Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d35d28-8ac1-459a-9129-3f7039345289/1/ZNv4y3Hti5Ri5VYSnWlhYrvB_WE.roa
File: ZNv4y3Hti5Ri5VYSnWlhYrvB_WE.roa (raw, json)
Hash identifier: 4qtjyZU/1w6Za57Zpxt+h9c/T+LEXJs6BsDLdFhAFHY=
Subject key identifier: 64:DB:F8:CB:71:ED:8B:94:62:E5:56:12:9D:69:61:62:BB:C1:FD:61
Certificate issuer: /CN=496e79694637ee05579e1804c14d851e382a14c8
Certificate serial: 018D2D73AB1589F69D583C3C78BA38DFB4DB
Authority key identifier: 49:6E:79:69:46:37:EE:05:57:9E:18:04:C1:4D:85:1E:38:2A:14:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SW55aUY37gVXnhgEwU2FHjgqFMg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/d35d28-8ac1-459a-9129-3f7039345289/1/ZNv4y3Hti5Ri5VYSnWlhYrvB_WE.roa
Signing time: Sun 21 Jan 2024 19:16:11 +0000
ROA not before: Sun 21 Jan 2024 19:16:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12722
IP address blocks: 176.124.34.0/24 maxlen: 24
195.18.26.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:73:ab:15:89:f6:9d:58:3c:3c:78:ba:38:df:b4:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=496e79694637ee05579e1804c14d851e382a14c8
Validity
Not Before: Jan 21 19:16:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=64dbf8cb71ed8b9462e556129d696162bbc1fd61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:9b:e6:05:e4:ef:8e:e8:cf:85:a1:49:33:ae:
8c:55:f0:d3:18:87:fb:92:a5:d4:0f:16:27:47:46:
4c:89:45:f0:dd:83:8f:de:f1:ac:8a:ea:05:e0:e0:
45:66:8e:5b:6d:26:3d:6f:9a:e2:b6:75:9c:bd:5e:
60:32:87:6e:05:eb:f5:bd:31:13:b2:dc:d7:14:31:
91:89:a8:42:ea:55:42:5d:8d:9a:e3:3a:47:02:32:
67:0e:6f:f5:3e:ef:d3:15:c6:f9:3a:d7:bd:ff:af:
f8:b0:04:67:11:22:8c:6d:62:d7:44:66:86:30:e2:
6e:0e:c8:dc:67:f4:2d:10:0e:01:09:01:c7:88:88:
62:ad:58:10:dd:53:9b:fb:1a:85:c4:23:86:61:0e:
c5:6c:01:97:06:70:43:49:8f:12:cb:2a:17:0f:d0:
e7:6b:17:ee:0d:5c:fa:c6:75:2a:4f:e5:52:de:33:
2e:8f:45:2c:a8:ca:d8:f0:5d:a5:07:c5:36:96:d1:
db:3a:db:50:28:fc:ea:ad:9c:f3:1e:c6:7a:c5:8e:
fd:79:c0:7d:66:37:29:28:83:17:1a:7b:05:67:2b:
47:40:09:16:69:5d:8c:93:ac:ee:e5:fe:47:2d:18:
49:46:02:35:67:7a:8b:82:c5:d7:9d:98:fb:1e:1b:
ee:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:DB:F8:CB:71:ED:8B:94:62:E5:56:12:9D:69:61:62:BB:C1:FD:61
X509v3 Authority Key Identifier:
keyid:49:6E:79:69:46:37:EE:05:57:9E:18:04:C1:4D:85:1E:38:2A:14:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SW55aUY37gVXnhgEwU2FHjgqFMg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d35d28-8ac1-459a-9129-3f7039345289/1/ZNv4y3Hti5Ri5VYSnWlhYrvB_WE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d35d28-8ac1-459a-9129-3f7039345289/1/SW55aUY37gVXnhgEwU2FHjgqFMg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.124.34.0/24
