:72:ee:a5:65:74:
dd:c0:dd:14:92:b8:37:b5:2e:b0:a4:c5:c4:01:6b:
b4:8d:54:4c:55:28:d8:24:b7:d9:c5:dd:42:ac:e7:
76:73:66:e0:c3:9b:89:95:ff:2f:c5:7a:32:3d:61:
0b:c9:88:7e:03:b2:b1:4d:1a:bd:b9:38:cf:33:67:
7d:b5:90:f6:d0:ee:8e:db:86:c3:41:6e:d6:58:a7:
a3:0a:a0:3a:29:31:e5:a7:a9:5f:04:f6:c0:a9:bc:
30:ab:93:1b:31:6f:ee:72:58:47:bf:ff:b2:c1:3d:
33:b5:9e:f8:c4:26:7b:33:86:77:87:2f:f2:54:56:
32:1e:97:6a:12:d7:07:b9:6c:92:44:13:ed:66:58:
b5:d3:51:c0:ec:19:db:78:cc:28:ae:6c:43:23:0c:
93:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:A0:82:FB:E2:81:01:AD:48:B2:35:14:58:94:9B:E8:43:12:FB:58
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/ZKCC--KBAa1IsjUUWJSb6EMS-1g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.72.0/21
Signature Algorithm: sha256WithRSAEncryption
86:ae:11:75:7c:5a:ca:53:c5:72:7b:16:6f:0d:ab:a6:af:28:
50:08:07:29:bf:20:34:5c:9b:d7:b3:03:1e:5a:ee:8d:7e:24:
75:44:35:35:df:ca:ee:a7:c7:44:db:ae:99:10:12:69:5e:da:
49:65:21:2a:a7:34:f6:ec:72:82:35:94:53:34:90:63:79:aa:
9d:59:90:6d:fc:f2:a6:a2:e6:57:d6:3f:7e:df:e9:11:a8:10:
63:f7:9f:c6:71:08:ef:45:bb:90:ca:9e:56:3a:88:77:33:0d:
7c:1e:de:ca:a0:99:ac:26:52:0a:a1:b5:3a:a3:ca:71:1f:9f:
44:93:60:ba:a7:6b:33:0e:2c:09:d3:c6:19:82:8d:dd:a4:5f:
40:c5:92:fe:95:60:81:fd:6c:6e:d9:cd:ff:7b:c4:c0:13:b9:
50:eb:9d:84:0c:22:f5:7a:49:8e:39:7d:3b:aa:21:88:11:34:
0a:9d:4d:ef:e0:1d:1c:66:3a:27:48:4d:f6:f9:9e:8c:05:0c:
34:a8:cf:cc:17:55:90:f6:de:86:12:69:bb:22:2f:1f:4b:cd:
56:0d:6b:d5:b0:4c:0b:03:00:9a:35:eb:54:a7:53:2b:b5:7d:
ba:6e:d8:24:67:fd:f8:1e:86:0a:3c:bb:c6:c3:01:f9:a8:cf:
da:59:8b:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYkRVam1ShkqBmVOYWRBWbkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwNzAxMTIwMjUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGEwODJmYmUyODEwMWFkNDhiMjM1MTQ1ODk0OWJlODQzMTJmYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGACtjeC/O83AbjaL2LnbLSoUchy
HFmpeOmrD7B68sdYNQy7+gVHTjDj/QVHEJSrv9boomAyqr1srziPPhefR1cGzcAA
j2tFDgJZqZ3bH/sfAl938ZYOlZF4NNuGgn629Mlacu6lZXTdwN0Ukrg3tS6wpMXE
AWu0jVRMVSjYJLfZxd1CrOd2c2bgw5uJlf8vxXoyPWELyYh+A7KxTRq9uTjPM2d9
tZD20O6O24bDQW7WWKejCqA6KTHlp6lfBPbAqbwwq5MbMW/uclhHv/+ywT0ztZ74
xCZ7M4Z3hy/yVFYyHpdqEtcHuWySRBPtZli101HA7BnbeMwormxDIwyTEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSggvvigQGtSLI1FFiUm+hDEvtYMB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEvWktDQy0tS0JBYTFJc2pVVVdKU2I2RU1TLTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbeZIMA0G
CSqGSIb3DQEBCwUAA4IBAQCGrhF1fFrKU8VyexZvDaumryhQCAcpvyA0XJvXswMe
Wu6NfiR1RDU138rup8dE266ZEBJpXtpJZSEqpzT27HKCNZRTNJBjeaqdWZBt/PKm
ouZX1j9+3+kRqBBj95/GcQjvRbuQyp5WOoh3Mw18Ht7KoJmsJlIKobU6o8pxH59E
k2C6p2szDiwJ08YZgo3dpF9AxZL+lWCB/Wxu2c3/e8TAE7lQ652EDCL1ekmOOX07
qiGIETQKnU3v4B0cZjonSE32+Z6MBQw0qM/MF1WQ9t6GEmm7Ii8fS81WDWvVsEwL
AwCaNetUp1MrtX26btgkZ/34HoYKPLvGwwH5qM/aWYvQ
-----END CERTIFICATE-----
Generated at Wed Oct 11 08:02:28 2023 by rpki-client on console-fra.rpki-client.org