Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/zQ1lOOg8Y4HmxpWiojo9tr4VDhY.roa
File: zQ1lOOg8Y4HmxpWiojo9tr4VDhY.roa (raw, json)
Hash identifier: sBuFlzrO0lSyk5oJFP12/GHSedx1GoNe3i9K0wINyyY=
Subject key identifier: CD:0D:65:38:E8:3C:63:81:E6:C6:95:A2:A2:3A:3D:B6:BE:15:0E:16
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 0183ACAB5674E01130C1BB64D93EB66D48A1
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/zQ1lOOg8Y4HmxpWiojo9tr4VDhY.roa
Signing time: Thu 06 Oct 2022 09:40:53 +0000
ROA not before: Thu 06 Oct 2022 09:40:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60721
IP address blocks: 185.199.150.0/24 maxlen: 24
185.228.75.0/24 maxlen: 24
185.228.72.0/24 maxlen: 24
185.214.111.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:ac:ab:56:74:e0:11:30:c1:bb:64:d9:3e:b6:6d:48:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Oct 6 09:40:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cd0d6538e83c6381e6c695a2a23a3db6be150e16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:33:27:6a:13:ba:7a:54:74:cc:c7:a2:48:cc:
ca:7d:b4:31:10:80:b4:9c:19:ec:91:50:05:13:e0:
38:6c:be:c9:ed:5c:f0:48:2f:1c:0c:de:41:3d:3a:
b5:53:2a:eb:4f:88:55:43:92:6f:2a:aa:24:38:65:
85:96:28:db:ed:93:d1:d4:b2:01:1b:f9:d3:cb:e9:
e0:7c:96:64:b1:e9:66:8b:9e:6b:d7:de:1e:91:c9:
8c:6c:fd:6c:30:29:f1:ce:6a:3e:fb:d7:37:f9:24:
44:c8:da:09:bb:a6:6b:dc:61:df:8d:35:ae:cd:8e:
02:9c:87:aa:e8:80:6d:32:e9:34:4a:2b:d9:68:87:
69:6f:bc:56:19:b1:24:82:8c:fb:f9:3d:db:ea:4d:
23:cb:60:cc:f5:5c:d5:cd:6d:00:63:cb:91:d9:30:
00:1d:39:55:d2:48:53:dd:d4:34:91:96:ad:3a:db:
1c:ad:ce:bc:f1:db:39:3f:f6:3d:42:9b:07:67:27:
e6:bf:fe:56:f8:ad:1d:19:e3:a2:df:21:13:51:4b:
53:a0:8d:42:bf:7a:a3:ed:e4:f2:6f:29:50:c5:a6:
db:d9:a7:9b:3c:c5:0f:39:63:f0:a4:bf:fa:e9:5b:
a3:b8:ec:be:59:8c:9c:33:9b:a7:85:5b:ee:55:a3:
49:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:0D:65:38:E8:3C:63:81:E6:C6:95:A2:A2:3A:3D:B6:BE:15:0E:16
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/zQ1lOOg8Y4HmxpWiojo9tr4VDhY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.199.150.0/24
185.214.111.0/24
185.228.72.0/24
185.228.75.0/24
Signature Algorithm: sha256WithRSAEncryption
85:7d:80:39:6a:9a:8a:6e:86:5e:26:91:5b:df:41:08:1c:f4:
77:c3:3a:1f:28:67:02:e7:28:fc:5f:9e:e8:59:b2:7a:54:1b:
d0:ee:f7:e0:b5:ea:d6:bf:f7:37:87:a1:a0:07:63:39:7d:fd:
f1:f6:8e:ea:a6:92:ae:b6:f1:9e:1d:a8:78:da:8f:ac:29:56:
4c:b4:72:bc:47:e2:a6:65:e4:dd:ba:78:8b:ca:5e:4d:79:3d:
87:e7:e4:5f:46:5c:f1:88:bf:f5:50:d1:ee:80:25:84:ab:98:
50:0e:70:4f:11:69:73:1b:16:6b:d1:49:f0:7e:62:9a:b7:87:
f8:fe:e9:8d:fe:18:01:fb:1b:58:93:13:10:75:0a:c9:bb:66:
ca:67:5c:99:91:bc:ed:17:8c:c4:84:b8:38:8c:ce:71:6e:fb:
ce:8a:0b:9a:02:87:34:2f:a2:5e:7a:03:65:a2:ab:00:10:2c:
b2:a5:c8:6e:05:0a:20:60:a0:1e:89:93:d5:19:69:99:4e:b9:
03:30:a8:6f:8b:88:b2:0e:e6:79:ee:f9:78:ce:18:d0:c1:82:
8b:34:ff:d5:a2:81:4b:1d:e7:04:2e:f4:7c:dd:68:a9:93:f0:
14:60:12:95:ae:f3:c6:90:06:3a:de:9c:c3:a0:6d:6c:bd:f5:
90:e3:05:8b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYOsq1Z04BEwwbtk2T62bUihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjIxMDA2MDk0MDUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDBkNjUzOGU4M2M2MzgxZTZjNjk1YTJhMjNhM2RiNmJlMTUwZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjMnahO6elR0zMeiSMzKfbQxEIC0
nBnskVAFE+A4bL7J7VzwSC8cDN5BPTq1UyrrT4hVQ5JvKqokOGWFlijb7ZPR1LIB
G/nTy+ngfJZkselmi55r194ekcmMbP1sMCnxzmo++9c3+SREyNoJu6Zr3GHfjTWu
zY4CnIeq6IBtMuk0SivZaIdpb7xWGbEkgoz7+T3b6k0jy2DM9VzVzW0AY8uR2TAA
HTlV0khT3dQ0kZatOtscrc688ds5P/Y9QpsHZyfmv/5W+K0dGeOi3yETUUtToI1C
v3qj7eTybylQxabb2aebPMUPOWPwpL/66VujuOy+WYycM5unhVvuVaNJfwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM0NZTjoPGOB5saVoqI6Pba+FQ4WMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvelExbE9PZzhZNEhteHBXaW9qbzl0cjRWRGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuceWAwQA
udZvAwQAueRIAwQAueRLMA0GCSqGSIb3DQEBCwUAA4IBAQCFfYA5apqKboZeJpFb
30EIHPR3wzofKGcC5yj8X57oWbJ6VBvQ7vfgterWv/c3h6GgB2M5ff3x9o7qppKu
tvGeHah42o+sKVZMtHK8R+KmZeTduniLyl5NeT2H5+RfRlzxiL/1UNHugCWEq5hQ
DnBPEWlzGxZr0UnwfmKat4f4/umN/hgB+xtYkxMQdQrJu2bKZ1yZkbztF4zEhLg4
jM5xbvvOiguaAoc0L6JeegNloqsAECyypchuBQogYKAeiZPVGWmZTrkDMKhvi4iy
DuZ57vl4zhjQwYKLNP/VooFLHecELvR83Wipk/AUYBKVrvPGkAY63pzDoG1svfWQ
4wWL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:36 2024 by rpki-client on console-ams.rpki-client.org