Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/zzn3kwxeAfolJkzhPvwG7qgouxY.roa
File: zzn3kwxeAfolJkzhPvwG7qgouxY.roa (raw, json)
Hash identifier: xlZEhsoYnUZv3Z+9GZyA+qdsv40e64gupN3uJVnuFMk=
Subject key identifier: CF:39:F7:93:0C:5E:01:FA:25:26:4C:E1:3E:FC:06:EE:A8:28:BB:16
Certificate issuer: /CN=a12ef01850a8733356b5f7785d56b092703cf562
Certificate serial: 0300C3
Authority key identifier: A1:2E:F0:18:50:A8:73:33:56:B5:F7:78:5D:56:B0:92:70:3C:F5:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oS7wGFCoczNWtfd4XVawknA89WI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/zzn3kwxeAfolJkzhPvwG7qgouxY.roa
Signing time: Thu 03 Feb 2022 13:00:14 +0000
ROA not before: Thu 03 Feb 2022 13:00:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 6898
IP address blocks: 31.44.32.0/20 maxlen: 20
185.155.184.0/23 maxlen: 23
193.221.216.0/23 maxlen: 23
31.44.46.0/23 maxlen: 23
46.21.16.0/23 maxlen: 23
46.21.31.0/24 maxlen: 24
46.21.29.0/24 maxlen: 24
193.222.104.0/23 maxlen: 23
2a00:bd00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 196803 (0x300c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a12ef01850a8733356b5f7785d56b092703cf562
Validity
Not Before: Feb 3 13:00:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cf39f7930c5e01fa25264ce13efc06eea828bb16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:72:24:9e:58:a4:cb:95:6e:5d:54:a9:1a:a6:
9c:3c:8e:7e:b2:d4:87:6c:55:c5:57:1d:85:ac:d8:
b1:05:80:9b:89:87:f5:f9:0b:ea:51:e8:92:4f:12:
de:a8:5f:26:20:06:4f:7d:33:14:3c:27:ae:9e:67:
81:c5:86:47:78:9a:37:07:ea:3c:8a:68:65:a9:da:
c7:32:d2:b6:de:82:b4:c1:c3:be:1c:e6:31:a6:86:
26:b7:f8:2b:b3:47:f2:02:10:6f:5c:0f:64:0a:59:
0c:2a:ec:ab:77:96:4f:86:7c:82:c8:f7:4b:bd:98:
34:4b:16:4f:18:39:21:2d:6f:53:09:8f:d5:dc:75:
2f:c3:19:94:9d:57:44:99:97:60:53:cf:b8:df:a4:
e4:ba:92:ae:b6:11:1f:c5:e8:f6:ff:0b:2e:73:de:
4d:f8:45:99:e6:66:8c:fb:98:55:a5:f4:5e:cd:ab:
68:66:52:c5:6c:f8:84:99:45:7c:81:e6:8f:eb:d0:
3c:c2:a8:36:3c:44:f7:b2:b5:d9:d3:05:07:0b:80:
c8:ec:aa:c9:4a:ec:3e:59:78:32:27:50:98:5e:2a:
ee:96:95:62:8c:ba:cd:11:85:aa:86:bc:b9:90:c7:
9b:6e:40:03:61:2c:f6:d7:2f:2a:49:de:d5:d5:2a:
2e:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:39:F7:93:0C:5E:01:FA:25:26:4C:E1:3E:FC:06:EE:A8:28:BB:16
X509v3 Authority Key Identifier:
keyid:A1:2E:F0:18:50:A8:73:33:56:B5:F7:78:5D:56:B0:92:70:3C:F5:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oS7wGFCoczNWtfd4XVawknA89WI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/zzn3kwxeAfolJkzhPvwG7qgouxY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/oS7wGFCoczNWtfd4XVawknA89WI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
46.21.16.0/23
46.21.29.0/24
46.21.31.0/24
185.155.184.0/23
193.221.216.0/23
