Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/zamBRVdMYAS5L6C9z7xUYmw57u0.roa
File: zamBRVdMYAS5L6C9z7xUYmw57u0.roa (raw, json)
Hash identifier: VKEyJi7ocyPmdZcuPkgsC0YeS6Kur/Mkvy/NukN2eSU=
Subject key identifier: CD:A9:81:45:57:4C:60:04:B9:2F:A0:BD:CF:BC:54:62:6C:39:EE:ED
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 01856D2F33D44E7FCD348CAA306DC579918F
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/zamBRVdMYAS5L6C9z7xUYmw57u0.roa
Signing time: Sun 01 Jan 2023 11:54:48 +0000
ROA not before: Sun 01 Jan 2023 11:54:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209181
IP address blocks: 185.169.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:2f:33:d4:4e:7f:cd:34:8c:aa:30:6d:c5:79:91:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Jan 1 11:54:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cda98145574c6004b92fa0bdcfbc54626c39eeed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:79:60:0f:79:96:bb:25:87:9a:56:31:f6:59:
07:19:b0:a8:80:d8:76:71:b2:7f:90:47:76:17:cd:
a0:d7:dc:5a:76:66:d3:38:31:03:92:4b:8c:0b:e2:
91:7d:41:01:66:ff:36:ac:43:db:c1:a6:9f:5c:c5:
72:a0:da:08:bb:af:ff:da:62:ee:c1:d0:f1:66:1a:
d3:25:81:0c:a3:aa:c6:cd:8e:20:73:24:62:e3:d8:
45:0e:c0:ae:85:59:fa:52:0e:86:2f:97:50:12:8e:
63:ba:a6:ea:a1:6c:d5:94:86:13:f1:9e:63:c4:fa:
cb:5a:72:29:b1:5f:74:12:cc:33:08:11:49:95:bc:
fd:ec:58:1b:9d:d4:66:c2:13:4c:40:56:8c:51:b4:
e6:69:97:98:17:65:f1:12:dc:87:f9:70:4e:e3:f8:
62:f1:d9:33:4b:12:97:0f:38:87:71:ed:ab:13:6b:
75:56:88:3f:d3:3d:86:e4:1d:79:9d:71:3c:f9:d1:
4a:3e:04:f2:2e:30:67:ff:ed:20:a1:82:58:a4:03:
c9:1a:1b:6a:64:ac:21:0c:48:5b:49:8c:7b:1d:90:
1b:3c:f6:12:0b:a4:3c:04:67:f6:44:e0:27:c9:de:
77:66:ab:67:82:5f:1d:16:0b:94:0a:aa:45:a5:5d:
e7:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:A9:81:45:57:4C:60:04:B9:2F:A0:BD:CF:BC:54:62:6C:39:EE:ED
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/zamBRVdMYAS5L6C9z7xUYmw57u0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.169.220.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:54:47:85:64:de:46:03:e7:bc:11:3b:a5:66:33:0f:ea:60:
d3:8c:b8:76:a8:14:81:1d:ae:e0:7d:bc:35:25:bf:50:42:17:
ee:e0:00:72:b8:42:1d:d3:0c:b9:25:14:26:4c:4b:3b:e2:19:
dc:0a:42:07:90:6e:c8:cf:70:b3:11:13:f5:e9:9a:e8:e2:85:
4a:36:41:84:a2:38:9d:d1:da:c4:90:3a:55:b8:08:6c:9a:01:
97:70:85:dd:a5:c6:49:97:2d:51:67:f5:a8:1c:39:97:54:fb:
9f:e6:e7:5b:14:20:06:30:de:12:35:eb:04:ef:64:84:e4:59:
85:a6:d0:0d:b0:1f:7b:52:16:8d:cd:c6:a0:d5:ad:95:f9:9c:
ec:61:ce:04:8e:9f:f8:0c:64:ab:06:b0:72:4a:35:05:29:a7:
70:45:e8:8c:1c:39:9e:89:dc:bb:9b:5c:3d:c5:a7:2d:4d:19:
c2:1f:f9:44:00:f0:5a:72:38:4c:99:51:4d:4d:f2:3e:ca:0c:
91:17:f1:2f:5b:60:79:32:94:01:1b:6e:3e:a8:e9:a1:a6:22:
4b:b8:93:59:72:c0:27:78:10:98:9b:49:a8:53:40:73:2e:62:
bd:7a:00:3a:81:3e:d1:19:3b:61:04:5d:1d:42:59:50:1d:0e:
36:0f:ad:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtLzPUTn/NNIyqMG3FeZGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMTAxMTE1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGE5ODE0NTU3NGM2MDA0YjkyZmEwYmRjZmJjNTQ2MjZjMzllZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnlgD3mWuyWHmlYx9lkHGbCogNh2
cbJ/kEd2F82g19xadmbTODEDkkuMC+KRfUEBZv82rEPbwaafXMVyoNoIu6//2mLu
wdDxZhrTJYEMo6rGzY4gcyRi49hFDsCuhVn6Ug6GL5dQEo5juqbqoWzVlIYT8Z5j
xPrLWnIpsV90EswzCBFJlbz97FgbndRmwhNMQFaMUbTmaZeYF2XxEtyH+XBO4/hi
8dkzSxKXDziHce2rE2t1Vog/0z2G5B15nXE8+dFKPgTyLjBn/+0goYJYpAPJGhtq
ZKwhDEhbSYx7HZAbPPYSC6Q8BGf2ROAnyd53Zqtngl8dFguUCqpFpV3nbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2pgUVXTGAEuS+gvc+8VGJsOe7tMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvemFtQlJWZE1ZQVM1TDZDOXo3eFVZbXc1N3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuancMA0G
CSqGSIb3DQEBCwUAA4IBAQBLVEeFZN5GA+e8ETulZjMP6mDTjLh2qBSBHa7gfbw1
Jb9QQhfu4AByuEId0wy5JRQmTEs74hncCkIHkG7Iz3CzERP16Zro4oVKNkGEojid
0drEkDpVuAhsmgGXcIXdpcZJly1RZ/WoHDmXVPuf5udbFCAGMN4SNesE72SE5FmF
ptANsB97UhaNzcag1a2V+ZzsYc4Ejp/4DGSrBrBySjUFKadwReiMHDmeidy7m1w9
xactTRnCH/lEAPBacjhMmVFNTfI+ygyRF/EvW2B5MpQBG24+qOmhpiJLuJNZcsAn
eBCYm0moU0BzLmK9egA6gT7RGTthBF0dQllQHQ42D61I
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:39:55 2025 by rpki-client