Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/zrAOJyCgDF1rHTGsrQmBD59WzOU.roa
File: zrAOJyCgDF1rHTGsrQmBD59WzOU.roa (raw, json)
Hash identifier: zMMGytIS+tYQdR+uGesphgiRghS0B5CjeTBTV7jWWBQ=
Subject key identifier: CE:B0:0E:27:20:A0:0C:5D:6B:1D:31:AC:AD:09:81:0F:9F:56:CC:E5
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 0192702FE9173DCA864426658178480B3E45
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/zrAOJyCgDF1rHTGsrQmBD59WzOU.roa
Signing time: Wed 09 Oct 2024 07:30:40 +0000
ROA not before: Wed 09 Oct 2024 07:30:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59729
IP address blocks: 78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:70:2f:e9:17:3d:ca:86:44:26:65:81:78:48:0b:3e:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Oct 9 07:30:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ceb00e2720a00c5d6b1d31acad09810f9f56cce5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:cc:e1:d4:78:18:57:68:a0:de:a4:21:45:dd:
c6:1c:25:23:c0:fa:8e:5c:64:6c:c1:5b:e5:82:26:
23:18:60:11:ea:7a:37:a8:e7:cc:26:e9:05:37:3f:
a1:f2:cc:3c:50:17:40:dd:c3:0e:a7:ab:dd:35:88:
29:51:7f:c2:1a:b1:26:2b:57:0e:6d:28:59:d1:45:
6b:be:68:51:d0:0a:ea:72:64:cc:d9:f6:04:b4:07:
43:11:78:4e:53:5d:0e:f2:d9:34:d1:30:c5:cb:c4:
7c:32:7d:81:81:3e:5d:31:b4:44:60:b1:81:94:8a:
d1:ef:c3:a3:1a:50:39:75:ce:ae:e6:e3:04:65:f2:
a7:e3:28:66:61:4a:75:aa:96:13:e2:fa:1b:af:47:
4f:74:11:1d:cd:44:23:d6:12:97:f2:c2:8a:c3:59:
73:c3:22:0d:f0:81:b6:de:31:bb:b1:18:c0:26:bc:
ee:70:d7:ca:b5:e0:13:4e:8b:fe:9a:3b:cc:5d:d1:
cf:e8:18:41:35:c4:41:10:64:f5:30:86:44:a8:f9:
75:1d:22:d2:11:1b:2d:9c:f1:f6:cd:1d:d4:e9:f4:
88:10:6a:a5:de:62:91:31:94:39:f8:1b:5f:42:eb:
63:d0:b5:93:39:f3:1d:93:4b:17:dd:d1:6b:d4:5a:
33:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:B0:0E:27:20:A0:0C:5D:6B:1D:31:AC:AD:09:81:0F:9F:56:CC:E5
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/zrAOJyCgDF1rHTGsrQmBD59WzOU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.251.0-78.136.254.255
Signature Algorithm: sha256WithRSAEncryption
1c:f2:b2:a2:2f:bc:f8:6a:51:46:42:c7:d8:18:9b:7f:87:e8:
fd:f9:95:ef:07:85:37:22:4d:7d:ee:37:f8:f3:99:77:0d:e6:
62:70:54:dc:f3:cf:64:08:76:27:70:b4:c3:ee:6d:6f:ff:d3:
7b:bc:ba:48:15:1d:91:f5:00:24:45:d3:56:94:50:6f:45:99:
3c:24:84:a7:16:80:46:93:31:d8:74:dc:0e:0d:75:8e:cf:c6:
0e:7f:c9:e7:a4:ac:63:66:54:2f:68:a7:ce:13:8f:d7:e2:85:
c8:d4:01:df:c4:0f:94:62:36:58:c3:33:d1:a4:a2:5a:ef:64:
f5:96:ec:08:f8:e7:07:ab:2c:40:ac:8b:b0:8d:58:85:6e:c0:
49:d7:55:b6:ed:55:16:4c:b5:f6:57:90:63:57:33:ba:5d:37:
06:78:9a:6e:76:eb:38:04:53:61:43:e5:4b:c3:46:f3:5d:8b:
c9:14:c7:ab:6b:7c:93:fd:e2:fe:27:53:87:6e:01:08:69:1d:
6b:92:bf:7f:8b:bd:2f:c1:8a:62:51:4d:16:88:1e:7c:97:c8:
42:66:92:9c:13:18:96:64:e0:c6:94:08:ad:12:48:1e:a4:b2:
80:d4:c2:50:7a:87:62:32:02:db:ba:d1:3e:84:18:ff:6a:23:
4f:d5:02:f5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJwL+kXPcqGRCZlgXhICz5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjQxMDA5MDczMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIwMGUyNzIwYTAwYzVkNmIxZDMxYWNhZDA5ODEwZjlmNTZjY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMzh1HgYV2ig3qQhRd3GHCUjwPqO
XGRswVvlgiYjGGAR6no3qOfMJukFNz+h8sw8UBdA3cMOp6vdNYgpUX/CGrEmK1cO
bShZ0UVrvmhR0ArqcmTM2fYEtAdDEXhOU10O8tk00TDFy8R8Mn2BgT5dMbREYLGB
lIrR78OjGlA5dc6u5uMEZfKn4yhmYUp1qpYT4vobr0dPdBEdzUQj1hKX8sKKw1lz
wyIN8IG23jG7sRjAJrzucNfKteATTov+mjvMXdHP6BhBNcRBEGT1MIZEqPl1HSLS
ERstnPH2zR3U6fSIEGql3mKRMZQ5+BtfQutj0LWTOfMdk0sX3dFr1FozOQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM6wDicgoAxdax0xrK0JgQ+fVszlMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvenJBT0p5Q2dERjFySFRHc3JRbUJENTlXek9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABOiPsD
BABOiP4wDQYJKoZIhvcNAQELBQADggEBABzysqIvvPhqUUZCx9gYm3+H6P35le8H
hTciTX3uN/jzmXcN5mJwVNzzz2QIdidwtMPubW//03u8ukgVHZH1ACRF01aUUG9F
mTwkhKcWgEaTMdh03A4NdY7Pxg5/yeekrGNmVC9op84Tj9fihcjUAd/ED5RiNljD
M9GkolrvZPWW7Aj45werLECsi7CNWIVuwEnXVbbtVRZMtfZXkGNXM7pdNwZ4mm52
6zgEU2FD5UvDRvNdi8kUx6trfJP94v4nU4duAQhpHWuSv3+LvS/BimJRTRaIHnyX
yEJmkpwTGJZk4MaUCK0SSB6ksoDUwlB6h2IyAtu60T6EGP9qI0/VAvU=
-----END CERTIFICATE-----
Generated at Tue Mar 11 05:02:51 2025 by rpki-client