Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/zkqTzaFy05iATN_C8P45zoxCVEw.roa
File: zkqTzaFy05iATN_C8P45zoxCVEw.roa (raw, json)
Hash identifier: crM+fp/kDHxoslUj2UyDfjqrSsZNqyA9nnTKyW67O1I=
Subject key identifier: CE:4A:93:CD:A1:72:D3:98:80:4C:DF:C2:F0:FE:39:CE:8C:42:54:4C
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 10CD6DE8
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/zkqTzaFy05iATN_C8P45zoxCVEw.roa
Signing time: Sat 01 Jan 2022 02:51:06 +0000
ROA not before: Sat 01 Jan 2022 02:51:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 13285
IP address blocks: 78.144.0.0/13 maxlen: 24
2.96.0.0/13 maxlen: 24
217.68.128.0/20 maxlen: 24
84.13.0.0/16 maxlen: 24
185.173.120.0/22 maxlen: 24
92.0.0.0/11 maxlen: 24
62.24.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
212.139.148.0/22 maxlen: 22
62.241.160.0/19 maxlen: 24
185.173.116.0/22 maxlen: 24
212.139.133.0/24 maxlen: 24
2001:4a00::/27 maxlen: 27
2001:7e0::/32 maxlen: 32
2a0b:e900::/29 maxlen: 29
2a0b:db00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 281898472 (0x10cd6de8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Jan 1 02:51:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ce4a93cda172d398804cdfc2f0fe39ce8c42544c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:aa:0f:72:b6:5a:e3:3e:2e:0f:5a:6d:55:b4:
05:90:09:b6:a6:2e:26:b7:b8:e9:6d:a1:00:21:10:
36:09:c2:f0:02:66:eb:0f:0b:ce:bc:14:ba:84:c4:
8e:1b:3b:27:b0:cf:51:ed:08:d1:14:bd:88:4d:28:
6f:06:cc:18:c6:c2:43:38:36:fc:5a:26:2f:f2:7e:
ae:fe:5a:81:10:91:bf:6b:b2:83:83:e0:6c:9b:ae:
89:d7:30:07:b2:61:9d:79:06:7a:69:ba:62:b0:ad:
31:e7:5a:db:7c:ac:87:17:8a:a0:8e:64:38:e8:9c:
a3:80:88:06:ba:37:e9:a8:bf:58:b3:71:2e:1b:08:
99:ed:b2:f7:43:a4:1c:c7:d7:91:28:de:5b:56:7d:
98:81:0c:6b:26:7c:35:58:36:95:db:f0:5f:6b:81:
d5:a1:d8:9f:f8:f0:ba:d0:d0:b2:02:f9:af:75:cc:
7d:3c:92:5b:80:7a:f4:58:35:66:47:2c:ae:c4:f6:
ce:4d:7e:1a:fa:5a:84:a9:2c:6a:c3:34:59:b7:d4:
d1:1d:d3:10:c9:28:dd:3b:57:c6:7c:f9:a3:f4:e6:
84:cf:7e:87:2e:e5:d1:28:4a:c1:4c:13:f7:b0:b4:
37:73:a2:f6:c5:d1:e5:6d:96:92:da:72:c1:07:b1:
af:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:4A:93:CD:A1:72:D3:98:80:4C:DF:C2:F0:FE:39:CE:8C:42:54:4C
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/zkqTzaFy05iATN_C8P45zoxCVEw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
84.13.0.0/16
89.240.0.0/14
92.0.0.0/11
185.173.116.0-185.173.123.255
212.139.133.0/24
212.139.148.0/22
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
74:fa:11:f6:da:e8:86:29:6f:c5:40:80:b5:f9:ec:78:ab:be:
ef:ad:9d:dd:72:37:81:76:30:fc:99:f0:e4:a8:4e:3d:d6:17:
