Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/zAgkTRUkMmVCq7sP-wy4VVKoSOU.roa
File: zAgkTRUkMmVCq7sP-wy4VVKoSOU.roa (raw, json)
Hash identifier: miYBkX3GqVzdwXCDu9lb6eYPRpqweFQp59zDr8JgVDE=
Subject key identifier: CC:08:24:4D:15:24:32:65:42:AB:BB:0F:FB:0C:B8:55:52:A8:48:E5
Certificate issuer: /CN=059b86f99e2d6bde14fa8799de71ce41b98020b9
Certificate serial: 01936EF4B17A4FE6939E02570FE62399B35D
Authority key identifier: 05:9B:86:F9:9E:2D:6B:DE:14:FA:87:99:DE:71:CE:41:B9:80:20:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BZuG-Z4ta94U-oeZ3nHOQbmAILk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/zAgkTRUkMmVCq7sP-wy4VVKoSOU.roa
Signing time: Wed 27 Nov 2024 18:49:09 +0000
ROA not before: Wed 27 Nov 2024 18:49:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203936
IP address blocks: 45.144.248.0/22 maxlen: 22
89.40.238.0/24 maxlen: 24
89.43.72.0/24 maxlen: 24
89.43.198.0/24 maxlen: 24
89.44.145.0/24 maxlen: 24
109.205.136.0/22 maxlen: 24
185.128.60.0/22 maxlen: 22
185.237.136.0/22 maxlen: 24
185.237.138.0/24 maxlen: 24
185.249.232.0/24 maxlen: 24
185.253.144.0/22 maxlen: 22
185.253.145.0/24 maxlen: 24
185.253.146.0/24 maxlen: 24
185.253.147.0/24 maxlen: 24
193.39.92.0/22 maxlen: 22
193.39.92.0/24 maxlen: 24
193.39.93.0/24 maxlen: 24
193.39.94.0/24 maxlen: 24
194.15.219.0/24 maxlen: 24
194.15.232.0/24 maxlen: 24
194.15.236.0/24 maxlen: 24
194.26.1.0/24 maxlen: 24
2a03:6280::/29 maxlen: 29
2a0c:1380::/29 maxlen: 29
2a0c:3cc0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:6e:f4:b1:7a:4f:e6:93:9e:02:57:0f:e6:23:99:b3:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=059b86f99e2d6bde14fa8799de71ce41b98020b9
Validity
Not Before: Nov 27 18:49:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cc08244d1524326542abbb0ffb0cb85552a848e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:9d:51:34:73:62:2a:59:24:c5:9e:bb:e4:af:
f6:05:6c:3f:d6:4f:d6:e0:13:fd:9a:d9:70:30:e8:
fb:e3:16:e0:8a:92:dc:2c:d0:0e:9e:03:52:68:df:
3e:8a:60:7f:4e:17:8a:ea:3a:06:d8:14:e4:cf:54:
19:39:05:42:ea:d4:98:49:c8:a4:17:fc:43:41:e3:
10:ad:93:fc:60:39:a6:db:d1:ea:e2:2b:cf:87:15:
73:7c:8a:f9:8e:c6:47:9c:9e:e4:a7:cc:06:be:aa:
c8:98:a5:ce:d7:02:c6:c5:54:5d:ea:f6:90:1a:46:
ad:9d:ec:b5:9c:c4:ed:62:0c:a6:3b:5a:36:f3:14:
4d:29:fe:ba:39:f2:1f:fd:81:26:fc:c2:3c:58:0e:
a6:86:6c:07:a9:8d:42:45:83:28:f4:29:0b:e9:4c:
e7:6c:51:8f:44:a5:b9:fb:00:af:c5:cf:d9:71:af:
de:c6:74:c7:bc:df:44:b1:ce:b4:96:fc:00:82:d3:
31:59:28:f3:6a:1c:33:cc:32:ac:ee:5e:5d:77:a9:
27:68:05:52:ae:14:0a:8d:71:6d:68:7b:65:06:aa:
e5:62:40:a0:73:dc:b0:b4:89:fa:69:2d:fe:06:e8:
6a:18:9d:de:ee:e6:1f:a5:3a:e6:14:cd:f2:34:af:
49:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:08:24:4D:15:24:32:65:42:AB:BB:0F:FB:0C:B8:55:52:A8:48:E5
X509v3 Authority Key Identifier:
keyid:05:9B:86:F9:9E:2D:6B:DE:14:FA:87:99:DE:71:CE:41:B9:80:20:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZuG-Z4ta94U-oeZ3nHOQbmAILk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/zAgkTRUkMmVCq7sP-wy4VVKoSOU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/BZuG-Z4ta94U-oeZ3nHOQbmAILk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.248.0/22
