Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/NNDjOsZBjd_2av8N6PYbji10Udg.roa
File: NNDjOsZBjd_2av8N6PYbji10Udg.roa (raw, json)
Hash identifier: 4t4HJoZWDo08zggGktnfG8O4wMgRuxCh5OB4FPNDVXw=
Subject key identifier: 34:D0:E3:3A:C6:41:8D:DF:F6:6A:FF:0D:E8:F6:1B:8E:2D:74:51:D8
Certificate issuer: /CN=61b195d13050ff3c468a149778710b53582251d9
Certificate serial: 0185701EE6E24A9F61596B723C7FF1F310C1
Authority key identifier: 61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/NNDjOsZBjd_2av8N6PYbji10Udg.roa
Signing time: Mon 02 Jan 2023 01:35:51 +0000
ROA not before: Mon 02 Jan 2023 01:35:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15925
IP address blocks: 46.21.0.0/20 maxlen: 20
87.253.240.0/20 maxlen: 20
213.135.192.0/19 maxlen: 19
2a01:7f8::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:1e:e6:e2:4a:9f:61:59:6b:72:3c:7f:f1:f3:10:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b195d13050ff3c468a149778710b53582251d9
Validity
Not Before: Jan 2 01:35:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=34d0e33ac6418ddff66aff0de8f61b8e2d7451d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:a8:ab:e8:7e:83:6e:bd:95:53:76:6f:ba:a6:
17:03:07:91:f0:35:b4:cf:8b:bb:62:4e:f7:e8:70:
d7:3b:dd:69:91:52:19:8d:fe:22:7e:45:e1:4f:eb:
45:35:7d:75:e5:71:e0:4b:ad:b5:12:ae:1b:fb:df:
62:71:34:3b:f2:c4:50:aa:71:83:67:a0:67:96:6d:
d2:6d:a7:99:58:60:85:93:c4:e3:70:25:52:0d:5d:
c6:bb:01:ca:a1:59:59:bc:90:39:13:fb:66:9e:1f:
98:53:1f:06:ba:4a:14:90:7e:7e:2e:d7:64:90:82:
0c:ea:67:17:03:55:db:a4:7b:ac:97:47:8d:f1:b7:
23:3b:44:ee:99:55:a7:aa:d3:93:ca:5c:3f:82:5a:
98:e1:c9:0d:79:e4:c2:31:d9:ae:7b:67:64:9c:22:
e1:c3:d6:ae:1d:f8:09:53:67:19:ce:dc:88:87:43:
b9:9e:c0:a7:9f:a9:6c:d9:9d:79:24:68:c3:d3:fc:
66:33:9e:d6:46:fb:d2:8e:c3:f5:75:2a:01:a3:d4:
d0:48:db:aa:83:29:73:c5:e6:f0:cc:9e:6f:20:29:
20:41:ef:5d:52:ed:40:86:32:3f:b9:cd:25:64:59:
6f:bf:83:f1:d9:9a:2c:89:da:45:8c:47:d8:34:af:
0a:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:D0:E3:3A:C6:41:8D:DF:F6:6A:FF:0D:E8:F6:1B:8E:2D:74:51:D8
X509v3 Authority Key Identifier:
keyid:61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/NNDjOsZBjd_2av8N6PYbji10Udg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/YbGV0TBQ_zxGihSXeHELU1giUdk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.0.0/20
87.253.240.0/20
213.135.192.0/19
IPv6:
2a01:7f8::/29
Signature Algorithm: sha256WithRSAEncryption
