Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/zawxF4nUWPvJAbomVr_B8PM-wJc.roa
File: zawxF4nUWPvJAbomVr_B8PM-wJc.roa (raw, json)
Hash identifier: ADtcrA5oW2T1szfjU1pIhHm1homZ1Ba3XBccVshS5Vs=
Subject key identifier: CD:AC:31:17:89:D4:58:FB:C9:01:BA:26:56:BF:C1:F0:F3:3E:C0:97
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 018B1999DF203B406788641F93BDF3FD1B60
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/zawxF4nUWPvJAbomVr_B8PM-wJc.roa
Signing time: Tue 10 Oct 2023 12:39:56 +0000
ROA not before: Tue 10 Oct 2023 12:39:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210000
IP address blocks: 31.41.34.0/24 maxlen: 24
176.119.223.0/24 maxlen: 24
194.156.188.0/24 maxlen: 24
2a12:3fc1:2001::/48 maxlen: 48
2a12:3fc1:1001::/48 maxlen: 48
2a12:3fc1:1002::/48 maxlen: 48
2a12:3fc0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:19:99:df:20:3b:40:67:88:64:1f:93:bd:f3:fd:1b:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Oct 10 12:39:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cdac311789d458fbc901ba2656bfc1f0f33ec097
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:97:83:17:81:17:0d:b6:e7:35:27:89:b9:dd:
4e:12:50:30:34:b1:a2:65:bf:c8:e9:df:ec:1b:c1:
9a:42:75:21:94:b4:9d:b2:12:81:03:a5:6f:df:de:
dc:ab:27:7f:96:dd:e9:39:3d:b6:c8:19:d3:b1:3c:
38:07:9c:bc:e8:18:f9:61:8d:fb:1e:03:f9:20:ad:
83:f1:09:5a:dd:14:3d:45:cd:1b:29:e8:46:cb:bd:
40:f7:9e:04:00:28:92:b1:ca:b3:5f:a9:fa:77:58:
20:75:af:c6:4c:fe:71:9c:6e:8e:20:d0:55:fc:0b:
d5:c0:d0:44:e7:bd:5c:f3:c4:57:2d:2d:71:a4:23:
40:5f:4d:b0:de:11:d6:77:3a:0c:f0:a8:4c:fa:cc:
17:f6:bc:44:87:19:4b:0c:3f:40:68:39:8a:6f:02:
77:f5:35:c4:f6:c3:97:de:11:88:9e:ed:bf:7f:91:
37:17:40:9b:21:06:06:57:1b:f3:dd:cf:09:c3:86:
96:b6:80:82:39:41:b3:c8:a9:a7:4a:e7:b6:6d:47:
e5:d3:29:b3:62:07:6d:fa:90:87:f3:dc:d6:79:d8:
7e:37:e0:75:58:ea:1a:f5:90:5e:f6:18:56:ee:cf:
4f:f9:ca:ae:58:13:0b:38:21:69:b0:af:94:98:c2:
81:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:AC:31:17:89:D4:58:FB:C9:01:BA:26:56:BF:C1:F0:F3:3E:C0:97
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/zawxF4nUWPvJAbomVr_B8PM-wJc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.34.0/24
176.119.223.0/24
194.156.188.0/24
IPv6:
2a12:3fc0::/29
Signature Algorithm: sha256WithRSAEncryption
38:fe:e8:97:25:f6:29:91:0a:2b:22:51:37:fa:d8:fc:de:f4:
73:03:25:ef:98:f8:8d:96:72:ae:51:52:f3:c2:21:e9:1f:fd:
48:37:42:7d:a7:9d:69:b8:c0:23:49:5b:de:68:2a:a7:d7:6e:
00:bc:4d:64:5a:ff:38:56:a3:b2:e2:1b:2b:15:f6:aa:fd:5a:
26:4e:1b:18:16:6f:2a:38:55:ea:f3:b9:12:61:16:de:71:01:
b2:31:5d:80:74:8b:d1:de:2e:c0:85:62:9e:51:2c:cb:af:b5:
6f:79:ed:f8:6b:7f:a2:65:2c:5d:16:1f:db:80:cf:ae:19:e0:
cb:2b:91:e0:00:a7:ad:8d:26:c3:c8:2e:b1:3a:42:fd:09:ed:
55:25:a7:e4:33:55:9b:b0:4b:bc:fc:6a:1a:67:3f:14:5b:3a:
c3:db:63:a4:e0:ec:eb:1e:f8:25:f9:f8:f0:9b:f8:ee:ce:79:
df:d6:96:51:1c:d7:98:84:b3:03:89:ec:04:f9:e6:53:6c:df:
3e:a8:58:67:fc:ff:b6:90:ab:af:63:c6:9e:1b:15:b4:a3:b7:
ba:a0:f1:5e:25:93:d5:ad:6a:25:82:75:8f:d3:48:48:57:0b:
93:71:96:20:4a:e8:58:33:27:19:59:0e:bf:ac:2f:bc:71:cb:
d2:6d:91:1a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYsZmd8gO0BniGQfk73z/RtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjMxMDEwMTIzOTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGFjMzExNzg5ZDQ1OGZiYzkwMWJhMjY1NmJmYzFmMGYzM2VjMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZeDF4EXDbbnNSeJud1OElAwNLGi
Zb/I6d/sG8GaQnUhlLSdshKBA6Vv397cqyd/lt3pOT22yBnTsTw4B5y86Bj5YY37
HgP5IK2D8Qla3RQ9Rc0bKehGy71A954EACiSscqzX6n6d1ggda/GTP5xnG6OINBV
/AvVwNBE571c88RXLS1xpCNAX02w3hHWdzoM8KhM+swX9rxEhxlLDD9AaDmKbwJ3
9TXE9sOX3hGInu2/f5E3F0CbIQYGVxvz3c8Jw4aWtoCCOUGzyKmnSue2bUfl0ymz
Ygdt+pCH89zWedh+N+B1WOoa9ZBe9hhW7s9P+cquWBMLOCFpsK+UmMKBMwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFM2sMReJ1Fj7yQG6Jla/wfDzPsCXMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvemF3eEY0blVXUHZKQWJvbVZyX0I4UE0td0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAHykiAwQA
sHffAwQAwpy8MA0EAgACMAcDBQMqEj/AMA0GCSqGSIb3DQEBCwUAA4IBAQA4/uiX
JfYpkQorIlE3+tj83vRzAyXvmPiNlnKuUVLzwiHpH/1IN0J9p51puMAjSVveaCqn
124AvE1kWv84VqOy4hsrFfaq/VomThsYFm8qOFXq87kSYRbecQGyMV2AdIvR3i7A
hWKeUSzLr7Vvee34a3+iZSxdFh/bgM+uGeDLK5HgAKetjSbDyC6xOkL9Ce1VJafk
M1WbsEu8/GoaZz8UWzrD22Ok4OzrHvgl+fjwm/juznnf1pZRHNeYhLMDiewE+eZT
bN8+qFhn/P+2kKuvY8aeGxW0o7e6oPFeJZPVrWolgnWP00hIVwuTcZYgSuhYMycZ
WQ6/rC+8ccvSbZEa
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:09:30 2025 by rpki-client