Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/zzoua1b3mAkLTsbWLwvLmh9HfrU.roa
File: zzoua1b3mAkLTsbWLwvLmh9HfrU.roa (raw, json)
Hash identifier: ISajrJ7TQMp9MfFpIizRHEIF+1p4HaoZIT8o4j8GdwA=
Subject key identifier: CF:3A:2E:6B:56:F7:98:09:0B:4E:C6:D6:2F:0B:CB:9A:1F:47:7E:B5
Certificate issuer: /CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Certificate serial: 01946E5EAF8557FAC7A29ADAD3BA13A99DBC
Authority key identifier: 01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/zzoua1b3mAkLTsbWLwvLmh9HfrU.roa
Signing time: Thu 16 Jan 2025 09:08:06 +0000
ROA not before: Thu 16 Jan 2025 09:08:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200161
IP address blocks: 83.217.24.0/22 maxlen: 24
83.217.24.0/24 maxlen: 24
83.217.26.0/24 maxlen: 24
185.30.16.0/22 maxlen: 24
212.8.236.0/22 maxlen: 24
2a00:a960::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6e:5e:af:85:57:fa:c7:a2:9a:da:d3:ba:13:a9:9d:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Validity
Not Before: Jan 16 09:08:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cf3a2e6b56f798090b4ec6d62f0bcb9a1f477eb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:75:a1:1e:81:4e:88:97:12:9d:41:c4:fa:50:
ca:43:bd:39:81:fc:86:98:06:bb:2d:8b:54:0e:24:
3a:13:a2:ff:8c:11:1e:d9:b3:f0:d5:37:c5:de:e0:
bf:00:c4:9b:2f:04:bb:36:92:f9:fc:06:c6:8f:c1:
eb:c6:55:91:47:e7:16:06:90:4e:6e:52:97:72:40:
73:fe:6b:96:15:0d:ba:d4:d4:11:95:47:7a:b3:45:
af:e7:37:e4:6a:4d:29:98:fd:f6:9d:4b:28:74:3e:
9b:2a:31:be:45:a6:f4:8b:3f:4e:46:d3:f4:46:84:
a2:b4:c6:df:67:7d:18:1c:4d:ad:29:36:09:f6:af:
3d:a7:66:ec:86:32:46:2e:4d:de:e6:05:5b:9e:fc:
dd:57:70:bf:cd:96:b5:9e:98:87:51:36:a8:8f:a8:
c7:ba:d2:f3:ae:ea:5d:bc:f0:9c:83:fe:2a:07:a3:
6a:d6:f6:e1:01:68:1c:2a:fb:ad:16:ac:c3:6a:6f:
8b:08:01:ff:0c:37:15:e8:7b:78:94:6d:0a:e0:23:
32:5e:ac:5e:dd:75:a1:f8:0a:ec:fa:e2:41:c6:34:
7b:96:4e:e8:9c:5c:8a:db:06:30:af:95:9e:46:28:
20:c2:dc:df:4f:ba:f1:6b:7d:27:a6:39:cc:29:ed:
b1:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:3A:2E:6B:56:F7:98:09:0B:4E:C6:D6:2F:0B:CB:9A:1F:47:7E:B5
X509v3 Authority Key Identifier:
keyid:01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/zzoua1b3mAkLTsbWLwvLmh9HfrU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/AW5eMfqHFqqlThj83P7T_JTbkLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.217.24.0/22
185.30.16.0/22
212.8.236.0/22
IPv6:
2a00:a960::/32
