Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/zXBt0a0O0AMMXPaBEc9jqvWEHts.roa
File: zXBt0a0O0AMMXPaBEc9jqvWEHts.roa (raw, json)
Hash identifier: 3lYs4EtUw5bHsNHAtaOJtxdQM7xCo3mluZ/SFjgAvBQ=
Subject key identifier: CD:70:6D:D1:AD:0E:D0:03:0C:5C:F6:81:11:CF:63:AA:F5:84:1E:DB
Certificate issuer: /CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
Certificate serial: 018EA902261EA03A3B35D252851DD2D585D6
Authority key identifier: E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/zXBt0a0O0AMMXPaBEc9jqvWEHts.roa
Signing time: Thu 04 Apr 2024 12:07:54 +0000
ROA not before: Thu 04 Apr 2024 12:07:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8374
IP address blocks: 5.172.224.0/19 maxlen: 19
31.0.0.0/15 maxlen: 15
31.0.0.0/16 maxlen: 16
31.2.0.0/17 maxlen: 18
31.2.0.0/18 maxlen: 18
37.98.208.0/20 maxlen: 20
37.109.0.0/16 maxlen: 16
37.152.16.0/20 maxlen: 20
37.209.128.0/19 maxlen: 19
37.247.128.0/17 maxlen: 17
37.247.241.0/28 maxlen: 28
37.248.0.0/15 maxlen: 15
46.76.0.0/15 maxlen: 15
78.30.64.0/18 maxlen: 18
84.39.160.0/20 maxlen: 20
87.251.224.0/19 maxlen: 19
92.60.128.0/20 maxlen: 20
93.154.128.0/17 maxlen: 17
151.248.32.0/20 maxlen: 20
185.4.212.0/22 maxlen: 22
188.125.32.0/19 maxlen: 19
193.41.112.0/23 maxlen: 23
212.2.96.0/19 maxlen: 19
2a01:2e0::/28 maxlen: 28
2a01:bb80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a9:02:26:1e:a0:3a:3b:35:d2:52:85:1d:d2:d5:85:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
Validity
Not Before: Apr 4 12:07:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cd706dd1ad0ed0030c5cf68111cf63aaf5841edb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:2c:6f:37:34:de:31:1d:b4:45:23:87:7f:b1:
26:bf:2b:74:be:7f:b3:01:5e:d2:70:38:b2:41:03:
52:da:90:bd:5b:29:e4:ae:b8:a9:e4:a2:e0:3a:ee:
62:82:99:5c:4e:7b:dc:34:5b:ff:11:e3:ac:2a:d0:
78:7b:d0:7f:89:23:84:0b:2e:46:1c:60:b7:1b:87:
b2:fb:49:e4:7b:a9:37:86:ee:be:d8:15:57:1c:5a:
3b:c8:56:86:77:88:a1:fd:af:98:24:8a:14:d8:34:
fb:10:7a:6b:2a:48:fe:3b:72:0f:6a:4a:57:19:be:
07:63:4e:94:81:fe:af:09:c6:15:58:a7:24:33:f2:
92:0b:56:c2:15:90:0f:e3:bf:bb:aa:50:a0:a9:b0:
05:7d:26:be:33:44:e0:2a:cc:ad:7b:01:0e:5d:c2:
40:47:4c:ee:df:45:4a:10:6f:bf:bd:6a:09:62:b0:
b3:35:3f:a2:93:7b:37:99:f3:cc:fa:b8:03:0a:5f:
32:d9:79:05:68:33:41:4a:c4:cc:35:88:4a:6d:a6:
5b:ad:45:97:e7:a7:c5:a3:4e:f2:f3:99:ad:1a:93:
c2:36:48:82:95:9a:d3:36:c7:c6:e1:f6:61:aa:74:
ee:5a:24:69:50:93:51:1e:a1:5d:5a:f4:03:84:b8:
d6:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:70:6D:D1:AD:0E:D0:03:0C:5C:F6:81:11:CF:63:AA:F5:84:1E:DB
X509v3 Authority Key Identifier:
keyid:E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/zXBt0a0O0AMMXPaBEc9jqvWEHts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.224.0/19
31.0.0.0-31.2.127.255
37.98.208.0/20
37.109.0.0/16
37.152.16.0/20
37.209.128.0/19
37.247.128.0-37.249.255.255
