Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nbG391eoBBsCWLcmkJciRb5RfDo.roa
File: nbG391eoBBsCWLcmkJciRb5RfDo.roa (raw, json)
Hash identifier: cefmMy8xLd1f4HTmh2yN9lqsNO2HCJgztgJv+/6zL5g=
Subject key identifier: 9D:B1:B7:F7:57:A8:04:1B:02:58:B7:26:90:97:22:45:BE:51:7C:3A
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0188D30DEA3616955A6777A90424741F436E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nbG391eoBBsCWLcmkJciRb5RfDo.roa
Signing time: Mon 19 Jun 2023 09:48:04 +0000
ROA not before: Mon 19 Jun 2023 09:48:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 11938
IP address blocks: 194.135.18.0/24 maxlen: 24
193.124.44.0/24 maxlen: 24
194.58.41.0/24 maxlen: 24
194.87.180.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:d3:0d:ea:36:16:95:5a:67:77:a9:04:24:74:1f:43:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jun 19 09:48:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9db1b7f757a8041b0258b72690972245be517c3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:b9:2c:74:46:b3:1f:58:ed:f0:d8:d8:af:d4:
d8:db:5c:66:f3:5b:0c:d8:63:44:67:98:93:d2:ac:
e0:e6:fc:68:3b:4a:04:8d:18:6e:48:98:e3:e5:e5:
ce:2f:1d:f3:37:a2:f3:f1:df:d6:f4:7c:fe:7a:37:
cd:2a:de:11:a8:1c:19:7d:f1:b1:e2:6d:d9:8d:74:
4a:db:52:ed:a4:26:f9:43:85:71:34:26:fd:28:be:
72:9a:cb:9e:4f:3a:86:93:e6:6a:6d:68:c1:a2:a9:
e9:7b:1a:eb:a4:ac:74:b7:71:53:aa:31:aa:c1:a3:
a2:35:66:65:32:c6:76:dc:68:71:77:d0:53:18:57:
89:54:2a:57:6a:6b:63:5e:51:d0:29:2d:4e:6e:dc:
25:53:a2:bf:c6:50:1f:2b:91:aa:9f:be:60:b5:24:
45:91:0e:bf:55:e0:0f:1f:1d:b4:24:87:dc:be:83:
6c:03:87:c6:82:0e:04:e2:2d:e9:5e:9a:eb:7c:6e:
c4:be:ff:ed:48:de:d5:68:d4:fb:3b:b6:a4:b0:71:
2c:5d:27:42:45:1d:98:4b:d5:94:ac:9a:be:28:09:
32:da:c4:e7:8f:22:69:a8:70:f2:3a:54:30:e1:c3:
6a:26:7a:65:a1:3b:54:ae:82:8d:7d:58:a6:6d:b1:
23:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:B1:B7:F7:57:A8:04:1B:02:58:B7:26:90:97:22:45:BE:51:7C:3A
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nbG391eoBBsCWLcmkJciRb5RfDo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.44.0/24
194.58.41.0/24
194.87.180.0/24
194.135.18.0/24
Signature Algorithm: sha256WithRSAEncryption
91:9f:5e:7d:48:72:1b:28:69:72:cf:66:a8:a3:58:33:03:2d:
c3:b6:60:3f:1c:60:e4:e6:17:e0:b8:e4:3c:ec:9c:77:27:6c:
d8:fb:ad:b8:0f:65:2a:2f:b3:ea:bc:99:56:9f:b7:a0:1a:0c:
ec:bf:86:76:d1:8c:cc:6e:ba:d5:ba:31:20:a5:81:60:4e:d0:
51:e8:f9:2d:b0:ae:a2:a2:08:af:18:51:77:ca:f3:05:a5:71:
3a:51:0e:98:fa:2b:ff:1a:90:b6:03:d4:ab:c3:af:81:3b:26:
57:c8:cc:4f:d6:a9:08:d1:66:20:52:09:e0:59:96:e4:63:15:
8d:13:ed:e8:ef:24:9f:ac:2d:e1:41:6d:b5:ef:b4:97:e7:bf:
ec:ca:3d:ae:3e:bd:92:21:52:39:e7:d9:e9:f4:c4:00:8d:90:
34:b7:3b:fd:05:b0:8d:d4:da:28:09:51:b2:84:79:d9:dc:b8:
1a:cf:b5:f3:db:a7:84:83:45:f5:67:bc:7b:a6:07:99:eb:fb:
0c:bc:39:43:93:22:c7:a6:00:22:e0:9e:c8:e7:12:e5:61:98:
9f:a9:6b:97:5d:8f:84:0f:37:c5:af:d9:df:ed:cd:df:0f:61:
a6:f6:77:51:80:80:84:19:eb:4d:13:54:3b:95:bc:aa:32:ab:
26:30:01:1b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYjTDeo2FpVaZ3epBCR0H0NuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjE5MDk0ODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGIxYjdmNzU3YTgwNDFiMDI1OGI3MjY5MDk3MjI0NWJlNTE3YzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bksdEazH1jt8NjYr9TY21xm81sM
2GNEZ5iT0qzg5vxoO0oEjRhuSJjj5eXOLx3zN6Lz8d/W9Hz+ejfNKt4RqBwZffGx
4m3ZjXRK21LtpCb5Q4VxNCb9KL5ymsueTzqGk+ZqbWjBoqnpexrrpKx0t3FTqjGq
waOiNWZlMsZ23Ghxd9BTGFeJVCpXamtjXlHQKS1ObtwlU6K/xlAfK5Gqn75gtSRF
kQ6/VeAPHx20JIfcvoNsA4fGgg4E4i3pXprrfG7Evv/tSN7VaNT7O7aksHEsXSdC
RR2YS9WUrJq+KAky2sTnjyJpqHDyOlQw4cNqJnploTtUroKNfVimbbEjKwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ2xt/dXqAQbAli3JpCXIkW+UXw6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbmJHMzkxZW9CQnNDV0xjbWtKY2lSYjVSZkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwXwsAwQA
wjopAwQAwle0AwQAwocSMA0GCSqGSIb3DQEBCwUAA4IBAQCRn159SHIbKGlyz2ao
o1gzAy3DtmA/HGDk5hfguOQ87Jx3J2zY+624D2UqL7PqvJlWn7egGgzsv4Z20YzM
brrVujEgpYFgTtBR6PktsK6iogivGFF3yvMFpXE6UQ6Y+iv/GpC2A9Srw6+BOyZX
yMxP1qkI0WYgUgngWZbkYxWNE+3o7ySfrC3hQW2177SX57/syj2uPr2SIVI559np
9MQAjZA0tzv9BbCN1NooCVGyhHnZ3Lgaz7Xz26eEg0X1Z7x7pgeZ6/sMvDlDkyLH
pgAi4J7I5xLlYZifqWuXXY+EDzfFr9nf7c3fD2Gm9ndRgICEGetNE1Q7lbyqMqsm
MAEb
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:53:44 2025 by rpki-client