Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/ZNfU7ze6wtWLVJV6kYl5YxqpFRI.roa
File: ZNfU7ze6wtWLVJV6kYl5YxqpFRI.roa (raw, json)
Hash identifier: 2fe/U9wsFFdXvv6BY4GHSzGkdvX/UAptkuedf49aww4=
Subject key identifier: 64:D7:D4:EF:37:BA:C2:D5:8B:54:95:7A:91:89:79:63:1A:A9:15:12
Certificate issuer: /CN=a2ddaeb164e398214a171a0410e6b0232d642f50
Certificate serial: 018570FBB42001D24F52D285E5510A00F4A9
Authority key identifier: A2:DD:AE:B1:64:E3:98:21:4A:17:1A:04:10:E6:B0:23:2D:64:2F:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ot2usWTjmCFKFxoEEOawIy1kL1A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/ZNfU7ze6wtWLVJV6kYl5YxqpFRI.roa
Signing time: Mon 02 Jan 2023 05:37:01 +0000
ROA not before: Mon 02 Jan 2023 05:37:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3164
IP address blocks: 37.156.225.0/24 maxlen: 24
94.176.2.0/24 maxlen: 24
188.240.231.0/24 maxlen: 24
188.241.194.0/24 maxlen: 24
89.44.109.0/24 maxlen: 24
85.204.107.0/24 maxlen: 24
84.247.54.0/24 maxlen: 24
37.156.67.0/24 maxlen: 24
86.105.195.0/24 maxlen: 24
185.88.28.0/24 maxlen: 24
185.88.29.0/24 maxlen: 24
185.88.31.0/24 maxlen: 24
185.88.30.0/24 maxlen: 24
2a05:c5c0::/48 maxlen: 48
2a05:c5c0:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:fb:b4:20:01:d2:4f:52:d2:85:e5:51:0a:00:f4:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a2ddaeb164e398214a171a0410e6b0232d642f50
Validity
Not Before: Jan 2 05:37:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=64d7d4ef37bac2d58b54957a918979631aa91512
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:69:9c:6b:ea:70:c2:77:29:48:5a:ed:bc:90:
35:0a:48:b1:16:23:ee:fe:b5:4c:ce:3d:21:5f:ef:
cb:39:6d:9a:2b:14:4d:8f:18:46:5a:a1:52:b3:25:
bd:21:4d:be:68:a2:d2:61:49:0c:77:fd:ce:09:f4:
67:06:51:ba:38:af:31:09:e9:9c:71:ab:2b:98:57:
e5:b1:62:ab:80:a4:e8:d8:09:db:ed:b7:e6:7b:c6:
5a:24:e1:ed:cc:c4:5e:39:3f:f6:12:a1:72:54:7a:
6b:3a:b2:46:e6:fd:de:4e:71:19:db:07:b0:93:6d:
61:52:11:35:90:c2:54:0b:85:6f:69:47:e0:6a:25:
20:68:53:95:d4:50:29:3f:02:a6:33:79:76:9e:22:
58:0e:ef:84:48:61:66:9f:69:46:aa:45:bd:44:42:
dc:8b:45:74:1c:cd:dd:2a:2a:7e:3e:43:14:bf:f3:
5e:5d:ad:0b:91:f6:36:89:ab:3d:50:be:9a:90:74:
1e:07:e9:bc:3d:ac:91:0d:f3:b2:85:ab:7c:d7:2e:
a3:0f:66:fc:d9:24:bc:0d:c6:b7:a1:cf:ce:a1:d5:
f4:80:d6:16:74:92:13:29:33:34:e3:87:78:89:e9:
fc:ad:c3:88:7a:2a:27:e6:0a:44:bf:5e:00:69:49:
7f:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:D7:D4:EF:37:BA:C2:D5:8B:54:95:7A:91:89:79:63:1A:A9:15:12
X509v3 Authority Key Identifier:
keyid:A2:DD:AE:B1:64:E3:98:21:4A:17:1A:04:10:E6:B0:23:2D:64:2F:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ot2usWTjmCFKFxoEEOawIy1kL1A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/ZNfU7ze6wtWLVJV6kYl5YxqpFRI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/ot2usWTjmCFKFxoEEOawIy1kL1A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.67.0/24
