Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/zbKRn6EeSX1xEjgUhwx6X5G5960.roa
File: zbKRn6EeSX1xEjgUhwx6X5G5960.roa (raw, json)
Hash identifier: O5HLDJpl25pYbKuAfsIuPwgKCLACumCkVvTXUyFgGTI=
Subject key identifier: CD:B2:91:9F:A1:1E:49:7D:71:12:38:14:87:0C:7A:5F:91:B9:F7:AD
Certificate issuer: /CN=c67e2a46e34f491433c8b62f319b902bddfde831
Certificate serial: 018B628D18F80A1754B49A7472D723B8EC42
Authority key identifier: C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/zbKRn6EeSX1xEjgUhwx6X5G5960.roa
Signing time: Tue 24 Oct 2023 16:38:15 +0000
ROA not before: Tue 24 Oct 2023 16:38:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213371
IP address blocks: 37.49.229.0/24 maxlen: 24
37.49.230.0/24 maxlen: 24
77.247.109.0/24 maxlen: 24
185.53.88.0/24 maxlen: 24
185.53.89.0/24 maxlen: 24
45.143.222.0/24 maxlen: 24
37.49.225.0/24 maxlen: 24
37.49.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:62:8d:18:f8:0a:17:54:b4:9a:74:72:d7:23:b8:ec:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c67e2a46e34f491433c8b62f319b902bddfde831
Validity
Not Before: Oct 24 16:38:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cdb2919fa11e497d71123814870c7a5f91b9f7ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:9d:48:9e:37:69:f1:8f:a7:f7:64:7b:aa:07:
f7:e2:f7:11:d2:ac:cd:4d:09:f7:78:41:82:ca:56:
c7:1f:19:d9:9c:f4:48:dd:20:c1:c8:c5:20:43:a7:
ab:22:a4:e6:e7:87:79:db:d0:99:76:7d:f6:2a:db:
c3:a0:4b:07:59:63:2b:c1:cf:82:ce:13:ab:05:61:
ae:ca:45:4e:df:44:4d:e9:b5:8a:01:87:5b:db:db:
41:23:a0:dc:58:77:97:3e:79:5a:43:f7:b4:70:44:
1f:3e:aa:e7:c2:38:eb:fd:b4:80:74:f2:a2:b5:f9:
52:65:a1:a2:57:bf:15:e1:dd:66:6a:15:70:ca:a0:
f1:2c:20:3e:1f:17:51:eb:25:43:69:bc:f8:1b:0c:
24:82:f5:03:9b:7e:55:8c:93:f6:aa:3d:44:db:36:
7e:e1:ff:1a:45:ec:f3:5a:cf:ba:ff:22:4c:1c:17:
2d:01:3e:4d:ab:cc:1a:e2:86:bc:67:58:ff:31:12:
3c:21:5f:48:c2:ce:d5:45:03:0b:4c:ce:19:0b:49:
10:af:fb:c1:e6:0b:46:4f:87:fb:44:32:96:f5:20:
b2:20:b6:17:e1:7c:67:46:21:3f:7e:25:6c:16:8f:
95:77:f9:ba:ed:d3:2f:c1:e0:e5:84:67:92:b9:25:
ad:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:B2:91:9F:A1:1E:49:7D:71:12:38:14:87:0C:7A:5F:91:B9:F7:AD
X509v3 Authority Key Identifier:
keyid:C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/zbKRn6EeSX1xEjgUhwx6X5G5960.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.224.0/23
37.49.229.0-37.49.230.255
45.143.222.0/24
77.247.109.0/24
185.53.88.0/23
