Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/z3_NXHzYqxMS5i97wesPFpluhiM.roa
File: z3_NXHzYqxMS5i97wesPFpluhiM.roa (raw, json)
Hash identifier: /pJbB3YsMwpOVr3kLTzfY8GWw6M2753ER5VHbQ2DQZw=
Subject key identifier: CF:7F:CD:5C:7C:D8:AB:13:12:E6:2F:7B:C1:EB:0F:16:99:6E:86:23
Certificate issuer: /CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Certificate serial: 38A2EA6D
Authority key identifier: 7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/z3_NXHzYqxMS5i97wesPFpluhiM.roa
Signing time: Thu 17 Mar 2022 09:06:09 +0000
ROA not before: Thu 17 Mar 2022 09:06:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41381
IP address blocks: 89.105.64.0/21 maxlen: 24
89.105.72.0/21 maxlen: 24
89.105.80.0/21 maxlen: 24
2a01:7000::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 950200941 (0x38a2ea6d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Validity
Not Before: Mar 17 09:06:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cf7fcd5c7cd8ab1312e62f7bc1eb0f16996e8623
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:76:b8:f3:f2:87:4b:3c:6c:b0:38:fd:98:06:
6e:d9:41:36:d3:d3:4c:33:fb:25:87:51:21:a3:02:
0a:a1:80:4d:91:7b:66:ac:05:59:61:ba:75:56:af:
e9:88:06:6f:e6:2a:1e:d9:16:7e:26:53:56:51:02:
9f:2c:d5:95:c8:e3:9c:14:cc:25:d1:50:72:b6:43:
e2:85:4c:a4:98:0c:91:57:ba:e1:3a:77:1a:33:63:
15:d6:01:d4:8c:d7:44:e6:98:78:a0:00:05:66:35:
91:39:35:36:32:37:55:c1:ee:48:73:b5:d5:11:91:
4f:0d:00:4d:ac:76:91:fd:54:c6:49:2d:31:a2:8b:
a1:76:de:e8:44:de:3f:ef:e8:33:da:d8:71:d3:ba:
e5:9f:0a:1d:76:ff:3c:84:6c:51:74:91:f2:20:1b:
15:0c:e3:af:9b:3e:08:12:68:39:0d:48:11:ee:1b:
a0:03:a3:28:da:24:01:cb:75:71:7a:a9:12:36:97:
d2:a3:26:27:57:b9:29:b0:7a:3b:52:13:5e:c2:df:
d5:cb:64:15:82:3d:02:3b:a7:e7:23:17:75:38:ea:
1b:32:43:c4:cf:e7:41:27:21:bc:5c:3b:5b:eb:a5:
53:fd:60:01:2c:42:ec:07:12:e3:fd:39:0d:53:a3:
3d:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:7F:CD:5C:7C:D8:AB:13:12:E6:2F:7B:C1:EB:0F:16:99:6E:86:23
X509v3 Authority Key Identifier:
keyid:7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/z3_NXHzYqxMS5i97wesPFpluhiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/fiwMzx_7_NuLYdc4IBMBuHkRhOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.105.64.0-89.105.87.255
IPv6:
2a01:7000::/32
Signature Algorithm: sha256WithRSAEncryption
32:e0:d7:ee:0d:34:0f:d4:dd:5b:9b:f9:bd:2b:8e:41:fb:ac:
38:38:40:b0:c8:9f:bb:9c:2d:86:11:47:3f:39:2e:70:35:97:
de:4c:ab:ec:4f:de:22:19:dc:ad:1c:6d:6b:f5:64:44:d2:c8:
30:89:c5:99:24:3b:86:58:67:bc:c3:a4:10:a5:6c:91:45:bd:
99:36:2c:15:e6:59:17:a8:78:85:fb:fd:de:f2:fc:86:d0:08:
e3:0d:f7:c3:86:1e:3c:5d:ca:7d:f6:6e:08:ea:8d:aa:72:d0:
12:99:27:3f:a8:08:4f:9d:b4:fb:c0:95:5e:e2:ea:22:2a:04:
59:1b:3c:ae:ca:45:63:5c:09:2b:9c:37:bd:c6:56:14:4d:a8:
37:25:29:61:96:a4:e8:0c:55:5b:3d:ab:9e:43:b5:1d:04:e9:
b1:9b:12:b3:de:6a:ec:f2:79:cf:f2:4e:4b:71:2c:d7:c1:09:
35:0e:3f:aa:0c:b9:fd:8a:f7:a8:f9:4c:a2:79:f0:36:c6:2b:
fc:0c:db:a1:93:7d:a5:a6:3a:92:79:05:43:56:5e:4f:37:0f:
d4:fb:2c:22:38:98:b7:54:ca:aa:d9:39:97:c3:46:90:19:b5:
41:a2:37:28:8b:4e:f0:40:bb:cc:8c:5a:50:a6:b7:d0:13:3f:
bc:db:c6:76
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIEOKLqbTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZTJjMGNjZjFmZmJmY2RiOGI2MWQ3MzgyMDEzMDFiODc5MTE4NGU4MB4XDTIyMDMx
NzA5MDYwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Y3ZmNkNWM3Y2Q4
YWIxMzEyZTYyZjdiYzFlYjBmMTY5OTZlODYyMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMN2uPPyh0s8bLA4/ZgGbtlBNtPTTDP7JYdRIaMCCqGATZF7
ZqwFWWG6dVav6YgGb+YqHtkWfiZTVlECnyzVlcjjnBTMJdFQcrZD4oVMpJgMkVe6
4Tp3GjNjFdYB1IzXROaYeKAABWY1kTk1NjI3VcHuSHO11RGRTw0ATax2kf1Uxkkt
MaKLoXbe6ETeP+/oM9rYcdO65Z8KHXb/PIRsUXSR8iAbFQzjr5s+CBJoOQ1IEe4b
oAOjKNokAct1cXqpEjaX0qMmJ1e5KbB6O1ITXsLf1ctkFYI9Ajun5yMXdTjqGzJD
xM/nQSchvFw7W+ulU/1gASxC7AcS4/05DVOjPdsCAwEAAaOCAiAwggIcMB0GA1Ud
DgQWBBTPf81cfNirExLmL3vB6w8WmW6GIzAfBgNVHSMEGDAWgBR+LAzPH/v824th
1zggEwG4eRGE6DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2Zpd016eF83X051TFlkYzRJQk1CdUhrUmhPZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTMvY2RmMmQ3LWIxMWUtNDdiMi05ZmM5LTc5MDkxYzc4YWI0OC8x
L3ozX05YSHpZcXhNUzVpOTd3ZXNQRnBsdWhpTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMv
Y2RmMmQ3LWIxMWUtNDdiMi05ZmM5LTc5MDkxYzc4YWI0OC8xL2Zpd016eF83X051
TFlkYzRJQk1CdUhrUmhPZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA2
BggrBgEFBQcBBwEB/wQnMCUwFAQCAAEwDjAMAwQGWWlAAwQDWWlQMA0EAgACMAcD
BQAqAXAAMA0GCSqGSIb3DQEBCwUAA4IBAQAy4NfuDTQP1N1bm/m9K45B+6w4OECw
yJ+7nC2GEUc/OS5wNZfeTKvsT94iGdytHG1r9WRE0sgwicWZJDuGWGe8w6QQpWyR
Rb2ZNiwV5lkXqHiF+/3e8vyG0AjjDffDhh48Xcp99m4I6o2qctASmSc/qAhPnbT7
wJVe4uoiKgRZGzyuykVjXAkrnDe9xlYUTag3JSlhlqToDFVbPaueQ7UdBOmxmxKz
3mrs8nnP8k5LcSzXwQk1Dj+qDLn9iveo+UyiefA2xiv8DNuhk32lpjqSeQVDVl5P
Nw/U+ywiOJi3VMqq2TmXw0aQGbVBojcoi07wQLvMjFpQprfQEz+828Z2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:20 2024 by rpki-client on console-ams.rpki-client.org