Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ZgvsYGjusz-ljtfr55inKAglCP8.roa
File: ZgvsYGjusz-ljtfr55inKAglCP8.roa (raw, json)
Hash identifier: BHxiR0QUgTl7F8wWKlyU0p91jHmRLCEv6BTFYaJAa34=
Subject key identifier: 66:0B:EC:60:68:EE:B3:3F:A5:8E:D7:EB:E7:98:A7:28:08:25:08:FF
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 018CC64B3F52ED9DBCC4D7C5C796038F4D7A
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ZgvsYGjusz-ljtfr55inKAglCP8.roa
Signing time: Mon 01 Jan 2024 18:31:09 +0000
ROA not before: Mon 01 Jan 2024 18:31:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210000
IP address blocks: 31.41.34.0/24 maxlen: 24
176.119.223.0/24 maxlen: 24
194.156.188.0/24 maxlen: 24
2a12:3fc1:2001::/48 maxlen: 48
2a12:3fc1:1001::/48 maxlen: 48
2a12:3fc1:1002::/48 maxlen: 48
2a12:3fc0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:3f:52:ed:9d:bc:c4:d7:c5:c7:96:03:8f:4d:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Jan 1 18:31:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=660bec6068eeb33fa58ed7ebe798a728082508ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:69:f4:ce:1a:54:68:d2:b4:10:58:26:d6:4f:
28:35:c0:fe:10:76:32:d2:53:5c:ba:be:4d:d3:c9:
5e:9a:3f:78:50:1f:75:21:d2:ef:32:bf:64:54:c3:
85:ea:df:3d:93:2c:f9:4a:27:b1:d8:0a:b8:5d:b1:
ec:fe:b8:2a:56:b6:b7:7d:82:eb:b1:28:e5:0e:cc:
3e:bf:95:f5:20:38:a3:59:9b:e6:06:bb:1e:7d:b5:
96:0b:3d:49:ad:0b:2d:e6:40:9e:28:21:50:90:b9:
a9:ec:4b:10:1f:23:b6:7a:24:4b:5a:b8:73:a4:39:
eb:ac:cf:e5:65:e7:49:b0:fa:ac:bb:4e:64:00:3e:
18:c4:eb:fc:51:0b:97:f8:04:f5:eb:ba:2f:02:87:
13:89:64:b9:28:c4:24:60:1a:0f:fb:f5:e6:5b:db:
aa:79:4f:2d:07:a7:64:66:7a:e9:1f:36:1e:21:1d:
67:26:97:6e:69:34:3b:f3:9b:ad:2a:d8:3c:09:67:
fa:f1:67:44:6e:7c:87:54:45:bd:ea:af:5f:d6:58:
09:1f:ed:6e:13:78:37:51:16:bc:29:83:0e:e5:d5:
54:48:8b:0d:c8:72:54:8e:12:c1:6f:d7:db:55:26:
51:b1:e6:5d:00:53:9c:7a:1f:26:fd:62:f2:44:20:
3e:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:0B:EC:60:68:EE:B3:3F:A5:8E:D7:EB:E7:98:A7:28:08:25:08:FF
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/ZgvsYGjusz-ljtfr55inKAglCP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.34.0/24
176.119.223.0/24
194.156.188.0/24
IPv6:
2a12:3fc0::/29
Signature Algorithm: sha256WithRSAEncryption
62:0a:6d:15:ab:06:0b:51:d4:f5:a5:37:e6:77:33:1e:ec:f6:
f5:09:ab:f2:24:81:a4:f2:bd:c6:2d:77:70:46:d4:65:97:e8:
f0:dc:55:fa:d3:3a:2a:b5:c4:d6:b3:48:f4:68:fc:02:5f:26:
3a:b6:a5:d9:70:04:36:22:fa:bb:cf:2a:80:a1:4e:d0:03:76:
9b:29:53:21:ec:37:ec:83:ee:a2:8d:93:3b:16:ea:71:1a:1d:
68:ae:7c:cb:2f:da:84:0b:f6:57:d4:b8:75:2c:a5:93:3d:63:
1a:31:f1:1d:35:17:cf:7b:76:5b:9e:38:f7:76:7d:e1:93:7f:
fb:e3:95:d6:85:a7:57:a4:2f:79:98:bf:32:08:ff:b6:7c:16:
51:a5:39:92:91:19:0d:6b:63:0a:ae:ea:79:48:b4:08:18:75:
00:ab:c6:1e:a4:0c:c5:ad:2b:48:3e:00:84:93:2f:ab:3f:26:
d6:83:5a:6e:39:70:0f:25:ef:0b:c7:53:10:f4:46:cc:17:fa:
d4:c5:d4:59:04:a8:a1:d1:fe:2e:bd:34:f7:7a:cb:55:31:e7:
9e:fe:04:96:0e:5e:c8:28:99:06:96:8b:f7:52:0b:1e:51:4a:
eb:c7:db:5c:85:8f:f6:ec:50:4d:a0:40:e0:4a:83:a0:e3:1f:
2a:cd:e3:8d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGSz9S7Z28xNfFx5YDj016MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjBiZWM2MDY4ZWViMzNmYTU4ZWQ3ZWJlNzk4YTcyODA4MjUwOGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumn0zhpUaNK0EFgm1k8oNcD+EHYy
0lNcur5N08lemj94UB91IdLvMr9kVMOF6t89kyz5Siex2Aq4XbHs/rgqVra3fYLr
sSjlDsw+v5X1IDijWZvmBrsefbWWCz1JrQst5kCeKCFQkLmp7EsQHyO2eiRLWrhz
pDnrrM/lZedJsPqsu05kAD4YxOv8UQuX+AT167ovAocTiWS5KMQkYBoP+/XmW9uq
eU8tB6dkZnrpHzYeIR1nJpduaTQ785utKtg8CWf68WdEbnyHVEW96q9f1lgJH+1u
E3g3URa8KYMO5dVUSIsNyHJUjhLBb9fbVSZRseZdAFOceh8m/WLyRCA+EQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGYL7GBo7rM/pY7X6+eYpygIJQj/MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvWmd2c1lHanVzei1sanRmcjU1aW5LQWdsQ1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAHykiAwQA
sHffAwQAwpy8MA0EAgACMAcDBQMqEj/AMA0GCSqGSIb3DQEBCwUAA4IBAQBiCm0V
qwYLUdT1pTfmdzMe7Pb1CavyJIGk8r3GLXdwRtRll+jw3FX60zoqtcTWs0j0aPwC
XyY6tqXZcAQ2Ivq7zyqAoU7QA3abKVMh7Dfsg+6ijZM7FupxGh1ornzLL9qEC/ZX
1Lh1LKWTPWMaMfEdNRfPe3Zbnjj3dn3hk3/745XWhadXpC95mL8yCP+2fBZRpTmS
kRkNa2MKrup5SLQIGHUAq8YepAzFrStIPgCEky+rPybWg1puOXAPJe8Lx1MQ9EbM
F/rUxdRZBKih0f4uvTT3estVMeee/gSWDl7IKJkGlov3UgseUUrrx9tchY/27FBN
oEDgSoOg4x8qzeON
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:09:12 2025 by rpki-client