72:90:97:e1:01:5f:ff:70:0a:1c:bf:3f:05:94:37:5f:3f:15:
af:a2:52:4f:7a:be:94:03:9a:c5:59:da:b9:37:e1:5c:cb:c5:
c2:64:0f:69:09:01:4f:a6:57:66:27:3c:7d:b2:6c:82:aa:60:
20:ff:6d:21:d2:07:da:90:ca:25:0a:aa:ea:ab:c4:c5:61:e1:
2e:f4:d8:43:cf:7a:9a:3a:ff:7f:eb:63:0e:27:2e:ba:c1:18:
40:6b:c1:88:61:67:bf:03:8c:e3:99:6a:6a:55:1d:39:a4:66:
ec:3b:ba:ef:e9:9c:77:7c:b3:9f:6a:fe:b4:94:98:1e:54:a7:
48:b2:66:76:2e:d7:c1:cb:4d:cf:0d:ac:cc:4f:c4:07:38:4f:
64:70:73:6a:82:29:dc:7a:9b:3d:81:3e:55:3c:43:55:e4:49:
f8:13:54:a6:fc:69:8c:a0:5e:77:61:da:4a:13:f4:8d:ca:d1:
f7:e1:2b:b2:a5:ab:db:ea:9a:08:31:15:0a:3f:ff:c5:7a:6f:
a3:82:b0:cf:00:8d:cb:d9:1e:c3:1b:d3:1b:d5:e9:23:4d:17:
2a:d5:cf:1e:9f:de:eb:f5:63:49:ce:b4:c1:81:ca:21:71:e3:
13:8d:a5:95:3d:52:5a:61:f5:3c:d5:7b:04:7b:ea:88:26:87:
c2:2b:bd:a9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVwHubiSp9hWWtyPH/x8xDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjE5NWQxMzA1MGZmM2M0NjhhMTQ5Nzc4NzEwYjUzNTgy
MjUxZDkwHhcNMjMwMTAyMDEzNTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQwZTMzYWM2NDE4ZGRmZjY2YWZmMGRlOGY2MWI4ZTJkNzQ1MWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6ir6H6Dbr2VU3ZvuqYXAweR8DW0
z4u7Yk736HDXO91pkVIZjf4ifkXhT+tFNX115XHgS621Eq4b+99icTQ78sRQqnGD
Z6Bnlm3SbaeZWGCFk8TjcCVSDV3GuwHKoVlZvJA5E/tmnh+YUx8GukoUkH5+Ltdk
kIIM6mcXA1XbpHusl0eN8bcjO0TumVWnqtOTylw/glqY4ckNeeTCMdmue2dknCLh
w9auHfgJU2cZztyIh0O5nsCnn6ls2Z15JGjD0/xmM57WRvvSjsP1dSoBo9TQSNuq
gylzxebwzJ5vICkgQe9dUu1AhjI/uc0lZFlvv4Px2ZosidpFjEfYNK8KTwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDTQ4zrGQY3f9mr/Dej2G44tdFHYMB8GA1UdIwQY
MBaAFGGxldEwUP88RooUl3hxC1NYIlHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2It
YmFjNDcyYWI3YjZhLzEvTk5Eak9zWkJqZF8yYXY4TjZQWWJqaTEwVWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2ItYmFjNDcyYWI3YjZh
LzEvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQELhUAAwQE
V/3wAwQF1YfAMA0EAgACMAcDBQMqAQf4MA0GCSqGSIb3DQEBCwUAA4IBAQBykJfh
AV//cAocvz8FlDdfPxWvolJPer6UA5rFWdq5N+Fcy8XCZA9pCQFPpldmJzx9smyC
qmAg/20h0gfakMolCqrqq8TFYeEu9NhDz3qaOv9/62MOJy66wRhAa8GIYWe/A4zj
mWpqVR05pGbsO7rv6Zx3fLOfav60lJgeVKdIsmZ2LtfBy03PDazMT8QHOE9kcHNq
ginceps9gT5VPENV5En4E1Sm/GmMoF53YdpKE/SNytH34Suypavb6poIMRUKP//F
em+jgrDPAI3L2R7DG9Mb1ekjTRcq1c8en97r9WNJzrTBgcohceMTjaWVPVJaYfU8
1XsEe+qIJofCK72p
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:22 2024 by rpki-client on console-fra.rpki-client.org