Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/nnzItRdz_1j3S3gPJirkJmb6HTc.roa
File: nnzItRdz_1j3S3gPJirkJmb6HTc.roa (raw, json)
Hash identifier: clMHKkdgIBMuTCOaWqe3SmkKxnEz7SgRWhXIivJj8kk=
Subject key identifier: 9E:7C:C8:B5:17:73:FF:58:F7:4B:78:0F:26:2A:E4:26:66:FA:1D:37
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 018D3389E61F789270A9263B2F5913C04952
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/nnzItRdz_1j3S3gPJirkJmb6HTc.roa
Signing time: Mon 22 Jan 2024 23:38:11 +0000
ROA not before: Mon 22 Jan 2024 23:38:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44477
IP address blocks: 94.131.2.0/24 maxlen: 24
94.131.3.0/24 maxlen: 24
94.131.8.0/21 maxlen: 24
94.131.96.0/24 maxlen: 24
94.131.97.0/24 maxlen: 24
94.131.98.0/24 maxlen: 24
94.131.99.0/24 maxlen: 24
94.131.100.0/24 maxlen: 24
94.131.101.0/24 maxlen: 24
94.131.102.0/24 maxlen: 24
94.131.103.0/24 maxlen: 24
94.131.104.0/24 maxlen: 24
94.131.105.0/24 maxlen: 24
94.131.106.0/24 maxlen: 24
94.131.107.0/24 maxlen: 24
94.131.108.0/24 maxlen: 24
94.131.109.0/24 maxlen: 24
94.131.110.0/24 maxlen: 24
94.131.111.0/24 maxlen: 24
94.131.112.0/24 maxlen: 24
94.131.113.0/24 maxlen: 24
94.131.114.0/24 maxlen: 24
94.131.115.0/24 maxlen: 24
94.131.116.0/24 maxlen: 24
94.131.117.0/24 maxlen: 24
94.131.118.0/24 maxlen: 24
94.131.119.0/24 maxlen: 24
94.131.120.0/22 maxlen: 24
95.164.0.0/22 maxlen: 24
95.164.8.0/22 maxlen: 24
95.164.16.0/22 maxlen: 24
95.164.21.0/24 maxlen: 24
95.164.22.0/24 maxlen: 24
95.164.23.0/24 maxlen: 24
95.164.32.0/21 maxlen: 24
95.164.44.0/22 maxlen: 24
95.164.51.0/24 maxlen: 24
95.164.60.0/22 maxlen: 24
95.164.68.0/24 maxlen: 24
95.164.69.0/24 maxlen: 24
95.164.84.0/22 maxlen: 24
95.164.88.0/24 maxlen: 24
95.164.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:33:89:e6:1f:78:92:70:a9:26:3b:2f:59:13:c0:49:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jan 22 23:38:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9e7cc8b51773ff58f74b780f262ae42666fa1d37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:f0:10:88:3a:12:85:c0:e3:da:60:34:a1:d3:
b6:38:63:84:2d:97:98:50:ed:fb:dd:f7:2d:59:28:
a4:9d:7e:55:25:6e:d3:5d:4c:8a:95:09:00:4b:4d:
26:f7:4c:8c:aa:aa:be:e4:df:2f:f8:5d:e4:0a:d6:
e0:aa:d5:c8:d6:38:86:2f:6a:79:52:f8:ef:6c:94:
86:3b:14:8c:0b:b6:08:e5:c2:3a:a2:ab:86:1e:8f:
61:ff:4d:43:b9:8d:49:76:c9:d4:23:95:b2:52:ed:
6c:6a:7b:db:62:16:04:c0:a2:2a:16:5a:40:2c:f4:
7a:c8:24:92:80:13:3e:39:b6:8b:01:24:e7:b4:f0:
a5:8c:bc:e0:b5:8d:90:39:ac:d7:e7:cf:f1:65:4f:
76:7a:47:e2:35:8d:6c:9c:a4:a8:a6:91:bf:bf:f6:
37:1c:cf:68:74:6e:9f:aa:33:0b:56:d9:27:f1:4d:
fd:9c:63:b4:29:5d:30:00:4f:ee:22:a2:50:93:95:
1f:0d:4c:b7:5d:5c:80:23:04:f2:06:c0:4e:3e:ad:
dd:64:55:28:1a:a3:b2:7e:c6:9e:c1:3b:9d:f6:0c:
21:b8:1e:62:54:ac:de:d7:d1:79:4b:52:6e:98:44:
46:3b:1c:6b:3e:fc:2c:c6:94:ad:c4:ab:e9:9b:83:
c4:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:7C:C8:B5:17:73:FF:58:F7:4B:78:0F:26:2A:E4:26:66:FA:1D:37
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/nnzItRdz_1j3S3gPJirkJmb6HTc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.2.0/23
94.131.8.0/21
94.131.96.0-94.131.123.255
95.164.0.0/22
95.164.8.0/22
95.164.16.0/22
95.164.21.0-95.164.23.255
95.164.32.0/21
95.164.44.0/22
95.164.51.0/24
95.164.60.0/22
95.164.68.0/23
95.164.84.0-95.164.89.255
Signature Algorithm: sha256WithRSAEncryption
4f:ff:31:64:9f:70:97:3d:61:0f:62:06:fe:c3:93:7e:89:1f:
83:65:e0:1f:c6:5e:62:74:60:ab:25:b7:e8:e0:11:b7:4e:14:
2f:10:70:68:a0:8a:ee:e0:ec:6f:5e:b3:50:4e:ef:5e:c0:bb:
c2:38:a8:41:bc:3d:e6:7a:50:f5:bd:4c:7f:d0:a5:57:fe:71:
1e:cf:ef:67:97:90:3e:7a:b7:89:b6:29:f0:46:06:c7:98:05:
5c:e6:c3:b8:4c:64:23:19:e0:7e:66:52:10:99:27:fb:5b:49:
67:dc:5e:a0:76:8a:4d:71:8c:94:51:ca:96:21:77:67:55:bc:
d7:44:6c:ff:09:cb:4b:6b:36:c9:75:41:5b:c2:42:23:2c:7e:
27:75:62:75:53:8b:1e:4f:db:ff:c1:27:b8:62:fd:f1:7e:04:
c7:e4:32:26:ae:be:48:03:7d:b5:8a:19:de:0c:3c:ec:55:fc:
4c:a1:bc:9d:44:07:39:42:1e:4d:02:46:ba:17:65:ef:9f:47:
b5:c3:13:e1:c4:16:10:31:bd:4c:f2:6c:20:df:c9:1a:5f:4e:
70:11:33:de:af:57:5b:4a:a8:ab:bf:bf:8a:18:0b:95:97:6f:
6c:f4:df:63:fc:36:b5:b5:d2:64:1a:f7:46:7a:71:97:ea:dd:
ac:3b:0c:07
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAY0zieYfeJJwqSY7L1kTwElSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTIyMjMzODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTdjYzhiNTE3NzNmZjU4Zjc0Yjc4MGYyNjJhZTQyNjY2ZmExZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPAQiDoShcDj2mA0odO2OGOELZeY
UO373fctWSiknX5VJW7TXUyKlQkAS00m90yMqqq+5N8v+F3kCtbgqtXI1jiGL2p5
UvjvbJSGOxSMC7YI5cI6oquGHo9h/01DuY1JdsnUI5WyUu1sanvbYhYEwKIqFlpA
LPR6yCSSgBM+ObaLASTntPCljLzgtY2QOazX58/xZU92ekfiNY1snKSoppG/v/Y3
HM9odG6fqjMLVtkn8U39nGO0KV0wAE/uIqJQk5UfDUy3XVyAIwTyBsBOPq3dZFUo
GqOyfsaewTud9gwhuB5iVKze19F5S1JumERGOxxrPvwsxpStxKvpm4PEewIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFJ58yLUXc/9Y90t4DyYq5CZm+h03MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvbm56SXRSZHpfMWozUzNnUEppcmtKbWI2SFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQBXoMCAwQD
XoMIMAwDBAVeg2ADBAJeg3gDBAJfpAADBAJfpAgDBAJfpBAwDAMEAF+kFQMEA1+k
EAMEA1+kIAMEAl+kLAMEAF+kMwMEAl+kPAMEAV+kRDAMAwQCX6RUAwQBX6RYMA0G
CSqGSIb3DQEBCwUAA4IBAQBP/zFkn3CXPWEPYgb+w5N+iR+DZeAfxl5idGCrJbfo
4BG3ThQvEHBooIru4OxvXrNQTu9ewLvCOKhBvD3melD1vUx/0KVX/nEez+9nl5A+
ereJtinwRgbHmAVc5sO4TGQjGeB+ZlIQmSf7W0ln3F6gdopNcYyUUcqWIXdnVbzX
RGz/CctLazbJdUFbwkIjLH4ndWJ1U4seT9v/wSe4Yv3xfgTH5DImrr5IA321ihne
DDzsVfxMobydRAc5Qh5NAka6F2Xvn0e1wxPhxBYQMb1M8mwg38kaX05wETPer1db
Sqirv7+KGAuVl29s9N9j/Da1tdJkGvdGenGX6t2sOwwH
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:06:14 2025 by rpki-client