Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nn_Z9S0AhskbQn8k11j-5PWm45w.roa
File: Nn_Z9S0AhskbQn8k11j-5PWm45w.roa (raw, json)
Hash identifier: vxVfXfjQQhinb86D41IHObG/vPwkfK80l9R2iCxjvsU=
Subject key identifier: 36:7F:D9:F5:2D:00:86:C9:1B:42:7F:24:D7:58:FE:E4:F5:A6:E3:9C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189D409CF2FC0E6CFC73A69217D22C98A57
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nn_Z9S0AhskbQn8k11j-5PWm45w.roa
Signing time: Tue 08 Aug 2023 07:25:59 +0000
ROA not before: Tue 08 Aug 2023 07:25:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201021
IP address blocks: 194.49.86.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d4:09:cf:2f:c0:e6:cf:c7:3a:69:21:7d:22:c9:8a:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 8 07:25:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=367fd9f52d0086c91b427f24d758fee4f5a6e39c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:a7:bb:83:00:27:ac:cd:17:45:ee:a1:a0:1c:
1b:61:e0:f3:de:cd:5d:5c:2c:76:a6:3a:ca:84:7e:
3b:f8:b0:98:bd:f7:d8:d3:4f:0e:ca:bf:34:c0:2b:
ac:d5:55:21:28:ae:07:63:b8:f9:a7:7b:f5:6f:d8:
12:4c:6a:90:6f:13:56:18:7e:93:67:e9:63:ff:e3:
9a:32:f9:fe:1c:75:62:3d:c7:c7:61:1f:6b:ab:97:
e6:3b:85:c4:97:4c:c0:91:3d:98:b8:6f:dc:39:e9:
e4:eb:67:6c:3a:c5:cd:a8:6e:ef:6c:1d:39:72:4a:
b0:a8:e1:f1:dc:21:71:2e:07:4a:1c:4a:9c:62:f5:
8f:e8:e6:a5:77:6c:e6:74:32:6c:d2:75:d6:0d:08:
8a:c3:cc:3d:dd:25:e0:27:e6:3f:b1:7d:a7:ae:98:
17:93:2b:13:63:1a:f0:66:8f:bd:97:22:a3:fb:37:
20:29:fc:2d:40:f7:4d:71:1e:12:fc:b1:76:c2:34:
bb:1d:8e:60:9d:41:e8:6c:3e:04:94:af:ae:5b:c3:
9e:3f:09:51:4f:7c:01:1a:45:df:72:0d:0e:09:ad:
2d:56:1c:43:14:7b:04:8a:c6:ab:4b:86:c4:b9:1a:
04:c1:41:68:1a:e4:36:6d:0f:40:14:3e:71:09:d9:
ae:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:7F:D9:F5:2D:00:86:C9:1B:42:7F:24:D7:58:FE:E4:F5:A6:E3:9C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nn_Z9S0AhskbQn8k11j-5PWm45w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.49.86.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:b8:bf:6b:eb:43:b6:d4:c5:95:ec:7a:9d:96:bb:29:b7:df:
f3:3a:07:c3:32:a4:16:15:8a:cc:a1:fc:3e:74:1b:c7:24:78:
f4:d3:9e:2c:7c:69:ae:fc:28:ef:33:f1:ff:4c:21:a3:d7:e4:
65:c3:5e:fa:c3:3d:8c:ec:3c:48:0f:47:49:57:99:ee:f0:f0:
21:2f:6d:ef:ce:cc:d5:c1:83:31:af:53:bb:0d:5d:f7:39:8c:
e4:84:b5:d2:98:2e:f1:20:0a:e6:a0:49:ee:79:f3:20:38:4b:
c9:97:8c:62:f6:03:e5:bd:67:b9:d7:7b:07:3b:bd:6c:12:02:
e0:15:7c:02:9e:3e:76:87:f6:1c:5c:e9:3a:e2:fb:6e:7b:6c:
73:b6:82:aa:7c:f2:0c:18:ae:5f:0b:6b:e5:33:b8:99:c0:d6:
44:b8:fc:8b:f4:93:32:de:4e:d8:c3:79:eb:a2:b0:5e:b5:af:
01:92:02:57:b4:a5:d5:f7:3b:71:4d:bc:4e:66:13:2e:4d:ec:
d9:04:09:15:55:de:bc:ad:fd:d0:69:b3:d7:86:bf:7f:c4:39:
bd:67:9c:30:8f:b3:86:d5:c2:7b:f6:6b:98:6c:ac:4c:c9:fe:
78:f7:a5:1e:53:cf:0d:e7:25:a5:62:1c:7e:d1:e4:9a:ab:59:
ca:9b:e1:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYnUCc8vwObPxzppIX0iyYpXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODA4MDcyNTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjdmZDlmNTJkMDA4NmM5MWI0MjdmMjRkNzU4ZmVlNGY1YTZlMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzae7gwAnrM0XRe6hoBwbYeDz3s1d
XCx2pjrKhH47+LCYvffY008Oyr80wCus1VUhKK4HY7j5p3v1b9gSTGqQbxNWGH6T
Z+lj/+OaMvn+HHViPcfHYR9rq5fmO4XEl0zAkT2YuG/cOenk62dsOsXNqG7vbB05
ckqwqOHx3CFxLgdKHEqcYvWP6Oald2zmdDJs0nXWDQiKw8w93SXgJ+Y/sX2nrpgX
kysTYxrwZo+9lyKj+zcgKfwtQPdNcR4S/LF2wjS7HY5gnUHobD4ElK+uW8OePwlR
T3wBGkXfcg0OCa0tVhxDFHsEisarS4bEuRoEwUFoGuQ2bQ9AFD5xCdmuAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZ/2fUtAIbJG0J/JNdY/uT1puOcMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTm5fWjlTMEFoc2tiUW44azExai01UFdtNDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjFWMA0G
CSqGSIb3DQEBCwUAA4IBAQCpuL9r60O21MWV7Hqdlrspt9/zOgfDMqQWFYrMofw+
dBvHJHj0054sfGmu/CjvM/H/TCGj1+Rlw176wz2M7DxID0dJV5nu8PAhL23vzszV
wYMxr1O7DV33OYzkhLXSmC7xIArmoEnuefMgOEvJl4xi9gPlvWe513sHO71sEgLg
FXwCnj52h/YcXOk64vtue2xztoKqfPIMGK5fC2vlM7iZwNZEuPyL9JMy3k7Yw3nr
orBeta8BkgJXtKXV9ztxTbxOZhMuTezZBAkVVd68rf3QabPXhr9/xDm9Z5wwj7OG
1cJ79muYbKxMyf5496UeU88N5yWlYhx+0eSaq1nKm+EZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org