Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/NIqTTjpukbjRmrqiFrtLI5grRlo.roa
File: NIqTTjpukbjRmrqiFrtLI5grRlo.roa (raw, json)
Hash identifier: W0I4J370yXjIVwEK09fw5vXbCqS/l27b51kCEJq3JFU=
Subject key identifier: 34:8A:93:4E:3A:6E:91:B8:D1:9A:BA:A2:16:BB:4B:23:98:2B:46:5A
Certificate issuer: /CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Certificate serial: 0187315A887EA624FA31FF0AE4BC28486572
Authority key identifier: CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/NIqTTjpukbjRmrqiFrtLI5grRlo.roa
Signing time: Thu 30 Mar 2023 07:10:29 +0000
ROA not before: Thu 30 Mar 2023 07:10:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199659
IP address blocks: 185.43.129.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:31:5a:88:7e:a6:24:fa:31:ff:0a:e4:bc:28:48:65:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Validity
Not Before: Mar 30 07:10:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=348a934e3a6e91b8d19abaa216bb4b23982b465a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:d6:40:95:51:7d:40:2d:4c:34:b1:01:25:00:
a6:da:93:43:64:a6:3f:72:2a:3f:6b:1f:55:ee:9c:
f5:d1:c9:44:a1:fd:63:b4:30:7b:8c:58:88:5c:3a:
11:26:6a:63:bc:0e:f8:dd:d5:ed:b2:72:c6:d2:ec:
19:6f:45:b2:5b:b3:29:0f:22:1a:e5:94:1b:22:4e:
a4:77:d3:91:6f:56:a6:1f:ef:d1:31:d0:bf:39:68:
78:04:5d:31:09:fa:cf:02:d8:b7:dd:c0:08:58:5d:
f2:5b:c0:62:66:ab:2e:b1:b0:11:aa:4b:fc:78:93:
05:99:f2:40:9a:49:0d:69:db:45:ae:15:0a:04:0e:
99:84:f8:3c:1d:12:ff:79:0f:e7:ed:3d:5b:82:05:
ac:34:b9:eb:0f:a3:cb:0c:64:7f:ef:ac:53:80:22:
52:e6:dd:d6:d4:84:a4:7c:94:51:bb:78:d3:2f:17:
5c:02:8d:03:e6:db:38:5d:0f:15:7f:78:ce:d9:3a:
e5:b2:81:40:ca:3f:e4:03:b1:ee:76:63:af:d7:f3:
59:16:cd:4f:ba:79:77:71:b3:07:d6:ae:b8:05:38:
d2:a2:36:f6:69:5e:42:b2:11:7c:e5:1d:87:d9:7c:
9a:2e:c6:c8:47:f1:5e:56:8d:e0:e3:ec:a5:30:29:
97:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:8A:93:4E:3A:6E:91:B8:D1:9A:BA:A2:16:BB:4B:23:98:2B:46:5A
X509v3 Authority Key Identifier:
keyid:CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/NIqTTjpukbjRmrqiFrtLI5grRlo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.43.129.0/24
Signature Algorithm: sha256WithRSAEncryption
95:4f:69:80:fd:67:82:82:a7:37:d9:a7:fa:74:a5:a7:61:34:
ad:f4:7b:78:23:f8:a7:52:6a:c6:f4:3a:2b:a8:28:a4:99:13:
1d:a8:cf:2a:28:50:4a:8a:6a:c3:92:6b:95:6f:b9:52:ab:03:
6a:4e:92:0e:24:a7:b7:bb:cc:58:52:11:31:38:e1:7f:b6:50:
84:e5:3b:f2:d9:37:06:19:95:d0:28:70:90:12:69:f1:f5:2a:
12:a9:64:6a:6c:1d:bd:bc:9e:1c:c4:7f:74:b1:71:44:b5:19:
ab:c6:b6:a4:3e:ff:03:b7:07:c5:7d:32:f3:6c:09:ed:9c:1c:
aa:69:58:b6:7c:37:88:fd:b3:c2:14:09:99:f7:c3:ca:cf:cd:
bb:62:26:37:3f:cd:a4:f5:1b:2d:3c:09:8a:44:4c:07:16:01:
f0:88:93:7a:a9:32:e2:ca:c3:8a:6e:a9:7a:77:e0:2b:49:cb:
40:50:ab:b9:8b:53:30:b2:bc:8b:b1:5a:41:b8:fd:5d:c1:4d:
a0:2d:ea:72:30:4a:0a:93:c8:cf:08:19:24:f9:16:90:c5:6f:
8e:5c:5c:95:4c:f6:01:49:79:3f:02:a2:4f:89:b0:07:d9:c5:
f3:bf:78:42:91:e5:c8:54:21:ce:a6:f0:31:3a:e5:c9:4a:12:
bc:71:0d:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYcxWoh+piT6Mf8K5LwoSGVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTYyNTU0MWFiZTZiNWFlOTI2NjcxZGFhOThhYzZkODA5
NGVjN2IwHhcNMjMwMzMwMDcxMDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhhOTM0ZTNhNmU5MWI4ZDE5YWJhYTIxNmJiNGIyMzk4MmI0NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9ZAlVF9QC1MNLEBJQCm2pNDZKY/
cio/ax9V7pz10clEof1jtDB7jFiIXDoRJmpjvA743dXtsnLG0uwZb0WyW7MpDyIa
5ZQbIk6kd9ORb1amH+/RMdC/OWh4BF0xCfrPAti33cAIWF3yW8BiZqsusbARqkv8
eJMFmfJAmkkNadtFrhUKBA6ZhPg8HRL/eQ/n7T1bggWsNLnrD6PLDGR/76xTgCJS
5t3W1ISkfJRRu3jTLxdcAo0D5ts4XQ8Vf3jO2TrlsoFAyj/kA7HudmOv1/NZFs1P
unl3cbMH1q64BTjSojb2aV5CshF85R2H2XyaLsbIR/FeVo3g4+ylMCmXxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSKk046bpG40Zq6oha7SyOYK0ZaMB8GA1UdIwQY
MBaAFM+WJVQavmta6SZnHaqYrG2AlOx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2Et
NTlhNTg3YmRlYTNmLzEvTklxVFRqcHVrYmpSbXJxaUZydExJNWdyUmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2EtNTlhNTg3YmRlYTNm
LzEvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSuBMA0G
CSqGSIb3DQEBCwUAA4IBAQCVT2mA/WeCgqc32af6dKWnYTSt9Ht4I/inUmrG9Dor
qCikmRMdqM8qKFBKimrDkmuVb7lSqwNqTpIOJKe3u8xYUhExOOF/tlCE5Tvy2TcG
GZXQKHCQEmnx9SoSqWRqbB29vJ4cxH90sXFEtRmrxrakPv8DtwfFfTLzbAntnByq
aVi2fDeI/bPCFAmZ98PKz827YiY3P82k9RstPAmKREwHFgHwiJN6qTLiysOKbql6
d+ArSctAUKu5i1MwsryLsVpBuP1dwU2gLepyMEoKk8jPCBkk+RaQxW+OXFyVTPYB
SXk/AqJPibAH2cXzv3hCkeXIVCHOpvAxOuXJShK8cQ08
-----END CERTIFICATE-----
Generated at Wed May 14 01:27:24 2025 by rpki-client