Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/ZP2n7BkCjNypkQbWZRjdXE9Nf6w.roa
File: ZP2n7BkCjNypkQbWZRjdXE9Nf6w.roa (raw, json)
Hash identifier: qOWHUBncIpVBHs5xZlYJpRs4h9U2HswKlf92yO40HKs=
Subject key identifier: 64:FD:A7:EC:19:02:8C:DC:A9:91:06:D6:65:18:DD:5C:4F:4D:7F:AC
Certificate issuer: /CN=65f0120ee3b6f0f8db52d0db81c01e4447d8e4ba
Certificate serial: 018571BA149370BAED775728E0811FDB4A8E
Authority key identifier: 65:F0:12:0E:E3:B6:F0:F8:DB:52:D0:DB:81:C0:1E:44:47:D8:E4:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZfASDuO28PjbUtDbgcAeREfY5Lo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/ZP2n7BkCjNypkQbWZRjdXE9Nf6w.roa
Signing time: Mon 02 Jan 2023 09:04:58 +0000
ROA not before: Mon 02 Jan 2023 09:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34784
IP address blocks: 185.136.32.0/22 maxlen: 22
80.81.208.0/20 maxlen: 20
2a02:698::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:ba:14:93:70:ba:ed:77:57:28:e0:81:1f:db:4a:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65f0120ee3b6f0f8db52d0db81c01e4447d8e4ba
Validity
Not Before: Jan 2 09:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=64fda7ec19028cdca99106d66518dd5c4f4d7fac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:fe:88:4d:00:15:b7:c9:df:48:b9:ad:cd:52:
5a:79:99:3a:25:77:92:9d:f9:44:e2:06:02:a4:10:
c8:5d:b1:5d:e5:2a:eb:b4:62:f5:2d:44:69:eb:ec:
28:48:cf:d0:4d:32:a7:88:c9:60:c6:69:cd:80:11:
44:44:2b:22:50:a6:b9:d2:ce:d1:45:44:33:4b:e4:
c0:16:64:70:1f:cd:a9:05:12:4a:33:16:6f:03:1b:
56:9f:91:7b:ab:2b:2e:0e:bd:aa:c7:39:82:06:88:
1a:0b:ab:ff:5b:5c:f8:46:32:fe:6b:a5:c9:38:4c:
5a:ad:4a:2b:b0:f1:24:26:dd:11:ab:80:02:a6:a3:
5a:3d:27:51:05:00:ca:50:8c:54:5e:84:6d:4f:dd:
1d:79:a1:e9:17:53:57:b5:dd:b4:b4:92:a2:f4:08:
99:ea:39:1d:4b:db:20:4b:13:41:bc:01:66:d5:a0:
d1:54:b0:21:ce:bc:eb:10:3c:6d:9c:c1:e0:6d:ae:
54:e9:b2:1a:f2:49:5d:bb:4b:38:d0:2b:77:49:44:
36:26:16:34:be:ef:1c:ae:19:d9:cc:52:23:37:73:
ea:be:cf:77:ef:df:dc:47:5c:f3:4b:83:d2:7f:5c:
0c:f8:b0:e3:f6:f7:0a:0c:b3:ed:a8:2d:21:79:da:
15:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:FD:A7:EC:19:02:8C:DC:A9:91:06:D6:65:18:DD:5C:4F:4D:7F:AC
X509v3 Authority Key Identifier:
keyid:65:F0:12:0E:E3:B6:F0:F8:DB:52:D0:DB:81:C0:1E:44:47:D8:E4:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZfASDuO28PjbUtDbgcAeREfY5Lo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/ZP2n7BkCjNypkQbWZRjdXE9Nf6w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/ZfASDuO28PjbUtDbgcAeREfY5Lo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.81.208.0/20
185.136.32.0/22
IPv6:
2a02:698::/32
