Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/ZK9UagHSzhyVW2zlY4VkBmpvHaY.roa
File: ZK9UagHSzhyVW2zlY4VkBmpvHaY.roa (raw, json)
Hash identifier: J5MSFQnhsDIborawUelxiYvX4l5NVHgFi8zQkikw8EM=
Subject key identifier: 64:AF:54:6A:01:D2:CE:1C:95:5B:6C:E5:63:85:64:06:6A:6F:1D:A6
Certificate issuer: /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial: 018CCA2B58AF25BEC8E06A2250D3260C0404
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/ZK9UagHSzhyVW2zlY4VkBmpvHaY.roa
Signing time: Tue 02 Jan 2024 12:34:47 +0000
ROA not before: Tue 02 Jan 2024 12:34:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202656
IP address blocks: 194.34.249.0/24 maxlen: 24
176.53.135.0/24 maxlen: 24
176.53.134.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2b:58:af:25:be:c8:e0:6a:22:50:d3:26:0c:04:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
Validity
Not Before: Jan 2 12:34:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=64af546a01d2ce1c955b6ce5638564066a6f1da6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:17:dc:a9:76:56:e9:e0:0d:0f:d6:52:ba:01:
6a:9c:a1:27:af:22:bc:2b:9b:46:00:8d:87:a8:4f:
b0:2d:89:86:b9:e4:94:6e:f6:82:eb:82:be:6e:c1:
a7:87:15:46:c5:99:fa:a4:b0:d7:08:4f:bc:65:09:
ae:e6:70:24:62:a7:b8:10:bb:9b:5b:93:e1:ac:cb:
af:ea:62:01:49:a8:35:a3:f3:c0:27:42:24:94:29:
f4:49:75:68:7f:6b:12:31:4b:31:48:28:c2:70:f5:
2b:d1:a6:15:00:10:2b:06:79:24:ef:06:d8:51:22:
ba:72:d2:5e:ea:43:37:b7:3f:12:2b:a1:4f:5c:47:
78:1a:ed:66:86:eb:8b:b4:40:63:a5:66:8c:8b:8e:
46:ea:bf:10:c9:a6:d8:50:32:00:e2:da:91:aa:6f:
7e:34:80:66:f6:07:61:d5:06:5a:fc:1f:6e:c7:46:
fe:de:d2:23:2c:a3:ce:45:51:8f:a9:96:90:a5:66:
8a:e2:2c:db:e1:fe:e9:16:f1:d5:13:1f:a5:00:6d:
ce:1f:30:ef:11:23:e4:6b:60:ca:0e:6f:84:0d:76:
06:b5:68:8b:8c:95:fd:47:c9:28:72:af:95:44:1b:
2d:51:a0:d9:49:44:f3:53:8e:ab:1a:a3:2f:62:d6:
58:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:AF:54:6A:01:D2:CE:1C:95:5B:6C:E5:63:85:64:06:6A:6F:1D:A6
X509v3 Authority Key Identifier:
keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/ZK9UagHSzhyVW2zlY4VkBmpvHaY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.53.134.0/23
194.34.249.0/24
Signature Algorithm: sha256WithRSAEncryption
48:79:9f:4b:93:4a:e1:eb:ce:16:0a:80:5c:16:63:fd:ed:a5:
8b:2e:f1:fd:87:98:f0:bb:87:5c:3b:71:df:7c:73:0a:38:f1:
17:e2:26:b8:bb:57:05:92:a5:90:a2:00:6e:67:3c:96:6b:15:
89:3f:8a:5c:30:a3:6f:c3:df:96:3d:8e:ae:1e:f7:d0:15:8c:
cd:e6:00:8b:cc:b9:b4:14:fc:b7:04:09:ba:7a:1c:6d:c6:a9:
55:e1:42:3f:c9:42:a2:c0:27:7a:87:9a:e8:46:65:a6:11:36:
30:54:50:26:1e:2e:58:32:f4:50:bf:90:d2:a1:64:14:26:5b:
4b:51:cb:4e:46:dd:c5:1a:8d:ce:79:50:53:10:15:9b:08:a5:
37:00:d9:44:96:ec:b9:64:64:24:06:e7:26:7e:a2:30:b3:57:
b5:42:fe:f9:f9:bb:85:b1:5f:72:b6:33:e3:52:5b:58:94:ea:
9e:f0:13:fb:5e:34:94:13:27:3e:cb:9a:bc:57:94:65:a2:86:
b1:bf:24:72:2e:7d:63:37:03:6f:b0:23:54:e7:1b:36:ee:ba:
74:4c:98:25:a2:8b:a6:8a:e6:32:57:8a:29:93:18:bd:b3:af:
cd:64:ba:95:20:e7:51:82:a0:31:f0:78:ac:c0:51:74:a8:3d:
ae:b3:a8:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK1ivJb7I4GoiUNMmDAQEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGFmNTQ2YTAxZDJjZTFjOTU1YjZjZTU2Mzg1NjQwNjZhNmYxZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhfcqXZW6eAND9ZSugFqnKEnryK8
K5tGAI2HqE+wLYmGueSUbvaC64K+bsGnhxVGxZn6pLDXCE+8ZQmu5nAkYqe4ELub
W5PhrMuv6mIBSag1o/PAJ0IklCn0SXVof2sSMUsxSCjCcPUr0aYVABArBnkk7wbY
USK6ctJe6kM3tz8SK6FPXEd4Gu1mhuuLtEBjpWaMi45G6r8QyabYUDIA4tqRqm9+
NIBm9gdh1QZa/B9ux0b+3tIjLKPORVGPqZaQpWaK4izb4f7pFvHVEx+lAG3OHzDv
ESPka2DKDm+EDXYGtWiLjJX9R8kocq+VRBstUaDZSUTzU46rGqMvYtZYdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGSvVGoB0s4clVts5WOFZAZqbx2mMB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEvWks5VWFnSFN6aHlWVzJ6bFk0VmtCbXB2SGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsDWGAwQA
wiL5MA0GCSqGSIb3DQEBCwUAA4IBAQBIeZ9Lk0rh684WCoBcFmP97aWLLvH9h5jw
u4dcO3HffHMKOPEX4ia4u1cFkqWQogBuZzyWaxWJP4pcMKNvw9+WPY6uHvfQFYzN
5gCLzLm0FPy3BAm6ehxtxqlV4UI/yUKiwCd6h5roRmWmETYwVFAmHi5YMvRQv5DS
oWQUJltLUctORt3FGo3OeVBTEBWbCKU3ANlEluy5ZGQkBucmfqIws1e1Qv75+buF
sV9ytjPjUltYlOqe8BP7XjSUEyc+y5q8V5RlooaxvyRyLn1jNwNvsCNU5xs27rp0
TJglooumiuYyV4opkxi9s6/NZLqVIOdRgqAx8HiswFF0qD2us6jL
-----END CERTIFICATE-----
Generated at Fri Feb 9 21:14:25 2024 by rpki-client on console-ams.rpki-client.org