195.18.26.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:c7:64:b6:1c:b2:82:f5:93:29:24:b6:77:35:5c:9b:06:39:
b5:c8:3e:83:01:56:9a:c3:a4:9e:a1:41:fd:90:51:28:27:f6:
0e:27:b5:eb:0a:9d:ec:31:7f:62:2e:a8:74:c7:4d:d4:ca:bc:
23:f3:45:82:ad:3f:fa:b5:30:1e:78:49:4c:67:c2:08:28:fb:
f5:d1:15:62:5a:0c:04:a6:ac:53:d8:55:00:a0:cc:71:90:99:
31:6b:f1:21:3a:5d:d4:43:1c:40:8a:4d:03:54:7b:36:85:40:
73:da:83:09:fd:cf:19:f9:4d:0d:43:a2:80:4b:30:ed:29:18:
1e:2b:01:0c:9e:5d:6b:b0:c3:41:30:0b:c7:17:ff:d0:a7:17:
62:c3:d5:f5:af:e9:b7:14:b8:fa:6b:38:9e:7c:f5:bd:08:c1:
f9:de:35:99:53:2b:e7:d2:a5:7d:4c:77:86:30:07:9a:94:07:
d5:01:66:72:7e:21:ca:89:39:2e:7b:4c:f2:fe:6b:e8:35:f3:
88:fa:c1:a6:98:e2:d9:36:72:fc:1b:e5:8f:a0:28:ff:8b:ce:
12:df:69:98:2c:3c:14:4c:f6:fe:3e:c4:1b:6a:3d:98:5c:0e:
2a:5e:12:ab:53:39:66:87:06:af:67:62:73:73:51:6f:b1:09:
ca:92:f3:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0tc6sVifadWDw8eLo437TbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NmU3OTY5NDYzN2VlMDU1NzllMTgwNGMxNGQ4NTFlMzgy
YTE0YzgwHhcNMjQwMTIxMTkxNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGRiZjhjYjcxZWQ4Yjk0NjJlNTU2MTI5ZDY5NjE2MmJiYzFmZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZvmBeTvjujPhaFJM66MVfDTGIf7
kqXUDxYnR0ZMiUXw3YOP3vGsiuoF4OBFZo5bbSY9b5ritnWcvV5gModuBev1vTET
stzXFDGRiahC6lVCXY2a4zpHAjJnDm/1Pu/TFcb5Ote9/6/4sARnESKMbWLXRGaG
MOJuDsjcZ/QtEA4BCQHHiIhirVgQ3VOb+xqFxCOGYQ7FbAGXBnBDSY8SyyoXD9Dn
axfuDVz6xnUqT+VS3jMuj0UsqMrY8F2lB8U2ltHbOttQKPzqrZzzHsZ6xY79ecB9
ZjcpKIMXGnsFZytHQAkWaV2Mk6zu5f5HLRhJRgI1Z3qLgsXXnZj7HhvuCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGTb+Mtx7YuUYuVWEp1pYWK7wf1hMB8GA1UdIwQY
MBaAFElueWlGN+4FV54YBMFNhR44KhTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1c1NWFVWTM3Z1ZYbmhnRXdVMkZIamdxRk1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kMzVkMjgtOGFjMS00NTlhLTkxMjkt
M2Y3MDM5MzQ1Mjg5LzEvWk52NHkzSHRpNVJpNVZZU25XbGhZcnZCX1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kMzVkMjgtOGFjMS00NTlhLTkxMjktM2Y3MDM5MzQ1Mjg5
LzEvU1c1NWFVWTM3Z1ZYbmhnRXdVMkZIamdxRk1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHwiAwQA
wxIaMA0GCSqGSIb3DQEBCwUAA4IBAQAtx2S2HLKC9ZMpJLZ3NVybBjm1yD6DAVaa
w6SeoUH9kFEoJ/YOJ7XrCp3sMX9iLqh0x03Uyrwj80WCrT/6tTAeeElMZ8IIKPv1
0RViWgwEpqxT2FUAoMxxkJkxa/EhOl3UQxxAik0DVHs2hUBz2oMJ/c8Z+U0NQ6KA
SzDtKRgeKwEMnl1rsMNBMAvHF//Qpxdiw9X1r+m3FLj6aziefPW9CMH53jWZUyvn
0qV9THeGMAealAfVAWZyfiHKiTkue0zy/mvoNfOI+sGmmOLZNnL8G+WPoCj/i84S
32mYLDwUTPb+PsQbaj2YXA4qXhKrUzlmhwavZ2Jzc1FvsQnKkvNo
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:25 2024 by rpki-client on console-ams.rpki-client.org