Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Na_28p5X2sWN8sv8_19A0PM1GQk.roa
File: Na_28p5X2sWN8sv8_19A0PM1GQk.roa (raw, json)
Hash identifier: NB5iqjo9XMyvd7f8jM0tdObJtYp5tc3iJ3oMxlMdWT0=
Subject key identifier: 35:AF:F6:F2:9E:57:DA:C5:8D:F2:CB:FC:FF:5F:40:D0:F3:35:19:09
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 0189070ECCF1DED662531F8612EA206B7AE9
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Na_28p5X2sWN8sv8_19A0PM1GQk.roa
Signing time: Thu 29 Jun 2023 12:09:17 +0000
ROA not before: Thu 29 Jun 2023 12:09:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47869
IP address blocks: 109.235.48.0/21 maxlen: 21
178.239.48.0/20 maxlen: 20
94.185.80.0/21 maxlen: 21
185.149.56.0/22 maxlen: 22
91.208.164.0/24 maxlen: 24
194.110.67.0/24 maxlen: 24
37.46.192.0/22 maxlen: 22
91.205.232.0/22 maxlen: 22
37.46.199.0/24 maxlen: 24
91.199.50.0/24 maxlen: 24
37.46.196.0/23 maxlen: 23
185.24.248.0/22 maxlen: 22
31.171.132.0/22 maxlen: 22
94.228.208.0/20 maxlen: 20
2a00:dd0::/32 maxlen: 48
2a00:dd0:bbbb::/48 maxlen: 48
2a00:dd0:aaaa::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:07:0e:cc:f1:de:d6:62:53:1f:86:12:ea:20:6b:7a:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Jun 29 12:09:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35aff6f29e57dac58df2cbfcff5f40d0f3351909
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:0e:a7:61:36:77:1c:80:ca:98:94:e4:ca:c3:
ce:b3:06:16:81:7b:cf:7f:74:ec:6b:71:42:00:8b:
6a:b2:f9:8f:4c:25:6a:2e:b2:5d:4b:62:f2:18:e0:
58:3d:5f:1f:df:65:f5:e9:04:c1:63:07:a8:00:df:
58:f0:27:94:68:ea:39:ec:42:39:b3:bb:1c:98:ae:
66:85:48:c1:84:27:dd:5b:09:9b:ff:17:df:97:9b:
5c:c9:6f:51:25:f4:bd:94:d4:32:60:9d:00:fa:1c:
69:42:73:e0:41:75:4f:1b:e3:23:73:6e:31:b0:37:
3d:98:07:0c:10:4a:eb:37:c2:55:5b:a5:cd:60:17:
ba:7c:e2:cb:92:9a:e5:fb:11:35:79:c7:38:04:4c:
05:3c:c2:b3:89:16:cb:22:77:0a:ff:aa:62:45:bf:
da:cc:25:2a:a1:91:7a:2e:9f:39:e9:a2:dc:cd:c1:
70:46:1c:a4:a9:00:37:07:6a:4f:a1:35:c1:c8:01:
e1:c5:cb:76:56:27:26:bc:2e:d3:7a:61:4d:6d:7c:
99:fe:d0:14:17:dd:fe:f5:c0:15:24:e5:0c:53:4a:
ff:59:43:94:ba:0c:e7:03:08:60:a9:03:b9:35:3e:
72:0b:00:38:01:ba:25:f4:0d:ef:81:ee:50:da:53:
ef:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:AF:F6:F2:9E:57:DA:C5:8D:F2:CB:FC:FF:5F:40:D0:F3:35:19:09
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Na_28p5X2sWN8sv8_19A0PM1GQk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.132.0/22
37.46.192.0-37.46.197.255
37.46.199.0/24
91.199.50.0/24
