Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/Nz6XRe8mbGNGIXW0DfMNtp8w-bo.roa
File: Nz6XRe8mbGNGIXW0DfMNtp8w-bo.roa (raw, json)
Hash identifier: ig9Wx3Rupa+//tJjACe7TRXHuInRlFGW1uQt4sgaw3g=
Subject key identifier: 37:3E:97:45:EF:26:6C:63:46:21:75:B4:0D:F3:0D:B6:9F:30:F9:BA
Certificate issuer: /CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Certificate serial: 01856D53FE0293AE3E53C17B3E8050E16E27
Authority key identifier: 35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/Nz6XRe8mbGNGIXW0DfMNtp8w-bo.roa
Signing time: Sun 01 Jan 2023 12:34:59 +0000
ROA not before: Sun 01 Jan 2023 12:34:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 168.220.128.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:53:fe:02:93:ae:3e:53:c1:7b:3e:80:50:e1:6e:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Validity
Not Before: Jan 1 12:34:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=373e9745ef266c63462175b40df30db69f30f9ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:5b:5b:30:d6:e9:35:64:d8:9d:5c:50:1e:5b:
df:7c:f0:cc:3a:4d:8b:ca:dc:b9:98:71:41:96:ec:
46:da:2c:b0:59:06:03:ec:e2:e5:b1:52:36:89:54:
d8:18:63:eb:b5:db:79:6d:dc:6c:0c:3a:be:01:dc:
8d:5c:30:bd:a4:a6:e9:8a:1a:77:e6:b5:1c:3c:34:
96:1b:bc:4a:99:e1:e1:c8:a7:44:2c:c3:3f:65:4c:
09:9d:08:45:a2:20:d9:7d:1b:39:9b:15:27:a4:1c:
da:7b:ce:a8:78:8b:6b:75:95:48:d2:02:2b:bf:18:
c9:67:f2:01:dc:e1:51:2a:e0:1b:c5:1e:5a:07:b9:
ed:57:0e:32:59:f8:91:11:a2:61:45:0d:14:e4:54:
a4:a0:06:65:45:41:87:53:9d:e0:ba:d7:55:54:4b:
eb:4a:44:34:4d:c7:f6:29:78:5e:ed:ea:8c:45:7b:
53:04:72:7a:e7:d3:ca:dd:19:02:d5:ca:1e:a8:ee:
08:73:b0:13:67:2a:85:87:f7:7c:9a:e1:1b:f0:f7:
4e:62:fd:54:dd:43:6d:97:d0:fa:1d:de:97:d4:61:
3a:2a:e1:55:e5:50:2d:84:e9:a4:ea:b8:25:c7:0c:
20:f8:d5:40:b7:82:94:fe:88:6e:40:81:de:68:fe:
13:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:3E:97:45:EF:26:6C:63:46:21:75:B4:0D:F3:0D:B6:9F:30:F9:BA
X509v3 Authority Key Identifier:
keyid:35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/Nz6XRe8mbGNGIXW0DfMNtp8w-bo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/NclgZQk5mLpCz7oRvw0X06xAPUA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
168.220.128.0/19
Signature Algorithm: sha256WithRSAEncryption
84:da:fc:90:a9:aa:14:31:9a:f5:71:1f:54:84:17:a6:63:73:
35:79:0f:6b:a0:de:22:bc:de:42:a0:6f:02:8a:16:b7:83:57:
3a:84:36:de:cc:3c:7c:46:5b:0b:7b:ca:92:8a:f5:38:7c:28:
1d:92:aa:8e:c9:7e:1c:4c:ff:37:51:16:f7:7b:d0:28:2c:f7:
d4:9b:ce:0e:48:90:ca:75:d3:dd:04:7a:d5:f4:55:15:20:1a:
7d:35:91:11:be:9a:cc:d1:cc:9e:5f:98:1c:44:0d:dc:cf:99:
37:c9:e2:8f:6b:86:01:fb:0a:e2:84:57:59:73:86:03:87:af:
8d:96:97:38:a0:6c:3c:4b:31:8c:c6:8a:55:86:30:1d:1a:92:
1b:d2:e6:0d:05:64:f1:4a:56:d3:6c:53:59:37:5d:85:06:a2:
c0:f1:19:01:c9:3a:51:26:d8:b2:de:8a:13:01:db:b1:3b:dc:
5a:c9:63:3a:ef:82:d0:9b:95:f7:12:f4:b0:bf:2e:c7:a4:ed:
a1:43:32:2d:cb:eb:36:75:95:47:20:83:70:77:26:df:80:1c:
66:26:ab:a3:cd:46:de:35:1e:14:d6:dd:ab:90:9e:49:73:12:
69:bb:7c:00:06:d7:82:03:27:b4:fb:5e:ac:5a:e3:24:53:dc:
78:25:cc:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtU/4Ck64+U8F7PoBQ4W4nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1Yzk2MDY1MDkzOTk4YmE0MmNmYmExMWJmMGQxN2QzYWM0
MDNkNDAwHhcNMjMwMTAxMTIzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzNlOTc0NWVmMjY2YzYzNDYyMTc1YjQwZGYzMGRiNjlmMzBmOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVtbMNbpNWTYnVxQHlvffPDMOk2L
yty5mHFBluxG2iywWQYD7OLlsVI2iVTYGGPrtdt5bdxsDDq+AdyNXDC9pKbpihp3
5rUcPDSWG7xKmeHhyKdELMM/ZUwJnQhFoiDZfRs5mxUnpBzae86oeItrdZVI0gIr
vxjJZ/IB3OFRKuAbxR5aB7ntVw4yWfiREaJhRQ0U5FSkoAZlRUGHU53gutdVVEvr
SkQ0Tcf2KXhe7eqMRXtTBHJ659PK3RkC1coeqO4Ic7ATZyqFh/d8muEb8PdOYv1U
3UNtl9D6Hd6X1GE6KuFV5VAthOmk6rglxwwg+NVAt4KU/ohuQIHeaP4TFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDc+l0XvJmxjRiF1tA3zDbafMPm6MB8GA1UdIwQY
MBaAFDXJYGUJOZi6Qs+6Eb8NF9OsQD1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMt
NmJhYzM0OTg3MDE5LzEvTno2WFJlOG1iR05HSVhXMERmTU50cDh3LWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMtNmJhYzM0OTg3MDE5
LzEvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFqNyAMA0G
CSqGSIb3DQEBCwUAA4IBAQCE2vyQqaoUMZr1cR9UhBemY3M1eQ9roN4ivN5CoG8C
iha3g1c6hDbezDx8RlsLe8qSivU4fCgdkqqOyX4cTP83URb3e9AoLPfUm84OSJDK
ddPdBHrV9FUVIBp9NZERvprM0cyeX5gcRA3cz5k3yeKPa4YB+wrihFdZc4YDh6+N
lpc4oGw8SzGMxopVhjAdGpIb0uYNBWTxSlbTbFNZN12FBqLA8RkByTpRJtiy3ooT
AduxO9xayWM674LQm5X3EvSwvy7HpO2hQzIty+s2dZVHIINwdybfgBxmJqujzUbe
NR4U1t2rkJ5JcxJpu3wABteCAye0+16sWuMkU9x4JcyQ
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:22 2023 by rpki-client on console-ams.rpki-client.org