Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/ZAL0MfPHmtThJChiJIc0K5UV_ZE.roa
File: ZAL0MfPHmtThJChiJIc0K5UV_ZE.roa (raw, json)
Hash identifier: 3hVg/X6BCMzl9j3T9oVLQvCySibelSMLNqNFMqLDopQ=
Subject key identifier: 64:02:F4:31:F3:C7:9A:D4:E1:24:28:62:24:87:34:2B:95:15:FD:91
Certificate issuer: /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial: 099C8512
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/ZAL0MfPHmtThJChiJIc0K5UV_ZE.roa
Signing time: Tue 26 Apr 2022 14:44:25 +0000
ROA not before: Tue 26 Apr 2022 14:44:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207996
IP address blocks: 91.194.139.0/24 maxlen: 24
147.78.192.0/22 maxlen: 24
185.203.112.0/22 maxlen: 24
2a0a:e5c0::/29 maxlen: 48
2a09:2940::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 161252626 (0x99c8512)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Validity
Not Before: Apr 26 14:44:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6402f431f3c79ad4e12428622487342b9515fd91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:6d:5e:99:d3:61:f1:88:bb:ca:eb:63:69:e0:
93:6d:93:c3:d6:b8:37:63:60:82:11:e0:1c:61:bc:
fc:26:60:ca:cd:96:56:28:74:0e:67:71:b4:b1:c7:
ab:a0:9b:e0:a9:f1:83:39:2e:25:1e:66:ba:cf:35:
ba:5a:56:09:46:03:89:a9:17:b6:5f:d3:9d:25:27:
d2:57:5f:f3:f5:ed:91:f1:3b:45:16:12:f1:91:f1:
aa:3f:17:fd:d0:b8:69:78:7b:15:b9:a0:e7:36:17:
26:05:e0:90:dd:01:d5:26:cb:e8:23:f5:5b:76:c9:
16:5a:b2:12:13:0d:d7:7a:79:72:4f:1e:27:63:c9:
de:67:07:9d:de:de:a1:66:b2:44:67:0a:82:d5:65:
3d:77:b1:e7:e8:4b:63:59:56:8d:cd:39:0b:89:a5:
99:7a:fa:74:0c:ef:ea:e2:9a:32:55:67:65:06:a2:
c1:b2:c4:6f:1e:9e:dd:98:ef:c6:08:75:77:78:86:
8d:e0:e3:08:d2:b8:9f:fd:d7:4f:87:66:ca:00:d9:
16:7b:a6:2c:5d:f6:52:04:3e:e9:d5:a0:42:cb:c0:
c8:1d:cb:82:eb:d2:8b:40:fe:db:30:df:eb:da:c0:
19:5c:34:5d:61:a1:9f:2c:10:3a:79:8c:ec:4e:2a:
7d:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:02:F4:31:F3:C7:9A:D4:E1:24:28:62:24:87:34:2B:95:15:FD:91
X509v3 Authority Key Identifier:
keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/ZAL0MfPHmtThJChiJIc0K5UV_ZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.139.0/24
147.78.192.0/22
185.203.112.0/22
IPv6:
2a09:2940::/29
2a0a:e5c0::/29
Signature Algorithm: sha256WithRSAEncryption
73:43:d8:36:ea:53:99:8a:73:c6:a0:56:b7:e3:de:02:6a:a0:
ba:f6:55:cc:78:02:de:cb:c9:50:5b:30:be:c8:8c:c3:22:ba:
71:80:de:e3:7f:9a:6f:88:3e:82:90:a1:8e:c1:dc:94:99:63:
16:d0:08:df:c3:19:0e:fd:a2:60:d7:91:26:88:c9:3e:4f:fa:
da:84:81:b2:fa:06:f7:cb:a1:57:9d:d0:04:92:b6:ab:bd:78:
45:47:f3:e1:04:db:12:4a:e9:a7:38:15:79:80:57:ee:ca:0b:
fa:2a:c8:cb:0d:8c:2c:97:c8:d3:7d:51:a0:34:da:3a:1a:43:
4d:61:4e:64:9a:54:9c:22:26:e8:72:49:96:f5:90:65:a1:5f:
39:11:b4:22:e7:69:1f:18:1f:43:26:36:2f:e6:a0:db:90:69:
7f:4c:46:bb:f9:a5:43:57:d5:49:83:a4:94:9c:5d:78:bf:08:
02:9b:58:f3:93:b5:77:60:20:cc:53:a1:47:8b:de:cb:8d:54:
dc:ed:94:00:e5:88:f8:95:52:f1:3a:be:36:81:10:90:c4:95:
78:18:ac:8d:45:b9:9e:43:63:fa:f3:96:7c:86:2c:d9:b8:fd:
69:f6:37:e2:2d:27:8d:cf:82:10:51:ad:9c:52:64:b3:ff:7b:
6d:11:a4:47
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIECZyFEjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NmJmYzVhMTcyNjU0ZGQ2MDA5ZGIxZDgyZDkyZmZhZjcxMjM0MTIwMB4XDTIyMDQy
NjE0NDQyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjQwMmY0MzFmM2M3
OWFkNGUxMjQyODYyMjQ4NzM0MmI5NTE1ZmQ5MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANJtXpnTYfGIu8rrY2ngk22Tw9a4N2NgghHgHGG8/CZgys2W
Vih0DmdxtLHHq6Cb4KnxgzkuJR5mus81ulpWCUYDiakXtl/TnSUn0ldf8/XtkfE7
RRYS8ZHxqj8X/dC4aXh7Fbmg5zYXJgXgkN0B1SbL6CP1W3bJFlqyEhMN13p5ck8e
J2PJ3mcHnd7eoWayRGcKgtVlPXex5+hLY1lWjc05C4mlmXr6dAzv6uKaMlVnZQai
wbLEbx6e3Zjvxgh1d3iGjeDjCNK4n/3XT4dmygDZFnumLF32UgQ+6dWgQsvAyB3L
guvSi0D+2zDf69rAGVw0XWGhnywQOnmM7E4qfY0CAwEAAaOCAiswggInMB0GA1Ud
DgQWBBRkAvQx88ea1OEkKGIkhzQrlRX9kTAfBgNVHSMEGDAWgBSWv8WhcmVN1gCd
sdgtkv+vcSNBIDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xyX0ZvWEpsVGRZQW5iSFlMWkxfcjNFalFTQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2MvMzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8x
L1pBTDBNZlBIbXRUaEpDaGlKSWMwSzVVVl9aRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Mv
MzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8xL2xyX0ZvWEpsVGRZ
QW5iSFlMWkxfcjNFalFTQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBB
BggrBgEFBQcBBwEB/wQyMDAwGAQCAAEwEgMEAFvCiwMEApNOwAMEArnLcDAUBAIA
AjAOAwUDKgkpQAMFAyoK5cAwDQYJKoZIhvcNAQELBQADggEBAHND2DbqU5mKc8ag
Vrfj3gJqoLr2Vcx4At7LyVBbML7IjMMiunGA3uN/mm+IPoKQoY7B3JSZYxbQCN/D
GQ79omDXkSaIyT5P+tqEgbL6BvfLoVed0ASStqu9eEVH8+EE2xJK6ac4FXmAV+7K
C/oqyMsNjCyXyNN9UaA02joaQ01hTmSaVJwiJuhySZb1kGWhXzkRtCLnaR8YH0Mm
Ni/moNuQaX9MRrv5pUNX1UmDpJScXXi/CAKbWPOTtXdgIMxToUeL3suNVNztlADl
iPiVUvE6vjaBEJDElXgYrI1FuZ5DY/rzlnyGLNm4/Wn2N+ItJ43PghBRrZxSZLP/
e20RpEc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:07 2024 by rpki-client on console-fra.rpki-client.org