Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NXXFkEz0hL_sg9Q2t2CrzGdl-ps.roa
File: NXXFkEz0hL_sg9Q2t2CrzGdl-ps.roa (raw, json)
Hash identifier: KQYTS+uev45O4MyKckvAGoV18Umt8HZB/vAkINE/VME=
Subject key identifier: 35:75:C5:90:4C:F4:84:BF:EC:83:D4:36:B7:60:AB:CC:67:65:FA:9B
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018E332C4D2B07A25068B3461ACD1205A4F1
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NXXFkEz0hL_sg9Q2t2CrzGdl-ps.roa
Signing time: Tue 12 Mar 2024 14:58:45 +0000
ROA not before: Tue 12 Mar 2024 14:58:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 13285
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
81.6.192.0/18 maxlen: 24
82.133.0.0/17 maxlen: 24
84.12.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.0.0.0/11 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
195.112.0.0/18 maxlen: 24
195.149.0.0/18 maxlen: 24
212.139.24.0/24 maxlen: 24
212.139.133.0/24 maxlen: 24
212.139.148.0/22 maxlen: 22
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
2001:7e0::/32 maxlen: 32
2001:4a00::/27 maxlen: 27
2a00:4340::/32 maxlen: 32
2a0b:db00::/29 maxlen: 29
2a0b:e900::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:33:2c:4d:2b:07:a2:50:68:b3:46:1a:cd:12:05:a4:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Mar 12 14:58:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3575c5904cf484bfec83d436b760abcc6765fa9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:f7:65:67:62:cd:d3:40:8d:93:84:8c:57:26:
a3:45:7a:d2:bb:48:cd:df:a0:57:61:46:87:f8:73:
4c:77:dc:4e:06:c8:e7:d3:bc:1d:17:42:28:36:3e:
7b:31:10:a5:48:b4:d0:5a:88:d0:7c:0d:cc:95:53:
c5:ab:62:26:b0:f7:f0:52:0e:e2:e2:c9:95:03:c5:
2b:99:95:68:95:cf:49:df:44:73:85:f7:a0:8c:3c:
9a:9f:0f:3b:39:45:6c:64:01:92:a3:b3:52:bd:9f:
f3:a7:9f:82:b1:ac:0d:8e:d3:11:33:3b:7c:85:43:
52:2a:14:b1:5d:be:c9:99:62:21:c5:81:d4:97:23:
97:45:32:9c:ef:37:84:44:37:16:6c:fa:e4:63:96:
27:0a:59:77:31:14:b9:e2:2c:85:aa:ef:44:91:f5:
9d:68:9d:ae:09:46:76:76:e2:c1:00:a2:e1:33:70:
88:76:f3:af:f3:e3:55:ce:1d:44:93:c5:b0:50:5c:
2f:9d:2e:5f:a1:91:9c:56:4a:e1:67:cf:da:0b:f7:
01:87:6f:fa:49:f7:c1:ee:92:50:57:e7:8f:ff:84:
6c:31:00:54:39:46:6f:ad:72:58:ca:26:14:ed:1b:
05:27:fb:ac:80:35:59:09:2f:67:ff:bb:51:39:12:
bb:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:75:C5:90:4C:F4:84:BF:EC:83:D4:36:B7:60:AB:CC:67:65:FA:9B
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NXXFkEz0hL_sg9Q2t2CrzGdl-ps.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
81.6.192.0/18
82.133.0.0/17
84.12.0.0/16
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.144.0/22
193.218.99.0/24