Signature Algorithm: sha256WithRSAEncryption
46:4f:31:ee:36:6e:0d:e8:34:a0:3f:82:de:3e:f7:41:56:8f:
8f:40:aa:e3:a8:a9:d1:3b:a7:4b:e9:68:f4:95:46:86:3f:5e:
2d:ff:6e:43:78:9f:95:27:80:58:69:51:66:47:7a:53:83:3b:
85:7e:cc:3d:00:71:8b:32:cf:d9:72:66:e4:84:90:f2:ef:fb:
b8:a2:f9:1a:7c:fb:19:4a:51:bb:50:18:27:9e:f7:e3:d0:55:
a0:70:96:d3:06:2f:fe:a6:52:48:0c:3c:e2:09:99:22:0f:05:
58:fa:66:f1:83:20:b2:18:e2:80:e3:e8:43:f4:8a:b7:41:12:
13:25:a5:00:76:1d:03:9e:af:45:b3:ec:ca:5f:17:80:4f:2e:
ad:e9:34:9d:1d:d0:67:ed:b5:89:5e:f7:a6:5e:08:89:3d:5d:
96:f0:41:e9:d1:bd:df:5a:13:f1:ea:ab:e8:de:40:49:ff:bf:
dd:71:fe:20:24:47:dd:d3:51:55:94:f0:c8:4c:0b:ad:24:3f:
51:92:e6:e3:c8:aa:02:a3:69:98:24:65:a8:9d:bb:8e:6c:2b:
59:07:06:f8:06:e0:14:26:c7:94:e0:9c:7c:8a:8f:d1:f4:29:
b9:b8:82:df:54:cc:30:2a:0d:d1:10:fd:41:1a:b9:83:15:c8:
75:ec:76:15
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVxuhSTcLrtd1co4IEf20qOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZjAxMjBlZTNiNmYwZjhkYjUyZDBkYjgxYzAxZTQ0NDdk
OGU0YmEwHhcNMjMwMTAyMDkwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGZkYTdlYzE5MDI4Y2RjYTk5MTA2ZDY2NTE4ZGQ1YzRmNGQ3ZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf6ITQAVt8nfSLmtzVJaeZk6JXeS
nflE4gYCpBDIXbFd5SrrtGL1LURp6+woSM/QTTKniMlgxmnNgBFERCsiUKa50s7R
RUQzS+TAFmRwH82pBRJKMxZvAxtWn5F7qysuDr2qxzmCBogaC6v/W1z4RjL+a6XJ
OExarUorsPEkJt0Rq4ACpqNaPSdRBQDKUIxUXoRtT90deaHpF1NXtd20tJKi9AiZ
6jkdS9sgSxNBvAFm1aDRVLAhzrzrEDxtnMHgba5U6bIa8kldu0s40Ct3SUQ2JhY0
vu8crhnZzFIjN3Pqvs9379/cR1zzS4PSf1wM+LDj9vcKDLPtqC0hedoVhwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGT9p+wZAozcqZEG1mUY3VxPTX+sMB8GA1UdIwQY
MBaAFGXwEg7jtvD421LQ24HAHkRH2OS6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmZBU0R1TzI4UGpiVXREYmdjQWVSRWZZNUxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9kMTQxOGMtN2NkOC00YWY5LTgxNjYt
NTc3YzAzOTEwNzAxLzEvWlAybjdCa0NqTnlwa1FiV1pSamRYRTlOZjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9kMTQxOGMtN2NkOC00YWY5LTgxNjYtNTc3YzAzOTEwNzAx
LzEvWmZBU0R1TzI4UGpiVXREYmdjQWVSRWZZNUxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUFHQAwQC
uYggMA0EAgACMAcDBQAqAgaYMA0GCSqGSIb3DQEBCwUAA4IBAQBGTzHuNm4N6DSg
P4LePvdBVo+PQKrjqKnRO6dL6Wj0lUaGP14t/25DeJ+VJ4BYaVFmR3pTgzuFfsw9
AHGLMs/ZcmbkhJDy7/u4ovkafPsZSlG7UBgnnvfj0FWgcJbTBi/+plJIDDziCZki
DwVY+mbxgyCyGOKA4+hD9Iq3QRITJaUAdh0Dnq9Fs+zKXxeATy6t6TSdHdBn7bWJ
XvemXgiJPV2W8EHp0b3fWhPx6qvo3kBJ/7/dcf4gJEfd01FVlPDITAutJD9Rkubj
yKoCo2mYJGWonbuObCtZBwb4BuAUJseU4Jx8io/R9Cm5uILfVMwwKg3REP1BGrmD
Fch17HYV
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:14 2024 by rpki-client on console-ams.rpki-client.org