Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa
File: NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa (raw, json)
Hash identifier: IffVmAhspmGfHFH4e+1KKgnlBiqH2pPkWdMQPr7tR5U=
Subject key identifier: 34:F6:6A:EE:B2:56:36:F4:B5:45:2E:1F:9D:22:61:FE:BC:AE:2E:23
Certificate issuer: /CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
Certificate serial: 01856FA6E7E3FA41E84253A219D84F9D12F4
Authority key identifier: 53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa
Signing time: Sun 01 Jan 2023 23:24:47 +0000
ROA not before: Sun 01 Jan 2023 23:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 193.218.0.0/24 maxlen: 24
185.1.226.0/23 maxlen: 23
2001:67c:29f0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:a6:e7:e3:fa:41:e8:42:53:a2:19:d8:4f:9d:12:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
Validity
Not Before: Jan 1 23:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=34f66aeeb25636f4b5452e1f9d2261febcae2e23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:65:60:c3:8e:2a:85:01:b2:e8:67:d3:3d:6e:
29:5e:8f:01:69:fe:29:8d:7a:6f:01:16:7b:25:03:
f9:93:03:5b:3b:92:06:37:c4:bf:e8:6a:6d:91:2d:
3e:53:4a:f1:9c:1b:c1:6f:72:f4:36:64:8b:b3:3c:
e4:9d:f8:ba:f8:cf:92:10:c6:c3:be:1f:14:c5:41:
67:fd:36:e1:39:eb:3e:ff:6f:32:5e:7a:0d:be:22:
72:ec:83:ee:d5:88:fa:6b:c1:78:28:bb:7d:1c:f3:
b4:fb:f1:c3:8f:be:96:19:7b:5c:32:5f:db:b0:d5:
dc:23:c6:94:10:14:e4:52:7d:3b:2f:82:17:3d:9e:
e2:55:8c:ae:20:99:c8:17:4c:be:c6:47:0d:19:06:
68:89:9d:5a:8b:a4:fc:3d:54:84:4e:14:6b:cb:70:
b0:e2:a0:68:02:c1:56:88:7b:89:b7:51:af:61:63:
c9:2d:a4:d9:94:c0:c9:e9:98:c1:db:0e:5f:2c:b4:
d1:cc:05:b0:48:eb:f8:11:f1:fa:ca:e1:2f:0b:f7:
5b:ca:38:bb:da:61:a6:b9:da:d0:9f:93:81:af:c6:
1c:9c:bf:e6:9a:be:11:a4:53:06:0a:ae:8b:ca:f4:
2a:5d:d6:63:59:3b:7a:2d:e5:0a:fb:33:5d:33:80:
cf:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:F6:6A:EE:B2:56:36:F4:B5:45:2E:1F:9D:22:61:FE:BC:AE:2E:23
X509v3 Authority Key Identifier:
keyid:53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.1.226.0/23
193.218.0.0/24
IPv6:
2001:67c:29f0::/48
Signature Algorithm: sha256WithRSAEncryption
80:18:a4:01:85:48:c8:d0:fb:59:09:6d:5e:26:fc:aa:13:9b:
c2:a1:e5:d7:3a:45:a7:9b:80:0b:3d:4b:eb:14:f6:03:e8:47:
cc:41:24:d6:69:65:e9:b7:af:ef:d9:9e:58:b1:fe:48:d6:6a:
c0:cb:3a:ab:85:62:62:de:ea:d8:7e:15:c7:60:be:29:0c:aa:
29:81:19:b3:70:94:e0:83:9a:9f:26:0f:63:ba:1a:ba:d1:fd:
74:b7:67:7c:29:2d:c8:57:ac:61:ec:30:2f:b7:61:5b:7e:8e:
bd:df:cc:29:38:fe:f9:c4:17:30:ae:12:fc:94:96:ff:9d:76:
20:81:30:63:00:d4:91:12:e1:39:24:07:61:41:f8:68:78:fc:
26:24:ca:bf:39:e5:4a:43:3b:a7:72:14:0b:21:d4:86:38:50:
f8:3b:a7:f8:be:c3:82:5f:49:16:66:04:7e:70:c9:6a:06:5b:
62:a1:ba:eb:32:98:b8:fe:82:6f:6f:53:9f:de:cf:d9:c8:4c:
66:3a:b5:a6:72:39:e6:ea:a3:e3:b9:4a:ec:a2:37:24:2a:5a:
e7:6b:39:06:c7:da:f1:11:9d:a2:20:71:14:65:54:3c:0a:28:
13:cc:a8:5c:b0:f3:e5:21:96:d6:31:4c:b3:57:46:c0:b3:27:
04:7b:db:2c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVvpufj+kHoQlOiGdhPnRL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzN2Y5YmY4NGI2OWEwOTA0MjQzMmRhZTgzNzdlZTBhYzhm
ZjFjNjEwHhcNMjMwMTAxMjMyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGY2NmFlZWIyNTYzNmY0YjU0NTJlMWY5ZDIyNjFmZWJjYWUyZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGVgw44qhQGy6GfTPW4pXo8Baf4p
jXpvARZ7JQP5kwNbO5IGN8S/6GptkS0+U0rxnBvBb3L0NmSLszzknfi6+M+SEMbD
vh8UxUFn/TbhOes+/28yXnoNviJy7IPu1Yj6a8F4KLt9HPO0+/HDj76WGXtcMl/b
sNXcI8aUEBTkUn07L4IXPZ7iVYyuIJnIF0y+xkcNGQZoiZ1ai6T8PVSEThRry3Cw
4qBoAsFWiHuJt1GvYWPJLaTZlMDJ6ZjB2w5fLLTRzAWwSOv4EfH6yuEvC/dbyji7
2mGmudrQn5OBr8YcnL/mmr4RpFMGCq6LyvQqXdZjWTt6LeUK+zNdM4DPbwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDT2au6yVjb0tUUuH50iYf68ri4jMB8GA1UdIwQY
MBaAFFN/m/hLaaCQQkMtroN37grI/xxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUt
ODkyZWM2ZmY0NzcxLzEvTlBacTdySldOdlMxUlM0Zm5TSmhfcnl1TGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUtODkyZWM2ZmY0Nzcx
LzEvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBuQHiAwQA
wdoAMA8EAgACMAkDBwAgAQZ8KfAwDQYJKoZIhvcNAQELBQADggEBAIAYpAGFSMjQ
+1kJbV4m/KoTm8Kh5dc6RaebgAs9S+sU9gPoR8xBJNZpZem3r+/Znlix/kjWasDL
OquFYmLe6th+FcdgvikMqimBGbNwlOCDmp8mD2O6GrrR/XS3Z3wpLchXrGHsMC+3
YVt+jr3fzCk4/vnEFzCuEvyUlv+ddiCBMGMA1JES4TkkB2FB+Gh4/CYkyr855UpD
O6dyFAsh1IY4UPg7p/i+w4JfSRZmBH5wyWoGW2KhuusymLj+gm9vU5/ez9nITGY6
taZyOebqo+O5SuyiNyQqWudrOQbH2vERnaIgcRRlVDwKKBPMqFyw8+UhltYxTLNX
RsCzJwR72yw=
-----END CERTIFICATE-----
Generated at Wed Apr 23 15:07:19 2025 by rpki-client