Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/NdbSKu5SsEfgtNm-Ou5d36se_4E.roa
File: NdbSKu5SsEfgtNm-Ou5d36se_4E.roa (raw, json)
Hash identifier: zTG0MIqjsORVphq8KoS/geTRRtXDxAv+v9HORsLPHow=
Subject key identifier: 35:D6:D2:2A:EE:52:B0:47:E0:B4:D9:BE:3A:EE:5D:DF:AB:1E:FF:81
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018CC56E1FA0EEF5D98790435E95F968E301
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/NdbSKu5SsEfgtNm-Ou5d36se_4E.roa
Signing time: Mon 01 Jan 2024 14:29:37 +0000
ROA not before: Mon 01 Jan 2024 14:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 64267
IP address blocks: 91.243.176.0/24 maxlen: 24
89.46.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:1f:a0:ee:f5:d9:87:90:43:5e:95:f9:68:e3:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 1 14:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=35d6d22aee52b047e0b4d9be3aee5ddfab1eff81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:20:55:95:d8:c9:71:82:9f:a6:7d:bf:5b:51:
b3:fe:74:63:56:54:76:fe:37:ec:eb:f2:0c:07:75:
3c:52:97:2e:5f:be:fd:72:6e:e9:b9:36:85:e5:1b:
b7:7d:19:85:c2:b1:6b:6f:c9:fa:7a:ff:31:4a:dd:
cf:43:3c:3d:b6:d0:ee:81:bd:b5:68:2a:1b:09:9b:
56:25:df:a2:49:c7:3e:49:ea:be:1b:a0:a5:21:f3:
22:5b:10:63:c7:aa:21:1b:53:51:0f:f2:8b:9d:34:
40:a9:8d:41:67:e9:87:0d:7d:13:55:4f:f8:d4:0c:
c8:4a:58:86:2f:32:bd:6a:bb:08:66:c0:2c:d5:cd:
eb:00:26:b6:f0:85:9c:71:91:16:48:77:b2:4e:59:
2f:f6:d5:de:f2:91:c3:08:40:92:5e:a5:f2:20:64:
7c:34:8c:5f:eb:6f:a7:d6:4d:7b:ac:54:f8:84:5b:
f8:03:51:ce:93:12:63:51:4d:7e:57:da:d4:79:a7:
8a:40:38:19:45:9f:36:f1:f9:33:bd:b2:d7:c3:f3:
8f:f6:ab:57:e7:24:13:5f:24:5f:b7:9c:dd:73:26:
86:09:78:61:74:43:51:c8:5b:89:34:5f:cd:ce:68:
da:62:2e:9e:86:1a:ca:20:5c:21:c1:c7:24:04:11:
cb:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:D6:D2:2A:EE:52:B0:47:E0:B4:D9:BE:3A:EE:5D:DF:AB:1E:FF:81
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/NdbSKu5SsEfgtNm-Ou5d36se_4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.8.0/24
91.243.176.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:04:9c:4f:95:75:18:a7:bb:18:7d:72:1e:ce:64:cb:9c:66:
4a:ec:ff:fa:4e:fe:ad:b0:97:a5:32:eb:17:c7:04:0c:d1:86:
6e:b9:79:bd:c6:55:d0:cf:bf:55:7f:6a:64:f7:54:52:c0:89:
15:e7:ee:2a:06:d0:52:50:42:49:34:63:e0:3f:6d:ff:23:39:
8d:28:7a:2d:5a:2a:ad:66:4f:4e:fd:3f:5c:ca:8e:6c:d7:83:
78:33:73:ef:fb:dc:35:8a:db:c4:78:3d:53:1f:6d:15:c2:64:
8c:85:64:c2:30:ce:d8:bb:2f:85:62:4a:15:12:e7:a3:e7:de:
e0:16:c5:e6:83:88:ee:45:ca:37:50:80:79:12:35:12:01:73:
ff:0f:4f:8b:b4:ee:c4:c9:c9:9f:19:c9:91:41:bf:20:0d:02:
3f:73:28:41:3e:82:62:35:a9:fc:41:e1:90:c2:5e:3e:75:77:
6f:3b:32:3a:d3:ad:a4:58:f4:ce:84:a3:60:68:3c:f6:be:5e:
db:69:f7:54:1f:98:f2:1d:9d:dd:81:d6:7d:9a:75:86:1b:b4:
ea:03:cd:16:cb:2f:9b:38:45:13:3a:c0:f3:92:46:6c:8f:40:
00:78:13:97:b9:e3:cc:96:a8:9e:66:40:37:51:54:fa:ec:2e:
c1:a9:c6:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbh+g7vXZh5BDXpX5aOMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQ2ZDIyYWVlNTJiMDQ3ZTBiNGQ5YmUzYWVlNWRkZmFiMWVmZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniBVldjJcYKfpn2/W1Gz/nRjVlR2
/jfs6/IMB3U8UpcuX779cm7puTaF5Ru3fRmFwrFrb8n6ev8xSt3PQzw9ttDugb21
aCobCZtWJd+iScc+Seq+G6ClIfMiWxBjx6ohG1NRD/KLnTRAqY1BZ+mHDX0TVU/4
1AzISliGLzK9arsIZsAs1c3rACa28IWccZEWSHeyTlkv9tXe8pHDCECSXqXyIGR8
NIxf62+n1k17rFT4hFv4A1HOkxJjUU1+V9rUeaeKQDgZRZ828fkzvbLXw/OP9qtX
5yQTXyRft5zdcyaGCXhhdENRyFuJNF/NzmjaYi6ehhrKIFwhwcckBBHLVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDXW0iruUrBH4LTZvjruXd+rHv+BMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvTmRiU0t1NVNzRWZndE5tLU91NWQzNnNlXzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS4IAwQA
W/OwMA0GCSqGSIb3DQEBCwUAA4IBAQBsBJxPlXUYp7sYfXIezmTLnGZK7P/6Tv6t
sJelMusXxwQM0YZuuXm9xlXQz79Vf2pk91RSwIkV5+4qBtBSUEJJNGPgP23/IzmN
KHotWiqtZk9O/T9cyo5s14N4M3Pv+9w1itvEeD1TH20VwmSMhWTCMM7Yuy+FYkoV
Euej597gFsXmg4juRco3UIB5EjUSAXP/D0+LtO7EycmfGcmRQb8gDQI/cyhBPoJi
Nan8QeGQwl4+dXdvOzI6062kWPTOhKNgaDz2vl7bafdUH5jyHZ3dgdZ9mnWGG7Tq
A80Wyy+bOEUTOsDzkkZsj0AAeBOXuePMlqieZkA3UVT67C7BqcYY
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:28:04 2025 by rpki-client