Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/N2cnTdMWjD7MWXX83DeOzHJCdQE.roa
File: N2cnTdMWjD7MWXX83DeOzHJCdQE.roa (raw, json)
Hash identifier: TLJ2XSPM57qfX1CchOOmlOx44ccyFCN7YgjQcEl7+w8=
Subject key identifier: 37:67:27:4D:D3:16:8C:3E:CC:59:75:FC:DC:37:8E:CC:72:42:75:01
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 018C2B1761265F9FD7BEC177C531B3D7885F
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/N2cnTdMWjD7MWXX83DeOzHJCdQE.roa
Signing time: Sat 02 Dec 2023 15:13:21 +0000
ROA not before: Sat 02 Dec 2023 15:13:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47869
IP address blocks: 109.235.48.0/21 maxlen: 21
194.110.67.0/24 maxlen: 24
37.46.192.0/21 maxlen: 24
91.205.232.0/22 maxlen: 22
91.199.50.0/24 maxlen: 24
94.185.80.0/21 maxlen: 21
31.171.132.0/22 maxlen: 24
31.171.131.0/24 maxlen: 24
94.228.208.0/20 maxlen: 20
2a00:dd0::/32 maxlen: 48
2a00:dd0:bbbb::/48 maxlen: 48
2a00:dd0:aaaa::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:2b:17:61:26:5f:9f:d7:be:c1:77:c5:31:b3:d7:88:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Dec 2 15:13:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3767274dd3168c3ecc5975fcdc378ecc72427501
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:f1:1c:1d:68:16:a2:57:85:fb:53:a1:40:33:
f8:66:92:38:3f:b2:21:ba:dc:fc:fd:21:43:6b:0b:
dd:13:e3:79:e9:f0:2f:f8:cf:ea:65:91:9a:f6:16:
d3:46:08:1b:44:cd:40:2e:f0:da:61:8c:f5:1b:32:
0a:7f:a4:11:12:c2:38:d6:2c:fb:1c:20:c3:cb:ca:
03:85:2c:db:93:57:ca:5a:cf:1f:ad:fb:40:4e:0f:
9e:51:be:db:81:34:26:ed:e1:1c:4b:24:ae:b2:80:
1e:22:de:b2:58:34:e0:97:95:ac:4b:50:6a:ba:91:
12:18:51:e2:a6:e5:66:dc:4f:f5:83:6a:dd:43:70:
2a:50:30:48:45:50:c8:f2:77:e2:08:f3:57:2c:8d:
14:a0:58:8b:f0:9f:66:c3:93:34:a3:f3:f0:9a:43:
42:7b:ef:33:f6:03:bf:27:eb:35:6d:ac:72:cf:d6:
a9:38:78:37:0b:f0:29:7e:14:39:1c:ef:60:b5:9f:
87:19:9e:5f:17:0d:a7:2b:b6:26:18:c2:05:e1:c0:
bb:8a:27:fd:39:7f:26:c1:b7:b8:ef:ff:2a:16:57:
15:d1:ac:f4:14:7f:41:13:d0:fa:9e:a6:18:ca:20:
45:97:63:5a:2a:9b:a0:a7:eb:f3:ee:61:f5:c6:66:
80:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:67:27:4D:D3:16:8C:3E:CC:59:75:FC:DC:37:8E:CC:72:42:75:01
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/N2cnTdMWjD7MWXX83DeOzHJCdQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.131.0-31.171.135.255
37.46.192.0/21
91.199.50.0/24
91.205.232.0/22
94.185.80.0/21
