Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/ZPiYVHG8rpTWoOHKFSRGZH8mOYo.roa
File: ZPiYVHG8rpTWoOHKFSRGZH8mOYo.roa (raw, json)
Hash identifier: zETFxz3mQ09bjd8wIW0tkmRaJQd6NCJ7b/iDB7i/lrk=
Subject key identifier: 64:F8:98:54:71:BC:AE:94:D6:A0:E1:CA:15:24:46:64:7F:26:39:8A
Certificate issuer: /CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Certificate serial: 019131B3806177A4872CF4CCA674055936DD
Authority key identifier: 7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/ZPiYVHG8rpTWoOHKFSRGZH8mOYo.roa
Signing time: Thu 08 Aug 2024 11:15:33 +0000
ROA not before: Thu 08 Aug 2024 11:15:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 194.54.157.0/24 maxlen: 24
194.54.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:31:b3:80:61:77:a4:87:2c:f4:cc:a6:74:05:59:36:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Validity
Not Before: Aug 8 11:15:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=64f8985471bcae94d6a0e1ca152446647f26398a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:23:4c:0f:36:c3:0c:7d:71:79:9f:57:42:1a:
e4:47:b5:4a:59:3d:8d:4f:88:15:f8:c0:a1:8c:cd:
95:76:da:f3:cf:fb:54:92:64:89:38:8b:8a:a6:78:
d2:e9:91:3f:12:a0:3d:c9:5f:0f:c4:ae:80:22:47:
37:75:db:8d:3f:ab:69:71:b1:8e:66:0e:55:60:6c:
0a:f9:63:28:46:db:38:37:72:a7:4c:60:5f:5d:85:
ea:cb:d5:57:b1:39:63:a5:e0:16:20:95:0e:11:2c:
f3:59:60:e3:b5:26:7d:85:9c:27:97:ba:e1:37:11:
5c:4c:5e:bb:1c:21:5a:4a:60:3c:b9:70:10:6c:24:
db:65:9f:97:f8:08:99:ae:4c:9d:ec:5f:03:d4:06:
56:93:34:de:04:a4:49:da:fd:83:bc:72:8f:4d:11:
29:b1:e6:49:bb:3f:e1:05:53:25:00:1a:96:0f:c9:
7c:22:f7:70:8c:7d:a1:13:57:27:a2:3e:b9:9d:99:
61:f0:1a:2c:c6:0d:e3:07:a6:76:c0:de:8f:21:a1:
47:e2:a6:32:a8:cf:d9:50:d5:45:a2:4e:77:60:25:
74:a0:de:69:76:25:10:c1:28:77:62:fb:96:ed:df:
96:02:c7:7e:0c:09:6a:4f:10:75:26:b3:c9:ef:fd:
41:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:F8:98:54:71:BC:AE:94:D6:A0:E1:CA:15:24:46:64:7F:26:39:8A
X509v3 Authority Key Identifier:
keyid:7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/ZPiYVHG8rpTWoOHKFSRGZH8mOYo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.54.157.0-194.54.158.255
Signature Algorithm: sha256WithRSAEncryption
29:71:59:21:41:56:d7:3b:1d:ce:ac:ae:87:76:a3:81:fd:2c:
ab:67:5b:9c:b2:0d:f6:b5:77:2e:c2:66:3b:33:89:48:ba:12:
e8:23:20:0a:0d:8b:97:7e:bf:89:8c:76:90:a9:1d:e7:9a:04:
ce:a8:b8:4b:3e:37:57:22:0b:81:b5:75:7a:2c:16:30:9c:f5:
ae:c7:97:3b:55:a7:10:c0:34:ed:56:61:18:3a:d0:21:62:1f:
46:f5:74:a4:f4:5d:5b:5d:90:db:ee:ad:5d:54:f6:4a:54:98:
65:c4:36:a9:43:fb:32:55:5b:b1:a4:d8:6d:aa:ab:62:95:e2:
31:26:ca:f0:ff:e6:b5:2a:e7:2e:75:ef:c5:28:ab:d0:aa:48:
5e:00:f4:06:96:71:cd:3a:96:3a:78:65:38:d3:df:67:3a:48:
c9:36:e5:6a:08:d6:9d:34:17:3e:ef:be:1f:dc:16:70:6c:1d:
20:ad:d5:8f:f2:d9:00:9d:b3:fb:32:64:52:11:67:89:8e:5a:
7e:e5:58:89:58:1b:ac:42:64:e3:27:d6:b6:38:a9:dc:9c:4c:
b0:ee:80:fb:c7:d9:72:fc:e5:f2:3d:19:ae:a7:59:7e:07:d8:
99:1e:e3:b0:a6:18:13:56:72:7b:c3:31:37:c9:c5:09:4b:ef:
81:cc:98:76
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZExs4Bhd6SHLPTMpnQFWTbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDZjMDIzNmZmNGQ2MDUwOTA2OTU3ZmZkMzgwYjM4Nzll
NmVkNmUwHhcNMjQwODA4MTExNTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGY4OTg1NDcxYmNhZTk0ZDZhMGUxY2ExNTI0NDY2NDdmMjYzOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCNMDzbDDH1xeZ9XQhrkR7VKWT2N
T4gV+MChjM2Vdtrzz/tUkmSJOIuKpnjS6ZE/EqA9yV8PxK6AIkc3dduNP6tpcbGO
Zg5VYGwK+WMoRts4N3KnTGBfXYXqy9VXsTljpeAWIJUOESzzWWDjtSZ9hZwnl7rh
NxFcTF67HCFaSmA8uXAQbCTbZZ+X+AiZrkyd7F8D1AZWkzTeBKRJ2v2DvHKPTREp
seZJuz/hBVMlABqWD8l8IvdwjH2hE1cnoj65nZlh8Bosxg3jB6Z2wN6PIaFH4qYy
qM/ZUNVFok53YCV0oN5pdiUQwSh3YvuW7d+WAsd+DAlqTxB1JrPJ7/1BewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGT4mFRxvK6U1qDhyhUkRmR/JjmKMB8GA1UdIwQY
MBaAFHzWwCNv9NYFCQaVf/04Czh55u1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEt
YzgwYzI4OGViZWVhLzEvWlBpWVZIRzhycFRXb09IS0ZTUkdaSDhtT1lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEtYzgwYzI4OGViZWVh
LzEvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCNp0D
BADCNp4wDQYJKoZIhvcNAQELBQADggEBAClxWSFBVtc7Hc6srod2o4H9LKtnW5yy
Dfa1dy7CZjsziUi6EugjIAoNi5d+v4mMdpCpHeeaBM6ouEs+N1ciC4G1dXosFjCc
9a7HlztVpxDANO1WYRg60CFiH0b1dKT0XVtdkNvurV1U9kpUmGXENqlD+zJVW7Gk
2G2qq2KV4jEmyvD/5rUq5y5178Uoq9CqSF4A9AaWcc06ljp4ZTjT32c6SMk25WoI
1p00Fz7vvh/cFnBsHSCt1Y/y2QCds/syZFIRZ4mOWn7lWIlYG6xCZOMn1rY4qdyc
TLDugPvH2XL85fI9Ga6nWX4H2Jke47CmGBNWcnvDMTfJxQlL74HMmHY=
-----END CERTIFICATE-----
Generated at Fri Aug 9 15:43:32 2024 by rpki-client on console-ams.rpki-client.org