Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/NYK-Bf7uqISBBiwiE2JUbKNfm4A.roa
File: NYK-Bf7uqISBBiwiE2JUbKNfm4A.roa (raw, json)
Hash identifier: d2DkQiKsukXaXwT+nOrRKvK0NICEwMoZ3lnA69gb6ag=
Subject key identifier: 35:82:BE:05:FE:EE:A8:84:81:06:2C:22:13:62:54:6C:A3:5F:9B:80
Certificate issuer: /CN=220a9859fbf2e6bc3ed8273911762bd8fa5e802e
Certificate serial: 01936D131FB84DD85B021A4F465A8B4D265F
Authority key identifier: 22:0A:98:59:FB:F2:E6:BC:3E:D8:27:39:11:76:2B:D8:FA:5E:80:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IgqYWfvy5rw-2Cc5EXYr2PpegC4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/NYK-Bf7uqISBBiwiE2JUbKNfm4A.roa
Signing time: Wed 27 Nov 2024 10:03:09 +0000
ROA not before: Wed 27 Nov 2024 10:03:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39399
IP address blocks: 91.199.194.0/24 maxlen: 24
91.215.24.0/22 maxlen: 22
178.215.176.0/20 maxlen: 20
194.8.156.0/22 maxlen: 22
195.140.228.0/22 maxlen: 22
195.182.192.0/23 maxlen: 23
2001:67c:2280::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:6d:13:1f:b8:4d:d8:5b:02:1a:4f:46:5a:8b:4d:26:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=220a9859fbf2e6bc3ed8273911762bd8fa5e802e
Validity
Not Before: Nov 27 10:03:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3582be05feeea88481062c221362546ca35f9b80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:07:27:c0:24:fe:ff:1d:db:74:99:eb:f0:8f:
a9:25:6e:90:7c:fe:77:f7:c1:01:14:b4:90:10:9b:
c8:a4:de:63:8b:8f:ad:8a:97:f3:38:9f:ae:32:87:
ad:9b:47:15:14:5c:6d:38:f4:4c:5d:1a:ce:7b:a0:
8f:1b:ef:f9:d2:9a:ca:83:d2:c9:c6:68:5d:98:ea:
6b:30:2e:65:8b:d3:61:fd:51:02:f2:31:4d:d3:c4:
ec:42:0d:c8:89:7d:55:f5:fd:fe:92:9b:93:90:e5:
be:6b:40:17:9f:1c:de:7b:9c:1a:e0:6f:b6:cd:98:
b0:55:a7:ed:fd:2b:4c:0f:17:52:7a:96:74:65:93:
65:26:a3:10:f0:4f:22:a6:b4:af:a7:bf:9a:43:f3:
5e:1b:07:0f:57:25:ca:b6:a1:74:11:d2:f0:93:e6:
b1:91:f2:b3:0f:d9:f7:21:a3:a4:0b:d8:bc:05:4d:
e3:51:8a:34:8b:ab:a0:4f:7c:a3:f0:a8:28:c9:af:
0f:0d:2b:d3:a5:a5:ce:6b:16:fb:d5:5f:ae:cb:68:
09:06:1b:0b:7e:a7:9e:18:76:f9:2a:a7:87:9c:bc:
f7:35:3e:a2:2e:6a:80:3b:35:ed:80:cd:ea:6b:fb:
47:58:f0:67:cc:a6:e9:10:3b:74:d2:87:28:e6:b4:
b9:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:82:BE:05:FE:EE:A8:84:81:06:2C:22:13:62:54:6C:A3:5F:9B:80
X509v3 Authority Key Identifier:
keyid:22:0A:98:59:FB:F2:E6:BC:3E:D8:27:39:11:76:2B:D8:FA:5E:80:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IgqYWfvy5rw-2Cc5EXYr2PpegC4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/NYK-Bf7uqISBBiwiE2JUbKNfm4A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e8281f-cd17-4e02-8fca-8c5ac06c14a8/1/IgqYWfvy5rw-2Cc5EXYr2PpegC4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.199.194.0/24