193.222.104.0/23
IPv6:
2a00:bd00::/32
Signature Algorithm: sha256WithRSAEncryption
af:ef:8f:e1:d1:7e:17:ac:68:17:3e:55:0d:1e:af:a4:60:ef:
49:ed:5e:48:8c:06:e7:98:e9:9c:58:ee:80:2c:3b:02:2c:52:
ec:c1:69:42:80:9c:36:63:8f:c5:a7:d8:ed:55:90:f5:d1:50:
6c:be:2e:3c:75:0a:ad:15:9e:a9:a6:c1:87:94:7f:88:7e:0b:
ca:83:98:bf:b2:af:65:d9:68:fa:54:e8:28:75:b1:1b:61:da:
86:5e:86:3b:70:66:9d:f9:31:bc:d0:2b:5b:49:7a:c0:3e:12:
76:ee:ea:2e:0b:8d:7a:4a:65:12:a2:b0:a9:b5:d1:b6:3e:12:
19:ec:51:96:f2:8c:31:89:f2:ad:78:3a:0b:dc:e5:26:db:ca:
d7:1e:ad:16:5c:85:ec:62:95:c8:73:1b:ff:56:28:28:d4:ab:
2c:87:39:40:ea:3c:87:4f:43:fc:f7:24:11:89:9a:1b:0e:96:
2e:38:29:7b:7d:91:20:1f:ca:8d:d7:a4:c0:e4:2b:5d:38:2a:
1a:9d:ea:fc:b5:9d:b4:b5:64:3c:67:17:af:31:11:6e:b5:08:
7c:d4:e4:46:54:00:54:b2:d3:6d:41:9e:ec:5f:2c:90:2e:3c:
dd:ba:e8:75:71:f2:1c:ff:1d:06:b1:b3:23:02:f5:80:92:f0:
93:08:1c:e5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIDAwDDMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGEx
MmVmMDE4NTBhODczMzM1NmI1Zjc3ODVkNTZiMDkyNzAzY2Y1NjIwHhcNMjIwMjAz
MTMwMDE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjZjM5Zjc5MzBjNWUw
MWZhMjUyNjRjZTEzZWZjMDZlZWE4MjhiYjE2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxHIknliky5VuXVSpGqacPI5+stSHbFXFVx2FrNixBYCbiYf1
+QvqUeiSTxLeqF8mIAZPfTMUPCeunmeBxYZHeJo3B+o8imhlqdrHMtK23oK0wcO+
HOYxpoYmt/grs0fyAhBvXA9kClkMKuyrd5ZPhnyCyPdLvZg0SxZPGDkhLW9TCY/V
3HUvwxmUnVdEmZdgU8+436TkupKuthEfxej2/wsuc95N+EWZ5maM+5hVpfRezato
ZlLFbPiEmUV8geaP69A8wqg2PET3srXZ0wUHC4DI7KrJSuw+WXgyJ1CYXirulpVi
jLrNEYWqhry5kMebbkADYSz21y8qSd7V1SouIQIDAQABo4ICPDCCAjgwHQYDVR0O
BBYEFM8595MMXgH6JSZM4T78Bu6oKLsWMB8GA1UdIwQYMBaAFKEu8BhQqHMzVrX3
eF1WsJJwPPViMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
b1M3d0dGQ29jek5XdGZkNFhWYXdrbkE4OVdJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8yOS9kYmM2OTktNGU3Mi00ZGZhLTlkMDItZDgzY2ZlZDI0ZjQ4LzEv
enpuM2t3eGVBZm9sSmt6aFB2d0c3cWdvdXhZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9k
YmM2OTktNGU3Mi00ZGZhLTlkMDItZDgzY2ZlZDI0ZjQ4LzEvb1M3d0dGQ29jek5X
dGZkNFhWYXdrbkE4OVdJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFIG
CCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEHywgAwQBLhUQAwQALhUdAwQALhUf
AwQBuZu4AwQBwd3YAwQBwd5oMA0EAgACMAcDBQAqAL0AMA0GCSqGSIb3DQEBCwUA
A4IBAQCv74/h0X4XrGgXPlUNHq+kYO9J7V5IjAbnmOmcWO6ALDsCLFLswWlCgJw2
Y4/Fp9jtVZD10VBsvi48dQqtFZ6ppsGHlH+IfgvKg5i/sq9l2Wj6VOgodbEbYdqG
XoY7cGad+TG80CtbSXrAPhJ27uouC416SmUSorCptdG2PhIZ7FGW8owxifKteDoL
3OUm28rXHq0WXIXsYpXIcxv/Vigo1KsshzlA6jyHT0P89yQRiZobDpYuOCl7fZEg
H8qN16TA5CtdOCoaner8tZ20tWQ8ZxevMRFutQh81ORGVABUstNtQZ7sXyyQLjzd
uuh1cfIc/x0GsbMjAvWAkvCTCBzl
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:30 2023 by rpki-client on console-ams.rpki-client.org