Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/ZqDyU7Yx1-MIN-BHYUMAwf8PiPk.roa
File: ZqDyU7Yx1-MIN-BHYUMAwf8PiPk.roa (raw, json)
Hash identifier: XqEJO7d2F0UXzRBYMRgS8PYViSsmbHlC4SVMsZ/eIAs=
Subject key identifier: 66:A0:F2:53:B6:31:D7:E3:08:37:E0:47:61:43:00:C1:FF:0F:88:F9
Certificate issuer: /CN=cdc84082be96e609d9de9808fbc37866feb4c54b
Certificate serial: 01881E987AED6006E68BE28D4D0957FF6D6F
Authority key identifier: CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/ZqDyU7Yx1-MIN-BHYUMAwf8PiPk.roa
Signing time: Mon 15 May 2023 08:48:09 +0000
ROA not before: Mon 15 May 2023 08:48:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 37.235.123.0/24 maxlen: 24
37.235.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1e:98:7a:ed:60:06:e6:8b:e2:8d:4d:09:57:ff:6d:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdc84082be96e609d9de9808fbc37866feb4c54b
Validity
Not Before: May 15 08:48:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=66a0f253b631d7e30837e047614300c1ff0f88f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:df:f0:85:7c:2d:af:64:a2:a8:bc:32:2f:0c:
f4:2d:83:f5:d5:4f:c5:51:9d:a5:79:23:cc:bd:4a:
15:84:39:3d:b9:52:d6:b2:18:e2:de:45:5c:c7:64:
83:55:f8:6a:c8:8f:84:dc:99:f2:ae:96:bb:f6:7d:
45:fe:8c:52:40:3d:5e:1b:10:4f:74:46:d0:97:7b:
e6:5e:00:2e:da:f6:f3:7c:56:ef:be:fa:8a:10:69:
75:f7:2a:bd:c3:06:44:61:a6:31:d7:f4:a1:af:08:
de:54:16:d3:23:17:aa:c4:26:f3:ce:ab:84:d9:49:
f0:a1:a1:bc:b2:f5:59:2a:2d:9f:c0:73:9d:f9:8c:
10:23:2b:e0:51:ef:be:3e:65:9d:16:17:33:b3:0f:
fc:b3:89:92:93:4b:d6:a7:03:26:eb:04:5c:4c:d9:
1b:53:d4:0b:b6:f9:26:01:5c:f9:54:43:a8:e5:a5:
78:1e:3b:e3:56:a0:f9:72:c0:b2:0c:b0:c5:dc:13:
8c:a9:49:5a:51:55:71:ab:27:3d:87:56:db:28:ce:
5b:d3:ec:d0:09:d4:ef:c9:32:02:0b:76:f6:2a:34:
d3:a3:c3:38:5b:b7:d7:4b:47:88:96:f3:42:9e:86:
f3:98:00:27:fd:5f:ea:46:90:57:78:d8:9f:8b:4e:
8a:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:A0:F2:53:B6:31:D7:E3:08:37:E0:47:61:43:00:C1:FF:0F:88:F9
X509v3 Authority Key Identifier:
keyid:CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/ZqDyU7Yx1-MIN-BHYUMAwf8PiPk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/zchAgr6W5gnZ3pgI-8N4Zv60xUs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.120.0/24
37.235.123.0/24
Signature Algorithm: sha256WithRSAEncryption
53:31:d2:8e:4c:16:b4:71:94:b1:da:b8:9e:26:4b:e1:0e:5f:
bf:b5:10:72:bd:1d:f8:73:3b:29:0b:07:c3:f8:4b:01:f8:c1:
1a:de:6d:56:94:43:76:12:d9:62:e2:0e:4c:b3:76:88:ab:d4:
21:82:30:b1:ce:9a:1c:0a:ce:79:a5:f7:d4:34:8a:04:f9:cd:
78:b7:08:c9:6b:e5:af:f8:92:c8:2a:73:59:c6:25:9a:ec:a2:
09:15:b1:e6:68:ab:13:20:d3:41:51:b1:f2:92:4a:11:a7:ef:
99:56:24:39:98:1b:fa:f1:80:04:70:63:82:a5:cb:5e:52:7d:
72:b4:77:9a:1a:c6:a0:ad:3f:91:37:85:ca:60:a5:94:c3:c9:
be:4f:5b:0c:91:16:78:a2:f7:e9:d5:fe:4b:5b:49:c5:59:76:
69:ff:a9:4b:ee:0a:2e:3f:3f:ed:06:15:cc:cc:57:83:d4:20:
a5:e9:0a:0e:7a:9d:4f:eb:aa:42:14:02:64:5b:ef:4a:11:0a:
12:07:99:a5:59:ac:a3:85:71:a2:89:09:10:da:29:b4:7f:dc:
9a:f0:1f:85:16:2c:f4:e5:ca:aa:62:81:50:65:8b:4c:69:d1:
fb:f2:7d:08:ac:f0:ad:a0:01:18:19:8a:05:a6:98:47:f3:57:
17:02:90:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYgemHrtYAbmi+KNTQlX/21vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYzg0MDgyYmU5NmU2MDlkOWRlOTgwOGZiYzM3ODY2ZmVi
NGM1NGIwHhcNMjMwNTE1MDg0ODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmEwZjI1M2I2MzFkN2UzMDgzN2UwNDc2MTQzMDBjMWZmMGY4OGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd/whXwtr2SiqLwyLwz0LYP11U/F
UZ2leSPMvUoVhDk9uVLWshji3kVcx2SDVfhqyI+E3Jnyrpa79n1F/oxSQD1eGxBP
dEbQl3vmXgAu2vbzfFbvvvqKEGl19yq9wwZEYaYx1/ShrwjeVBbTIxeqxCbzzquE
2UnwoaG8svVZKi2fwHOd+YwQIyvgUe++PmWdFhczsw/8s4mSk0vWpwMm6wRcTNkb
U9QLtvkmAVz5VEOo5aV4HjvjVqD5csCyDLDF3BOMqUlaUVVxqyc9h1bbKM5b0+zQ
CdTvyTICC3b2KjTTo8M4W7fXS0eIlvNCnobzmAAn/V/qRpBXeNifi06KAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGag8lO2MdfjCDfgR2FDAMH/D4j5MB8GA1UdIwQY
MBaAFM3IQIK+luYJ2d6YCPvDeGb+tMVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMt
Y2JmMTY0ZThiZTAxLzEvWnFEeVU3WXgxLU1JTi1CSFlVTUF3ZjhQaVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMtY2JmMTY0ZThiZTAx
LzEvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJet4AwQA
Jet7MA0GCSqGSIb3DQEBCwUAA4IBAQBTMdKOTBa0cZSx2rieJkvhDl+/tRByvR34
czspCwfD+EsB+MEa3m1WlEN2Etli4g5Ms3aIq9QhgjCxzpocCs55pffUNIoE+c14
twjJa+Wv+JLIKnNZxiWa7KIJFbHmaKsTINNBUbHykkoRp++ZViQ5mBv68YAEcGOC
pcteUn1ytHeaGsagrT+RN4XKYKWUw8m+T1sMkRZ4ovfp1f5LW0nFWXZp/6lL7gou
Pz/tBhXMzFeD1CCl6QoOep1P66pCFAJkW+9KEQoSB5mlWayjhXGiiQkQ2im0f9ya
8B+FFiz05cqqYoFQZYtMadH78n0IrPCtoAEYGYoFpphH81cXApBk
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:04 2025 by rpki-client