Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Nd-jM3hTxAjpLRfwA4DkD3oJ5w0.roa
File: Nd-jM3hTxAjpLRfwA4DkD3oJ5w0.roa (raw, json)
Hash identifier: +hfj/ivWs4EZZ7xafw4UK2HxDwSTaRsEAaR6DJM22Ds=
Subject key identifier: 35:DF:A3:33:78:53:C4:08:E9:2D:17:F0:03:80:E4:0F:7A:09:E7:0D
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018756DAF31FA64A6948D80D815DD26B4322
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Nd-jM3hTxAjpLRfwA4DkD3oJ5w0.roa
Signing time: Thu 06 Apr 2023 13:56:42 +0000
ROA not before: Thu 06 Apr 2023 13:56:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 176.114.90.0/24 maxlen: 24
176.114.88.0/24 maxlen: 24
176.114.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:56:da:f3:1f:a6:4a:69:48:d8:0d:81:5d:d2:6b:43:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Apr 6 13:56:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35dfa3337853c408e92d17f00380e40f7a09e70d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:97:53:ef:f6:71:4e:17:fd:0c:c7:eb:0b:be:
ab:44:5a:32:69:ec:1a:68:d4:f1:27:f3:37:53:63:
e4:62:0b:b8:ae:87:7e:7e:0f:22:8b:7d:ee:01:89:
93:01:0c:a4:53:a9:5f:34:8c:8a:b0:e6:4a:df:c5:
30:6a:5e:a0:97:53:ed:25:25:bd:d0:4b:26:31:3c:
1c:a5:07:5f:50:dd:bb:e8:3f:db:bd:f5:13:7a:96:
4e:e2:75:7e:23:a2:e0:36:87:eb:92:19:d2:39:82:
fe:d7:bb:f9:74:87:8f:69:5a:58:74:6e:8b:75:b5:
04:79:c5:3a:1e:8e:c0:89:48:36:91:1a:72:b3:2b:
bf:3c:c9:ed:66:f1:bd:5c:bc:94:0a:01:67:47:71:
87:4e:c7:00:71:fb:a4:2a:c3:88:ea:8b:ff:6f:0c:
78:10:7d:cf:dc:0f:5e:ff:9f:25:24:22:7c:03:80:
66:c9:1a:9a:63:e3:a4:03:ff:16:19:10:7b:c0:e6:
d0:8d:5a:74:11:1c:da:dc:5f:16:f2:22:5e:24:8b:
9d:a9:f1:4d:e0:90:e7:34:e0:a4:d1:14:40:9a:28:
93:4e:ce:b3:58:27:a5:96:b1:f1:84:65:de:fc:22:
15:e9:6a:3d:88:fb:12:7e:ff:be:10:40:42:22:d6:
d5:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:DF:A3:33:78:53:C4:08:E9:2D:17:F0:03:80:E4:0F:7A:09:E7:0D
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Nd-jM3hTxAjpLRfwA4DkD3oJ5w0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.88.0-176.114.90.255
Signature Algorithm: sha256WithRSAEncryption
bc:4b:49:72:64:85:d7:5a:80:9b:30:97:ab:a1:3f:a8:c9:0e:
5a:64:ed:cf:14:6b:ab:7b:8a:d2:3f:16:e9:8f:8d:ab:c0:eb:
3d:59:c2:e7:78:82:6b:7f:61:9c:ca:49:f8:54:fe:c9:4d:c7:
3f:02:79:66:4c:0b:ce:e8:30:3c:16:80:9b:88:f6:88:e2:a5:
7f:28:3f:6c:5f:88:1d:8c:08:50:07:f3:d6:7e:a1:03:91:be:
cd:c1:f3:46:7a:ec:36:8f:63:2b:88:ff:94:09:46:d7:dc:e0:
46:06:6a:34:4f:a1:61:5a:91:16:9a:ea:e3:7b:f1:d9:2f:f7:
cd:25:93:7b:c2:63:46:ed:f6:b9:5f:c3:ce:46:3a:5b:28:ef:
2d:b1:0e:11:aa:ae:ac:a4:87:26:fa:f6:34:8f:2a:e1:24:6c:
a0:77:7d:f0:0d:0d:da:b3:10:cc:35:ef:8a:82:77:72:b0:ac:
d2:1f:f3:d0:82:38:48:4b:e9:2a:37:0a:24:f8:c6:ed:09:2d:
39:a3:3d:5b:63:2c:5d:a1:7d:64:43:8b:bf:89:7b:70:3a:5b:
e3:34:46:e4:b7:bf:2f:4e:51:1f:28:b0:4d:b7:76:09:ab:84:
63:b8:98:1a:14:1f:0c:22:f2:22:f1:75:86:92:02:73:4f:6b:
3d:5d:d3:d5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYdW2vMfpkppSNgNgV3Sa0MiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwNDA2MTM1NjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWRmYTMzMzc4NTNjNDA4ZTkyZDE3ZjAwMzgwZTQwZjdhMDllNzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5dT7/ZxThf9DMfrC76rRFoyaewa
aNTxJ/M3U2PkYgu4rod+fg8ii33uAYmTAQykU6lfNIyKsOZK38Uwal6gl1PtJSW9
0EsmMTwcpQdfUN276D/bvfUTepZO4nV+I6LgNofrkhnSOYL+17v5dIePaVpYdG6L
dbUEecU6Ho7AiUg2kRpysyu/PMntZvG9XLyUCgFnR3GHTscAcfukKsOI6ov/bwx4
EH3P3A9e/58lJCJ8A4BmyRqaY+OkA/8WGRB7wObQjVp0ERza3F8W8iJeJIudqfFN
4JDnNOCk0RRAmiiTTs6zWCellrHxhGXe/CIV6Wo9iPsSfv++EEBCItbVFwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDXfozN4U8QI6S0X8AOA5A96CecNMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvTmQtak0zaFR4QWpwTFJmd0E0RGtEM29KNXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAOwclgD
BACwclowDQYJKoZIhvcNAQELBQADggEBALxLSXJkhddagJswl6uhP6jJDlpk7c8U
a6t7itI/FumPjavA6z1Zwud4gmt/YZzKSfhU/slNxz8CeWZMC87oMDwWgJuI9oji
pX8oP2xfiB2MCFAH89Z+oQORvs3B80Z67DaPYyuI/5QJRtfc4EYGajRPoWFakRaa
6uN78dkv980lk3vCY0bt9rlfw85GOlso7y2xDhGqrqykhyb69jSPKuEkbKB3ffAN
DdqzEMw174qCd3KwrNIf89CCOEhL6So3CiT4xu0JLTmjPVtjLF2hfWRDi7+Je3A6
W+M0RuS3vy9OUR8osE23dgmrhGO4mBoUHwwi8iLxdYaSAnNPaz1d09U=
-----END CERTIFICATE-----
Generated at Mon Apr 28 12:35:59 2025 by rpki-client