Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/rzr9iG0JlYJxEOGFWaIe-aq43J8.roa
File: rzr9iG0JlYJxEOGFWaIe-aq43J8.roa (raw, json)
Hash identifier: mKeeL7rgAggUjQpVVS/H6jiAM3NJqHnr+t3S/ZlIK7M=
Subject key identifier: AF:3A:FD:88:6D:09:95:82:71:10:E1:85:59:A2:1E:F9:AA:B8:DC:9F
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 01856D386B526B1AE822DA6B0B24017344A3
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/rzr9iG0JlYJxEOGFWaIe-aq43J8.roa
Signing time: Sun 01 Jan 2023 12:04:52 +0000
ROA not before: Sun 01 Jan 2023 12:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 78.136.196.0/22 maxlen: 24
78.136.202.0/23 maxlen: 24
88.204.40.0/23 maxlen: 24
78.136.200.0/23 maxlen: 24
88.204.44.0/23 maxlen: 24
78.136.204.0/22 maxlen: 24
88.204.42.0/23 maxlen: 24
88.204.46.0/23 maxlen: 24
83.172.60.0/24 maxlen: 24
83.172.63.0/24 maxlen: 24
78.136.250.0/23 maxlen: 24
78.136.248.0/23 maxlen: 24
78.136.252.0/23 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:38:6b:52:6b:1a:e8:22:da:6b:0b:24:01:73:44:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jan 1 12:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=af3afd886d0995827110e18559a21ef9aab8dc9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:b4:a5:ba:a3:88:60:57:a4:9c:b5:ad:8e:db:
cf:67:1b:19:57:3c:ff:ac:00:d8:3f:7f:3c:56:68:
32:5d:e7:d0:6c:3d:bb:13:44:14:6e:42:5e:6e:b2:
66:04:5a:07:db:0e:7a:7b:aa:e9:d6:38:da:88:95:
d2:2f:51:25:6b:fc:3c:9c:e9:19:93:3c:e7:af:d6:
e9:2a:02:cf:96:a8:24:a2:c8:ed:f1:dc:cb:14:61:
67:71:8f:f6:65:76:18:74:73:c3:20:9b:bf:b6:ff:
d7:4f:35:23:68:2f:15:13:45:94:a8:a3:51:14:2d:
6c:dd:f2:d0:2b:93:7b:79:63:78:fd:ca:29:5e:58:
71:ed:0f:82:55:67:43:5a:1b:ff:8e:95:e1:e7:fe:
7e:16:67:a3:5a:ce:80:36:dd:20:40:19:2e:bd:26:
73:a9:61:68:c3:05:d9:8a:f4:7f:6b:13:c5:10:1e:
07:6c:a8:4a:20:41:0b:ae:84:d7:1f:de:de:c8:37:
e4:d5:a1:2d:d9:65:33:07:0e:f6:d6:3b:67:c7:ea:
34:b3:57:e5:c2:ec:79:d6:e4:65:a3:d0:91:ad:bc:
82:5e:fa:8b:3d:4d:3a:71:a5:d2:8a:35:2b:9b:16:
a7:c3:fa:47:22:42:d8:1b:5d:b1:aa:4c:77:09:d2:
f0:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:3A:FD:88:6D:09:95:82:71:10:E1:85:59:A2:1E:F9:AA:B8:DC:9F
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/rzr9iG0JlYJxEOGFWaIe-aq43J8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.196.0-78.136.207.255
78.136.248.0-78.136.254.255
83.172.60.0/24
83.172.63.0/24
88.204.40.0/21
Signature Algorithm: sha256WithRSAEncryption
5b:c4:11:77:46:ef:6b:c9:71:d6:50:1b:6d:55:ac:90:25:c7:
f4:9a:ea:2f:06:37:5d:6c:d0:bb:d8:4c:07:17:f9:dd:aa:63:
a6:09:a2:7c:00:a4:fb:01:0f:e2:dd:aa:8b:ed:0a:11:70:52:
79:a7:72:9a:7d:53:b1:d9:fb:8b:ad:e7:94:e1:86:2b:4d:e6:
05:36:22:2b:31:bb:21:e3:d5:19:e2:e5:e2:a7:d6:0b:88:3a:
e6:a5:eb:53:cd:7a:48:e2:9f:e8:ee:72:5c:c5:ed:2d:2f:30:
ab:07:b5:ed:ae:52:35:3b:04:6f:24:66:53:1c:2f:fb:e3:2c:
97:df:72:8a:fb:ba:ef:57:94:91:79:d6:80:2c:47:12:c5:d7:
23:b5:49:4f:d6:09:20:ff:9a:ed:75:13:be:df:3f:80:dd:77:
4d:96:53:46:2a:86:e9:f9:db:ca:44:6b:c6:6f:54:33:89:28:
a7:79:be:96:3f:5a:56:07:4f:ee:d3:c0:b7:a1:c4:bd:bf:08:
51:34:25:6f:ce:84:53:5e:44:3e:6f:fb:d0:d8:2e:2a:93:36:
6c:9f:e0:70:a5:21:84:07:24:ef:d6:d7:ed:ae:b2:31:73:1b:
76:b0:2b:5d:d2:6d:58:94:8e:c4:35:dd:f2:53:64:63:f6:b5:
11:5e:8e:da
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVtOGtSaxroItprCyQBc0SjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMwMTAxMTIwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNhZmQ4ODZkMDk5NTgyNzExMGUxODU1OWEyMWVmOWFhYjhkYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbSluqOIYFeknLWtjtvPZxsZVzz/
rADYP388VmgyXefQbD27E0QUbkJebrJmBFoH2w56e6rp1jjaiJXSL1Ela/w8nOkZ
kzznr9bpKgLPlqgkosjt8dzLFGFncY/2ZXYYdHPDIJu/tv/XTzUjaC8VE0WUqKNR
FC1s3fLQK5N7eWN4/copXlhx7Q+CVWdDWhv/jpXh5/5+FmejWs6ANt0gQBkuvSZz
qWFowwXZivR/axPFEB4HbKhKIEELroTXH97eyDfk1aEt2WUzBw721jtnx+o0s1fl
wux51uRlo9CRrbyCXvqLPU06caXSijUrmxanw/pHIkLYG12xqkx3CdLwEQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFK86/YhtCZWCcRDhhVmiHvmquNyfMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvcnpyOWlHMEpsWUp4RU9HRldhSWUtYXE0M0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAJOiMQD
BAROiMAwDAMEA06I+AMEAE6I/gMEAFOsPAMEAFOsPwMEA1jMKDANBgkqhkiG9w0B
AQsFAAOCAQEAW8QRd0bva8lx1lAbbVWskCXH9JrqLwY3XWzQu9hMBxf53apjpgmi
fACk+wEP4t2qi+0KEXBSeadymn1Tsdn7i63nlOGGK03mBTYiKzG7IePVGeLl4qfW
C4g65qXrU816SOKf6O5yXMXtLS8wqwe17a5SNTsEbyRmUxwv++Msl99yivu671eU
kXnWgCxHEsXXI7VJT9YJIP+a7XUTvt8/gN13TZZTRiqG6fnbykRrxm9UM4kop3m+
lj9aVgdP7tPAt6HEvb8IUTQlb86EU15EPm/70NguKpM2bJ/gcKUhhAck79bX7a6y
MXMbdrArXdJtWJSOxDXd8lNkY/a1EV6O2g==
-----END CERTIFICATE-----
Generated at Sun Apr 20 22:42:52 2025 by rpki-client