Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NsnqEghhNmwrKoyUKwm_4i9sMco.roa
File: NsnqEghhNmwrKoyUKwm_4i9sMco.roa (raw, json)
Hash identifier: 5C8o6HQxwGwp3doaKXN/v+QPPjfQ8BXCmLw6bJnZLsc=
Subject key identifier: 36:C9:EA:12:08:61:36:6C:2B:2A:8C:94:2B:09:BF:E2:2F:6C:31:CA
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0192FA67866853CA04AE5F48CC433E6B422A
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NsnqEghhNmwrKoyUKwm_4i9sMco.roa
Signing time: Tue 05 Nov 2024 03:39:01 +0000
ROA not before: Tue 05 Nov 2024 03:39:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.34.0/23 maxlen: 24
109.111.40.0/22 maxlen: 24
109.111.40.0/23 maxlen: 24
109.111.42.0/23 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:fa:67:86:68:53:ca:04:ae:5f:48:cc:43:3e:6b:42:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Nov 5 03:39:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=36c9ea120861366c2b2a8c942b09bfe22f6c31ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:7e:5b:da:da:f1:d6:d9:91:c1:40:74:46:43:
c7:46:5d:12:c7:f5:24:a0:5b:c3:8b:a9:b5:3f:4c:
d4:96:49:69:ad:13:52:76:d9:1d:d1:0f:69:de:c0:
4c:08:00:51:f3:e0:ab:82:57:79:da:20:bd:48:ea:
74:1d:e9:cf:84:dd:8f:26:3b:00:b8:96:54:3d:1c:
6e:e3:b2:5e:c8:65:63:83:38:51:a7:b7:45:c6:bb:
50:fe:53:fa:c0:0a:6a:98:a7:a8:86:21:a8:4d:3d:
71:3a:03:27:81:9c:94:b0:b6:3e:34:d9:7a:e9:ac:
e6:45:7a:d7:52:a1:99:de:40:b2:fd:6e:48:af:40:
d4:69:65:22:55:b2:b5:94:1a:08:36:f6:95:87:99:
dc:e4:1e:1b:2d:23:b1:29:b5:25:96:08:59:84:04:
bf:80:c1:20:a4:a8:fe:df:a9:1c:26:2f:9c:a8:62:
14:ce:42:b1:2f:7f:13:e3:34:35:0e:44:30:9e:8d:
d4:45:04:d4:26:db:81:17:2d:18:2f:86:c5:8d:20:
24:0e:1c:dc:4a:85:2e:24:8c:60:fb:5c:aa:69:a1:
be:b5:6d:a8:b7:37:d3:48:b4:7c:7a:6b:2f:14:61:
8e:7b:cb:be:50:0c:c1:a7:bb:ca:27:81:ba:64:de:
a9:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:C9:EA:12:08:61:36:6C:2B:2A:8C:94:2B:09:BF:E2:2F:6C:31:CA
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NsnqEghhNmwrKoyUKwm_4i9sMco.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
109.111.32.0/20
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
58:55:57:14:4a:a9:4b:54:10:9a:c8:ed:53:a5:18:12:8a:7a:
bf:a3:52:6e:56:fe:fe:b8:5c:35:63:4e:ea:84:b7:d1:0c:e6:
98:c6:ee:ad:41:dd:98:54:aa:89:91:59:5d:54:a3:1f:4f:89:
c6:a5:5e:1e:a2:3d:7c:29:41:03:05:09:70:61:ee:e2:57:6d:
8d:e8:b5:3b:c9:3c:58:d1:e4:d4:9a:2b:bb:b8:97:1d:c3:d7:
b7:38:57:4a:c6:eb:ec:e1:ab:19:04:c4:02:43:ba:dd:92:9e:
85:c7:0d:9f:84:b3:b0:32:11:41:f9:a7:72:12:22:24:0a:ca:
de:94:50:f6:4e:9f:76:1f:a6:12:6e:cf:ff:f0:07:7b:19:39:
55:40:b7:a0:bc:e9:0c:9a:4d:3a:cf:4a:da:63:98:55:68:1f:
0b:27:5d:d7:15:b8:fc:bb:c3:05:f1:fc:44:94:8f:de:52:b0:
86:40:7c:ee:f5:1d:ef:f2:24:b4:56:c4:9b:c4:ba:e5:64:cd:
b0:16:91:a9:4d:42:1f:2c:d9:ee:14:c5:15:9d:04:d1:76:b0:
6b:36:29:c6:bc:e8:ab:4a:69:63:9f:a0:31:01:1b:7c:af:5a:
b2:c3:28:b6:d1:f4:5d:c2:6c:d3:23:a9:2c:17:be:f3:87:05:
21:bf:eb:e1
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZL6Z4ZoU8oErl9IzEM+a0IqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQxMTA1MDMzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmM5ZWExMjA4NjEzNjZjMmIyYThjOTQyYjA5YmZlMjJmNmMzMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH5b2trx1tmRwUB0RkPHRl0Sx/Uk
oFvDi6m1P0zUlklprRNSdtkd0Q9p3sBMCABR8+Crgld52iC9SOp0HenPhN2PJjsA
uJZUPRxu47JeyGVjgzhRp7dFxrtQ/lP6wApqmKeohiGoTT1xOgMngZyUsLY+NNl6
6azmRXrXUqGZ3kCy/W5Ir0DUaWUiVbK1lBoINvaVh5nc5B4bLSOxKbUllghZhAS/
gMEgpKj+36kcJi+cqGIUzkKxL38T4zQ1DkQwno3URQTUJtuBFy0YL4bFjSAkDhzc
SoUuJIxg+1yqaaG+tW2otzfTSLR8emsvFGGOe8u+UAzBp7vKJ4G6ZN6pfwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDbJ6hIIYTZsKyqMlCsJv+IvbDHKMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTnNucUVnaGhObXdyS295VUt3bV80aTlzTWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEX1IAAwQE
bW8gMAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAFhVVxRKqUtUEJrI
7VOlGBKKer+jUm5W/v64XDVjTuqEt9EM5pjG7q1B3ZhUqomRWV1Uox9PicalXh6i
PXwpQQMFCXBh7uJXbY3otTvJPFjR5NSaK7u4lx3D17c4V0rG6+zhqxkExAJDut2S
noXHDZ+Es7AyEUH5p3ISIiQKyt6UUPZOn3YfphJuz//wB3sZOVVAt6C86QyaTTrP
StpjmFVoHwsnXdcVuPy7wwXx/ESUj95SsIZAfO71He/yJLRWxJvEuuVkzbAWkalN
Qh8s2e4UxRWdBNF2sGs2Kca86KtKaWOfoDEBG3yvWrLDKLbR9F3CbNMjqSwXvvOH
BSG/6+E=
-----END CERTIFICATE-----
Generated at Mon May 12 07:17:18 2025 by rpki-client