Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NUNLzd3VXCQRqfc-Jbw9aLkokYU.roa
File: NUNLzd3VXCQRqfc-Jbw9aLkokYU.roa (raw, json)
Hash identifier: bnBxL5KQQM8wajXMJi6rttxSr6cwwduDtBudCogXoP4=
Subject key identifier: 35:43:4B:CD:DD:D5:5C:24:11:A9:F7:3E:25:BC:3D:68:B9:28:91:85
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 15B8B66B
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NUNLzd3VXCQRqfc-Jbw9aLkokYU.roa
Signing time: Tue 01 Mar 2022 13:44:11 +0000
ROA not before: Tue 01 Mar 2022 13:44:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.63.0/24 maxlen: 24
94.240.60.0/22 maxlen: 22
212.7.223.0/24 maxlen: 24
91.106.30.0/23 maxlen: 23
94.240.0.0/18 maxlen: 18
91.106.26.0/23 maxlen: 23
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 364426859 (0x15b8b66b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Mar 1 13:44:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=35434bcdddd55c2411a9f73e25bc3d68b9289185
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:7d:ab:3e:6e:c9:19:38:4a:76:3f:96:82:b8:
54:b8:39:39:c4:b8:bc:58:29:5c:31:87:57:e3:59:
d3:9d:56:3c:2b:80:55:17:d9:01:42:49:01:bc:10:
85:23:ae:cb:13:d1:39:9c:70:98:fa:eb:62:57:d6:
a8:1c:ce:52:92:e9:65:19:6b:4e:6f:15:ad:de:ae:
4f:32:e0:88:0f:14:3e:0d:03:4f:a8:73:7e:9e:94:
89:f5:a0:5a:bd:02:f2:10:07:8b:21:0c:62:81:9c:
7f:9c:9b:53:31:f4:08:21:f0:bc:3c:d8:7d:74:a3:
89:4b:2f:8d:bb:0e:23:ec:a9:34:8c:b1:5f:e9:73:
07:12:ad:15:23:67:45:50:f9:23:8f:40:4d:a3:0f:
92:79:b7:40:97:5f:a9:60:33:4c:91:3c:7f:09:8b:
60:6c:2c:48:96:0c:a2:83:50:e9:a2:9d:9a:a4:56:
1e:1e:db:5e:4b:de:38:3f:8b:2f:df:e6:db:a0:a7:
81:af:fe:4c:43:17:27:a2:5f:c7:2d:1f:6c:e8:15:
d6:b9:1b:3a:64:9a:80:15:78:d4:ad:c9:e1:3a:9b:
30:c9:22:cd:1c:85:4b:b7:d8:5f:63:9c:5b:e4:25:
a7:74:83:3b:6c:3b:17:24:25:64:4b:f8:68:5e:25:
76:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:43:4B:CD:DD:D5:5C:24:11:A9:F7:3E:25:BC:3D:68:B9:28:91:85
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NUNLzd3VXCQRqfc-Jbw9aLkokYU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0/18
185.139.16.0/22
194.152.46.0/23
212.7.223.0/24
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
40:2a:69:22:f4:7c:8a:93:a7:3d:24:7a:47:f2:67:bf:6f:39:
85:38:a4:25:85:d2:04:63:45:9f:81:9c:f0:83:7b:ac:26:a3:
43:f1:c7:31:d1:15:cf:8e:04:a7:bf:76:70:d5:3f:05:6e:d3:
31:39:68:86:ea:d0:f7:96:86:36:cb:88:2e:a0:97:9a:09:6b:
16:58:1b:5a:ed:92:50:3f:a4:d5:5a:21:88:d3:b7:2e:45:6d:
28:e3:82:49:f8:cd:80:3c:dd:65:88:9c:f2:d9:fc:38:6d:d1:
b1:d4:3e:72:e9:eb:36:62:22:5a:22:83:ab:6b:37:21:22:79:
22:e3:ce:a8:12:6e:98:90:59:94:84:c7:9e:8b:ad:2f:8a:3e:
25:18:d8:f1:63:af:c1:22:b2:a6:5d:b8:94:3a:9e:b8:3d:a1:
e5:95:da:f3:c8:2d:2e:11:5e:0e:7c:1a:37:63:7f:29:e1:3a:
44:e5:29:b2:08:e6:1e:d3:1c:d1:9c:0c:d8:7f:c4:ca:de:bd:
22:59:dc:21:8f:ea:67:cf:92:bd:64:1c:5e:1a:56:02:2d:9e:
ad:da:9b:46:27:b6:66:c1:d9:09:6c:07:2b:f1:3d:34:7c:80:
82:b2:de:9a:e7:d7:20:44:4c:ca:2b:59:13:80:98:53:42:3f:
9d:8b:96:dc
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEFbi2azANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTFhMmZkNmY1ZTVhZjg3ZDVjZWEwOTUwNjZmYmNjM2QzZTU0NmE0MB4XDTIyMDMw
MTEzNDQxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzU0MzRiY2RkZGQ1
NWMyNDExYTlmNzNlMjViYzNkNjhiOTI4OTE4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJZ9qz5uyRk4SnY/loK4VLg5OcS4vFgpXDGHV+NZ051WPCuA
VRfZAUJJAbwQhSOuyxPROZxwmPrrYlfWqBzOUpLpZRlrTm8Vrd6uTzLgiA8UPg0D
T6hzfp6UifWgWr0C8hAHiyEMYoGcf5ybUzH0CCHwvDzYfXSjiUsvjbsOI+ypNIyx
X+lzBxKtFSNnRVD5I49ATaMPknm3QJdfqWAzTJE8fwmLYGwsSJYMooNQ6aKdmqRW
Hh7bXkveOD+LL9/m26Cnga/+TEMXJ6Jfxy0fbOgV1rkbOmSagBV41K3J4TqbMMki
zRyFS7fYX2OcW+Qlp3SDO2w7FyQlZEv4aF4ldh8CAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBQ1Q0vN3dVcJBGp9z4lvD1ouSiRhTAfBgNVHSMEGDAWgBQ1Gi/W9eWvh9XO
oJUGb7zD0+VGpDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05Sb3YxdlhscjRmVnpxQ1ZCbS04dzlQbFJxUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvY2RkZGQ1LTgxN2EtNDExMy04YjgyLTIzMDQ5ZTRkMmYxMi8x
L05VTkx6ZDNWWENRUnFmYy1KYnc5YUxrb2tZVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
Y2RkZGQ1LTgxN2EtNDExMy04YjgyLTIzMDQ5ZTRkMmYxMi8xL05Sb3YxdlhscjRm
VnpxQ1ZCbS04dzlQbFJxUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAltqGAMEAVtqHgMEBl7wAAMEArmL
EAMEAcKYLgMEANQH3zANBAIAAjAHAwUAKgFugDANBgkqhkiG9w0BAQsFAAOCAQEA
QCppIvR8ipOnPSR6R/Jnv285hTikJYXSBGNFn4Gc8IN7rCajQ/HHMdEVz44Ep792
cNU/BW7TMTlohurQ95aGNsuILqCXmglrFlgbWu2SUD+k1VohiNO3LkVtKOOCSfjN
gDzdZYic8tn8OG3RsdQ+cunrNmIiWiKDq2s3ISJ5IuPOqBJumJBZlITHnoutL4o+
JRjY8WOvwSKypl24lDqeuD2h5ZXa88gtLhFeDnwaN2N/KeE6ROUpsgjmHtMc0ZwM
2H/Eyt69IlncIY/qZ8+SvWQcXhpWAi2erdqbRie2ZsHZCWwHK/E9NHyAgrLemufX
IERMyitZE4CYU0I/nYuW3A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:18 2024 by rpki-client on console-fra.rpki-client.org