Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NP0Nsaoye05pvn8RCYOasz0Q4X8.roa
File: NP0Nsaoye05pvn8RCYOasz0Q4X8.roa (raw, json)
Hash identifier: GIB0Qx7Df8JqdmIY5MxnNvN93lYHaACe5bNrJkeRzhM=
Subject key identifier: 34:FD:0D:B1:AA:32:7B:4E:69:BE:7F:11:09:83:9A:B3:3D:10:E1:7F
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018EA937411398D6F5BAA9E5D81898A2724C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NP0Nsaoye05pvn8RCYOasz0Q4X8.roa
Signing time: Thu 04 Apr 2024 13:05:54 +0000
ROA not before: Thu 04 Apr 2024 13:05:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.88.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
84.21.174.0/23 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.86.0/23 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.72.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.25.0/24 maxlen: 24
95.214.26.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.254.37.0/24 maxlen: 24
193.42.32.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.59.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a9:37:41:13:98:d6:f5:ba:a9:e5:d8:18:98:a2:72:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 4 13:05:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=34fd0db1aa327b4e69be7f1109839ab33d10e17f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:5b:d8:75:60:2d:cd:1f:fa:c6:20:62:17:09:
81:7d:af:80:68:96:8b:13:c8:20:bc:3e:ba:98:74:
6a:75:de:91:8d:f1:24:52:50:ae:28:82:a5:dc:da:
2f:93:5e:e0:dd:a5:37:b6:9f:f6:c1:f5:34:ac:fb:
94:ad:cc:d8:0e:00:12:9a:fa:4f:0b:09:27:50:1b:
67:cd:29:cd:5a:b9:c6:83:6c:ed:f4:ab:7a:1f:94:
f2:d0:7e:4f:4e:18:76:87:0a:27:3f:f8:3b:3f:dc:
8f:4c:9f:5c:a0:81:f2:b8:b5:30:49:aa:bc:7c:01:
6b:77:6e:d8:43:65:f7:b3:c0:6e:47:f4:8a:4c:2b:
f4:8b:ae:d2:c7:aa:07:2d:17:64:e9:af:8f:fb:02:
fa:60:2c:c7:6c:7d:25:92:9b:d3:06:f6:ab:eb:c4:
16:07:3f:66:75:ec:dd:be:89:e7:95:9a:5d:f5:f4:
04:bf:51:74:10:5e:f5:00:05:9d:0f:1a:03:23:6b:
45:74:53:c3:c5:0f:7f:4c:2d:a5:dd:40:b7:c0:67:
87:f0:3e:bb:90:26:18:2e:c6:44:70:87:de:b6:cf:
d6:4d:e0:fc:6b:2d:05:f1:aa:68:da:bd:ff:47:2d:
8d:e6:3a:15:0a:c9:56:32:33:6d:b4:64:64:03:21:
dc:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:FD:0D:B1:AA:32:7B:4E:69:BE:7F:11:09:83:9A:B3:3D:10:E1:7F
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NP0Nsaoye05pvn8RCYOasz0Q4X8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.84.91.0/24
45.88.88.0/24
45.151.89.0/24
84.21.174.0/23
87.120.87.0/24
87.121.45.0/24
87.121.86.0/23
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.72.0/23
94.156.239.0/24
