Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/zdGy-gI6mqm7Qb0jBLlRrOPJnQ0.roa
File: zdGy-gI6mqm7Qb0jBLlRrOPJnQ0.roa (raw, json)
Hash identifier: DT99aRg6g4KsRQIOYe6N0buSLFhseXGeuHBd9761p5w=
Subject key identifier: CD:D1:B2:FA:02:3A:9A:A9:BB:41:BD:23:04:B9:51:AC:E3:C9:9D:0D
Certificate issuer: /CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Certificate serial: 045DC5C0
Authority key identifier: C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/zdGy-gI6mqm7Qb0jBLlRrOPJnQ0.roa
Signing time: Sat 01 Jan 2022 06:03:27 +0000
ROA not before: Sat 01 Jan 2022 06:03:27 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200937
IP address blocks: 185.90.151.0/24 maxlen: 24
185.90.148.0/24 maxlen: 24
185.90.149.0/24 maxlen: 24
185.90.150.0/24 maxlen: 24
185.90.148.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 73254336 (0x45dc5c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Validity
Not Before: Jan 1 06:03:27 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cdd1b2fa023a9aa9bb41bd2304b951ace3c99d0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:66:e4:98:c9:aa:b7:e1:17:a2:e0:60:1c:b1:
c3:49:4c:7f:9a:4a:13:0e:78:4d:5d:2f:c8:98:0b:
0b:ed:88:83:ef:dd:51:90:7b:0c:1b:a7:d2:e1:d5:
c1:aa:60:fe:dd:9c:2a:7f:88:f6:e1:a0:80:75:12:
1e:1b:83:27:0b:07:c5:55:ad:3f:ab:a2:ed:f9:11:
38:26:d2:2b:42:02:27:5b:7e:f7:06:d6:fc:f5:e5:
86:0c:80:4b:e8:a0:3e:ad:25:82:61:a4:59:8c:b7:
71:d9:34:6b:36:a1:e9:17:cd:d3:67:cf:5f:5a:d5:
f3:58:6e:d1:49:af:8d:f2:a2:03:4b:6a:0a:bd:b3:
86:bb:ec:03:ce:a7:8e:51:29:74:75:72:26:ab:6d:
fc:ce:29:db:2b:69:c9:22:f4:20:a0:87:63:6b:9d:
50:78:de:f4:a9:fb:ea:7b:00:b5:5c:56:5e:d9:a3:
0d:ba:be:3f:91:fb:a6:46:cc:00:59:a9:2e:15:19:
08:53:09:e6:0e:d5:7a:52:98:db:e0:67:dc:74:47:
f7:53:a1:ac:7b:0d:63:21:63:bb:71:19:bc:92:f9:
df:2c:ce:1d:0e:cb:a4:26:e4:5d:5d:30:c2:21:7d:
4d:e5:6f:e0:17:e8:8e:de:d0:23:64:5d:99:d9:cb:
35:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:D1:B2:FA:02:3A:9A:A9:BB:41:BD:23:04:B9:51:AC:E3:C9:9D:0D
X509v3 Authority Key Identifier:
keyid:C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/zdGy-gI6mqm7Qb0jBLlRrOPJnQ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.90.148.0/22
Signature Algorithm: sha256WithRSAEncryption
7b:c4:4b:aa:8b:01:3b:08:5a:38:aa:79:f1:92:22:e3:6a:d0:
7e:fc:87:b5:85:ad:d3:53:95:ac:2c:4e:9a:4e:f3:bb:fc:d4:
89:6d:24:b7:47:b8:8c:10:6b:06:30:b5:14:a2:42:e6:9f:f4:
e7:af:30:90:1f:da:f4:0b:60:2b:25:48:0f:df:4f:6e:bb:d1:
81:a9:a9:13:d6:e0:f3:0d:14:61:43:18:16:6a:5a:61:5c:e0:
7e:de:cd:8c:00:45:c2:a5:1d:ae:7c:52:7b:a5:a3:7a:7c:ce:
65:35:24:27:51:88:b9:46:19:36:40:5e:20:81:25:09:6e:99:
7d:48:5b:81:52:27:88:eb:2c:18:5e:97:97:e5:4d:16:e2:b8:
8c:bd:11:eb:d4:07:8c:b2:1f:27:58:bb:51:f1:f6:2b:70:e2:
bd:dc:bc:3e:bf:aa:ef:fe:09:71:57:bc:fa:18:aa:b5:7a:e2:
11:b2:aa:c5:37:7b:19:1a:0c:07:81:31:22:bf:13:33:ef:87:
b4:40:cb:7d:a8:b2:6d:cc:55:8d:ae:38:f2:53:81:db:43:29:
30:2f:cc:54:d6:90:86:0a:e0:6b:13:7d:67:7e:52:f8:97:a0:
50:0a:00:c7:14:d2:a4:1a:2e:c4:13:8e:98:84:5b:b1:3e:72:
c3:a3:35:f5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBF3FwDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
N2Q5MTQ2MmM0ZGMxZGY2YThhM2E5N2ExYWVlNTdhMGNjMTRlZmJhMB4XDTIyMDEw
MTA2MDMyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2RkMWIyZmEwMjNh
OWFhOWJiNDFiZDIzMDRiOTUxYWNlM2M5OWQwZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKNm5JjJqrfhF6LgYByxw0lMf5pKEw54TV0vyJgLC+2Ig+/d
UZB7DBun0uHVwapg/t2cKn+I9uGggHUSHhuDJwsHxVWtP6ui7fkROCbSK0ICJ1t+
9wbW/PXlhgyAS+igPq0lgmGkWYy3cdk0azah6RfN02fPX1rV81hu0UmvjfKiA0tq
Cr2zhrvsA86njlEpdHVyJqtt/M4p2ytpySL0IKCHY2udUHje9Kn76nsAtVxWXtmj
Dbq+P5H7pkbMAFmpLhUZCFMJ5g7VelKY2+Bn3HRH91OhrHsNYyFju3EZvJL53yzO
HQ7LpCbkXV0wwiF9TeVv4Bfojt7QI2RdmdnLNRECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTN0bL6AjqaqbtBvSMEuVGs48mdDTAfBgNVHSMEGDAWgBTH2RRixNwd9qij
qXoa7legzBTvujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3g5a1VZc1RjSGZhb282bDZHdTVYb013VTc3by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvMzE4YTIzLTI4NzYtNDZhMi1hZjcyLTM0OTdmN2UyZGU2Mi8x
L3pkR3ktZ0k2bXFtN1FiMGpCTGxSck9QSm5RMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
MzE4YTIzLTI4NzYtNDZhMi1hZjcyLTM0OTdmN2UyZGU2Mi8xL3g5a1VZc1RjSGZh
b282bDZHdTVYb013VTc3by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlalDANBgkqhkiG9w0BAQsFAAOC
AQEAe8RLqosBOwhaOKp58ZIi42rQfvyHtYWt01OVrCxOmk7zu/zUiW0kt0e4jBBr
BjC1FKJC5p/0568wkB/a9AtgKyVID99PbrvRgampE9bg8w0UYUMYFmpaYVzgft7N
jABFwqUdrnxSe6WjenzOZTUkJ1GIuUYZNkBeIIElCW6ZfUhbgVIniOssGF6Xl+VN
FuK4jL0R69QHjLIfJ1i7UfH2K3Divdy8Pr+q7/4JcVe8+hiqtXriEbKqxTd7GRoM
B4ExIr8TM++HtEDLfaiybcxVja448lOB20MpMC/MVNaQhgrgaxN9Z35S+JegUAoA
xxTSpBouxBOOmIRbsT5yw6M19Q==
-----END CERTIFICATE-----
Generated at Wed Apr 16 08:36:55 2025 by rpki-client