Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/z2X_FndbuxfoXAbHiElTYhUe5EI.roa
File: z2X_FndbuxfoXAbHiElTYhUe5EI.roa (raw, json)
Hash identifier: iKWzgnaMZj/ChoH16BZYtNoD+ZEtSO2hc8ZIeDp6clU=
Subject key identifier: CF:65:FF:16:77:5B:BB:17:E8:5C:06:C7:88:49:53:62:15:1E:E4:42
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 01831D8D9E42DC9BE0AE789DD5E1F4EC0032
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/z2X_FndbuxfoXAbHiElTYhUe5EI.roa
Signing time: Thu 08 Sep 2022 14:42:43 +0000
ROA not before: Thu 08 Sep 2022 14:42:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3257
IP address blocks: 94.131.48.0/20 maxlen: 24
95.164.16.0/22 maxlen: 22
94.131.64.0/20 maxlen: 24
95.164.128.0/20 maxlen: 24
95.164.240.0/21 maxlen: 21
95.164.44.0/22 maxlen: 22
95.164.84.0/22 maxlen: 22
94.131.24.0/22 maxlen: 24
149.154.176.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:1d:8d:9e:42:dc:9b:e0:ae:78:9d:d5:e1:f4:ec:00:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Sep 8 14:42:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cf65ff16775bbb17e85c06c788495362151ee442
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:07:5c:c6:ca:90:5a:fa:51:ba:c6:a7:0b:2c:
eb:d4:e7:99:76:02:aa:d8:ea:7e:c6:ee:72:f6:27:
34:83:7d:6d:62:2e:28:03:de:bd:27:9c:7e:c0:9e:
37:bc:4e:42:a9:ee:31:e1:18:e1:f7:c7:96:75:45:
55:5f:a7:d5:f6:32:56:44:58:a6:f2:ca:9d:ee:c2:
e6:d3:3a:fa:e1:02:6b:eb:7f:24:2e:a6:39:0f:fd:
55:ce:04:24:c6:25:74:d5:7e:39:81:ef:96:d6:c0:
21:e8:9e:fc:35:1c:19:27:b5:d4:71:36:42:3b:42:
af:d0:ec:0a:f2:54:36:94:89:85:47:f2:c3:fc:a7:
11:4c:c6:ee:f8:b1:4c:7a:a8:a7:9d:1d:3f:4e:e7:
af:ce:b3:d8:e7:e4:87:e5:fa:8f:01:ed:d7:88:3c:
79:c2:5e:08:9a:2e:c7:9d:14:1e:1f:59:f3:1f:fa:
9a:3b:0e:f9:36:15:d3:d1:71:9b:3f:15:6e:7f:81:
32:67:c2:6c:d3:2f:4a:6b:a0:91:64:30:ad:6b:31:
a2:3a:33:bf:06:f4:b0:7e:7c:7a:d2:88:28:f1:b6:
4f:3c:df:2d:de:9c:12:8d:42:e1:53:47:45:16:53:
1e:83:f1:74:eb:3e:83:92:2c:03:a1:64:a4:de:c3:
32:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:65:FF:16:77:5B:BB:17:E8:5C:06:C7:88:49:53:62:15:1E:E4:42
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/z2X_FndbuxfoXAbHiElTYhUe5EI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.24.0/22
94.131.48.0-94.131.79.255
95.164.16.0/22
95.164.44.0/22
95.164.84.0/22
95.164.128.0/20
95.164.240.0/21
149.154.176.0/20
Signature Algorithm: sha256WithRSAEncryption
6a:9a:76:15:b6:e4:20:33:3e:99:29:78:61:39:d6:b1:93:8b:
c1:f4:9f:0b:ce:d5:0a:30:8d:86:89:e7:9a:d6:a5:e2:4a:f5:
5f:22:24:2d:bf:96:fa:7c:04:fb:43:6d:e9:19:68:63:f7:72:
af:98:a6:31:44:71:b0:52:e8:ab:52:36:4a:2a:7a:96:f7:c1:
a4:2a:69:97:e5:01:ce:9e:4b:46:5c:79:3f:ed:5a:72:f9:64:
65:2e:25:c5:12:4c:86:f4:a5:08:91:40:1d:03:d4:ea:aa:eb:
8e:22:fb:73:b9:73:71:15:52:8f:f7:49:ab:bd:0e:53:b0:6e:
60:8a:0d:fb:31:e4:40:25:36:43:bb:9c:c8:fb:e3:98:48:d8:
2a:fe:86:11:15:c9:89:e5:14:ae:4f:29:f0:54:8a:2c:bf:52:
28:3c:f8:49:9c:ff:a4:f4:4c:2a:f1:07:cc:b1:2f:96:09:86:
91:2c:b8:b5:6e:80:90:f1:99:2b:2d:af:b7:27:49:f8:d3:94:
25:7d:da:0a:05:db:92:3c:7a:50:34:5e:4b:c2:e1:52:21:96:
e7:bd:e9:78:e6:4b:41:9a:3f:be:75:3c:ca:2c:e0:f9:ae:20:
8a:03:05:9b:1f:0c:df:77:be:07:20:3e:4a:ee:b6:4a:ed:b9:
3b:f1:04:22
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYMdjZ5C3Jvgrnid1eH07AAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjIwOTA4MTQ0MjQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjY1ZmYxNjc3NWJiYjE3ZTg1YzA2Yzc4ODQ5NTM2MjE1MWVlNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwdcxsqQWvpRusanCyzr1OeZdgKq
2Op+xu5y9ic0g31tYi4oA969J5x+wJ43vE5Cqe4x4Rjh98eWdUVVX6fV9jJWRFim
8sqd7sLm0zr64QJr638kLqY5D/1VzgQkxiV01X45ge+W1sAh6J78NRwZJ7XUcTZC
O0Kv0OwK8lQ2lImFR/LD/KcRTMbu+LFMeqinnR0/TuevzrPY5+SH5fqPAe3XiDx5
wl4Imi7HnRQeH1nzH/qaOw75NhXT0XGbPxVuf4EyZ8Js0y9Ka6CRZDCtazGiOjO/
BvSwfnx60ogo8bZPPN8t3pwSjULhU0dFFlMeg/F06z6DkiwDoWSk3sMyQQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFM9l/xZ3W7sX6FwGx4hJU2IVHuRCMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvejJYX0ZuZGJ1eGZvWEFiSGlFbFRZaFVlNUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCXoMYMAwD
BARegzADBAReg0ADBAJfpBADBAJfpCwDBAJfpFQDBARfpIADBANfpPADBASVmrAw
DQYJKoZIhvcNAQELBQADggEBAGqadhW25CAzPpkpeGE51rGTi8H0nwvO1QowjYaJ
55rWpeJK9V8iJC2/lvp8BPtDbekZaGP3cq+YpjFEcbBS6KtSNkoqepb3waQqaZfl
Ac6eS0ZceT/tWnL5ZGUuJcUSTIb0pQiRQB0D1Oqq644i+3O5c3EVUo/3Sau9DlOw
bmCKDfsx5EAlNkO7nMj745hI2Cr+hhEVyYnlFK5PKfBUiiy/Uig8+Emc/6T0TCrx
B8yxL5YJhpEsuLVugJDxmSstr7cnSfjTlCV92goF25I8elA0XkvC4VIhlue96Xjm
S0GaP751PMos4PmuIIoDBZsfDN93vgcgPkrutkrtuTvxBCI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:58 2024 by rpki-client on console-fra.rpki-client.org