Signature Algorithm: sha256WithRSAEncryption
45:10:11:34:d5:d1:bf:1b:a3:09:68:d8:10:68:1d:af:64:f0:
7e:0d:cd:07:27:0a:b6:b0:1e:21:18:df:ea:1f:45:d6:79:a4:
66:c7:ec:06:a6:97:ed:93:71:fe:4f:c3:43:d7:31:94:03:2c:
68:e0:4e:c7:fc:12:f0:3a:da:fa:e1:06:83:ce:d0:57:aa:d4:
17:d0:2c:f6:2b:58:59:f6:17:b6:5c:8a:64:9c:0d:95:87:a4:
bf:64:9f:63:4c:a6:2a:ec:d2:48:af:ab:f3:df:18:2d:42:6a:
8a:02:28:73:5d:46:a6:1a:23:e0:f5:49:2f:14:11:9f:b7:e4:
69:1c:ac:b6:3a:1f:73:fe:a7:b0:c8:32:5d:2e:83:ae:3a:8f:
24:07:74:7a:cb:df:c3:4c:04:a2:8f:7d:3d:ae:b0:55:02:45:
b2:d2:08:42:68:a8:93:95:cc:4a:4e:71:d3:b8:68:14:4c:4b:
0e:03:eb:35:92:fa:a5:5b:20:8b:9a:e5:fb:3c:3b:88:96:42:
fe:17:06:0f:08:74:96:80:7d:bd:2e:4b:c1:e6:2a:64:e6:15:
6c:14:8f:98:5a:42:2d:09:58:3d:42:00:31:c0:51:30:f6:3e:
7a:59:a3:e6:0d:00:2e:c5:80:8c:2a:01:db:0a:ec:6c:3c:6a:
24:e4:a1:76
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYtijRj4ChdUtJp0ctcjuOxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2N2UyYTQ2ZTM0ZjQ5MTQzM2M4YjYyZjMxOWI5MDJiZGRm
ZGU4MzEwHhcNMjMxMDI0MTYzODE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGIyOTE5ZmExMWU0OTdkNzExMjM4MTQ4NzBjN2E1ZjkxYjlmN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJ1Injdp8Y+n92R7qgf34vcR0qzN
TQn3eEGCylbHHxnZnPRI3SDByMUgQ6erIqTm54d529CZdn32KtvDoEsHWWMrwc+C
zhOrBWGuykVO30RN6bWKAYdb29tBI6DcWHeXPnlaQ/e0cEQfPqrnwjjr/bSAdPKi
tflSZaGiV78V4d1mahVwyqDxLCA+HxdR6yVDabz4GwwkgvUDm35VjJP2qj1E2zZ+
4f8aRezzWs+6/yJMHBctAT5Nq8wa4oa8Z1j/MRI8IV9Iws7VRQMLTM4ZC0kQr/vB
5gtGT4f7RDKW9SCyILYX4XxnRiE/fiVsFo+Vd/m67dMvweDlhGeSuSWtdQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFM2ykZ+hHkl9cRI4FIcMel+RufetMB8GA1UdIwQY
MBaAFMZ+KkbjT0kUM8i2LzGbkCvd/egxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQt
MDY2ODY2ZjJkZWQwLzEvemJLUm42RWVTWDF4RWpnVWh3eDZYNUc1OTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQtMDY2ODY2ZjJkZWQw
LzEveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQBJTHgMAwD
BAAlMeUDBAAlMeYDBAAtj94DBABN920DBAG5NVgwDQYJKoZIhvcNAQELBQADggEB
AEUQETTV0b8bowlo2BBoHa9k8H4NzQcnCrawHiEY3+ofRdZ5pGbH7Aaml+2Tcf5P
w0PXMZQDLGjgTsf8EvA62vrhBoPO0Feq1BfQLPYrWFn2F7ZcimScDZWHpL9kn2NM
pirs0kivq/PfGC1CaooCKHNdRqYaI+D1SS8UEZ+35GkcrLY6H3P+p7DIMl0ug646
jyQHdHrL38NMBKKPfT2usFUCRbLSCEJoqJOVzEpOcdO4aBRMSw4D6zWS+qVbIIua
5fs8O4iWQv4XBg8IdJaAfb0uS8HmKmTmFWwUj5haQi0JWD1CADHAUTD2PnpZo+YN
AC7FgIwqAdsK7Gw8aiTkoXY=
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:12:38 2025 by rpki-client