95.214.25.0-95.214.26.255
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.254.37.0/24
193.42.32.0/23
194.48.248.0/24
194.55.186.0/24
194.55.224.0/24
194.59.31.0/24
Signature Algorithm: sha256WithRSAEncryption
59:ca:cb:55:f0:10:29:aa:91:73:1c:51:37:e4:34:a6:0b:cf:
80:0e:18:d8:f5:36:5c:40:09:71:61:47:2a:8f:4a:1e:c3:84:
8f:6c:94:21:f8:59:71:f7:41:19:25:f2:1b:26:03:39:e7:df:
48:b4:11:b9:9f:49:43:79:8d:94:d1:b0:8e:0a:fc:5d:1f:03:
01:f7:8b:d6:9e:a0:69:b0:2e:0f:c8:62:6f:75:41:59:4b:96:
dd:43:ed:dc:6b:7e:f9:54:6f:28:f8:e6:66:f8:05:64:80:9c:
9c:da:4d:e7:2a:19:09:bf:b9:4b:96:46:98:83:ba:ec:43:f0:
1c:97:c5:7b:7b:d3:fd:c3:5c:6c:51:5a:a2:da:4d:c4:ca:7a:
42:db:d4:08:eb:8c:bc:76:2e:81:6f:98:59:03:91:16:09:21:
77:e1:57:04:30:88:e0:ee:47:7f:b4:7c:ed:86:07:f3:1a:26:
df:a7:c7:c2:7f:01:6d:69:40:f6:47:bb:6a:d5:df:9e:99:1c:
24:34:53:73:bc:74:b2:91:c9:8b:05:f0:91:b0:6f:fe:a0:b7:
f1:97:85:90:84:8b:64:33:b9:83:70:98:e5:94:5a:dc:8f:2b:
63:80:90:35:b2:27:97:4b:0a:27:ee:e4:a1:81:39:59:56:9e:
58:55:3f:4b
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAY6pN0ETmNb1uqnl2BiYonJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDA0MTMwNTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGZkMGRiMWFhMzI3YjRlNjliZTdmMTEwOTgzOWFiMzNkMTBlMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVvYdWAtzR/6xiBiFwmBfa+AaJaL
E8ggvD66mHRqdd6RjfEkUlCuKIKl3Novk17g3aU3tp/2wfU0rPuUrczYDgASmvpP
CwknUBtnzSnNWrnGg2zt9Kt6H5Ty0H5PThh2hwonP/g7P9yPTJ9coIHyuLUwSaq8
fAFrd27YQ2X3s8BuR/SKTCv0i67Sx6oHLRdk6a+P+wL6YCzHbH0lkpvTBvar68QW
Bz9mdezdvonnlZpd9fQEv1F0EF71AAWdDxoDI2tFdFPDxQ9/TC2l3UC3wGeH8D67
kCYYLsZEcIfets/WTeD8ay0F8apo2r3/Ry2N5joVCslWMjNttGRkAyHcwwIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFDT9DbGqMntOab5/EQmDmrM9EOF/MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTlAwTnNhb3llMDVwdm44UkNZT2FzejBRNFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAt
CZwDBAAtVFsDBAAtWFgDBAAtl1kDBAFUFa4DBABXeFcDBABXeS0DBAFXeVYDBABX
ed0DBAFcd8QDBAJemqADBAFenEgDBABenO8wDAMEAF/WGQMEAF/WGgMEAJNOZgME
AqsWSAMEALLX4AMEALLX7AMEArnYVAMEArnaVAMEALn+JQMEAcEqIAMEAMIw+AME
AMI3ugMEAMI34AMEAMI7HzANBgkqhkiG9w0BAQsFAAOCAQEAWcrLVfAQKaqRcxxR
N+Q0pgvPgA4Y2PU2XEAJcWFHKo9KHsOEj2yUIfhZcfdBGSXyGyYDOeffSLQRuZ9J
Q3mNlNGwjgr8XR8DAfeL1p6gabAuD8hib3VBWUuW3UPt3Gt++VRvKPjmZvgFZICc
nNpN5yoZCb+5S5ZGmIO67EPwHJfFe3vT/cNcbFFaotpNxMp6QtvUCOuMvHYugW+Y
WQORFgkhd+FXBDCI4O5Hf7R87YYH8xom36fHwn8BbWlA9ke7atXfnpkcJDRTc7x0
spHJiwXwkbBv/qC38ZeFkISLZDO5g3CY5ZRa3I8rY4CQNbInl0sKJ+7koYE5WVae
WFU/Sw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org