Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/N2NGANlUtLzhkjeuoXQgqrOmjr4.roa
File: N2NGANlUtLzhkjeuoXQgqrOmjr4.roa (raw, json)
Hash identifier: dy0o7AjRjV7x/y6/x1kK82myhxF5TLNBpGTn2txTYGA=
Subject key identifier: 37:63:46:00:D9:54:B4:BC:E1:92:37:AE:A1:74:20:AA:B3:A6:8E:BE
Certificate issuer: /CN=47b80caa97c13147d680c80976f8a4b15cade04f
Certificate serial: 019420D5B38B19FA60F542FD68440C61842E
Authority key identifier: 47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/N2NGANlUtLzhkjeuoXQgqrOmjr4.roa
Signing time: Wed 01 Jan 2025 07:47:43 +0000
ROA not before: Wed 01 Jan 2025 07:47:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44547
IP address blocks: 185.161.122.0/24 maxlen: 24
185.171.88.0/24 maxlen: 24
185.171.91.0/24 maxlen: 24
2a0c:f500::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:b3:8b:19:fa:60:f5:42:fd:68:44:0c:61:84:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=47b80caa97c13147d680c80976f8a4b15cade04f
Validity
Not Before: Jan 1 07:47:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=37634600d954b4bce19237aea17420aab3a68ebe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:bf:2a:1e:38:5a:1a:5c:35:99:24:f6:29:6a:
cd:d4:08:19:43:e7:bd:84:ca:8a:7b:70:99:4d:82:
aa:47:73:a0:28:5c:52:c7:4b:ec:74:11:b1:8b:1a:
5f:0d:cd:9d:e1:c7:93:13:a2:d1:3f:f7:f3:09:24:
75:9c:bc:14:3b:3a:6b:a0:fe:20:eb:52:65:e3:e3:
09:c3:ef:ad:2a:7c:73:4b:09:3c:e8:d4:bd:f9:9e:
d5:a1:70:c5:e0:8d:6f:1a:a9:7f:34:29:60:34:24:
32:08:c2:dc:5c:62:c9:3f:10:14:4e:f7:75:87:26:
6d:b7:46:ec:d4:2c:6b:13:cb:08:28:20:31:41:56:
81:56:1a:88:1d:8d:c7:84:25:8e:e0:0f:c6:94:73:
60:5d:2a:30:88:a6:10:74:b9:06:7c:82:5b:90:0c:
49:6f:8a:cd:cb:36:90:8c:d3:a9:05:11:62:3d:21:
21:76:ac:02:c1:00:88:ac:80:0c:2f:17:1c:b3:88:
19:95:bd:8d:75:d2:ed:f8:96:67:31:c5:cf:09:89:
89:50:a6:6a:85:b4:41:5e:6d:01:a0:1b:67:8d:30:
94:e1:e0:44:8f:96:67:cc:aa:36:26:03:b4:d1:fe:
eb:df:c8:75:84:cb:c5:ab:75:ee:9f:2a:a4:49:2f:
69:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:63:46:00:D9:54:B4:BC:E1:92:37:AE:A1:74:20:AA:B3:A6:8E:BE
X509v3 Authority Key Identifier:
keyid:47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/N2NGANlUtLzhkjeuoXQgqrOmjr4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/R7gMqpfBMUfWgMgJdviksVyt4E8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.122.0/24
185.171.88.0/24
185.171.91.0/24
IPv6:
2a0c:f500::/29
