Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NNF2UkjYQPOEoTTUIJnQc-k2g9Q.roa
File: NNF2UkjYQPOEoTTUIJnQc-k2g9Q.roa (raw, json)
Hash identifier: n/IFvqJnuQqIapn0LQYVpYnml4bi1IVg1az5u7aC3a0=
Subject key identifier: 34:D1:76:52:48:D8:40:F3:84:A1:34:D4:20:99:D0:73:E9:36:83:D4
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01874BE37C92A003658D5A0B6C521F597924
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NNF2UkjYQPOEoTTUIJnQc-k2g9Q.roa
Signing time: Tue 04 Apr 2023 10:50:12 +0000
ROA not before: Tue 04 Apr 2023 10:50:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 89.213.64.0/18 maxlen: 24
37.252.24.0/21 maxlen: 24
80.240.80.0/20 maxlen: 20
77.107.64.0/18 maxlen: 24
213.210.0.0/18 maxlen: 24
85.159.128.0/21 maxlen: 24
212.38.64.0/19 maxlen: 24
37.98.144.0/21 maxlen: 24
37.98.144.0/22 maxlen: 24
89.213.40.0/21 maxlen: 24
89.213.48.0/20 maxlen: 24
213.218.208.0/20 maxlen: 24
89.31.232.0/21 maxlen: 24
79.99.72.0/21 maxlen: 24
185.20.32.0/22 maxlen: 24
185.20.34.0/24 maxlen: 24
185.20.35.0/24 maxlen: 24
213.218.224.0/19 maxlen: 24
89.213.128.0/17 maxlen: 24
82.163.0.0/19 maxlen: 24
217.144.144.0/20 maxlen: 24
217.145.64.0/20 maxlen: 24
185.49.124.0/22 maxlen: 24
185.24.84.0/22 maxlen: 24
89.213.0.0/21 maxlen: 24
213.130.128.0/19 maxlen: 24
194.105.64.0/19 maxlen: 24
81.5.128.0/18 maxlen: 18
195.128.138.0/24 maxlen: 24
2a02:21f8::/32 maxlen: 32
2a00:c60::/32 maxlen: 32
2001:1a90::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4b:e3:7c:92:a0:03:65:8d:5a:0b:6c:52:1f:59:79:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 4 10:50:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=34d1765248d840f384a134d42099d073e93683d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:f5:3d:e3:03:94:e9:32:e3:40:bf:13:a3:80:
98:9b:20:41:59:8e:df:ae:b3:26:1c:9f:d1:61:9e:
fa:61:1f:e5:61:d2:07:b5:52:2e:bc:f0:7e:5d:f4:
cc:a4:d0:11:73:49:0e:3f:a9:26:a2:06:c1:d6:15:
bc:f4:41:43:fd:d1:84:c5:7d:4a:e8:5c:fa:c0:f9:
e7:06:80:ed:4a:28:b2:88:4e:ce:27:c5:c0:e6:cf:
fa:be:eb:09:e2:c0:0d:03:10:f8:45:a4:93:13:43:
f0:a8:06:5f:63:28:2c:da:95:ae:b9:c2:45:6b:cd:
9c:37:2c:4b:64:6d:94:9a:64:4e:b3:ec:ea:31:06:
d6:99:a1:72:81:4c:ea:36:75:c5:2f:99:99:cf:49:
22:aa:91:bb:6c:59:37:ed:f4:f0:69:88:a3:04:70:
5b:56:59:3e:89:f7:a4:1d:d5:cb:2b:56:a0:e1:5c:
bb:4d:bb:46:cf:1b:10:25:84:87:a6:e7:44:91:38:
98:3b:b7:48:76:12:65:8f:f9:c7:e0:62:3e:51:3e:
87:ea:f2:47:a9:28:b5:d2:c9:82:22:0c:59:3b:fb:
94:0f:b8:ce:6e:c4:07:6d:60:e7:4f:cd:f7:fa:f9:
75:c1:da:fd:7f:a8:fd:05:ee:95:45:6d:5c:74:cb:
ff:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:D1:76:52:48:D8:40:F3:84:A1:34:D4:20:99:D0:73:E9:36:83:D4
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NNF2UkjYQPOEoTTUIJnQc-k2g9Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.144.0/21
37.252.24.0/21
77.107.64.0/18
