Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/z0wNzG__JF07S-0mCeSZNqEOQXQ.roa
File: z0wNzG__JF07S-0mCeSZNqEOQXQ.roa (raw, json)
Hash identifier: GDd9FPWe2Y80dkv/NtHQyoIr/NukaQAmWwPxvvEzMFQ=
Subject key identifier: CF:4C:0D:CC:6F:FF:24:5D:3B:4B:ED:26:09:E4:99:36:A1:0E:41:74
Certificate issuer: /CN=108e1a53b1eb11d821be966dfa4af17f70cc08bd
Certificate serial: 03DF8581
Authority key identifier: 10:8E:1A:53:B1:EB:11:D8:21:BE:96:6D:FA:4A:F1:7F:70:CC:08:BD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EI4aU7HrEdghvpZt-krxf3DMCL0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/z0wNzG__JF07S-0mCeSZNqEOQXQ.roa
Signing time: Sat 01 Jan 2022 11:02:04 +0000
ROA not before: Sat 01 Jan 2022 11:02:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41011
IP address blocks: 193.238.244.0/24 maxlen: 24
193.238.245.0/24 maxlen: 24
193.238.246.0/24 maxlen: 24
185.249.132.0/24 maxlen: 24
185.249.133.0/24 maxlen: 24
185.249.134.0/24 maxlen: 24
185.238.161.0/24 maxlen: 24
185.108.156.0/24 maxlen: 24
185.244.210.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 64980353 (0x3df8581)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=108e1a53b1eb11d821be966dfa4af17f70cc08bd
Validity
Not Before: Jan 1 11:02:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cf4c0dcc6fff245d3b4bed2609e49936a10e4174
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:2a:f4:c9:8c:3d:70:de:57:85:1d:01:67:2b:
ca:b2:fc:d2:21:be:a8:71:2c:a0:1c:bf:7d:32:39:
cf:7e:23:61:c5:ae:72:b7:63:7d:6f:b6:12:bd:02:
6e:32:c2:69:fc:67:e6:b2:a5:92:48:e1:97:6d:2a:
fe:90:48:5b:7f:75:c5:17:58:0e:4a:aa:76:4e:8e:
b1:b1:63:fe:54:bc:40:ae:69:99:47:60:90:ea:23:
1b:7f:74:f8:cc:68:f7:7f:6b:ff:d0:56:bb:b9:41:
f6:8b:34:16:03:62:09:fb:f5:ad:11:8e:fb:05:50:
11:39:07:ac:3f:3c:06:57:81:ea:dc:4f:55:11:62:
d1:88:e0:1e:6d:31:8a:21:06:73:12:8c:fe:7e:a5:
8b:ca:da:3e:4e:ea:d9:6d:74:4b:83:b9:7e:3f:f5:
37:9b:f2:c9:55:7d:e9:99:73:0f:eb:c1:36:c7:bb:
5e:85:6f:a5:db:da:4f:9e:a0:b2:e3:c2:52:72:ef:
3c:29:6b:1d:a1:e5:57:99:8d:8f:a1:e2:5f:86:6e:
60:27:b0:68:14:e2:80:db:92:7a:e5:16:a1:1c:59:
ab:e1:8f:7d:d8:94:b5:75:47:3b:77:6c:67:60:ff:
95:35:71:63:67:ed:16:50:d6:54:dd:fb:70:e5:8e:
11:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:4C:0D:CC:6F:FF:24:5D:3B:4B:ED:26:09:E4:99:36:A1:0E:41:74
X509v3 Authority Key Identifier:
keyid:10:8E:1A:53:B1:EB:11:D8:21:BE:96:6D:FA:4A:F1:7F:70:CC:08:BD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EI4aU7HrEdghvpZt-krxf3DMCL0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/z0wNzG__JF07S-0mCeSZNqEOQXQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/EI4aU7HrEdghvpZt-krxf3DMCL0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.108.156.0/24
185.238.161.0/24
