Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa
File: Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa (raw, json)
Hash identifier: XtZ7F0Vde5V8Zxzz3h+xKrCdM/F09nE37WIYUdaNSR4=
Subject key identifier: 36:3F:D7:0A:F9:0F:3B:7C:B8:11:67:79:B8:29:EB:94:18:F1:B0:28
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1DCBCF01
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa
Signing time: Fri 08 Apr 2022 12:49:00 +0000
ROA not before: Fri 08 Apr 2022 12:49:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 397423
IP address blocks: 84.54.48.0/22 maxlen: 24
194.180.51.0/24 maxlen: 24
194.169.172.0/22 maxlen: 24
194.180.48.0/23 maxlen: 24
176.125.252.0/22 maxlen: 24
94.154.172.0/22 maxlen: 24
193.25.216.0/22 maxlen: 24
87.121.220.0/23 maxlen: 24
109.206.240.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 499896065 (0x1dcbcf01)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 8 12:49:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=363fd70af90f3b7cb8116779b829eb9418f1b028
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:5d:d3:74:40:1c:28:4f:cf:0f:9d:b7:9f:58:
0c:d5:e2:db:5e:50:71:ff:05:f3:dc:b6:42:a8:cc:
73:74:88:c6:4f:34:42:a5:f0:d9:ff:93:2a:4d:73:
47:e2:c9:42:d9:f2:d6:af:9c:0b:42:38:46:71:ef:
ad:d7:ca:4c:16:b6:bb:ca:ef:08:d5:60:75:0a:f5:
ff:b3:09:08:cf:8a:c1:15:eb:66:4a:a1:9c:67:32:
f2:1f:29:35:7d:dc:4c:d8:3a:e7:e5:4d:8f:bd:a2:
ea:4c:58:34:21:27:a9:17:c5:47:7f:d0:a2:44:05:
a9:fd:63:9b:e0:84:cc:cc:57:7c:ac:8a:ec:a3:64:
e5:4c:94:24:69:b9:3a:93:10:be:a3:2d:7e:65:c8:
83:c1:1f:ae:48:10:4b:6e:92:35:88:41:9b:5d:df:
58:be:28:95:14:0e:28:f6:a4:04:98:01:49:9d:f5:
09:cc:22:58:55:5f:4f:9e:e0:bd:d3:3b:20:45:90:
97:31:3b:ea:3e:ef:e3:78:e4:b1:37:1a:e5:2a:0e:
24:ef:ae:0a:0c:6c:cb:86:1a:90:da:be:ad:c8:ca:
32:ae:4e:33:45:3c:a7:85:5f:b4:01:66:b0:92:cb:
4c:36:42:7b:5c:0b:06:fa:7a:1f:47:8c:26:4d:82:
8f:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:3F:D7:0A:F9:0F:3B:7C:B8:11:67:79:B8:29:EB:94:18:F1:B0:28
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.48.0/22
87.121.220.0/23
94.154.172.0/22
109.206.240.0/22
176.125.252.0/22
193.25.216.0/22
194.169.172.0/22
194.180.48.0/23
194.180.51.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:51:ca:f4:6c:9f:82:f6:9c:55:cf:8f:d2:b6:47:27:02:22:
09:1b:27:dd:f6:a2:7e:f6:fa:d4:cc:96:ab:0f:fb:7d:8d:d3:
32:63:26:0d:e7:58:59:f8:93:1c:20:d0:41:05:05:fd:17:b4:
7e:46:3a:a0:66:38:27:c8:89:6c:74:38:b4:87:e7:63:57:66:
59:3e:17:c7:81:44:91:cf:0d:1f:c8:5f:f4:76:24:8c:84:1f:
29:f2:ca:6f:dc:96:f8:8f:37:39:e5:8f:f7:2d:eb:58:af:fd:
6f:db:14:4e:15:93:ec:08:ca:e3:7c:db:d4:76:50:30:cd:30:
e5:1b:27:35:31:bc:e4:7b:72:73:e2:0b:48:83:a0:1e:a8:1a:
5a:a5:33:46:2b:13:11:81:8a:4a:54:10:a5:2d:12:cc:a3:c7:
05:4f:8b:d1:74:56:f2:d3:79:17:fd:ae:6f:de:9f:14:49:35:
69:10:cf:3b:b1:d8:19:eb:98:6a:80:56:a5:d2:ec:86:ab:20:
29:48:67:dd:c5:13:52:63:0e:9c:fd:39:4e:8e:94:58:1a:27:
ac:6d:71:ce:6b:14:3d:28:82:62:79:00:01:60:06:94:12:33:
f3:17:84:24:34:e5:3c:40:36:07:50:7e:a2:0c:14:67:8c:84:
8b:a7:d7:71
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEHcvPATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQw
ODEyNDkwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzYzZmQ3MGFmOTBm
M2I3Y2I4MTE2Nzc5YjgyOWViOTQxOGYxYjAyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJhd03RAHChPzw+dt59YDNXi215Qcf8F89y2QqjMc3SIxk80
QqXw2f+TKk1zR+LJQtny1q+cC0I4RnHvrdfKTBa2u8rvCNVgdQr1/7MJCM+KwRXr
ZkqhnGcy8h8pNX3cTNg65+VNj72i6kxYNCEnqRfFR3/QokQFqf1jm+CEzMxXfKyK
7KNk5UyUJGm5OpMQvqMtfmXIg8EfrkgQS26SNYhBm13fWL4olRQOKPakBJgBSZ31
CcwiWFVfT57gvdM7IEWQlzE76j7v43jksTca5SoOJO+uCgxsy4YakNq+rcjKMq5O
M0U8p4VftAFmsJLLTDZCe1wLBvp6H0eMJk2CjwkCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBQ2P9cK+Q87fLgRZ3m4KeuUGPGwKDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L05qX1hDdmtQTzN5NEVXZDV1Q25ybEJqeHNDZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAlQ2MAMEAVd53AMEAl6arAMEAm3O
8AMEArB9/AMEAsEZ2AMEAsKprAMEAcK0MAMEAMK0MzANBgkqhkiG9w0BAQsFAAOC
AQEAHlHK9GyfgvacVc+P0rZHJwIiCRsn3faifvb61MyWqw/7fY3TMmMmDedYWfiT
HCDQQQUF/Re0fkY6oGY4J8iJbHQ4tIfnY1dmWT4Xx4FEkc8NH8hf9HYkjIQfKfLK
b9yW+I83OeWP9y3rWK/9b9sUThWT7AjK43zb1HZQMM0w5RsnNTG85Htyc+ILSIOg
HqgaWqUzRisTEYGKSlQQpS0SzKPHBU+L0XRW8tN5F/2ub96fFEk1aRDPO7HYGeuY
aoBWpdLshqsgKUhn3cUTUmMOnP05To6UWBonrG1xzmsUPSiCYnkAAWAGlBIz8xeE
JDTlPEA2B1B+ogwUZ4yEi6fXcQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:35 2023 by rpki-client on console-ams.rpki-client.org