Signature Algorithm: sha256WithRSAEncryption
65:75:1d:dc:33:b8:47:03:a8:1b:29:76:94:ba:a4:65:bc:a4:
3b:5a:61:d8:2e:ba:95:82:e2:95:7b:f9:60:d5:a8:00:aa:4f:
a5:c3:85:f4:18:05:30:9e:d8:b0:39:c0:6e:fa:c3:52:b0:14:
66:aa:ca:6a:a3:05:5b:ca:d2:d6:68:23:f9:c6:76:08:77:9d:
18:3d:dc:f6:dd:e5:b9:af:62:ce:03:9e:c5:07:5e:44:0d:21:
bd:5f:ba:79:99:62:74:f6:0b:49:79:a6:f2:95:5a:93:5a:e9:
e5:ac:9c:a6:b8:2b:0c:6f:d6:1f:96:bc:0d:2b:b0:f6:65:de:
76:81:6c:7d:c8:72:c9:51:8c:0f:05:4e:86:b5:e7:a6:8b:f2:
b6:f7:dc:1d:49:8b:76:e2:e8:f1:f0:6b:50:c4:71:44:35:9e:
f2:01:45:f8:12:ce:6c:94:64:8d:22:0b:da:07:4b:d5:c4:a0:
3b:9e:e2:40:6c:e3:22:39:23:9f:e9:b5:03:ad:cd:91:74:67:
32:7c:73:db:51:57:f0:b2:bb:99:55:63:08:b9:9b:81:f9:f7:
24:1c:3e:19:f5:8f:96:19:86:b8:38:8b:f7:f6:d6:df:01:c2:
e1:38:ec:33:2e:37:63:9e:b2:df:24:1b:e6:dc:9d:d0:96:9d:
20:cf:30:3d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQg1bOLGfpg9UL9aEQMYYQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YjgwY2FhOTdjMTMxNDdkNjgwYzgwOTc2ZjhhNGIxNWNh
ZGUwNGYwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzYzNDYwMGQ5NTRiNGJjZTE5MjM3YWVhMTc0MjBhYWIzYTY4ZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3b8qHjhaGlw1mST2KWrN1AgZQ+e9
hMqKe3CZTYKqR3OgKFxSx0vsdBGxixpfDc2d4ceTE6LRP/fzCSR1nLwUOzproP4g
61Jl4+MJw++tKnxzSwk86NS9+Z7VoXDF4I1vGql/NClgNCQyCMLcXGLJPxAUTvd1
hyZtt0bs1CxrE8sIKCAxQVaBVhqIHY3HhCWO4A/GlHNgXSowiKYQdLkGfIJbkAxJ
b4rNyzaQjNOpBRFiPSEhdqwCwQCIrIAMLxccs4gZlb2NddLt+JZnMcXPCYmJUKZq
hbRBXm0BoBtnjTCU4eBEj5ZnzKo2JgO00f7r38h1hMvFq3XunyqkSS9pTwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDdjRgDZVLS84ZI3rqF0IKqzpo6+MB8GA1UdIwQY
MBaAFEe4DKqXwTFH1oDICXb4pLFcreBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAt
MTBlMjRlOWQwZmE3LzEvTjJOR0FObFV0THpoa2pldW9YUWdxck9tanI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAtMTBlMjRlOWQwZmE3
LzEvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAuaF6AwQA
uatYAwQAuatbMA0EAgACMAcDBQMqDPUAMA0GCSqGSIb3DQEBCwUAA4IBAQBldR3c
M7hHA6gbKXaUuqRlvKQ7WmHYLrqVguKVe/lg1agAqk+lw4X0GAUwntiwOcBu+sNS
sBRmqspqowVbytLWaCP5xnYId50YPdz23eW5r2LOA57FB15EDSG9X7p5mWJ09gtJ
eabylVqTWunlrJymuCsMb9YflrwNK7D2Zd52gWx9yHLJUYwPBU6Gteemi/K299wd
SYt24ujx8GtQxHFENZ7yAUX4Es5slGSNIgvaB0vVxKA7nuJAbOMiOSOf6bUDrc2R
dGcyfHPbUVfwsruZVWMIuZuB+fckHD4Z9Y+WGYa4OIv39tbfAcLhOOwzLjdjnrLf
JBvm3J3Qlp0gzzA9
-----END CERTIFICATE-----
Generated at Thu Apr 17 20:54:37 2025 by rpki-client