185.244.210.0/24
185.249.132.0-185.249.134.255
193.238.244.0-193.238.246.255
Signature Algorithm: sha256WithRSAEncryption
01:25:9f:9c:82:9d:74:fa:9a:d8:c2:c5:a0:a6:c6:e9:b2:96:
f2:f5:db:c4:0a:b7:0f:bb:a7:10:2e:2c:30:62:2e:6a:ce:aa:
07:2d:20:52:9d:dc:2e:e5:ea:38:1e:00:86:7d:0b:14:03:50:
57:69:d9:ab:d5:d0:29:1a:de:29:02:dd:b9:ef:91:68:37:c1:
2b:aa:8f:d1:62:8a:05:8b:1b:b2:25:43:ee:94:69:1f:42:66:
c1:a3:05:91:c4:e3:d6:14:04:48:ec:1f:86:ab:9c:fa:d7:5d:
b7:01:c3:00:e8:18:27:93:b5:a2:14:ee:37:3c:02:2f:92:33:
09:d6:f7:6f:7f:ea:4e:a2:b9:23:25:75:50:2d:f8:25:f6:6e:
f6:82:e5:c3:1c:d3:d6:99:30:97:2d:92:1d:02:c4:ed:0e:6e:
ff:d7:eb:a5:08:e1:36:17:d4:45:2f:2b:2b:f3:a9:60:cb:a9:
3a:80:be:0e:2a:00:f8:76:92:b1:d3:8b:31:ee:77:f9:5f:16:
4e:22:2f:46:55:ec:f8:0e:4a:9c:69:54:97:d2:0d:c6:3d:94:
ab:06:3d:34:77:d0:3a:90:11:a3:1d:e9:c2:c5:89:de:25:ea:
61:29:3c:0a:8e:24:6b:a4:17:98:e7:09:30:2e:e5:31:b5:48:
9c:a3:88:13
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIEA9+FgTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MDhlMWE1M2IxZWIxMWQ4MjFiZTk2NmRmYTRhZjE3ZjcwY2MwOGJkMB4XDTIyMDEw
MTExMDIwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Y0YzBkY2M2ZmZm
MjQ1ZDNiNGJlZDI2MDllNDk5MzZhMTBlNDE3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJsq9MmMPXDeV4UdAWcryrL80iG+qHEsoBy/fTI5z34jYcWu
crdjfW+2Er0CbjLCafxn5rKlkkjhl20q/pBIW391xRdYDkqqdk6OsbFj/lS8QK5p
mUdgkOojG390+Mxo939r/9BWu7lB9os0FgNiCfv1rRGO+wVQETkHrD88BleB6txP
VRFi0YjgHm0xiiEGcxKM/n6li8raPk7q2W10S4O5fj/1N5vyyVV96ZlzD+vBNse7
XoVvpdvaT56gsuPCUnLvPClrHaHlV5mNj6HiX4ZuYCewaBTigNuSeuUWoRxZq+GP
fdiUtXVHO3dsZ2D/lTVxY2ftFlDWVN37cOWOESUCAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBTPTA3Mb/8kXTtL7SYJ5Jk2oQ5BdDAfBgNVHSMEGDAWgBQQjhpTsesR2CG+
lm36SvF/cMwIvTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VJNGFVN0hyRWRnaHZwWnQta3J4ZjNETUNMMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjMvNzQxNjY4LWQyZTUtNGVhMi1hNTVhLWE3NTE0ZmM0ZWI0OC8x
L3owd056R19fSkYwN1MtMG1DZVNaTnFFT1FYUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMv
NzQxNjY4LWQyZTUtNGVhMi1hNTVhLWE3NTE0ZmM0ZWI0OC8xL0VJNGFVN0hyRWRn
aHZwWnQta3J4ZjNETUNMMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwNAQCAAEwLgMEALlsnAMEALnuoQMEALn00jAMAwQC
ufmEAwQAufmGMAwDBALB7vQDBADB7vYwDQYJKoZIhvcNAQELBQADggEBAAEln5yC
nXT6mtjCxaCmxumylvL128QKtw+7pxAuLDBiLmrOqgctIFKd3C7l6jgeAIZ9CxQD
UFdp2avV0Cka3ikC3bnvkWg3wSuqj9FiigWLG7IlQ+6UaR9CZsGjBZHE49YUBEjs
H4arnPrXXbcBwwDoGCeTtaIU7jc8Ai+SMwnW929/6k6iuSMldVAt+CX2bvaC5cMc
09aZMJctkh0CxO0Obv/X66UI4TYX1EUvKyvzqWDLqTqAvg4qAPh2krHTizHud/lf
Fk4iL0ZV7PgOSpxpVJfSDcY9lKsGPTR30DqQEaMd6cLFid4l6mEpPAqOJGukF5jn
CTAu5TG1SJyjiBM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:16 2023 by rpki-client on console-fra.rpki-client.org