89.40.238.0/24
89.43.72.0/24
89.43.198.0/24
89.44.145.0/24
109.205.136.0/22
185.128.60.0/22
185.237.136.0/22
185.249.232.0/24
185.253.144.0/22
193.39.92.0/22
194.15.219.0/24
194.15.232.0/24
194.15.236.0/24
194.26.1.0/24
IPv6:
2a03:6280::/29
2a0c:1380::/29
2a0c:3cc0::/32
Signature Algorithm: sha256WithRSAEncryption
52:92:6f:20:fe:73:b2:7b:51:4a:8a:b6:b8:04:9e:ee:49:82:
ad:94:47:8f:8d:f1:67:f9:2d:22:b1:e2:70:c3:38:04:20:a4:
88:dc:cf:97:36:ec:30:84:7e:1e:ed:6e:1e:80:e5:8f:25:9a:
17:c9:98:3d:dd:fc:fe:c1:5d:1b:3b:4e:31:5d:dc:30:86:6b:
a6:6f:c8:4a:1a:74:77:66:d3:dd:54:42:05:84:ea:ae:97:b9:
fe:7a:b8:2b:7e:ac:da:f6:30:f8:3e:52:9b:13:c4:6a:09:d4:
07:d2:62:5d:f4:60:b5:81:ff:21:cf:4b:b3:cf:b7:14:cc:ec:
94:48:41:6d:a4:d8:5c:3d:d5:72:3e:a8:01:1d:c0:b9:1e:fa:
8f:1d:c5:5c:db:b8:89:c3:99:dd:d1:96:b3:ff:29:20:81:db:
6e:29:68:87:9b:f9:26:44:a1:19:e5:4b:bf:3c:51:49:c8:69:
b9:26:6a:a2:cd:c3:66:a8:93:69:a9:8f:82:61:6d:89:8d:15:
60:73:67:16:3f:d3:e7:4a:fa:22:c2:69:6a:83:55:5e:8b:3b:
4e:ac:3c:54:cb:cd:09:af:64:25:27:f0:79:51:3e:6e:7c:b5:
e3:0d:64:bb:28:27:ed:4d:cf:ed:0e:cf:a8:e7:21:60:39:53:
32:fd:33:d3
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAZNu9LF6T+aTngJXD+YjmbNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OWI4NmY5OWUyZDZiZGUxNGZhODc5OWRlNzFjZTQxYjk4
MDIwYjkwHhcNMjQxMTI3MTg0OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzA4MjQ0ZDE1MjQzMjY1NDJhYmJiMGZmYjBjYjg1NTUyYTg0OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvp1RNHNiKlkkxZ675K/2BWw/1k/W
4BP9mtlwMOj74xbgipLcLNAOngNSaN8+imB/TheK6joG2BTkz1QZOQVC6tSYScik
F/xDQeMQrZP8YDmm29Hq4ivPhxVzfIr5jsZHnJ7kp8wGvqrImKXO1wLGxVRd6vaQ
Gkatney1nMTtYgymO1o28xRNKf66OfIf/YEm/MI8WA6mhmwHqY1CRYMo9CkL6Uzn
bFGPRKW5+wCvxc/Zca/exnTHvN9Esc60lvwAgtMxWSjzahwzzDKs7l5dd6knaAVS
rhQKjXFtaHtlBqrlYkCgc9ywtIn6aS3+BuhqGJ3e7uYfpTrmFM3yNK9JTwIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFMwIJE0VJDJlQqu7D/sMuFVSqEjlMB8GA1UdIwQY
MBaAFAWbhvmeLWveFPqHmd5xzkG5gCC5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlp1Ry1aNHRhOTRVLW9lWjNuSE9RYm1BSUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNTg0MTYtMjc1Mi00MTU5LWFkZDYt
Y2MzZmIzNTFlMzM2LzEvekFna1RSVWtNbVZDcTdzUC13eTRWVktvU09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNTg0MTYtMjc1Mi00MTU5LWFkZDYtY2MzZmIzNTFlMzM2
LzEvQlp1Ry1aNHRhOTRVLW9lWjNuSE9RYm1BSUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MGAEAgABMFoDBAItkPgD
BABZKO4DBABZK0gDBABZK8YDBABZLJEDBAJtzYgDBAK5gDwDBAK57YgDBAC5+egD
BAK5/ZADBALBJ1wDBADCD9sDBADCD+gDBADCD+wDBADCGgEwGwQCAAIwFQMFAyoD
YoADBQMqDBOAAwUAKgw8wDANBgkqhkiG9w0BAQsFAAOCAQEAUpJvIP5zsntRSoq2
uASe7kmCrZRHj43xZ/ktIrHicMM4BCCkiNzPlzbsMIR+Hu1uHoDljyWaF8mYPd38
/sFdGztOMV3cMIZrpm/IShp0d2bT3VRCBYTqrpe5/nq4K36s2vYw+D5SmxPEagnU
B9JiXfRgtYH/Ic9Ls8+3FMzslEhBbaTYXD3Vcj6oAR3AuR76jx3FXNu4icOZ3dGW
s/8pIIHbbiloh5v5JkShGeVLvzxRSchpuSZqos3DZqiTaamPgmFtiY0VYHNnFj/T
50r6IsJpaoNVXos7Tqw8VMvNCa9kJSfweVE+bny14w1kuygn7U3P7Q7PqOchYDlT
Mv0z0w==
-----END CERTIFICATE-----
Generated at Tue Apr 15 11:51:49 2025 by rpki-client