91.205.232.0/22
91.208.164.0/24
94.185.80.0/21
94.228.208.0/20
109.235.48.0/21
178.239.48.0/20
185.24.248.0/22
185.149.56.0/22
194.110.67.0/24
IPv6:
2a00:dd0::/32
Signature Algorithm: sha256WithRSAEncryption
46:c8:7a:9d:f3:53:a3:85:dc:a4:98:51:41:74:c8:c8:c6:cc:
92:b1:ff:46:0a:f5:90:dd:0e:f1:cd:eb:d2:e0:db:75:2c:69:
34:f4:24:fd:c6:b7:85:b5:61:c4:04:23:fa:fc:2a:c7:b6:13:
56:f2:46:07:7c:a4:31:10:ae:ee:f8:d1:ad:0b:b2:34:9c:93:
38:02:1a:b3:2f:60:b9:01:7c:2f:fc:a6:cc:8b:4e:1b:15:51:
1a:d2:5e:47:75:39:23:a3:57:61:d5:3c:d1:56:46:b5:d6:5d:
32:0a:75:07:20:a1:cc:32:fb:f0:aa:dc:d5:60:dc:dc:f7:b8:
ee:09:1a:6b:5a:11:bc:8f:e7:3c:33:3a:19:a8:59:ea:cf:15:
71:a1:8b:64:a7:66:58:70:35:0d:dd:6e:eb:3e:bd:88:09:19:
53:cb:0d:6b:cc:b1:aa:6c:96:84:41:bb:8c:29:5f:07:c9:89:
75:35:d8:f2:4b:7d:30:66:6b:89:df:6d:d2:bf:62:a6:a7:54:
09:65:c9:98:aa:5a:a0:fd:f4:64:df:7d:28:d7:81:77:5a:16:
24:bb:06:19:4e:a3:65:b8:66:72:27:99:e7:b4:0a:50:b4:ad:
be:36:e3:28:d1:59:25:d4:1d:75:b7:c7:b2:e0:d9:bd:c8:69:
8f:05:10:f5
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYkHDszx3tZiUx+GEuoga3rpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjMwNjI5MTIwOTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWFmZjZmMjllNTdkYWM1OGRmMmNiZmNmZjVmNDBkMGYzMzUxOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQ6nYTZ3HIDKmJTkysPOswYWgXvP
f3Tsa3FCAItqsvmPTCVqLrJdS2LyGOBYPV8f32X16QTBYweoAN9Y8CeUaOo57EI5
s7scmK5mhUjBhCfdWwmb/xffl5tcyW9RJfS9lNQyYJ0A+hxpQnPgQXVPG+Mjc24x
sDc9mAcMEErrN8JVW6XNYBe6fOLLkprl+xE1ecc4BEwFPMKziRbLIncK/6piRb/a
zCUqoZF6Lp856aLczcFwRhykqQA3B2pPoTXByAHhxct2VicmvC7TemFNbXyZ/tAU
F93+9cAVJOUMU0r/WUOUugznAwhgqQO5NT5yCwA4Abol9A3vge5Q2lPvUQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFDWv9vKeV9rFjfLL/P9fQNDzNRkJMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvTmFfMjhwNVgyc1dOOHN2OF8xOUEwUE0xR1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWAwQCH6uEMAwD
BAYlLsADBAElLsQDBAAlLscDBABbxzIDBAJbzegDBABb0KQDBANeuVADBARe5NAD
BANt6zADBASy7zADBAK5GPgDBAK5lTgDBADCbkMwDQQCAAIwBwMFACoADdAwDQYJ
KoZIhvcNAQELBQADggEBAEbIep3zU6OF3KSYUUF0yMjGzJKx/0YK9ZDdDvHN69Lg
23UsaTT0JP3Gt4W1YcQEI/r8Kse2E1byRgd8pDEQru740a0LsjSckzgCGrMvYLkB
fC/8psyLThsVURrSXkd1OSOjV2HVPNFWRrXWXTIKdQcgocwy+/Cq3NVg3Nz3uO4J
GmtaEbyP5zwzOhmoWerPFXGhi2SnZlhwNQ3dbus+vYgJGVPLDWvMsapsloRBu4wp
XwfJiXU12PJLfTBma4nfbdK/YqanVAllyZiqWqD99GTffSjXgXdaFiS7BhlOo2W4
ZnInmee0ClC0rb424yjRWSXUHXW3x7Lg2b3IaY8FEPU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:12 2024 by rpki-client on console-ams.rpki-client.org