Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/N3OGJgjbzcBbyp2quqR2U-VyPJE.roa
File: N3OGJgjbzcBbyp2quqR2U-VyPJE.roa (raw, json)
Hash identifier: ijU0XyThTpqQjaAC3OAS13q0FW+5FvDjabGIkJFueDQ=
Subject key identifier: 37:73:86:26:08:DB:CD:C0:5B:CA:9D:AA:BA:A4:76:53:E5:72:3C:91
Certificate issuer: /CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Certificate serial: 0194221F814589F2157EC670D536FF7E754C
Authority key identifier: 0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/N3OGJgjbzcBbyp2quqR2U-VyPJE.roa
Signing time: Wed 01 Jan 2025 13:47:57 +0000
ROA not before: Wed 01 Jan 2025 13:47:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211261
IP address blocks: 103.226.194.0/23 maxlen: 23
103.229.168.0/24 maxlen: 24
103.229.171.0/24 maxlen: 24
185.145.70.0/24 maxlen: 24
185.145.71.0/24 maxlen: 24
185.223.176.0/22 maxlen: 22
185.223.176.0/24 maxlen: 24
185.223.177.0/24 maxlen: 24
185.223.178.0/24 maxlen: 24
185.223.179.0/24 maxlen: 24
185.237.212.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:81:45:89:f2:15:7e:c6:70:d5:36:ff:7e:75:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Validity
Not Before: Jan 1 13:47:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3773862608dbcdc05bca9daabaa47653e5723c91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:91:bd:d2:8a:38:f9:42:87:01:ef:91:7f:fd:
09:30:5d:b5:99:26:19:bc:b4:9e:69:cf:34:bb:89:
6b:79:b6:dd:f4:41:1d:69:ce:1f:0e:e7:86:24:65:
b8:25:65:e1:59:53:19:ac:b0:58:4d:57:38:93:9a:
87:da:91:b2:f3:06:60:dc:15:13:e6:46:eb:e3:2d:
8e:cc:9b:4c:c9:1b:cd:b7:5b:0b:e5:b4:03:00:35:
08:b7:05:80:80:b4:40:57:cb:a5:f5:9f:1f:ff:e6:
d4:3c:82:a6:69:cf:67:b1:41:68:3a:1a:e0:fe:d1:
5e:72:15:b5:2a:65:b5:48:c9:e0:6f:1b:b6:94:87:
26:8c:38:36:9f:26:05:c7:78:c8:e1:af:79:a9:9f:
42:42:34:2c:a6:1e:91:e2:62:72:20:4a:b8:63:78:
7b:37:a0:c9:53:b4:b5:9c:bc:53:05:2a:6d:66:21:
a1:5c:c5:de:da:3a:92:95:63:6e:5a:aa:2f:7e:27:
49:00:9e:05:8a:10:fd:5f:87:8f:ab:9a:0f:a6:ea:
c0:54:cf:72:12:bc:ff:dc:0b:4e:09:92:60:98:b4:
23:f2:b5:39:91:93:f6:cb:0d:96:45:6b:0b:f2:84:
fe:98:c7:f5:b5:5b:ba:1a:86:3b:1b:6f:ab:83:a6:
3c:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:73:86:26:08:DB:CD:C0:5B:CA:9D:AA:BA:A4:76:53:E5:72:3C:91
X509v3 Authority Key Identifier:
keyid:0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/N3OGJgjbzcBbyp2quqR2U-VyPJE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.226.194.0/23
103.229.168.0/24
103.229.171.0/24
