Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/649aeb-78dd-422f-89c6-5538dc0bb099/1/z0Ax-9851HrKgON9fa4SGpW7DiE.roa
File: z0Ax-9851HrKgON9fa4SGpW7DiE.roa (raw, json)
Hash identifier: NJC9IqyIyONu7tzsaWuDFrvftYm90Rcm2keTicO32bs=
Subject key identifier: CF:40:31:FB:DF:39:D4:7A:CA:80:E3:7D:7D:AE:12:1A:95:BB:0E:21
Certificate issuer: /CN=edc22138c0af81c5cbf43a4f8ddd7c8de13c7230
Certificate serial: 389105CF
Authority key identifier: ED:C2:21:38:C0:AF:81:C5:CB:F4:3A:4F:8D:DD:7C:8D:E1:3C:72:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7cIhOMCvgcXL9DpPjd18jeE8cjA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/649aeb-78dd-422f-89c6-5538dc0bb099/1/z0Ax-9851HrKgON9fa4SGpW7DiE.roa
Signing time: Wed 16 Feb 2022 13:21:30 +0000
ROA not before: Wed 16 Feb 2022 13:21:30 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 20704
IP address blocks: 81.92.240.0/24 maxlen: 24
81.92.246.0/24 maxlen: 24
81.92.242.0/24 maxlen: 24
81.92.245.0/24 maxlen: 24
81.92.241.0/24 maxlen: 24
81.92.244.0/24 maxlen: 24
81.92.243.0/24 maxlen: 24
81.92.247.0/24 maxlen: 24
217.196.64.0/19 maxlen: 20
2001:1408::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 949028303 (0x389105cf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=edc22138c0af81c5cbf43a4f8ddd7c8de13c7230
Validity
Not Before: Feb 16 13:21:30 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cf4031fbdf39d47aca80e37d7dae121a95bb0e21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:dc:61:4d:2a:63:40:7f:fc:1d:ea:1c:33:e4:
37:eb:fc:4c:6b:6d:4e:0a:67:10:18:fe:40:fd:b0:
91:e0:09:44:db:77:47:f7:0b:00:5a:57:e6:e3:a2:
89:4d:ab:1c:b7:14:b3:7a:83:a9:63:f8:9e:b8:32:
1b:51:e3:cd:aa:b9:44:f4:62:53:c9:5b:28:7d:ce:
20:99:e2:dc:29:df:16:6a:61:ea:c4:98:d8:3c:ce:
e3:da:d5:b8:5a:ac:c1:45:ed:d7:31:68:88:c0:98:
19:02:4c:08:5c:d7:78:4c:20:c9:7b:04:7a:d5:f0:
72:77:45:14:dd:ea:0c:3d:8d:ed:63:9a:4b:c4:81:
09:06:ff:bf:bd:fa:16:12:3d:34:7b:26:27:60:8c:
dc:fb:2d:c0:c5:03:50:93:d9:33:a5:67:24:ec:91:
5c:bb:ba:6c:f1:0e:31:5d:57:78:09:70:90:ba:70:
02:a5:82:65:b7:e8:ac:64:31:bb:cb:1d:79:f9:f9:
45:9e:bb:df:80:86:6a:bb:c9:71:9d:a1:e2:d8:eb:
90:c4:7e:93:08:d6:52:41:bb:59:3b:d2:f1:ab:64:
df:6d:65:04:d4:7b:89:35:98:78:85:50:a5:29:d7:
b4:c2:a4:c9:21:a6:ef:2f:20:2a:be:a4:88:83:94:
2b:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:40:31:FB:DF:39:D4:7A:CA:80:E3:7D:7D:AE:12:1A:95:BB:0E:21
X509v3 Authority Key Identifier:
keyid:ED:C2:21:38:C0:AF:81:C5:CB:F4:3A:4F:8D:DD:7C:8D:E1:3C:72:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7cIhOMCvgcXL9DpPjd18jeE8cjA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/649aeb-78dd-422f-89c6-5538dc0bb099/1/z0Ax-9851HrKgON9fa4SGpW7DiE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/649aeb-78dd-422f-89c6-5538dc0bb099/1/7cIhOMCvgcXL9DpPjd18jeE8cjA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.92.240.0/21