195.112.0.0/18
195.149.0.0/18
212.139.24.0/24
212.139.133.0/24
212.139.148.0/22
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a00:4340::/32
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
3f:26:06:13:46:16:20:f2:a9:fa:f7:a5:4b:bc:9d:21:ce:ec:
f4:35:75:6a:8a:26:e0:e0:2e:01:03:4f:f5:1d:9e:e7:49:65:
62:ba:c3:ec:4e:b3:a9:06:d9:59:91:d6:76:52:00:f1:7d:9a:
77:0e:88:8c:be:2b:d1:b6:ff:3b:95:e6:0f:09:4b:57:a2:1c:
1c:cc:63:e9:0b:39:2f:f4:c4:0e:ba:45:0b:47:7c:ae:e0:d9:
e9:f8:57:5a:72:44:5c:03:7d:1a:b4:9e:80:5d:c5:38:ed:e6:
91:31:77:0b:de:5e:86:a3:7a:d5:41:45:6a:ac:52:66:45:31:
78:97:aa:9b:f2:e8:aa:70:ef:13:31:05:f6:50:d9:fb:a3:af:
9a:b7:86:da:ff:a3:48:bf:b4:be:ea:d0:22:71:7e:98:e5:db:
33:1f:04:e4:e6:3e:cc:5c:30:e5:d1:79:f2:22:e8:be:cd:f3:
13:f7:72:ca:58:23:78:30:28:01:9c:df:73:7a:b7:ee:a2:cd:
8a:fa:bb:08:0b:ac:1d:23:5c:4e:99:6f:5d:d5:c4:32:a3:ea:
02:7d:d8:af:5b:49:82:76:25:a9:1c:3f:17:f3:d7:ee:bc:6f:
99:ed:4f:cc:01:69:31:61:91:4d:b4:64:ba:e5:9a:d5:a8:57:
e3:97:8b:5a
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAY4zLE0rB6JQaLNGGs0SBaTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjQwMzEyMTQ1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTc1YzU5MDRjZjQ4NGJmZWM4M2Q0MzZiNzYwYWJjYzY3NjVmYTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPdlZ2LN00CNk4SMVyajRXrSu0jN
36BXYUaH+HNMd9xOBsjn07wdF0IoNj57MRClSLTQWojQfA3MlVPFq2ImsPfwUg7i
4smVA8UrmZVolc9J30RzhfegjDyanw87OUVsZAGSo7NSvZ/zp5+CsawNjtMRMzt8
hUNSKhSxXb7JmWIhxYHUlyOXRTKc7zeERDcWbPrkY5YnCll3MRS54iyFqu9EkfWd
aJ2uCUZ2duLBAKLhM3CIdvOv8+NVzh1Ek8WwUFwvnS5foZGcVkrhZ8/aC/cBh2/6
SffB7pJQV+eP/4RsMQBUOUZvrXJYyiYU7RsFJ/usgDVZCS9n/7tRORK7KwIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFDV1xZBM9IS/7IPUNrdgq8xnZfqbMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvTlhYRmtFejBoTF9zZzlRMnQyQ3J6R2RsLXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHVBggrBgEFBQcBBwEB/wSBxTCBwjCBlAQCAAEwgY0DAwMC
YAMEBj4DwAMEBz4YgAMEBT7xoAMDA06QAwQGUQbAAwQHUoUAAwMAVAwDAwJZ8AME
A1uScAMDBVwAAwQCuXDUMAwDBAK5rXQDBAK5rXgDBAK5r5ADBADB2mMDBAbDcAAD
BAbDlQADBADUixgDBADUi4UDBALUi5QDBAbV0EADBAXZCAADBATZRIAwKQQCAAIw
IwMFACABB+ADBQUgAUoAAwUAKgBDQAMFAyoL2wADBQMqC+kAMA0GCSqGSIb3DQEB
CwUAA4IBAQA/JgYTRhYg8qn696VLvJ0hzuz0NXVqiibg4C4BA0/1HZ7nSWViusPs
TrOpBtlZkdZ2UgDxfZp3DoiMvivRtv87leYPCUtXohwczGPpCzkv9MQOukULR3yu
4Nnp+FdackRcA30atJ6AXcU47eaRMXcL3l6Go3rVQUVqrFJmRTF4l6qb8uiqcO8T
MQX2UNn7o6+at4ba/6NIv7S+6tAicX6Y5dszHwTk5j7MXDDl0XnyIui+zfMT93LK
WCN4MCgBnN9zerfuos2K+rsIC6wdI1xOmW9d1cQyo+oCfdivW0mCdiWpHD8X89fu
vG+Z7U/MAWkxYZFNtGS65ZrVqFfjl4ta
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:45:01 2025 by rpki-client