Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/VzqIoc2KCYHOys7QsuqHxPzOgRo.roa
File: VzqIoc2KCYHOys7QsuqHxPzOgRo.roa (raw, json)
Hash identifier: ZhmzLlmg/fFw40Nte815VbZoDwEdwiqo530v0ZUjW5I=
Subject key identifier: 57:3A:88:A1:CD:8A:09:81:CE:CA:CE:D0:B2:EA:87:C4:FC:CE:81:1A
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 018C6A84F0B603ED7226E37711BEB825CA53
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/VzqIoc2KCYHOys7QsuqHxPzOgRo.roa
Signing time: Thu 14 Dec 2023 22:49:06 +0000
ROA not before: Thu 14 Dec 2023 22:49:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29300
IP address blocks: 81.88.64.0/20 maxlen: 20
82.148.160.0/19 maxlen: 19
93.184.120.0/21 maxlen: 21
109.169.96.0/20 maxlen: 20
109.169.96.0/19 maxlen: 19
2a02:2828::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6a:84:f0:b6:03:ed:72:26:e3:77:11:be:b8:25:ca:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: Dec 14 22:49:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=573a88a1cd8a0981cecaced0b2ea87c4fcce811a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:07:f3:48:b1:37:21:1b:b9:57:25:da:db:d2:
8f:a1:ea:aa:df:1d:84:0b:c8:40:bc:e4:6d:cb:dc:
c1:fd:01:bb:74:0f:2e:bb:f1:78:e1:ea:a7:f2:5f:
f6:01:8c:b8:13:f9:ea:91:8a:3a:64:6f:01:0b:68:
a2:03:48:c3:90:48:f1:16:5c:56:49:e2:cd:73:5c:
30:27:f9:74:1d:d9:ce:c4:af:59:fe:da:d7:a0:cb:
b8:72:b1:87:2e:c6:49:1c:13:43:6c:94:f2:40:0c:
7e:ce:ab:b1:39:9f:13:1f:6a:8a:b1:7c:b7:9b:13:
5d:11:fe:13:01:dc:12:2a:7a:06:0c:c5:d0:69:fe:
76:f7:46:c0:68:1a:c4:b8:0f:dc:31:f2:64:90:e6:
06:ae:c6:ae:dc:58:c1:62:23:75:86:c2:25:4a:9e:
50:34:46:fb:8f:d9:3d:a2:8b:a0:9d:00:7b:f2:af:
23:d2:9a:d1:49:1d:49:5a:15:b3:e5:5b:78:6d:87:
0b:b2:e6:cf:64:a8:32:59:56:4f:96:14:9e:e3:39:
75:62:f5:75:bd:4f:ce:c3:33:13:f1:a9:34:3a:b4:
0d:7e:d7:35:90:c4:96:0d:f7:d0:35:e9:e6:a1:93:
02:91:42:d4:81:6b:6c:c8:31:7a:33:70:a7:7c:5a:
b4:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:3A:88:A1:CD:8A:09:81:CE:CA:CE:D0:B2:EA:87:C4:FC:CE:81:1A
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/VzqIoc2KCYHOys7QsuqHxPzOgRo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.64.0/20
82.148.160.0/19
93.184.120.0/21
109.169.96.0/19
IPv6:
2a02:2828::/32
Signature Algorithm: sha256WithRSAEncryption
58:a6:c5:52:0c:e1:73:ba:9f:98:73:df:99:2b:b7:23:81:e0:
01:d8:a2:99:b3:9e:e5:b9:a8:d0:49:c1:06:a9:7c:d6:c5:9c:
c8:a1:36:54:35:b0:bb:cb:21:41:96:a7:a4:cb:e5:3d:bf:ca:
a8:46:0d:71:d5:45:c1:25:ea:65:21:6d:16:7d:1f:98:11:89:
8e:78:2c:ac:73:39:95:9d:99:1b:96:50:59:4e:50:d0:ff:5b:
85:2c:6f:49:ff:83:ff:e3:ca:b9:ab:9c:0c:9b:c9:96:74:28:
c6:67:5a:f8:dc:f7:10:b6:93:25:95:e0:9e:aa:f8:49:3c:c7:
c3:4d:da:ca:86:10:30:92:40:1e:aa:e4:74:a3:18:54:49:a9:
3b:38:a0:96:7e:cd:42:0c:ac:19:8a:da:b9:df:b2:d8:ce:c7:
5d:e2:10:4c:28:3c:27:50:d3:4e:0f:3b:83:80:07:b1:07:e5:
a0:00:ed:a6:4a:00:76:c9:e7:67:c5:9c:ea:a0:99:ec:e6:de:
81:74:5f:a3:fc:49:35:3e:ec:c6:ea:e3:8d:26:19:b4:e8:6d:
ca:85:62:a6:e0:ef:ff:bc:e0:8c:74:48:c7:2e:81:47:35:ef:
93:d6:f6:c4:54:e2:2b:b4:55:a2:0c:e4:35:ff:ad:09:89:59:
47:7d:b3:61
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYxqhPC2A+1yJuN3Eb64JcpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMxMjE0MjI0OTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzNhODhhMWNkOGEwOTgxY2VjYWNlZDBiMmVhODdjNGZjY2U4MTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAfzSLE3IRu5VyXa29KPoeqq3x2E
C8hAvORty9zB/QG7dA8uu/F44eqn8l/2AYy4E/nqkYo6ZG8BC2iiA0jDkEjxFlxW
SeLNc1wwJ/l0HdnOxK9Z/trXoMu4crGHLsZJHBNDbJTyQAx+zquxOZ8TH2qKsXy3
mxNdEf4TAdwSKnoGDMXQaf5290bAaBrEuA/cMfJkkOYGrsau3FjBYiN1hsIlSp5Q
NEb7j9k9oougnQB78q8j0prRSR1JWhWz5Vt4bYcLsubPZKgyWVZPlhSe4zl1YvV1
vU/OwzMT8ak0OrQNftc1kMSWDffQNenmoZMCkULUgWtsyDF6M3CnfFq0HQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFFc6iKHNigmBzsrO0LLqh8T8zoEaMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvVnpxSW9jMktDWUhPeXM3UXN1cUh4UHpPZ1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEUVhAAwQF
UpSgAwQDXbh4AwQFbalgMA0EAgACMAcDBQAqAigoMA0GCSqGSIb3DQEBCwUAA4IB
AQBYpsVSDOFzup+Yc9+ZK7cjgeAB2KKZs57luajQScEGqXzWxZzIoTZUNbC7yyFB
lqeky+U9v8qoRg1x1UXBJeplIW0WfR+YEYmOeCysczmVnZkbllBZTlDQ/1uFLG9J
/4P/48q5q5wMm8mWdCjGZ1r43PcQtpMlleCeqvhJPMfDTdrKhhAwkkAequR0oxhU
Sak7OKCWfs1CDKwZitq537LYzsdd4hBMKDwnUNNODzuDgAexB+WgAO2mSgB2yedn
xZzqoJns5t6BdF+j/Ek1PuzG6uONJhm06G3KhWKm4O//vOCMdEjHLoFHNe+T1vbE
VOIrtFWiDOQ1/60JiVlHfbNh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:46 2024 by rpki-client on console-fra.rpki-client.org