Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ZnTpdpkYdOZ8Gp_gXJHme6Wvnhg.roa
File: ZnTpdpkYdOZ8Gp_gXJHme6Wvnhg.roa (raw, json)
Hash identifier: aFfgAlk6epUSRcj9ifJ3dGnDEF3kZzgsOd3MzcQqRDE=
Subject key identifier: 66:74:E9:76:99:18:74:E6:7C:1A:9F:E0:5C:91:E6:7B:A5:AF:9E:18
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 018CC870411D7ADF9EE66F2E6E18F668CACB
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ZnTpdpkYdOZ8Gp_gXJHme6Wvnhg.roa
Signing time: Tue 02 Jan 2024 04:30:49 +0000
ROA not before: Tue 02 Jan 2024 04:30:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29300
IP address blocks: 81.88.64.0/20 maxlen: 20
82.148.160.0/19 maxlen: 19
93.184.120.0/21 maxlen: 21
109.169.96.0/20 maxlen: 20
2a02:2828::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:70:41:1d:7a:df:9e:e6:6f:2e:6e:18:f6:68:ca:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: Jan 2 04:30:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6674e976991874e67c1a9fe05c91e67ba5af9e18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:00:53:42:0b:60:99:c3:6c:75:e2:a7:e5:98:
fd:c6:c5:4d:e8:cf:91:4d:78:96:a5:24:08:66:3e:
b2:d6:e7:2f:d6:f6:59:97:4b:d6:6e:89:c8:b9:92:
50:e8:1c:ab:1d:48:05:c9:b6:d1:d8:ed:a8:69:1f:
33:2f:a7:c7:5d:db:a5:6e:9e:29:d5:39:31:a6:67:
6c:36:7e:63:2d:f0:48:76:86:fa:4b:3a:0e:91:70:
c0:fb:eb:d8:55:6b:da:4f:6c:ce:a4:29:68:9e:91:
bd:49:68:40:2f:13:95:bb:5e:30:04:e6:ac:1f:f9:
b0:be:de:a9:5e:d4:5f:cb:98:ff:f2:85:76:a5:21:
25:f2:4d:42:02:d0:83:b9:4f:1c:b8:50:16:ce:00:
95:67:b6:23:29:92:e1:da:f0:dd:24:82:5d:e3:8b:
db:01:fe:e7:b6:94:94:79:09:a5:e2:a6:77:22:5d:
12:44:23:e0:4b:90:6a:60:6b:0f:3b:42:44:08:e2:
8a:33:32:e8:88:29:ca:71:6c:6b:24:92:1e:c0:4a:
05:73:c3:1f:c5:2e:41:03:69:6f:f4:04:eb:96:e7:
51:a3:8f:d7:cf:4b:a3:5b:a7:c3:eb:d2:cd:50:ca:
ae:d2:28:10:d0:19:04:62:ac:cb:57:0c:26:af:f6:
fa:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:74:E9:76:99:18:74:E6:7C:1A:9F:E0:5C:91:E6:7B:A5:AF:9E:18
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ZnTpdpkYdOZ8Gp_gXJHme6Wvnhg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.64.0/20
82.148.160.0/19
93.184.120.0/21
109.169.96.0/20
IPv6:
2a02:2828::/32
Signature Algorithm: sha256WithRSAEncryption
b2:3a:06:28:33:b3:87:19:03:ba:94:ad:52:f0:d2:a3:57:18:
16:c2:16:9c:36:31:47:49:5e:97:4c:08:57:c9:c2:6b:38:94:
a0:39:f0:8a:c1:c2:e7:81:c5:fd:bc:88:72:2f:b0:1d:50:fd:
51:88:b0:a1:c2:82:9a:d5:57:92:72:f6:ed:75:ab:b2:03:ed:
6c:d6:62:70:87:79:b0:2f:23:a5:c8:6b:c3:7b:3d:e0:a1:14:
b0:5a:de:16:bd:78:e4:1d:a1:59:1d:73:2a:72:41:d5:af:f9:
7a:6d:b1:0e:49:96:2f:36:26:6b:44:a0:47:91:15:d5:c1:bc:
16:75:c8:18:53:4b:8b:02:58:06:e0:f4:99:24:ab:15:fa:b6:
65:91:e0:ec:34:ea:bf:a9:65:87:f6:d2:9f:ad:a9:e7:2a:fa:
f7:6d:5d:3b:03:2c:9b:be:83:6c:43:9f:52:29:a1:7f:c8:ce:
8e:f3:d2:67:33:07:b9:48:72:a2:6f:13:c6:f1:60:22:2d:36:
e1:3d:68:2c:84:fd:ed:90:c3:47:97:37:f6:67:29:9a:e0:f1:
30:20:b6:0d:f2:86:07:60:bf:af:97:93:83:8b:f8:fb:c2:71:
9c:f3:e2:61:ce:84:8e:5f:8b:be:e8:07:f4:f7:a8:94:76:fd:
24:7f:ad:fd
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzIcEEdet+e5m8ubhj2aMrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjQwMTAyMDQzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njc0ZTk3Njk5MTg3NGU2N2MxYTlmZTA1YzkxZTY3YmE1YWY5ZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQBTQgtgmcNsdeKn5Zj9xsVN6M+R
TXiWpSQIZj6y1ucv1vZZl0vWbonIuZJQ6ByrHUgFybbR2O2oaR8zL6fHXdulbp4p
1TkxpmdsNn5jLfBIdob6SzoOkXDA++vYVWvaT2zOpClonpG9SWhALxOVu14wBOas
H/mwvt6pXtRfy5j/8oV2pSEl8k1CAtCDuU8cuFAWzgCVZ7YjKZLh2vDdJIJd44vb
Af7ntpSUeQml4qZ3Il0SRCPgS5BqYGsPO0JECOKKMzLoiCnKcWxrJJIewEoFc8Mf
xS5BA2lv9ATrludRo4/Xz0ujW6fD69LNUMqu0igQ0BkEYqzLVwwmr/b6IQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFGZ06XaZGHTmfBqf4FyR5nulr54YMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvWm5UcGRwa1lkT1o4R3BfZ1hKSG1lNld2bmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEUVhAAwQF
UpSgAwQDXbh4AwQEbalgMA0EAgACMAcDBQAqAigoMA0GCSqGSIb3DQEBCwUAA4IB
AQCyOgYoM7OHGQO6lK1S8NKjVxgWwhacNjFHSV6XTAhXycJrOJSgOfCKwcLngcX9
vIhyL7AdUP1RiLChwoKa1VeScvbtdauyA+1s1mJwh3mwLyOlyGvDez3goRSwWt4W
vXjkHaFZHXMqckHVr/l6bbEOSZYvNiZrRKBHkRXVwbwWdcgYU0uLAlgG4PSZJKsV
+rZlkeDsNOq/qWWH9tKfrannKvr3bV07AyybvoNsQ59SKaF/yM6O89JnMwe5SHKi
bxPG8WAiLTbhPWgshP3tkMNHlzf2Zyma4PEwILYN8oYHYL+vl5ODi/j7wnGc8+Jh
zoSOX4u+6Af096iUdv0kf639
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:46 2024 by rpki-client on console-fra.rpki-client.org