Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/n3nIJUy-7kjOFO9duaXcJDhXV_s.roa
File: n3nIJUy-7kjOFO9duaXcJDhXV_s.roa (raw, json)
Hash identifier: q/jNQaHe3N5vY5dycJ94aoA2SuMd4C71WZkPam0uTxQ=
Subject key identifier: 9F:79:C8:25:4C:BE:EE:48:CE:14:EF:5D:B9:A5:DC:24:38:57:57:FB
Certificate issuer: /CN=f4e018fddfd422517c3069e75658657b40e73601
Certificate serial: 018CC7272C3B14874D75CAE2D9F0428B6B10
Authority key identifier: F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/n3nIJUy-7kjOFO9duaXcJDhXV_s.roa
Signing time: Mon 01 Jan 2024 22:31:22 +0000
ROA not before: Mon 01 Jan 2024 22:31:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34037
IP address blocks: 195.191.141.0/24 maxlen: 24
195.191.177.0/24 maxlen: 24
141.136.32.0/24 maxlen: 24
141.136.37.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:2c:3b:14:87:4d:75:ca:e2:d9:f0:42:8b:6b:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4e018fddfd422517c3069e75658657b40e73601
Validity
Not Before: Jan 1 22:31:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9f79c8254cbeee48ce14ef5db9a5dc24385757fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:9b:1f:50:6d:7a:88:eb:0a:40:c3:16:bf:e0:
92:9b:80:02:6f:d7:6e:97:5a:b2:ee:fe:b9:ea:db:
14:b3:6d:1b:66:3a:f1:10:bf:b1:a0:b5:95:64:11:
5e:d2:53:e6:5c:87:5c:61:06:6c:44:c1:c3:29:20:
d3:89:3b:df:38:b8:5b:2f:71:35:13:c7:a2:06:96:
33:f7:2f:49:61:f1:54:aa:9f:e9:76:97:f0:6a:c2:
30:98:22:bb:f2:66:85:f9:bd:e3:14:f9:19:11:32:
bd:51:c0:58:9f:3b:04:5e:49:dc:a1:04:1d:42:94:
93:47:f5:7d:2f:19:ea:4a:c9:ae:aa:dc:9a:fc:3b:
2b:58:cc:a2:6f:c1:59:37:41:3a:3d:c4:b6:79:7a:
09:cc:f3:75:4a:8c:46:1a:22:f0:27:1f:04:44:56:
ad:98:b3:ea:b3:3a:b4:9e:8e:66:a9:b3:22:62:d3:
c2:58:8e:3a:8a:e7:30:82:b9:0f:33:f6:17:42:2b:
7e:75:ba:48:c6:43:5d:9e:ff:4f:4a:76:1c:8b:4d:
c6:72:33:ec:fa:00:e3:23:54:a2:3e:5d:ac:d3:88:
1b:59:9d:4b:70:f0:95:60:02:40:13:4c:57:cd:9f:
ab:94:17:cf:05:11:fd:4a:c1:35:97:20:b0:98:5a:
48:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:79:C8:25:4C:BE:EE:48:CE:14:EF:5D:B9:A5:DC:24:38:57:57:FB
X509v3 Authority Key Identifier:
keyid:F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/n3nIJUy-7kjOFO9duaXcJDhXV_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.136.32.0/24
141.136.37.0/24
195.191.141.0/24
195.191.177.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:79:80:b5:6e:fd:ac:50:d7:ef:19:c4:ac:81:66:db:a2:94:
63:d6:7d:11:c3:c9:ee:8c:28:35:6f:51:4a:dd:69:6c:1f:93:
a5:70:fb:e2:84:21:29:c8:08:63:f8:82:5b:b8:c2:25:f1:f3:
f7:0b:a3:d5:76:46:c6:9d:5b:29:b5:e3:79:e3:80:42:87:74:
41:07:c6:a7:5d:a6:0e:6f:7c:a5:db:13:a8:e6:e4:0e:af:f7:
67:87:6b:3e:2d:cf:0b:01:b3:fe:06:db:5d:d0:b3:d6:f9:24:
24:55:d5:ab:44:ff:f4:9e:fe:39:e9:d3:6b:0f:43:d9:44:48:
02:2f:32:40:80:c1:c2:28:93:88:b4:76:c5:b3:ec:ac:fd:39:
a6:10:93:58:f3:00:b4:5e:c4:e1:4e:f4:8c:de:30:cf:b3:4a:
a4:9c:07:fb:7c:70:15:b6:9d:e1:28:8e:d9:4c:0d:7f:95:62:
03:f6:c4:9a:c8:ad:61:97:24:63:ad:56:b0:87:1d:fe:b0:25:
6c:7d:fa:8b:52:ae:50:e6:60:4f:43:08:5d:68:53:87:41:56:
6f:36:8d:c5:4d:0c:67:48:98:b6:32:9c:7e:b4:37:90:c2:62:
09:c8:af:5f:f2:60:9e:0c:18:91:27:66:6b:6c:61:cd:16:6d:
1c:96:21:4c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzHJyw7FIdNdcri2fBCi2sQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTAxOGZkZGZkNDIyNTE3YzMwNjllNzU2NTg2NTdiNDBl
NzM2MDEwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc5YzgyNTRjYmVlZTQ4Y2UxNGVmNWRiOWE1ZGMyNDM4NTc1N2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2psfUG16iOsKQMMWv+CSm4ACb9du
l1qy7v656tsUs20bZjrxEL+xoLWVZBFe0lPmXIdcYQZsRMHDKSDTiTvfOLhbL3E1
E8eiBpYz9y9JYfFUqp/pdpfwasIwmCK78maF+b3jFPkZETK9UcBYnzsEXkncoQQd
QpSTR/V9LxnqSsmuqtya/DsrWMyib8FZN0E6PcS2eXoJzPN1SoxGGiLwJx8ERFat
mLPqszq0no5mqbMiYtPCWI46iucwgrkPM/YXQit+dbpIxkNdnv9PSnYci03GcjPs
+gDjI1SiPl2s04gbWZ1LcPCVYAJAE0xXzZ+rlBfPBRH9SsE1lyCwmFpIwwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ95yCVMvu5IzhTvXbml3CQ4V1f7MB8GA1UdIwQY
MBaAFPTgGP3f1CJRfDBp51ZYZXtA5zYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQt
NzBmOTRkNWVlNWZjLzEvbjNuSUpVeS03a2pPRk85ZHVhWGNKRGhYVl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQtNzBmOTRkNWVlNWZj
LzEvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAjYggAwQA
jYglAwQAw7+NAwQAw7+xMA0GCSqGSIb3DQEBCwUAA4IBAQBueYC1bv2sUNfvGcSs
gWbbopRj1n0Rw8nujCg1b1FK3WlsH5OlcPvihCEpyAhj+IJbuMIl8fP3C6PVdkbG
nVspteN544BCh3RBB8anXaYOb3yl2xOo5uQOr/dnh2s+Lc8LAbP+Bttd0LPW+SQk
VdWrRP/0nv456dNrD0PZREgCLzJAgMHCKJOItHbFs+ys/TmmEJNY8wC0XsThTvSM
3jDPs0qknAf7fHAVtp3hKI7ZTA1/lWID9sSayK1hlyRjrVawhx3+sCVsffqLUq5Q
5mBPQwhdaFOHQVZvNo3FTQxnSJi2Mpx+tDeQwmIJyK9f8mCeDBiRJ2ZrbGHNFm0c
liFM
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:21:00 2025 by rpki-client