Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/ZhWVrPSN96ZEKSQvgjbixvG0ZdM.roa
File: ZhWVrPSN96ZEKSQvgjbixvG0ZdM.roa (raw, json)
Hash identifier: u/gTpR+0OgxgIbos5KfQGZ0H6MCfDGr3WMypLDRO/iE=
Subject key identifier: 66:15:95:AC:F4:8D:F7:A6:44:29:24:2F:82:36:E2:C6:F1:B4:65:D3
Certificate issuer: /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial: 018CEA06C3B32669D2AE7135CEE6AD8F952C
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/ZhWVrPSN96ZEKSQvgjbixvG0ZdM.roa
Signing time: Mon 08 Jan 2024 17:02:40 +0000
ROA not before: Mon 08 Jan 2024 17:02:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203377
IP address blocks: 185.136.205.0/24 maxlen: 24
185.207.39.0/24 maxlen: 24
194.147.216.0/24 maxlen: 24
2a0a:37c0::/48 maxlen: 48
2a0a:37c0:1::/48 maxlen: 48
2a0a:37c0:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ea:06:c3:b3:26:69:d2:ae:71:35:ce:e6:ad:8f:95:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Validity
Not Before: Jan 8 17:02:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=661595acf48df7a64429242f8236e2c6f1b465d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d3:fb:b7:c1:76:3b:39:ae:e5:8a:d3:8e:68:
6b:e5:06:7b:4d:06:be:ea:df:91:03:d6:dc:da:c4:
70:44:ae:31:0a:16:62:63:de:61:d8:92:36:23:06:
d3:4c:93:b1:3e:06:74:5c:df:1c:c9:1d:43:88:78:
a0:9b:85:06:ad:01:ce:08:1f:88:73:8f:1d:26:18:
fe:4a:fd:61:87:70:47:8b:e4:cf:eb:f0:12:82:29:
6b:4e:2e:31:38:85:2c:b5:0d:d5:15:ee:16:10:b4:
77:9c:37:ee:f0:80:79:9d:44:cd:35:b8:d7:f8:1f:
d4:ad:19:10:a8:90:2d:66:9b:11:d4:64:b3:c4:a2:
9d:f7:97:84:10:1b:20:53:10:dd:e0:00:e5:e6:c4:
3d:8e:cf:e5:31:69:0d:df:31:9d:cd:3d:b6:ec:21:
ee:d9:78:66:fd:cd:d9:05:45:e9:34:6f:92:1c:d3:
89:90:01:a5:da:d9:e5:4e:ad:d3:02:6c:77:1a:6e:
c3:d3:52:d5:86:07:23:7f:98:bc:96:c1:ef:be:45:
8d:32:cb:99:94:4c:24:63:06:26:08:65:66:24:c1:
07:8f:a3:3b:c9:ac:bd:77:09:cd:26:60:78:4d:99:
6f:3c:17:0f:3d:0c:73:5f:7f:66:c8:6d:c5:58:5a:
0b:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:15:95:AC:F4:8D:F7:A6:44:29:24:2F:82:36:E2:C6:F1:B4:65:D3
X509v3 Authority Key Identifier:
keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/ZhWVrPSN96ZEKSQvgjbixvG0ZdM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.136.205.0/24
185.207.39.0/24
194.147.216.0/24
IPv6:
2a0a:37c0::-2a0a:37c0:2:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4c:39:db:f3:8b:63:e7:94:d2:ae:fc:3b:87:5d:24:65:14:1b:
a1:5d:0a:de:ce:4d:95:e3:7d:8d:7d:05:f5:5d:cb:45:f8:e9:
a5:3f:31:d9:a1:24:41:bc:9a:57:03:1b:73:fd:c0:25:10:52:
ec:19:b2:cb:5c:b3:0e:50:e0:9e:95:5a:f1:fd:1b:22:e9:d2:
f5:d7:57:9c:14:4d:6f:7d:5f:7a:7b:53:a7:93:b5:01:d7:e7:
96:98:fe:be:4a:6b:a0:aa:dd:b5:3c:9e:6f:11:07:da:d2:44:
c0:a7:49:7f:47:c3:98:30:d9:b8:bd:94:de:b2:8f:bc:a9:8d:
c7:ea:b1:2b:6a:f8:9d:4b:09:81:1c:7a:02:a4:d1:dd:ec:5c:
30:90:25:c1:1b:9d:a2:b1:9f:89:d8:7d:43:35:c2:50:b4:81:
bc:4f:8d:e6:9c:9b:b8:3f:65:fc:7e:32:d7:32:8d:3b:43:43:
01:d8:09:2a:9f:55:38:5f:56:71:73:33:d6:ce:90:8b:bf:24:
f9:fe:ad:76:de:58:2e:b4:5e:cb:61:1f:bd:61:a2:32:60:c0:
0f:2b:08:5d:9c:6a:e7:b9:4c:b7:19:72:f0:92:3c:df:4d:6a:
be:7a:55:68:07:ca:27:4e:ec:33:61:f7:9a:59:29:4e:e2:c0:
cd:32:df:6a
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzqBsOzJmnSrnE1zuatj5UsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjQwMTA4MTcwMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjE1OTVhY2Y0OGRmN2E2NDQyOTI0MmY4MjM2ZTJjNmYxYjQ2NWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNP7t8F2Ozmu5YrTjmhr5QZ7TQa+
6t+RA9bc2sRwRK4xChZiY95h2JI2IwbTTJOxPgZ0XN8cyR1DiHigm4UGrQHOCB+I
c48dJhj+Sv1hh3BHi+TP6/ASgilrTi4xOIUstQ3VFe4WELR3nDfu8IB5nUTNNbjX
+B/UrRkQqJAtZpsR1GSzxKKd95eEEBsgUxDd4ADl5sQ9js/lMWkN3zGdzT227CHu
2Xhm/c3ZBUXpNG+SHNOJkAGl2tnlTq3TAmx3Gm7D01LVhgcjf5i8lsHvvkWNMsuZ
lEwkYwYmCGVmJMEHj6M7yay9dwnNJmB4TZlvPBcPPQxzX39myG3FWFoLhwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFGYVlaz0jfemRCkkL4I24sbxtGXTMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvWmhXVnJQU045NlpFS1NRdmdqYml4dkcwWmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQAuYjNAwQA
uc8nAwQAwpPYMBgEAgACMBIwEAMFBioKN8ADBwAqCjfAAAIwDQYJKoZIhvcNAQEL
BQADggEBAEw52/OLY+eU0q78O4ddJGUUG6FdCt7OTZXjfY19BfVdy0X46aU/Mdmh
JEG8mlcDG3P9wCUQUuwZsstcsw5Q4J6VWvH9GyLp0vXXV5wUTW99X3p7U6eTtQHX
55aY/r5Ka6Cq3bU8nm8RB9rSRMCnSX9Hw5gw2bi9lN6yj7ypjcfqsStq+J1LCYEc
egKk0d3sXDCQJcEbnaKxn4nYfUM1wlC0gbxPjeacm7g/Zfx+MtcyjTtDQwHYCSqf
VThfVnFzM9bOkIu/JPn+rXbeWC60XsthH71hojJgwA8rCF2caue5TLcZcvCSPN9N
ar56VWgHyidO7DNh95pZKU7iwM0y32o=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:02 2024 by rpki-client on console-ams.rpki-client.org