37.156.225.0/24
84.247.54.0/24
85.204.107.0/24
86.105.195.0/24
89.44.109.0/24
94.176.2.0/24
185.88.28.0/22
188.240.231.0/24
188.241.194.0/24
IPv6:
2a05:c5c0::/47
Signature Algorithm: sha256WithRSAEncryption
c4:de:03:01:0c:35:f2:92:c7:85:60:85:4c:4f:03:1f:36:1c:
44:fd:d4:60:38:d5:3a:e1:55:59:1e:c6:db:71:13:6a:ab:ec:
9d:92:55:5a:2c:9b:f3:c6:13:78:b2:90:06:94:b7:3d:5e:cf:
14:0d:7c:91:09:41:f1:2b:4e:f2:01:c2:9a:4f:f5:ca:0a:3d:
f2:96:1f:97:0f:ae:5a:46:49:be:e5:5f:30:21:7b:a7:42:7f:
42:65:04:39:36:2c:76:0c:31:d0:32:f7:09:40:29:ae:92:9d:
98:08:a7:fc:a4:c1:89:e8:05:d1:0e:a2:68:a7:d0:d4:62:19:
41:f0:05:5b:5e:dd:0f:ae:70:af:9b:2f:d8:ec:73:f7:14:96:
10:2f:b0:dd:de:6d:e0:f3:11:d5:14:6d:68:06:a3:9b:64:1e:
a0:da:93:8c:cf:98:aa:9c:04:61:1c:c7:e6:d7:70:63:02:af:
27:f3:21:c8:99:53:62:9c:69:c4:b1:f0:03:50:02:9e:c4:de:
6b:9f:da:7f:a0:ff:fb:71:d5:df:e3:b9:59:de:59:0f:2c:7e:
81:8b:48:34:c4:13:1f:6c:22:cd:01:db:63:62:67:a0:3c:98:
d9:5a:18:24:5d:07:c4:57:d6:af:74:2f:6a:39:99:9d:63:69:
49:a5:ec:eb
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYVw+7QgAdJPUtKF5VEKAPSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZGRhZWIxNjRlMzk4MjE0YTE3MWEwNDEwZTZiMDIzMmQ2
NDJmNTAwHhcNMjMwMTAyMDUzNzAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGQ3ZDRlZjM3YmFjMmQ1OGI1NDk1N2E5MTg5Nzk2MzFhYTkxNTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2mca+pwwncpSFrtvJA1CkixFiPu
/rVMzj0hX+/LOW2aKxRNjxhGWqFSsyW9IU2+aKLSYUkMd/3OCfRnBlG6OK8xCemc
casrmFflsWKrgKTo2Anb7bfme8ZaJOHtzMReOT/2EqFyVHprOrJG5v3eTnEZ2wew
k21hUhE1kMJUC4VvaUfgaiUgaFOV1FApPwKmM3l2niJYDu+ESGFmn2lGqkW9RELc
i0V0HM3dKip+PkMUv/NeXa0LkfY2ias9UL6akHQeB+m8PayRDfOyhat81y6jD2b8
2SS8Dca3oc/OodX0gNYWdJITKTM044d4ien8rcOIeion5gpEv14AaUl/HQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFGTX1O83usLVi1SVepGJeWMaqRUSMB8GA1UdIwQY
MBaAFKLdrrFk45ghShcaBBDmsCMtZC9QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3QydXNXVGptQ0ZLRnhvRUVPYXdJeTFrTDFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80YWZkYTctODI5Yy00ODgwLWEwYzkt
MTEyZTExM2JiN2I3LzEvWk5mVTd6ZTZ3dFdMVkpWNmtZbDVZeHFwRlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80YWZkYTctODI5Yy00ODgwLWEwYzktMTEyZTExM2JiN2I3
LzEvb3QydXNXVGptQ0ZLRnhvRUVPYXdJeTFrTDFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBCBAIAATA8AwQAJZxDAwQA
JZzhAwQAVPc2AwQAVcxrAwQAVmnDAwQAWSxtAwQAXrACAwQCuVgcAwQAvPDnAwQA
vPHCMA8EAgACMAkDBwEqBcXAAAAwDQYJKoZIhvcNAQELBQADggEBAMTeAwEMNfKS
x4VghUxPAx82HET91GA41TrhVVkexttxE2qr7J2SVVosm/PGE3iykAaUtz1ezxQN
fJEJQfErTvIBwppP9coKPfKWH5cPrlpGSb7lXzAhe6dCf0JlBDk2LHYMMdAy9wlA
Ka6SnZgIp/ykwYnoBdEOomin0NRiGUHwBVte3Q+ucK+bL9jsc/cUlhAvsN3ebeDz
EdUUbWgGo5tkHqDak4zPmKqcBGEcx+bXcGMCryfzIciZU2KcacSx8ANQAp7E3muf
2n+g//tx1d/juVneWQ8sfoGLSDTEEx9sIs0B22NiZ6A8mNlaGCRdB8RX1q90L2o5
mZ1jaUml7Os=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:45 2024 by rpki-client on console-fra.rpki-client.org