217.196.64.0/19
IPv6:
2001:1408::/32
Signature Algorithm: sha256WithRSAEncryption
b6:99:0e:df:cb:98:ed:b5:76:41:8b:fd:c7:5f:2d:73:de:6a:
6f:f2:5f:52:cd:28:2a:b6:37:01:7b:c1:bd:3c:b2:64:c0:ea:
c6:d6:14:5c:64:8b:3a:33:17:e9:80:f8:61:06:7d:51:70:c0:
57:ac:73:d2:a5:7c:dc:b9:9b:cb:92:56:23:51:4a:3f:38:53:
5a:20:26:46:32:a1:20:0c:70:20:29:4e:17:f1:c5:f1:17:70:
a2:ed:db:5f:c3:a3:90:ab:12:af:d7:9b:ca:be:15:b4:b8:3f:
0a:59:b0:7a:ef:4a:9b:c2:7b:2b:f0:21:d5:fd:1c:be:6f:1d:
e2:a5:00:06:7a:38:38:cf:02:e5:33:56:95:72:c4:3e:32:05:
81:75:f9:86:97:8f:72:5f:4e:ef:4e:52:fb:13:5e:78:c2:bc:
51:a9:78:57:f8:15:cd:d6:89:dd:77:20:c2:12:b0:0b:59:df:
2b:4d:ed:e5:6a:74:6e:cf:6a:cc:2b:35:30:85:a3:c9:15:4f:
74:8a:e3:2f:7c:f7:c4:ab:d9:15:25:2f:31:09:52:1b:fb:c8:
b9:aa:90:8c:ff:65:27:70:9b:8d:b2:58:3c:67:4c:5f:b6:09:
fd:53:8c:50:08:4a:56:b9:75:cb:fd:1a:cc:c6:3c:bd:af:4a:
70:d5:a2:1c
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEOJEFzzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ZGMyMjEzOGMwYWY4MWM1Y2JmNDNhNGY4ZGRkN2M4ZGUxM2M3MjMwMB4XDTIyMDIx
NjEzMjEzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Y0MDMxZmJkZjM5
ZDQ3YWNhODBlMzdkN2RhZTEyMWE5NWJiMGUyMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMvcYU0qY0B//B3qHDPkN+v8TGttTgpnEBj+QP2wkeAJRNt3
R/cLAFpX5uOiiU2rHLcUs3qDqWP4nrgyG1Hjzaq5RPRiU8lbKH3OIJni3CnfFmph
6sSY2DzO49rVuFqswUXt1zFoiMCYGQJMCFzXeEwgyXsEetXwcndFFN3qDD2N7WOa
S8SBCQb/v736FhI9NHsmJ2CM3PstwMUDUJPZM6VnJOyRXLu6bPEOMV1XeAlwkLpw
AqWCZbforGQxu8sdefn5RZ6734CGarvJcZ2h4tjrkMR+kwjWUkG7WTvS8atk321l
BNR7iTWYeIVQpSnXtMKkySGm7y8gKr6kiIOUK/sCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBTPQDH73znUesqA4319rhIalbsOITAfBgNVHSMEGDAWgBTtwiE4wK+Bxcv0
Ok+N3XyN4TxyMDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdjSWhPTUN2Z2NYTDlEcFBqZDE4amVFOGNqQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGEvNjQ5YWViLTc4ZGQtNDIyZi04OWM2LTU1MzhkYzBiYjA5OS8x
L3owQXgtOTg1MUhyS2dPTjlmYTRTR3BXN0RpRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGEv
NjQ5YWViLTc4ZGQtNDIyZi04OWM2LTU1MzhkYzBiYjA5OS8xLzdjSWhPTUN2Z2NY
TDlEcFBqZDE4amVFOGNqQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEA1Fc8AMEBdnEQDANBAIAAjAHAwUA
IAEUCDANBgkqhkiG9w0BAQsFAAOCAQEAtpkO38uY7bV2QYv9x18tc95qb/JfUs0o
KrY3AXvBvTyyZMDqxtYUXGSLOjMX6YD4YQZ9UXDAV6xz0qV83Lmby5JWI1FKPzhT
WiAmRjKhIAxwIClOF/HF8Rdwou3bX8OjkKsSr9ebyr4VtLg/Clmweu9Km8J7K/Ah
1f0cvm8d4qUABno4OM8C5TNWlXLEPjIFgXX5hpePcl9O705S+xNeeMK8Ual4V/gV
zdaJ3XcgwhKwC1nfK03t5Wp0bs9qzCs1MIWjyRVPdIrjL3z3xKvZFSUvMQlSG/vI
uaqQjP9lJ3CbjbJYPGdMX7YJ/VOMUAhKVrl1y/0azMY8va9KcNWiHA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:42 2023 by rpki-client on console-ams.rpki-client.org