91.215.24.0/22
178.215.176.0/20
194.8.156.0/22
195.140.228.0/22
195.182.192.0/23
IPv6:
2001:67c:2280::/48
Signature Algorithm: sha256WithRSAEncryption
62:1b:c4:f1:b1:5f:28:57:c9:b0:54:6b:92:25:ed:c9:50:1e:
8f:34:2c:61:65:19:32:fe:96:a4:4a:06:b8:ba:66:ca:37:52:
0a:0a:d7:01:11:0c:ba:f6:24:f0:eb:e5:3e:9b:dd:72:34:a6:
43:94:d6:e0:1c:46:6c:6a:d6:0f:36:8d:a9:52:36:81:15:d6:
9e:5d:03:34:ba:2a:10:aa:d0:26:73:67:3c:b5:a1:c9:77:8a:
f8:a9:34:e3:d8:94:a3:e9:7a:d4:4d:88:8d:8f:13:06:70:05:
3b:b9:40:5e:d6:70:0e:43:b2:21:81:f3:42:d0:85:a2:f3:94:
15:14:d6:50:25:6c:bc:75:96:f6:87:0c:c1:4a:9c:af:48:f9:
9c:47:37:b1:08:19:d4:46:70:d0:0c:2c:90:d9:11:23:b5:fb:
ea:25:49:05:35:f9:c1:0c:e0:89:30:cd:88:99:2c:e3:81:f8:
33:51:f8:6b:92:37:6b:82:f4:3e:8a:d7:f8:9e:15:07:7b:bb:
53:71:a8:34:3b:d9:63:f9:2f:f6:c0:4c:e4:e1:f5:8e:5b:9a:
d4:76:75:d2:18:88:59:00:d4:e9:3a:c2:6d:a7:f2:ba:7c:1f:
09:93:be:e7:c3:17:69:a7:12:8e:75:3d:60:39:a2:1b:c2:e9:
d7:de:f7:36
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZNtEx+4TdhbAhpPRlqLTSZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGE5ODU5ZmJmMmU2YmMzZWQ4MjczOTExNzYyYmQ4ZmE1
ZTgwMmUwHhcNMjQxMTI3MTAwMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTgyYmUwNWZlZWVhODg0ODEwNjJjMjIxMzYyNTQ2Y2EzNWY5YjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQcnwCT+/x3bdJnr8I+pJW6QfP53
98EBFLSQEJvIpN5ji4+tipfzOJ+uMoetm0cVFFxtOPRMXRrOe6CPG+/50prKg9LJ
xmhdmOprMC5li9Nh/VEC8jFN08TsQg3IiX1V9f3+kpuTkOW+a0AXnxzee5wa4G+2
zZiwVaft/StMDxdSepZ0ZZNlJqMQ8E8iprSvp7+aQ/NeGwcPVyXKtqF0EdLwk+ax
kfKzD9n3IaOkC9i8BU3jUYo0i6ugT3yj8Kgoya8PDSvTpaXOaxb71V+uy2gJBhsL
fqeeGHb5KqeHnLz3NT6iLmqAOzXtgM3qa/tHWPBnzKbpEDt00oco5rS5kQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFDWCvgX+7qiEgQYsIhNiVGyjX5uAMB8GA1UdIwQY
MBaAFCIKmFn78ua8PtgnORF2K9j6XoAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWdxWVdmdnk1cnctMkNjNUVYWXIyUHBlZ0M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lODI4MWYtY2QxNy00ZTAyLThmY2Et
OGM1YWMwNmMxNGE4LzEvTllLLUJmN3VxSVNCQml3aUUySlViS05mbTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lODI4MWYtY2QxNy00ZTAyLThmY2EtOGM1YWMwNmMxNGE4
LzEvSWdxWVdmdnk1cnctMkNjNUVYWXIyUHBlZ0M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQAW8fCAwQC
W9cYAwQEstewAwQCwgicAwQCw4zkAwQBw7bAMA8EAgACMAkDBwAgAQZ8IoAwDQYJ
KoZIhvcNAQELBQADggEBAGIbxPGxXyhXybBUa5Il7clQHo80LGFlGTL+lqRKBri6
Zso3UgoK1wERDLr2JPDr5T6b3XI0pkOU1uAcRmxq1g82jalSNoEV1p5dAzS6KhCq
0CZzZzy1ocl3ivipNOPYlKPpetRNiI2PEwZwBTu5QF7WcA5DsiGB80LQhaLzlBUU
1lAlbLx1lvaHDMFKnK9I+ZxHN7EIGdRGcNAMLJDZESO1++olSQU1+cEM4IkwzYiZ
LOOB+DNR+GuSN2uC9D6K1/ieFQd7u1NxqDQ72WP5L/bATOTh9Y5bmtR2ddIYiFkA
1Ok6wm2n8rp8HwmTvufDF2mnEo51PWA5ohvC6dfe9zY=
-----END CERTIFICATE-----
Generated at Tue Apr 22 04:57:10 2025 by rpki-client