Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/z-jDky7KCJFhcOL2SBI_ObtpCCM.roa
File: z-jDky7KCJFhcOL2SBI_ObtpCCM.roa (raw, json)
Hash identifier: zLVuoW049/DqMsmbDSVSGFSXp4KsAO8ie/z328FoD9o=
Subject key identifier: CF:E8:C3:93:2E:CA:08:91:61:70:E2:F6:48:12:3F:39:BB:69:08:23
Certificate issuer: /CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
Certificate serial: 0188365512C559D30771524E7F4584DEA821
Authority key identifier: 58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/z-jDky7KCJFhcOL2SBI_ObtpCCM.roa
Signing time: Fri 19 May 2023 23:25:24 +0000
ROA not before: Fri 19 May 2023 23:25:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208041
IP address blocks: 193.160.10.0/23 maxlen: 23
193.160.14.0/23 maxlen: 23
109.197.32.0/23 maxlen: 23
2a0f:d181::/32 maxlen: 32
2a0c:8440::/48 maxlen: 48
2a0f:d180::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:36:55:12:c5:59:d3:07:71:52:4e:7f:45:84:de:a8:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
Validity
Not Before: May 19 23:25:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cfe8c3932eca08916170e2f648123f39bb690823
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:cf:94:f7:95:45:30:09:36:18:c1:d6:df:06:
56:26:2b:56:cc:7e:04:96:1a:f3:d5:60:ca:86:48:
67:16:16:2e:c0:df:bb:1b:ad:11:84:fd:73:34:be:
f5:1c:99:04:19:c4:14:00:70:bf:e5:49:33:2b:2d:
2b:8a:3d:66:94:94:13:83:58:94:6b:5b:a2:a6:e2:
1c:4f:10:39:2f:b7:37:99:1d:7c:90:81:62:08:32:
dc:02:83:57:68:a0:aa:a2:d2:c5:c5:ca:53:1a:23:
aa:aa:df:b6:42:6d:96:24:6d:a6:a3:94:09:6a:15:
64:a6:42:ed:ed:60:e8:03:13:77:eb:73:0e:e1:fb:
de:d4:46:af:ab:1d:95:82:3c:cb:aa:d9:bc:aa:d3:
3e:7d:e4:43:5c:74:09:72:0e:e7:c3:e6:d3:e7:a4:
51:ae:08:20:76:71:f7:71:72:b8:eb:66:ed:b1:f9:
9f:6d:2c:4d:61:04:42:35:f9:83:54:54:34:72:0b:
8e:27:b4:c5:42:2c:b7:83:89:50:0c:16:f4:9a:ea:
3a:9a:7e:55:aa:ad:da:0a:5a:76:49:5a:46:ba:c3:
cf:f0:7a:65:5f:fb:12:a8:95:eb:22:0a:c2:d9:8d:
f5:41:a7:52:d3:27:f4:4e:83:ad:89:2b:05:8b:18:
ad:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:E8:C3:93:2E:CA:08:91:61:70:E2:F6:48:12:3F:39:BB:69:08:23
X509v3 Authority Key Identifier:
keyid:58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/z-jDky7KCJFhcOL2SBI_ObtpCCM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/WB7MGnTPkqthnF9xASOTfOUNnEM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.197.32.0/23
193.160.10.0/23
193.160.14.0/23
IPv6:
2a0c:8440::/48
2a0f:d180::/31
Signature Algorithm: sha256WithRSAEncryption
74:d6:34:8f:67:ea:d7:6b:03:a2:db:07:d1:40:67:83:b2:db:
d8:c4:ab:f4:17:95:00:60:61:41:61:bf:61:db:67:d2:05:58:
f3:a4:27:81:e3:44:19:80:68:c8:1f:2d:a6:1d:61:73:e6:18:
bb:dc:fe:20:fd:7b:94:13:9a:c9:0c:69:55:d6:84:02:66:59:
93:db:05:99:94:7c:25:6d:23:de:ad:4b:31:e4:15:85:6d:05:
14:f5:2f:06:90:46:37:14:e9:21:c5:1c:60:4c:a5:ae:ea:be:
98:cd:3a:4b:6a:91:d7:5e:a5:34:63:70:31:c2:b8:fe:87:ab:
ec:88:38:2f:ba:19:4b:f8:fe:9a:b7:83:42:1d:84:94:f3:c9:
83:3c:ed:f8:dc:90:7d:0a:3e:6e:56:b2:43:37:7a:c6:25:f8:
d6:28:cc:96:04:f0:ed:ea:43:89:33:73:08:34:30:f1:1c:4c:
6e:9d:47:6c:b9:35:87:3a:d1:cc:54:6f:dd:c1:f2:53:e0:35:
4b:da:fb:0b:f0:cb:8b:b0:2d:05:8d:c4:cd:76:59:ab:c9:f0:
e3:83:18:f0:d8:84:1e:85:78:3a:ae:20:74:98:b3:a4:84:4b:
26:86:57:53:dc:9c:a5:09:f1:44:cf:e9:ad:fc:3e:da:60:6f:
a8:60:fe:c1
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYg2VRLFWdMHcVJOf0WE3qghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MWVjYzFhNzRjZjkyYWI2MTljNWY3MTAxMjM5MzdjZTUw
ZDljNDMwHhcNMjMwNTE5MjMyNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmU4YzM5MzJlY2EwODkxNjE3MGUyZjY0ODEyM2YzOWJiNjkwODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzs+U95VFMAk2GMHW3wZWJitWzH4E
lhrz1WDKhkhnFhYuwN+7G60RhP1zNL71HJkEGcQUAHC/5UkzKy0rij1mlJQTg1iU
a1uipuIcTxA5L7c3mR18kIFiCDLcAoNXaKCqotLFxcpTGiOqqt+2Qm2WJG2mo5QJ
ahVkpkLt7WDoAxN363MO4fve1Eavqx2VgjzLqtm8qtM+feRDXHQJcg7nw+bT56RR
rgggdnH3cXK462btsfmfbSxNYQRCNfmDVFQ0cguOJ7TFQiy3g4lQDBb0muo6mn5V
qq3aClp2SVpGusPP8HplX/sSqJXrIgrC2Y31QadS0yf0ToOtiSsFixit9wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFM/ow5MuygiRYXDi9kgSPzm7aQgjMB8GA1UdIwQY
MBaAFFgezBp0z5KrYZxfcQEjk3zlDZxDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0I3TUduVFBrcXRobkY5eEFTT1RmT1VObkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jNzFkYWYtZGQ2Ni00MWQ4LWIwNGYt
ZGE4OGI2YmRiMzE2LzEvei1qRGt5N0tDSkZoY09MMlNCSV9PYnRwQ0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jNzFkYWYtZGQ2Ni00MWQ4LWIwNGYtZGE4OGI2YmRiMzE2
LzEvV0I3TUduVFBrcXRobkY5eEFTT1RmT1VObkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAYBAIAATASAwQBbcUgAwQB
waAKAwQBwaAOMBYEAgACMBADBwAqDIRAAAADBQEqD9GAMA0GCSqGSIb3DQEBCwUA
A4IBAQB01jSPZ+rXawOi2wfRQGeDstvYxKv0F5UAYGFBYb9h22fSBVjzpCeB40QZ
gGjIHy2mHWFz5hi73P4g/XuUE5rJDGlV1oQCZlmT2wWZlHwlbSPerUsx5BWFbQUU
9S8GkEY3FOkhxRxgTKWu6r6YzTpLapHXXqU0Y3Axwrj+h6vsiDgvuhlL+P6at4NC
HYSU88mDPO343JB9Cj5uVrJDN3rGJfjWKMyWBPDt6kOJM3MINDDxHExunUdsuTWH
OtHMVG/dwfJT4DVL2vsL8MuLsC0FjcTNdlmryfDjgxjw2IQehXg6riB0mLOkhEsm
hldT3JylCfFEz+mt/D7aYG+oYP7B
-----END CERTIFICATE-----
Generated at Sat May 10 13:32:23 2025 by rpki-client