79.99.72.0/21
80.240.80.0/20
81.5.128.0/18
82.163.0.0/19
85.159.128.0/21
89.31.232.0/21
89.213.0.0/21
89.213.40.0-89.213.255.255
185.20.32.0/22
185.24.84.0/22
185.49.124.0/22
194.105.64.0/19
195.128.138.0/24
212.38.64.0/19
213.130.128.0/19
213.210.0.0/18
213.218.208.0-213.218.255.255
217.144.144.0/20
217.145.64.0/20
IPv6:
2001:1a90::/32
2a00:c60::/32
2a02:21f8::/32
Signature Algorithm: sha256WithRSAEncryption
35:41:61:1f:fd:63:98:91:a2:71:a5:27:69:81:e1:d7:65:50:
a3:2e:0a:f1:bc:3a:57:52:ac:24:53:42:8d:79:3f:80:1a:fa:
66:0e:49:d7:a2:96:97:11:ae:6b:db:0e:73:a2:35:b0:af:5e:
59:8d:69:42:98:ca:b8:93:b7:ac:31:ec:a9:d8:d8:67:d5:1a:
42:fb:29:dc:0b:66:57:13:99:ad:b5:3f:f6:2d:f8:04:b7:ba:
1f:d6:55:d8:02:2d:70:67:3a:c5:3d:3d:9b:5c:4e:6b:7a:71:
b8:6a:12:a8:96:a6:89:e3:31:0c:2e:1d:36:6d:ef:07:12:07:
12:13:ef:d1:2e:0d:c1:75:8a:05:7e:ba:f0:7c:a0:fe:a1:25:
57:4d:05:48:49:5b:c7:b3:e0:d4:ac:9b:d9:aa:e7:cb:cb:31:
e4:33:88:41:16:16:6f:cb:b0:c8:87:1b:9a:26:ea:5c:a9:20:
2a:6d:3a:9e:29:e5:2f:32:da:74:23:50:48:8f:af:d1:3a:7e:
d7:20:d1:2e:12:47:8a:85:61:a0:5c:5c:7b:65:38:97:b7:81:
a6:1a:bb:76:93:4e:88:25:8f:ca:71:2a:70:77:47:38:9e:8b:
d7:5a:4e:2b:99:3f:65:42:0a:68:86:c5:8b:2c:15:fb:67:26:
93:3b:3b:4e
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAYdL43ySoANljVoLbFIfWXkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDA0MTA1MDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQxNzY1MjQ4ZDg0MGYzODRhMTM0ZDQyMDk5ZDA3M2U5MzY4M2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvU94wOU6TLjQL8To4CYmyBBWY7f
rrMmHJ/RYZ76YR/lYdIHtVIuvPB+XfTMpNARc0kOP6kmogbB1hW89EFD/dGExX1K
6Fz6wPnnBoDtSiiyiE7OJ8XA5s/6vusJ4sANAxD4RaSTE0PwqAZfYygs2pWuucJF
a82cNyxLZG2UmmROs+zqMQbWmaFygUzqNnXFL5mZz0kiqpG7bFk37fTwaYijBHBb
Vlk+ifekHdXLK1ag4Vy7TbtGzxsQJYSHpudEkTiYO7dIdhJlj/nH4GI+UT6H6vJH
qSi10smCIgxZO/uUD7jObsQHbWDnT833+vl1wdr9f6j9Be6VRW1cdMv/yQIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFDTRdlJI2EDzhKE01CCZ0HPpNoPUMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTk5GMlVrallRUE9Fb1RUVUlKblFjLWsyZzlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHMBggrBgEFBQcBBwEB/wSBvDCBuTCBmQQCAAEwgZIDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAVSowADBANVn4ADBANZ
H+gDBANZ1QAwCwMEA1nVKAMDAVnUAwQCuRQgAwQCuRhUAwQCuTF8AwQFwmlAAwQA
w4CKAwQF1CZAAwQF1YKAAwQG1dIAMAsDBATV2tADAwDV2gMEBNmQkAMEBNmRQDAb
BAIAAjAVAwUAIAEakAMFACoADGADBQAqAiH4MA0GCSqGSIb3DQEBCwUAA4IBAQA1
QWEf/WOYkaJxpSdpgeHXZVCjLgrxvDpXUqwkU0KNeT+AGvpmDknXopaXEa5r2w5z
ojWwr15ZjWlCmMq4k7esMeyp2Nhn1RpC+yncC2ZXE5mttT/2LfgEt7of1lXYAi1w
ZzrFPT2bXE5renG4ahKolqaJ4zEMLh02be8HEgcSE+/RLg3BdYoFfrrwfKD+oSVX
TQVISVvHs+DUrJvZqufLyzHkM4hBFhZvy7DIhxuaJupcqSAqbTqeKeUvMtp0I1BI
j6/ROn7XINEuEkeKhWGgXFx7ZTiXt4GmGrt2k06IJY/KcSpwd0c4novXWk4rmT9l
QgpohsWLLBX7ZyaTOztO
-----END CERTIFICATE-----
Generated at Sat May 17 02:20:24 2025 by rpki-client