Signature Algorithm: sha256WithRSAEncryption
77:d6:36:56:c4:6f:10:b0:c9:5a:8b:bd:e9:ef:2e:fe:1c:df:
a8:9d:2d:13:38:f1:e8:1b:ce:b3:31:4c:8d:5e:35:6a:fe:eb:
cd:d6:88:82:37:63:50:16:23:04:81:aa:89:bf:26:15:88:6e:
ca:50:79:f6:2c:55:03:16:0d:18:d2:3f:d4:01:6c:a2:53:13:
bf:51:e5:90:d7:61:a3:32:c7:fb:8f:83:96:5d:1a:58:5c:bf:
07:6d:8d:0e:7d:26:84:f5:04:1b:6a:70:b5:d1:fc:da:be:f4:
f8:a7:c7:a6:bb:49:46:b1:ab:5b:a3:b4:4c:f1:5a:9a:9e:e0:
a8:4d:23:d1:54:90:ba:a9:21:a1:8b:e3:59:40:9a:a1:f4:d9:
52:ae:84:42:8a:49:e1:7e:49:ad:9b:d2:fd:ac:a8:67:5b:93:
2f:47:36:64:56:77:b3:9a:fb:23:fb:70:b7:34:2f:73:f6:fd:
86:31:f1:2f:d8:d9:84:06:50:e0:53:4a:32:4c:3b:a9:86:e8:
34:3a:e6:1c:9a:e8:e2:a9:4b:33:d0:80:fe:92:e4:68:69:d9:
c2:6e:fc:cf:56:fe:7d:45:2f:23:53:3d:57:c0:9d:59:85:72:
7b:56:c5:23:d4:9d:09:c4:f1:03:3f:d8:3f:29:fb:6b:dc:6e:
b8:2a:16:13
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZRuXq+FV/rHopra07oTqZ28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNmU1ZTMxZmE4NzE2YWFhNTRlMThmY2RjZmVkM2ZjOTRk
YjkwYjUwHhcNMjUwMTE2MDkwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjNhMmU2YjU2Zjc5ODA5MGI0ZWM2ZDYyZjBiY2I5YTFmNDc3ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXWhHoFOiJcSnUHE+lDKQ705gfyG
mAa7LYtUDiQ6E6L/jBEe2bPw1TfF3uC/AMSbLwS7NpL5/AbGj8HrxlWRR+cWBpBO
blKXckBz/muWFQ261NQRlUd6s0Wv5zfkak0pmP32nUsodD6bKjG+Rab0iz9ORtP0
RoSitMbfZ30YHE2tKTYJ9q89p2bshjJGLk3e5gVbnvzdV3C/zZa1npiHUTaoj6jH
utLzrupdvPCcg/4qB6Nq1vbhAWgcKvutFqzDam+LCAH/DDcV6Ht4lG0K4CMyXqxe
3XWh+Ars+uJBxjR7lk7onFyK2wYwr5WeRiggwtzfT7rxa30npjnMKe2xIwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFM86LmtW95gJC07G1i8Ly5ofR361MB8GA1UdIwQY
MBaAFAFuXjH6hxaqpU4Y/Nz+0/yU25C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYt
Yzk2YzJjZTg1OWU1LzEvenpvdWExYjNtQWtMVHNiV0x3dkxtaDlIZnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYtYzk2YzJjZTg1OWU1
LzEvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCU9kYAwQC
uR4QAwQC1AjsMA0EAgACMAcDBQAqAKlgMA0GCSqGSIb3DQEBCwUAA4IBAQB31jZW
xG8QsMlai73p7y7+HN+onS0TOPHoG86zMUyNXjVq/uvN1oiCN2NQFiMEgaqJvyYV
iG7KUHn2LFUDFg0Y0j/UAWyiUxO/UeWQ12GjMsf7j4OWXRpYXL8HbY0OfSaE9QQb
anC10fzavvT4p8emu0lGsatbo7RM8VqanuCoTSPRVJC6qSGhi+NZQJqh9NlSroRC
iknhfkmtm9L9rKhnW5MvRzZkVnezmvsj+3C3NC9z9v2GMfEv2NmEBlDgU0oyTDup
hug0OuYcmujiqUsz0ID+kuRoadnCbvzPVv59RS8jUz1XwJ1ZhXJ7VsUj1J0JxPED
P9g/Kftr3G64KhYT
-----END CERTIFICATE-----
Generated at Thu Apr 17 13:32:33 2025 by rpki-client