Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/nkOQc03Kk7YWHPrtzbaPSK6138w.roa
File: nkOQc03Kk7YWHPrtzbaPSK6138w.roa (raw, json)
Hash identifier: ybOv41prEJkx7+OfEETG4G/IPh8tTdsVJ1fyvpFVemc=
Subject key identifier: 9E:43:90:73:4D:CA:93:B6:16:1C:FA:ED:CD:B6:8F:48:AE:B5:DF:CC
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 0979C197
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/nkOQc03Kk7YWHPrtzbaPSK6138w.roa
Signing time: Sat 01 Jan 2022 13:07:17 +0000
ROA not before: Sat 01 Jan 2022 13:07:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49617
IP address blocks: 91.215.60.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 158974359 (0x979c197)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 1 13:07:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9e4390734dca93b6161cfaedcdb68f48aeb5dfcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:db:71:37:41:08:c4:37:06:02:26:8b:b7:f2:
14:17:46:85:ba:d2:a5:c2:2b:e1:78:87:f2:ff:c7:
c5:33:1f:0a:13:99:32:e6:0b:0e:e8:47:a2:4c:6d:
fb:8c:7f:82:3c:c8:b3:2e:b9:31:2e:45:ce:76:60:
ed:04:43:25:07:55:34:14:24:2e:55:d5:9c:6b:b2:
61:4c:dd:a5:ee:2b:0f:c2:3a:66:ca:60:81:6b:e4:
20:25:8d:9b:5f:82:52:c1:c7:d4:b0:c5:95:70:fa:
3f:63:05:8e:36:e1:dd:23:99:ab:b7:0f:b5:15:d8:
1e:70:2e:e7:0a:a6:61:a7:12:2e:c3:74:51:76:f6:
48:fc:46:0a:a1:89:25:51:75:de:b5:22:a1:fe:de:
1f:06:f6:19:5c:e1:fe:12:d0:f7:33:51:7d:d5:4e:
c4:fc:22:85:3b:bd:f1:1e:1f:21:21:f8:e0:d2:5d:
a6:11:5a:cb:59:7a:e4:47:9b:29:37:7f:12:c1:7a:
e4:b3:7b:68:92:b0:bd:a1:b1:18:1c:7b:d7:b8:00:
94:0f:c6:93:70:c3:33:1d:81:d6:0f:59:da:d9:f4:
d1:a5:4b:b7:79:3a:51:6b:b2:7d:1f:d9:f1:1e:59:
28:be:76:7e:41:56:72:24:fb:07:29:30:2e:51:71:
14:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:43:90:73:4D:CA:93:B6:16:1C:FA:ED:CD:B6:8F:48:AE:B5:DF:CC
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/nkOQc03Kk7YWHPrtzbaPSK6138w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.215.60.0/22
Signature Algorithm: sha256WithRSAEncryption
07:17:26:96:1e:46:c7:c1:33:6b:f3:4a:69:87:3a:a9:54:1f:
4e:dd:bb:28:07:e8:a3:32:d7:2c:4f:0e:4e:c7:1b:dc:91:fd:
17:69:0c:99:99:c6:0e:81:96:bc:b4:90:03:d1:73:18:54:60:
00:d0:1e:40:86:aa:41:77:73:3f:19:63:88:86:64:f2:26:87:
a2:b6:09:c4:30:a3:17:ca:e2:6c:a3:7d:d3:32:3b:90:3d:a3:
84:c3:a7:99:95:3b:ba:84:8f:f6:1a:a0:ca:44:99:43:79:aa:
fb:b6:3c:5d:56:5c:40:4e:c0:b0:dd:4f:35:df:cd:0c:3a:a3:
56:b2:d6:5a:13:29:92:95:cd:2d:15:bf:48:0d:7b:31:20:04:
43:5f:af:d8:eb:47:5b:10:54:26:e6:01:2a:2b:31:68:aa:eb:
62:d3:5d:dc:41:94:89:63:a7:ae:8a:92:cf:df:be:aa:3b:3a:
13:5f:d5:f6:ba:f8:7c:83:57:be:c4:a7:54:6e:71:45:ff:ad:
5e:1c:e8:97:cd:8c:ed:f1:75:7f:3e:84:00:a0:48:2b:73:a5:
e2:f9:e6:26:36:35:17:5b:16:7b:b2:4d:38:6f:1a:3e:2b:fb:
d1:26:b1:e9:0a:8c:61:97:1b:45:b0:02:17:9c:7a:7a:a5:90:
d9:c1:9b:2e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECXnBlzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NTJlY2U5YzlhMzI0ZDQ1YzM1Zjk1NTlmMzI5ZDg4NjlkYWI1M2JhMB4XDTIyMDEw
MTEzMDcxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWU0MzkwNzM0ZGNh
OTNiNjE2MWNmYWVkY2RiNjhmNDhhZWI1ZGZjYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALjbcTdBCMQ3BgImi7fyFBdGhbrSpcIr4XiH8v/HxTMfChOZ
MuYLDuhHokxt+4x/gjzIsy65MS5FznZg7QRDJQdVNBQkLlXVnGuyYUzdpe4rD8I6
ZspggWvkICWNm1+CUsHH1LDFlXD6P2MFjjbh3SOZq7cPtRXYHnAu5wqmYacSLsN0
UXb2SPxGCqGJJVF13rUiof7eHwb2GVzh/hLQ9zNRfdVOxPwihTu98R4fISH44NJd
phFay1l65EebKTd/EsF65LN7aJKwvaGxGBx717gAlA/Gk3DDMx2B1g9Z2tn00aVL
t3k6UWuyfR/Z8R5ZKL52fkFWciT7BykwLlFxFKMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSeQ5BzTcqTthYc+u3Nto9IrrXfzDAfBgNVHSMEGDAWgBSFLs6cmjJNRcNf
lVnzKdiGnatTujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hTN09uSm95VFVYRFg1Vlo4eW5ZaHAyclU3by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzgvZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8x
L25rT1FjMDNLazdZV0hQcnR6YmFQU0s2MTM4dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgv
ZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8xL2hTN09uSm95VFVY
RFg1Vlo4eW5ZaHAyclU3by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlvXPDANBgkqhkiG9w0BAQsFAAOC
AQEABxcmlh5Gx8Eza/NKaYc6qVQfTt27KAfoozLXLE8OTscb3JH9F2kMmZnGDoGW
vLSQA9FzGFRgANAeQIaqQXdzPxljiIZk8iaHorYJxDCjF8ribKN90zI7kD2jhMOn
mZU7uoSP9hqgykSZQ3mq+7Y8XVZcQE7AsN1PNd/NDDqjVrLWWhMpkpXNLRW/SA17
MSAEQ1+v2OtHWxBUJuYBKisxaKrrYtNd3EGUiWOnroqSz9++qjs6E1/V9rr4fINX
vsSnVG5xRf+tXhzol82M7fF1fz6EAKBIK3Ol4vnmJjY1F1sWe7JNOG8aPiv70Sax
6QqMYZcbRbACF5x6eqWQ2cGbLg==
-----END CERTIFICATE-----
Generated at Sun Apr 6 10:53:12 2025 by rpki-client