ca:88:b8:59:11:f9:6c:be:2c:e3:0c:99:ed:db:bc:5e:60:2f:
22:b7:b3:81:5e:65:fa:97:ea:a2:ec:8b:89:ef:03:9b:40:2a:
d6:cd:fa:6c:86:c3:fc:5d:f7:d5:be:ea:e7:53:1b:5e:eb:a7:
cf:f9:db:a7:32:f9:57:5d:c3:3e:75:a3:7d:f1:cf:99:00:65:
cc:56:4b:a9:13:00:04:a1:ba:89:3d:29:7d:d5:d0:b5:8c:64:
e5:8b:af:44:90:09:4f:7d:86:82:37:af:a5:c1:ed:90:9f:91:
3b:35:24:99:ad:80:f0:45:e6:0b:09:b6:97:4d:35:55:9c:50:
5d:2f:69:46:52:f3:4d:21:c9:19:4e:99:43:a3:1d:77:48:b0:
ab:73:51:cd:29:b6:4f:66:bb:ff:f2:15:65:21:5b:fb:8c:4d:
97:0a:62:aa:9b:f5:57:6c:42:cd:0b:c1:c6:f4:6f:74:7d:3b:
ee:c9:33:93:2f:3c:cb:c7:a0:eb:54:f9:23:be:34:23:dd:6e:
96:09:26:bb:78:72:03:36:14:04:0d:5c:ab:23:7d:14:a7:e8:
1f:52:49:38
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgIEEM1t6DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
OTgwN2Y2ZDUwZDk3ZDk3MWRjZjJlMmU1MDY0ZTliOTA3YWRiM2VjMB4XDTIyMDEw
MTAyNTEwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2U0YTkzY2RhMTcy
ZDM5ODgwNGNkZmMyZjBmZTM5Y2U4YzQyNTQ0YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALyqD3K2WuM+Lg9abVW0BZAJtqYuJre46W2hACEQNgnC8AJm
6w8LzrwUuoTEjhs7J7DPUe0I0RS9iE0obwbMGMbCQzg2/FomL/J+rv5agRCRv2uy
g4PgbJuuidcwB7JhnXkGemm6YrCtMeda23yshxeKoI5kOOico4CIBro36ai/WLNx
LhsIme2y90OkHMfXkSjeW1Z9mIEMayZ8NVg2ldvwX2uB1aHYn/jwutDQsgL5r3XM
fTySW4B69Fg1ZkcsrsT2zk1+GvpahKksasM0WbfU0R3TEMko3TtXxnz5o/TmhM9+
hy7l0ShKwUwT97C0N3Oi9sXR5W2WktpywQexr38CAwEAAaOCAm0wggJpMB0GA1Ud
DgQWBBTOSpPNoXLTmIBM38Lw/jnOjEJUTDAfBgNVHSMEGDAWgBSpgH9tUNl9lx3P
Li5QZOm5B62z7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FZQl9iVkRaZlpjZHp5NHVVR1RwdVFldHMtdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvY2E5ZGJlLTAwOTUtNDBmMy1iOTMyLTBkOGY3ZGQ4Y2NlNi8x
L3prcVR6YUZ5MDVpQVROX0M4UDQ1em94Q1ZFdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
Y2E5ZGJlLTAwOTUtNDBmMy1iOTMyLTBkOGY3ZGQ4Y2NlNi8xL3FZQl9iVkRaZlpj
ZHp5NHVVR1RwdVFldHMtdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
ggYIKwYBBQUHAQcBAf8EczBxMEsEAgABMEUDAwMCYAMEBz4YgAMEBT7xoAMDA06Q
AwMAVA0DAwJZ8AMDBVwAMAwDBAK5rXQDBAK5rXgDBADUi4UDBALUi5QDBATZRIAw
IgQCAAIwHAMFACABB+ADBQUgAUoAAwUDKgvbAAMFAyoL6QAwDQYJKoZIhvcNAQEL
BQADggEBAHT6Efba6IYpb8VAgLX57Hirvu+tnd1yN4F2MPyZ8OSoTj3WF8qIuFkR
+Wy+LOMMme3bvF5gLyK3s4FeZfqX6qLsi4nvA5tAKtbN+myGw/xd99W+6udTG17r
p8/526cy+Vddwz51o33xz5kAZcxWS6kTAAShuok9KX3V0LWMZOWLr0SQCU99hoI3
r6XB7ZCfkTs1JJmtgPBF5gsJtpdNNVWcUF0vaUZS800hyRlOmUOjHXdIsKtzUc0p
tk9mu//yFWUhW/uMTZcKYqqb9VdsQs0Lwcb0b3R9O+7JM5MvPMvHoOtU+SO+NCPd
bpYJJrt4cgM2FAQNXKsjfRSn6B9SSTg=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:37 2023 by rpki-client on console-ams.rpki-client.org