185.145.70.0/23
185.223.176.0/22
185.237.212.0/24
Signature Algorithm: sha256WithRSAEncryption
59:f0:fe:69:d8:4a:2b:0c:82:ef:b1:a0:ba:46:e0:16:a4:5a:
bf:7d:ec:08:32:60:cb:86:1f:9b:67:3d:8a:28:3b:4a:9d:f1:
4c:b4:e6:53:d7:dc:19:9d:ec:e4:3b:a9:e0:6b:94:06:36:a1:
29:e9:b9:71:69:64:56:d1:f9:83:3f:45:bf:d6:00:e2:45:7c:
80:f5:99:f0:01:34:8c:1c:24:da:12:44:47:f4:90:b6:1b:a4:
bb:c5:69:0b:a8:cb:3a:31:e4:0e:36:e6:52:05:ed:6c:39:93:
4e:2b:62:c4:f6:17:ee:04:a9:b8:11:f5:10:f5:42:07:9c:18:
1f:ef:86:ef:78:53:20:51:d4:74:ef:ab:f5:ec:23:89:34:0a:
07:f9:b8:81:19:a4:2b:48:6d:30:18:94:66:53:f9:e6:cc:09:
0c:c7:df:d1:57:20:7f:c4:7a:72:85:ec:4b:67:90:12:f2:8b:
68:de:4e:bc:23:b4:86:87:34:a6:92:ce:26:8c:00:98:b9:d4:
4e:5c:44:ac:07:30:a2:5a:f0:f3:16:63:5a:cb:40:be:0b:e0:
4b:64:ef:bc:a7:24:41:d8:a1:31:47:e2:88:7d:6c:be:41:89:
a2:14:ba:c2:57:b9:07:1e:03:d1:25:be:77:1f:4a:91:0c:86:
97:05:49:5b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQiH4FFifIVfsZw1Tb/fnVMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWU3MmYzZDA5NTdmNWE2ZTNiZDFiODQ0YTEyYTYxNDc0
NDkwMjcwHhcNMjUwMTAxMTM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzczODYyNjA4ZGJjZGMwNWJjYTlkYWFiYWE0NzY1M2U1NzIzYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5G90oo4+UKHAe+Rf/0JMF21mSYZ
vLSeac80u4lrebbd9EEdac4fDueGJGW4JWXhWVMZrLBYTVc4k5qH2pGy8wZg3BUT
5kbr4y2OzJtMyRvNt1sL5bQDADUItwWAgLRAV8ul9Z8f/+bUPIKmac9nsUFoOhrg
/tFechW1KmW1SMngbxu2lIcmjDg2nyYFx3jI4a95qZ9CQjQsph6R4mJyIEq4Y3h7
N6DJU7S1nLxTBSptZiGhXMXe2jqSlWNuWqovfidJAJ4FihD9X4ePq5oPpurAVM9y
Erz/3AtOCZJgmLQj8rU5kZP2yw2WRWsL8oT+mMf1tVu6GoY7G2+rg6Y8dQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDdzhiYI283AW8qdqrqkdlPlcjyRMB8GA1UdIwQY
MBaAFAsecvPQlX9abjvRuEShKmFHRJAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQt
MDU0OGQzODk1YTU1LzEvTjNPR0pnamJ6Y0JieXAycXVxUjJVLVZ5UEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQtMDU0OGQzODk1YTU1
LzEvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBZ+LCAwQA
Z+WoAwQAZ+WrAwQBuZFGAwQCud+wAwQAue3UMA0GCSqGSIb3DQEBCwUAA4IBAQBZ
8P5p2EorDILvsaC6RuAWpFq/fewIMmDLhh+bZz2KKDtKnfFMtOZT19wZnezkO6ng
a5QGNqEp6blxaWRW0fmDP0W/1gDiRXyA9ZnwATSMHCTaEkRH9JC2G6S7xWkLqMs6
MeQONuZSBe1sOZNOK2LE9hfuBKm4EfUQ9UIHnBgf74bveFMgUdR076v17COJNAoH
+biBGaQrSG0wGJRmU/nmzAkMx9/RVyB/xHpyhexLZ5AS8oto3k68I7SGhzSmks4m
jACYudROXESsBzCiWvDzFmNay0C+C+BLZO+8pyRB2KExR+KIfWy+QYmiFLrCV7kH
HgPRJb53H0qRDIaXBUlb
-----END CERTIFICATE-----
Generated at Sat Apr 19 00:50:41 2025 by rpki-client