46.76.0.0/15
78.30.64.0/18
84.39.160.0/20
87.251.224.0/19
92.60.128.0/20
93.154.128.0/17
151.248.32.0/20
185.4.212.0/22
188.125.32.0/19
193.41.112.0/23
212.2.96.0/19
IPv6:
2a01:2e0::/28
2a01:bb80::/32
Signature Algorithm: sha256WithRSAEncryption
37:a5:bb:2a:2b:86:f8:c4:c3:f8:97:18:4d:17:89:4e:0f:bd:
8c:61:d1:00:16:73:e9:46:f9:2e:05:39:f8:85:65:ae:65:3e:
7b:52:70:83:11:e1:77:cc:34:91:20:28:4f:ba:60:aa:91:38:
48:55:99:bb:54:cc:50:31:8a:52:14:1a:1a:33:80:37:ef:a1:
af:6a:6a:7c:2c:66:bd:6d:ea:e0:fd:5e:2a:9f:d1:d2:b7:68:
36:47:f9:11:25:6c:ea:80:ca:9f:fa:ca:f9:23:a8:b7:0b:27:
2e:aa:fc:f8:1d:7b:3c:6a:1a:18:dc:79:dc:bc:61:0d:1e:f5:
b5:34:ff:c9:0e:6d:87:88:57:2d:47:93:8b:07:fe:18:57:01:
7a:9a:22:bf:84:03:34:5b:5e:20:e0:5f:b2:34:ee:ed:94:3e:
23:bd:65:50:33:83:df:48:18:dd:c1:0f:9d:e0:7f:4a:bd:db:
0d:98:5b:b6:c5:4a:3d:df:5b:15:12:4d:27:7b:b6:20:a5:e1:
cb:fa:d1:bc:1a:3e:00:00:42:20:da:fa:87:ab:8c:5e:58:32:
bc:f0:fd:f8:42:fd:13:31:fc:cd:9b:8a:60:4a:44:20:e5:b5:
f9:2a:cf:37:eb:a1:1f:06:ee:12:ae:7e:15:09:49:18:4e:03:
31:16:5d:90
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAY6pAiYeoDo7NdJShR3S1YXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWI5YWMyZWY2MzFiOTJlODJmNTk1ZDczZTQ3OTJjODE2
ZWM2ZTYwHhcNMjQwNDA0MTIwNzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDcwNmRkMWFkMGVkMDAzMGM1Y2Y2ODExMWNmNjNhYWY1ODQxZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvixvNzTeMR20RSOHf7Emvyt0vn+z
AV7ScDiyQQNS2pC9Wynkrrip5KLgOu5igplcTnvcNFv/EeOsKtB4e9B/iSOECy5G
HGC3G4ey+0nke6k3hu6+2BVXHFo7yFaGd4ih/a+YJIoU2DT7EHprKkj+O3IPakpX
Gb4HY06Ugf6vCcYVWKckM/KSC1bCFZAP47+7qlCgqbAFfSa+M0TgKsytewEOXcJA
R0zu30VKEG+/vWoJYrCzNT+ik3s3mfPM+rgDCl8y2XkFaDNBSsTMNYhKbaZbrUWX
56fFo07y85mtGpPCNkiClZrTNsfG4fZhqnTuWiRpUJNRHqFdWvQDhLjWiQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFM1wbdGtDtADDFz2gRHPY6r1hB7bMB8GA1UdIwQY
MBaAFOKbmsLvYxuS6C9ZXXPkeSyBbsbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYt
OTE2NGUzNTJhODNjLzEvelhCdDBhME8wQU1NWFBhQkVjOWpxdldFSHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYtOTE2NGUzNTJhODNj
LzEvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGoBggrBgEFBQcBBwEB/wSBmDCBlTB9BAIAATB3AwQFBazg
MAoDAgAfAwQHHwIAAwQEJWLQAwMAJW0DBAQlmBADBAUl0YAwCwMEByX3gAMDASX4
AwMBLkwDBAZOHkADBARUJ6ADBAVX++ADBARcPIADBAddmoADBASX+CADBAK5BNQD
BAW8fSADBAHBKXADBAXUAmAwFAQCAAIwDgMFBCoBAuADBQAqAbuAMA0GCSqGSIb3
DQEBCwUAA4IBAQA3pbsqK4b4xMP4lxhNF4lOD72MYdEAFnPpRvkuBTn4hWWuZT57
UnCDEeF3zDSRIChPumCqkThIVZm7VMxQMYpSFBoaM4A376Gvamp8LGa9berg/V4q
n9HSt2g2R/kRJWzqgMqf+sr5I6i3Cycuqvz4HXs8ahoY3HncvGENHvW1NP/JDm2H
iFctR5OLB/4YVwF6miK/hAM0W14g4F+yNO7tlD4jvWVQM4PfSBjdwQ+d4H9KvdsN
mFu2xUo931sVEk0ne7YgpeHL+tG8Gj4AAEIg2vqHq4xeWDK88P34Qv0TMfzNm4pg
SkQg5bX5Ks8366EfBu4Srn4VCUkYTgMxFl2Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:00 2024 by rpki-client on console-ams.rpki-client.org