Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NX6Fcxp1K-6kptyTlc9MNfef66A.roa
File: NX6Fcxp1K-6kptyTlc9MNfef66A.roa (raw, json)
Hash identifier: BRsmxWVXaY8XIXiI911vxp9gTcmcSiwFzP241Etfl98=
Subject key identifier: 35:7E:85:73:1A:75:2B:EE:A4:A6:DC:93:95:CF:4C:35:F7:9F:EB:A0
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01898D45F1EEDCCEB049DE40155C5AE17BBD
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NX6Fcxp1K-6kptyTlc9MNfef66A.roa
Signing time: Tue 25 Jul 2023 13:38:38 +0000
ROA not before: Tue 25 Jul 2023 13:38:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 188.209.155.0/24 maxlen: 24
185.151.236.0/22 maxlen: 24
188.253.8.0/21 maxlen: 24
103.25.84.0/22 maxlen: 24
82.115.8.0/22 maxlen: 24
188.214.236.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:8d:45:f1:ee:dc:ce:b0:49:de:40:15:5c:5a:e1:7b:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jul 25 13:38:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=357e85731a752beea4a6dc9395cf4c35f79feba0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:bf:d5:67:d4:03:27:c2:82:ae:7f:85:7a:f9:
0f:98:20:82:96:76:99:91:4d:88:3b:5f:d2:9d:b0:
6e:0f:bc:d2:74:84:99:69:45:2e:b6:70:ce:b7:b6:
3c:16:7f:dd:53:45:19:11:b6:2d:69:24:84:10:aa:
5f:ca:eb:5c:fd:53:82:e4:a6:39:70:a9:a9:4c:64:
ad:b4:36:79:d9:d4:d5:f6:2a:90:67:f2:ab:e3:4c:
d1:42:bd:92:b6:32:e3:ed:8c:36:87:83:77:3b:d5:
56:dc:1a:ce:82:a9:7c:7e:2b:b2:cc:80:c3:29:8b:
8b:22:83:f4:cd:a8:09:da:e8:f1:8c:16:2a:01:1b:
cd:20:56:d6:02:61:40:b4:dc:6d:e6:38:d5:27:81:
a5:df:36:8b:dc:87:bb:f8:c0:9f:02:9b:aa:84:aa:
48:b2:3b:43:84:34:a3:c8:ef:93:05:94:fc:32:08:
73:b5:7b:26:a3:ef:60:1c:91:99:2f:7a:02:f3:fd:
54:65:be:ae:d6:14:b2:f8:7d:a2:87:c3:19:80:4a:
e6:fd:30:78:e7:d4:f3:5a:a8:d6:fd:de:1d:83:1f:
be:be:6c:f0:22:46:c6:3c:ad:f1:aa:81:09:1f:65:
00:29:da:b2:b5:73:1f:ee:50:3c:de:dd:5f:4e:5b:
8d:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:7E:85:73:1A:75:2B:EE:A4:A6:DC:93:95:CF:4C:35:F7:9F:EB:A0
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NX6Fcxp1K-6kptyTlc9MNfef66A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.8.0/22
103.25.84.0/22
185.151.236.0/22
188.209.155.0/24
188.214.236.0/22
188.253.8.0/21
Signature Algorithm: sha256WithRSAEncryption
31:49:10:0c:00:f9:dc:83:87:6e:27:85:e3:d8:ac:4e:bc:e7:
d8:aa:63:3b:f7:5c:d4:15:eb:87:0d:3c:b9:ee:7d:01:17:2d:
12:4c:3f:09:32:61:6f:5c:72:16:2c:f0:72:01:61:cd:3c:f5:
bb:d5:92:20:c8:22:7b:a8:8f:85:da:90:77:5a:8f:3d:e7:1d:
ce:e2:9c:3e:de:da:2a:0d:60:17:2d:6e:48:06:f1:37:eb:64:
05:3d:18:da:df:be:2d:77:fd:ee:b5:6a:db:3d:5e:50:5f:c1:
77:eb:19:62:07:0e:c5:80:70:66:5d:0a:af:5d:70:e6:73:22:
3d:7f:19:01:45:7c:97:4d:55:f7:ba:47:60:9e:d2:8d:46:b0:
b2:a6:58:3c:12:64:b2:ad:3b:c0:3a:cd:5b:e9:a0:b1:2c:31:
54:51:cf:e7:eb:74:58:18:cb:2d:c6:4a:71:7a:39:c8:26:1d:
f6:ee:c3:a7:8d:a0:f3:c5:df:78:2d:bc:8d:6d:bd:1c:fa:f1:
cf:6c:da:ad:f9:d4:f6:21:1a:b1:a8:75:4c:88:c1:f5:48:7c:
4f:b8:16:a7:52:e3:23:00:39:98:56:e2:95:1f:a2:b3:c9:79:
ff:e5:e1:07:85:6b:e3:11:1e:44:81:73:88:fa:df:9b:8a:22:
a0:54:a3:9a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYmNRfHu3M6wSd5AFVxa4Xu9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwNzI1MTMzODM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTdlODU3MzFhNzUyYmVlYTRhNmRjOTM5NWNmNGMzNWY3OWZlYmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7/VZ9QDJ8KCrn+FevkPmCCClnaZ
kU2IO1/SnbBuD7zSdISZaUUutnDOt7Y8Fn/dU0UZEbYtaSSEEKpfyutc/VOC5KY5
cKmpTGSttDZ52dTV9iqQZ/Kr40zRQr2StjLj7Yw2h4N3O9VW3BrOgql8fiuyzIDD
KYuLIoP0zagJ2ujxjBYqARvNIFbWAmFAtNxt5jjVJ4Gl3zaL3Ie7+MCfApuqhKpI
sjtDhDSjyO+TBZT8MghztXsmo+9gHJGZL3oC8/1UZb6u1hSy+H2ih8MZgErm/TB4
59TzWqjW/d4dgx++vmzwIkbGPK3xqoEJH2UAKdqytXMf7lA83t1fTluN2wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDV+hXMadSvupKbck5XPTDX3n+ugMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTlg2RmN4cDFLLTZrcHR5VGxjOU1OZmVmNjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCUnMIAwQC
ZxlUAwQCuZfsAwQAvNGbAwQCvNbsAwQDvP0IMA0GCSqGSIb3DQEBCwUAA4IBAQAx
SRAMAPncg4duJ4Xj2KxOvOfYqmM791zUFeuHDTy57n0BFy0STD8JMmFvXHIWLPBy
AWHNPPW71ZIgyCJ7qI+F2pB3Wo895x3O4pw+3toqDWAXLW5IBvE362QFPRja374t
d/3utWrbPV5QX8F36xliBw7FgHBmXQqvXXDmcyI9fxkBRXyXTVX3ukdgntKNRrCy
plg8EmSyrTvAOs1b6aCxLDFUUc/n63RYGMstxkpxejnIJh327sOnjaDzxd94LbyN
bb0c+vHPbNqt+dT2IRqxqHVMiMH1SHxPuBanUuMjADmYVuKVH6KzyXn/5eEHhWvj
ER5EgXOI+t+biiKgVKOa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org