Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/nwsGCtmcWzZwdlCr1AjwEhChlgo.roa
File: nwsGCtmcWzZwdlCr1AjwEhChlgo.roa (raw, json)
Hash identifier: wpXuHlnDHMcbfDRpDaVbogYmz1fUmoEv63iko6rxgD8=
Subject key identifier: 9F:0B:06:0A:D9:9C:5B:36:70:76:50:AB:D4:08:F0:12:10:A1:96:0A
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018746390865866F0793EE98506B3BB48106
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/nwsGCtmcWzZwdlCr1AjwEhChlgo.roa
Signing time: Mon 03 Apr 2023 08:25:55 +0000
ROA not before: Mon 03 Apr 2023 08:25:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 996
IP address blocks: 176.114.84.0/22 maxlen: 22
176.114.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:46:39:08:65:86:6f:07:93:ee:98:50:6b:3b:b4:81:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Apr 3 08:25:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9f0b060ad99c5b36707650abd408f01210a1960a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:d7:15:2a:a5:5f:54:ab:c5:48:cd:7a:a4:e5:
5c:26:00:16:7f:2f:85:01:77:1c:a3:de:8f:6f:09:
56:fc:99:34:d6:a2:83:1c:52:91:b6:99:c4:40:f3:
44:eb:35:17:0a:46:53:28:c7:56:ea:3b:b8:7c:54:
de:10:6f:59:6c:d2:5c:7e:dd:6f:26:f5:05:96:e5:
1c:64:a2:79:4e:66:da:d5:2d:bf:22:81:07:54:9c:
6e:a2:c6:78:ea:aa:88:2d:3f:12:f5:ea:15:e0:68:
2b:df:a3:bb:e0:a9:7c:ed:c9:03:7c:f1:ae:1a:e1:
d5:da:68:d3:0b:a9:4f:0b:c5:0d:b6:0b:b3:89:b9:
86:1d:02:62:36:42:ba:03:89:a5:51:1d:71:b9:38:
15:10:c3:8c:48:d1:bb:d7:02:79:4f:fc:45:b9:e3:
12:3e:8a:a5:5f:ea:aa:e1:e3:f4:b3:07:98:65:51:
e2:7b:54:d4:9a:55:23:3d:14:7a:f4:56:62:6f:51:
ec:5b:1c:90:68:4f:f5:ab:00:3a:f7:ce:05:8c:fa:
94:48:7b:82:33:bc:3b:c7:d0:4c:12:b0:ff:80:30:
45:07:fa:d2:7d:e4:94:66:8d:a7:ca:aa:d3:b9:2f:
fb:7e:42:ec:fc:c3:07:70:95:b6:cc:7b:3b:bd:8b:
70:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:0B:06:0A:D9:9C:5B:36:70:76:50:AB:D4:08:F0:12:10:A1:96:0A
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/nwsGCtmcWzZwdlCr1AjwEhChlgo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.84.0/22
176.114.92.0/22
Signature Algorithm: sha256WithRSAEncryption
13:9b:0b:78:b9:10:63:43:c6:f5:df:00:a0:cc:47:98:76:60:
04:17:d5:f8:83:39:a7:04:8a:b4:44:b0:2c:d7:6d:bf:7c:f8:
b7:b9:34:75:f7:e6:ca:0b:6f:d4:ef:61:dc:48:36:5d:cc:3e:
71:ba:dd:6c:da:01:c4:95:ad:48:de:7f:c2:de:5a:f0:56:b7:
87:ec:10:a4:55:cb:35:85:3a:75:83:d4:24:f7:41:dd:67:25:
0b:f7:f9:be:a6:16:42:2f:a3:71:b0:11:58:74:ca:b0:2d:1e:
92:9e:1b:d8:c9:85:b9:a7:4f:d2:48:05:21:36:c0:6d:e1:76:
75:71:f8:7a:c8:f0:63:7b:ad:c2:32:e2:a6:17:81:5c:48:81:
e4:68:43:b9:37:d9:09:5f:fe:d8:10:ca:57:53:96:b2:85:a3:
a7:5f:d7:c6:44:18:3e:19:da:bd:9f:51:83:0a:35:e7:da:a0:
4e:e9:28:4a:96:24:7f:d2:3d:45:60:cc:a6:59:de:6b:fc:23:
61:dc:f7:5b:cf:4c:4d:3d:f5:bc:fb:c0:7d:df:26:44:0f:82:
e5:b4:ee:71:5b:38:73:dd:08:85:08:44:b0:af:82:eb:9e:67:
7f:8b:ed:11:86:18:a6:47:c2:46:2a:8b:62:12:98:9d:f1:80:
5d:3f:42:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYdGOQhlhm8Hk+6YUGs7tIEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwNDAzMDgyNTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjBiMDYwYWQ5OWM1YjM2NzA3NjUwYWJkNDA4ZjAxMjEwYTE5NjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidcVKqVfVKvFSM16pOVcJgAWfy+F
AXcco96PbwlW/Jk01qKDHFKRtpnEQPNE6zUXCkZTKMdW6ju4fFTeEG9ZbNJcft1v
JvUFluUcZKJ5Tmba1S2/IoEHVJxuosZ46qqILT8S9eoV4Ggr36O74Kl87ckDfPGu
GuHV2mjTC6lPC8UNtguzibmGHQJiNkK6A4mlUR1xuTgVEMOMSNG71wJ5T/xFueMS
PoqlX+qq4eP0sweYZVHie1TUmlUjPRR69FZib1HsWxyQaE/1qwA6984FjPqUSHuC
M7w7x9BMErD/gDBFB/rSfeSUZo2nyqrTuS/7fkLs/MMHcJW2zHs7vYtwEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ8LBgrZnFs2cHZQq9QI8BIQoZYKMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvbndzR0N0bWNXelp3ZGxDcjFBandFaENobGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsHJUAwQC
sHJcMA0GCSqGSIb3DQEBCwUAA4IBAQATmwt4uRBjQ8b13wCgzEeYdmAEF9X4gzmn
BIq0RLAs122/fPi3uTR19+bKC2/U72HcSDZdzD5xut1s2gHEla1I3n/C3lrwVreH
7BCkVcs1hTp1g9Qk90HdZyUL9/m+phZCL6NxsBFYdMqwLR6SnhvYyYW5p0/SSAUh
NsBt4XZ1cfh6yPBje63CMuKmF4FcSIHkaEO5N9kJX/7YEMpXU5ayhaOnX9fGRBg+
Gdq9n1GDCjXn2qBO6ShKliR/0j1FYMymWd5r/CNh3Pdbz0xNPfW8+8B93yZED4Ll
tO5xWzhz3QiFCESwr4Lrnmd/i+0RhhimR8JGKotiEpid8YBdP0Jd
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:21:31 2025 by rpki-client