Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/NFctzoYtXtdDg02MQ3uZEy7ziqk.roa
File: NFctzoYtXtdDg02MQ3uZEy7ziqk.roa (raw, json)
Hash identifier: 8qye8SvHo0WBbPsUlYIu3BvKUT7u3RZG0DakLNPygSI=
Subject key identifier: 34:57:2D:CE:86:2D:5E:D7:43:83:4D:8C:43:7B:99:13:2E:F3:8A:A9
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019390EC5E9694EF0B4E50401A2A46503112
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/NFctzoYtXtdDg02MQ3uZEy7ziqk.roa
Signing time: Wed 04 Dec 2024 09:07:10 +0000
ROA not before: Wed 04 Dec 2024 09:07:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 83.147.216.0/24 maxlen: 24
83.147.244.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:90:ec:5e:96:94:ef:0b:4e:50:40:1a:2a:46:50:31:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 4 09:07:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=34572dce862d5ed743834d8c437b99132ef38aa9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:db:b9:22:58:af:28:d9:72:39:6e:47:ae:78:
1a:52:5b:66:dc:28:34:ab:96:ac:5b:88:44:4c:66:
8e:ee:42:4c:9d:53:00:a5:b2:c1:01:9d:c1:03:a5:
19:14:9b:e1:22:cc:0b:54:16:b8:55:f1:cc:50:9c:
4e:80:8c:9e:7e:b1:1a:ef:38:e6:c8:7c:d7:1c:16:
94:bb:d7:32:62:d2:5a:e2:e8:04:fd:0d:65:02:14:
84:73:64:87:cd:b1:00:23:32:98:b8:9a:81:1d:9f:
a5:ee:fd:86:89:7a:ba:b3:ea:2c:37:b4:6c:53:ea:
1c:19:21:1e:6e:3d:7b:fa:f0:68:76:50:c9:c4:44:
95:ce:b4:88:68:f1:59:a9:09:95:3e:8a:73:62:cd:
b1:df:5f:21:81:c5:4b:56:eb:a9:15:3c:55:48:79:
45:18:03:08:79:14:a5:58:48:4f:68:c1:e3:9f:c2:
eb:02:c0:3d:29:b4:b2:1c:c9:a8:0f:1d:26:ca:85:
23:63:a1:f6:f9:20:48:19:4d:13:b6:60:09:e5:ff:
ee:66:74:80:c8:d9:f9:c9:2b:45:5f:b0:fa:42:1b:
91:22:a9:4e:27:68:76:b9:08:ae:37:73:ca:72:3b:
3c:cd:55:98:7d:c0:54:68:5d:71:b2:04:6a:db:91:
3f:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:57:2D:CE:86:2D:5E:D7:43:83:4D:8C:43:7B:99:13:2E:F3:8A:A9
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/NFctzoYtXtdDg02MQ3uZEy7ziqk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.216.0/24
83.147.244.0/22
91.186.200.0/21
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
68:8e:f4:e8:a1:fc:21:52:32:9b:d4:bc:ec:6c:f1:84:53:7a:
f9:53:28:b6:fd:48:d3:d5:a0:c0:4d:d0:cf:94:1d:78:bf:5f:
8f:b7:08:31:9e:2f:ce:2a:09:4b:aa:31:c3:73:a9:21:0d:c8:
f7:57:68:d4:a0:30:bc:cc:d9:74:e4:59:3d:14:f7:b6:0d:8d:
e6:47:6b:e8:74:c6:f2:fe:22:1a:95:28:89:db:0c:df:98:01:
4e:9b:ce:de:d5:a1:01:d3:2e:f8:88:bc:de:de:07:f2:f4:4f:
6a:e1:62:95:83:4c:22:97:75:2b:16:71:c7:e2:a7:ac:0c:7b:
51:cb:aa:64:bb:af:0c:47:80:7f:0e:38:41:39:d7:39:e3:88:
2f:ab:64:1a:ee:d3:4c:9c:19:fe:9f:60:4b:93:ef:e7:a1:3d:
10:0e:74:6a:5a:ad:b3:d0:b4:24:33:d9:b0:89:b7:85:f3:ae:
25:25:54:a9:a1:13:68:6f:d1:11:d5:c7:03:1f:db:47:74:28:
2b:72:a4:78:41:6a:bf:4f:36:d1:23:3b:dd:f6:96:3f:58:93:
f9:aa:9b:12:da:66:e5:f3:49:2a:dc:cf:46:dc:93:14:11:74:
d4:1e:90:e1:42:31:e6:6f:8d:de:c6:96:7d:64:5d:22:75:51:
17:b2:14:a0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZOQ7F6WlO8LTlBAGipGUDESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjA0MDkwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDU3MmRjZTg2MmQ1ZWQ3NDM4MzRkOGM0MzdiOTkxMzJlZjM4YWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1du5IlivKNlyOW5HrngaUltm3Cg0
q5asW4hETGaO7kJMnVMApbLBAZ3BA6UZFJvhIswLVBa4VfHMUJxOgIyefrEa7zjm
yHzXHBaUu9cyYtJa4ugE/Q1lAhSEc2SHzbEAIzKYuJqBHZ+l7v2GiXq6s+osN7Rs
U+ocGSEebj17+vBodlDJxESVzrSIaPFZqQmVPopzYs2x318hgcVLVuupFTxVSHlF
GAMIeRSlWEhPaMHjn8LrAsA9KbSyHMmoDx0myoUjY6H2+SBIGU0TtmAJ5f/uZnSA
yNn5yStFX7D6QhuRIqlOJ2h2uQiuN3PKcjs8zVWYfcBUaF1xsgRq25E/cQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDRXLc6GLV7XQ4NNjEN7mRMu84qpMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvTkZjdHpvWXRYdGREZzAyTVEzdVpFeTd6aXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAU5PYAwQC
U5P0AwQDW7rIAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQBojvToofwhUjKb1Lzs
bPGEU3r5Uyi2/UjT1aDATdDPlB14v1+Ptwgxni/OKglLqjHDc6khDcj3V2jUoDC8
zNl05Fk9FPe2DY3mR2vodMby/iIalSiJ2wzfmAFOm87e1aEB0y74iLze3gfy9E9q
4WKVg0wil3UrFnHH4qesDHtRy6pku68MR4B/DjhBOdc544gvq2Qa7tNMnBn+n2BL
k+/noT0QDnRqWq2z0LQkM9mwibeF864lJVSpoRNob9ER1ccDH9tHdCgrcqR4QWq/
TzbRIzvd9pY/WJP5qpsS2mbl80kq3M9G3JMUEXTUHpDhQjHmb43expZ9ZF0idVEX
shSg
-----END CERTIFICATE-----
Generated at Mon May 12 04:13:27 2025 by rpki-client