Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/ZzFGayNaEogMoDwwQkc9fPBsK6E.roa
File: ZzFGayNaEogMoDwwQkc9fPBsK6E.roa (raw, json)
Hash identifier: lCTXA2TvTlCdlLzWHEPifigv3TfMYVKWPkKTNxoNS9c=
Subject key identifier: 67:31:46:6B:23:5A:12:88:0C:A0:3C:30:42:47:3D:7C:F0:6C:2B:A1
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 01857169E50F6F97A70C65607D6C25ECF48D
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/ZzFGayNaEogMoDwwQkc9fPBsK6E.roa
Signing time: Mon 02 Jan 2023 07:37:23 +0000
ROA not before: Mon 02 Jan 2023 07:37:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61084
IP address blocks: 193.31.116.0/24 maxlen: 24
213.226.119.0/24 maxlen: 24
176.98.41.0/24 maxlen: 24
84.54.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:69:e5:0f:6f:97:a7:0c:65:60:7d:6c:25:ec:f4:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 2 07:37:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6731466b235a12880ca03c3042473d7cf06c2ba1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:a4:3b:ec:ea:da:78:49:86:5b:3f:99:8b:70:
84:ce:36:07:0f:81:dc:66:23:4f:a7:02:9a:ce:f8:
4b:c2:ab:7b:a6:39:e6:10:50:1d:a2:58:71:76:a6:
1a:68:9d:10:ed:18:81:db:a8:b8:f4:d4:ad:30:a2:
32:1a:16:96:dc:9a:e5:b9:8b:d7:5c:1e:72:25:35:
6b:a4:a7:f4:3a:7c:0a:96:c3:d7:be:90:91:3d:c1:
d3:10:74:b4:71:96:64:05:65:bd:1d:2a:92:52:d6:
35:95:e1:d0:81:f1:c5:be:8b:83:73:3a:07:c7:f0:
b6:07:6a:45:f4:d1:21:4d:c0:c0:91:da:53:b5:3a:
c9:62:b7:14:19:e0:31:1f:19:f8:74:b0:4c:12:b8:
ae:17:c1:40:7a:9d:49:96:9b:91:9f:ba:e1:e3:38:
22:7b:67:4f:ed:0b:c4:c7:7b:c2:fd:ad:d2:14:4c:
26:55:1b:d1:59:32:32:66:bb:e0:fd:30:4f:ee:12:
db:84:55:d2:31:d6:ce:b4:3c:01:98:ca:d0:68:4c:
e3:99:67:c3:2a:e9:c8:79:06:4d:15:93:01:2d:92:
db:72:02:b7:77:46:e2:5b:14:97:4b:fe:3a:95:35:
a9:f4:ee:c1:4e:60:84:f4:79:d4:35:80:7c:b3:d0:
d1:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:31:46:6B:23:5A:12:88:0C:A0:3C:30:42:47:3D:7C:F0:6C:2B:A1
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/ZzFGayNaEogMoDwwQkc9fPBsK6E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.13.0/24
176.98.41.0/24
193.31.116.0/24
213.226.119.0/24
Signature Algorithm: sha256WithRSAEncryption
63:8a:60:b1:8e:93:8d:3b:7b:ed:2c:a3:4b:51:d7:d2:3e:6a:
1b:4a:47:00:9f:67:b9:c3:19:88:7b:e3:82:6f:15:40:fb:7b:
2e:2e:2d:89:1c:76:ed:5e:e2:c6:14:be:35:5b:ec:64:64:ae:
06:e3:79:cc:0d:df:e1:e4:23:dc:b4:4b:20:f9:92:e4:24:10:
25:2d:2a:cc:97:3d:df:ae:34:f9:6b:b5:f4:a1:b2:ea:db:b6:
05:6e:41:18:e1:60:55:1c:c5:02:95:3a:05:da:46:01:26:ae:
16:42:68:f5:ad:73:ca:3c:a5:df:b2:21:61:e8:49:7b:bd:b3:
25:e8:29:57:a8:d3:ba:fa:d8:83:18:d0:51:ee:0a:f1:b0:7d:
71:a3:d1:05:f3:6c:9b:48:da:a1:87:a1:e8:f0:3e:d7:24:67:
41:0d:fc:d5:bf:9b:72:3b:da:56:98:0a:ca:73:bf:50:36:5a:
86:81:e2:fb:86:c8:1b:cc:9e:41:0e:d2:15:ee:c3:cc:a8:3d:
53:46:e0:bc:6c:7d:03:2e:60:bf:a4:fe:da:49:24:d5:ab:6f:
64:36:1a:2c:04:d4:68:c5:eb:a0:31:41:6f:b4:81:91:45:0e:
bb:3d:3f:19:f6:38:b3:d0:90:4a:f9:5e:4f:d9:46:89:ac:ad:
4f:56:07:4e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVxaeUPb5enDGVgfWwl7PSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjMwMTAyMDczNzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzMxNDY2YjIzNWExMjg4MGNhMDNjMzA0MjQ3M2Q3Y2YwNmMyYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKQ77OraeEmGWz+Zi3CEzjYHD4Hc
ZiNPpwKazvhLwqt7pjnmEFAdolhxdqYaaJ0Q7RiB26i49NStMKIyGhaW3JrluYvX
XB5yJTVrpKf0OnwKlsPXvpCRPcHTEHS0cZZkBWW9HSqSUtY1leHQgfHFvouDczoH
x/C2B2pF9NEhTcDAkdpTtTrJYrcUGeAxHxn4dLBMEriuF8FAep1JlpuRn7rh4zgi
e2dP7QvEx3vC/a3SFEwmVRvRWTIyZrvg/TBP7hLbhFXSMdbOtDwBmMrQaEzjmWfD
KunIeQZNFZMBLZLbcgK3d0biWxSXS/46lTWp9O7BTmCE9HnUNYB8s9DR8wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGcxRmsjWhKIDKA8MEJHPXzwbCuhMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvWnpGR2F5TmFFb2dNb0R3d1FrYzlmUEJzSzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVDYNAwQA
sGIpAwQAwR90AwQA1eJ3MA0GCSqGSIb3DQEBCwUAA4IBAQBjimCxjpONO3vtLKNL
UdfSPmobSkcAn2e5wxmIe+OCbxVA+3suLi2JHHbtXuLGFL41W+xkZK4G43nMDd/h
5CPctEsg+ZLkJBAlLSrMlz3frjT5a7X0obLq27YFbkEY4WBVHMUClToF2kYBJq4W
Qmj1rXPKPKXfsiFh6El7vbMl6ClXqNO6+tiDGNBR7grxsH1xo9EF82ybSNqhh6Ho
8D7XJGdBDfzVv5tyO9pWmArKc79QNlqGgeL7hsgbzJ5BDtIV7sPMqD1TRuC8bH0D
LmC/pP7aSSTVq29kNhosBNRoxeugMUFvtIGRRQ67PT8Z9jiz0JBK+V5P2UaJrK1P
VgdO
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:47:30 2025 by rpki-client