94.228.208.0/20
109.235.48.0/21
194.110.67.0/24
IPv6:
2a00:dd0::/32
Signature Algorithm: sha256WithRSAEncryption
27:dc:c3:5f:04:d6:f3:51:01:9e:6d:04:58:75:73:62:01:d5:
b1:a4:e1:e7:c5:ce:29:26:49:35:ff:7c:8c:42:d6:5c:eb:7f:
1b:07:56:75:57:ab:27:56:76:2e:3f:95:d6:ae:63:26:76:71:
cb:2a:ce:b6:83:f2:c6:35:f8:16:92:5d:50:ec:98:3e:c7:f5:
e8:01:61:af:60:3a:93:ba:f5:f3:24:d4:fc:4b:cf:6b:cd:0d:
14:4b:32:5d:11:e7:58:d7:25:0f:11:62:fe:eb:8e:30:28:93:
dc:d4:59:00:6a:df:01:93:34:f5:47:e6:0b:04:23:9c:5b:39:
fc:f7:9d:bb:73:ba:86:35:db:61:74:56:b9:43:e7:96:03:2f:
f4:a9:67:db:31:1c:d0:11:c7:76:45:84:61:17:59:a8:cd:b2:
06:93:a3:18:cc:97:7e:db:25:20:21:5b:33:5a:e3:4e:44:84:
99:a6:36:d3:05:bc:cf:f1:00:dc:fc:87:f1:aa:5d:95:f5:63:
fb:b2:6d:22:c4:0a:c9:db:8e:bf:0e:3e:7a:a1:e5:ca:11:50:
81:a7:21:79:ad:66:57:91:46:94:20:26:5b:a7:24:58:af:3e:
8e:f2:75:63:d5:5a:ed:7e:61:53:12:b7:08:22:2f:f6:a4:90:
8c:f9:9a:b5
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYwrF2EmX5/XvsF3xTGz14hfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjMxMjAyMTUxMzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzY3Mjc0ZGQzMTY4YzNlY2M1OTc1ZmNkYzM3OGVjYzcyNDI3NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPEcHWgWoleF+1OhQDP4ZpI4P7Ih
utz8/SFDawvdE+N56fAv+M/qZZGa9hbTRggbRM1ALvDaYYz1GzIKf6QREsI41iz7
HCDDy8oDhSzbk1fKWs8frftATg+eUb7bgTQm7eEcSySusoAeIt6yWDTgl5WsS1Bq
upESGFHipuVm3E/1g2rdQ3AqUDBIRVDI8nfiCPNXLI0UoFiL8J9mw5M0o/PwmkNC
e+8z9gO/J+s1baxyz9apOHg3C/ApfhQ5HO9gtZ+HGZ5fFw2nK7YmGMIF4cC7iif9
OX8mwbe47/8qFlcV0az0FH9BE9D6nqYYyiBFl2NaKpugp+vz7mH1xmaAeQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDdnJ03TFow+zFl1/Nw3jsxyQnUBMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvTjJjblRkTVdqRDdNV1hYODNEZU96SEpDZFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4MAwDBAAfq4MD
BAMfq4ADBAMlLsADBABbxzIDBAJbzegDBANeuVADBARe5NADBANt6zADBADCbkMw
DQQCAAIwBwMFACoADdAwDQYJKoZIhvcNAQELBQADggEBACfcw18E1vNRAZ5tBFh1
c2IB1bGk4efFzikmSTX/fIxC1lzrfxsHVnVXqydWdi4/ldauYyZ2ccsqzraD8sY1
+BaSXVDsmD7H9egBYa9gOpO69fMk1PxLz2vNDRRLMl0R51jXJQ8RYv7rjjAok9zU
WQBq3wGTNPVH5gsEI5xbOfz3nbtzuoY122F0VrlD55YDL/SpZ9sxHNARx3ZFhGEX
WajNsgaToxjMl37bJSAhWzNa405EhJmmNtMFvM/xANz8h/GqXZX1Y/uybSLECsnb
jr8OPnqh5coRUIGnIXmtZleRRpQgJlunJFivPo7ydWPVWu1+YVMStwgiL/akkIz5
mrU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:12 2024 by rpki-client on console-ams.rpki-client.org