Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/NaiAzDM95tZBf3zLnAgsouegQMM.roa
File: NaiAzDM95tZBf3zLnAgsouegQMM.roa (raw, json)
Hash identifier: E9SJ5q3Mv+QJuM6ueZtO9U2KuteDDuvkI/DvKrWS9z0=
Subject key identifier: 35:A8:80:CC:33:3D:E6:D6:41:7F:7C:CB:9C:08:2C:A2:E7:A0:40:C3
Certificate issuer: /CN=d24f497d157847005336b777361b1d20905c5213
Certificate serial: 018CC56E9B432A276BEFFE5561A5CC90198C
Authority key identifier: D2:4F:49:7D:15:78:47:00:53:36:B7:77:36:1B:1D:20:90:5C:52:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0k9JfRV4RwBTNrd3NhsdIJBcUhM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/NaiAzDM95tZBf3zLnAgsouegQMM.roa
Signing time: Mon 01 Jan 2024 14:30:09 +0000
ROA not before: Mon 01 Jan 2024 14:30:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 213342
IP address blocks: 45.136.223.0/24 maxlen: 24
2a0e:9b42::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:9b:43:2a:27:6b:ef:fe:55:61:a5:cc:90:19:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d24f497d157847005336b777361b1d20905c5213
Validity
Not Before: Jan 1 14:30:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=35a880cc333de6d6417f7ccb9c082ca2e7a040c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:2f:6e:70:8e:51:8f:07:ff:0e:45:27:13:16:
78:49:ef:c3:a9:5e:35:17:46:b5:93:87:e9:47:92:
5f:ba:4e:24:1d:61:62:5f:52:2f:14:f8:36:5b:6f:
dd:26:0b:39:8a:7b:d0:29:b4:59:e4:3f:2a:d9:43:
c0:12:93:e5:aa:aa:f9:b9:c0:46:0d:3c:77:95:e2:
43:19:ee:ce:4a:68:47:3b:9d:7b:05:37:fb:50:51:
0c:12:8f:c3:3c:34:ca:c2:27:1d:79:07:64:cf:ec:
52:d0:86:ca:b0:aa:35:8c:c6:8c:1f:ac:9c:56:c5:
1e:10:69:01:22:da:c4:e1:17:14:64:c8:3c:c9:6f:
67:1e:57:02:03:89:25:00:d1:10:4a:66:ca:b2:f8:
0f:f5:87:49:eb:48:cc:c0:d3:64:5b:44:09:c5:d4:
80:cb:60:cf:20:fe:a9:a5:16:5d:6c:8b:43:59:b6:
3b:0c:25:da:c4:41:44:34:b1:0d:4c:c5:bb:76:f3:
0a:01:70:2b:a9:1e:01:51:11:81:fb:d7:ec:3b:60:
c0:00:0b:84:1a:09:7e:5f:22:d9:6a:27:75:96:42:
ec:71:1e:da:78:73:17:7d:3b:9c:81:33:76:a1:ef:
ff:51:de:0e:bf:60:49:45:5e:86:a3:18:36:f5:19:
27:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:A8:80:CC:33:3D:E6:D6:41:7F:7C:CB:9C:08:2C:A2:E7:A0:40:C3
X509v3 Authority Key Identifier:
keyid:D2:4F:49:7D:15:78:47:00:53:36:B7:77:36:1B:1D:20:90:5C:52:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0k9JfRV4RwBTNrd3NhsdIJBcUhM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/NaiAzDM95tZBf3zLnAgsouegQMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/0k9JfRV4RwBTNrd3NhsdIJBcUhM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.136.223.0/24
IPv6:
2a0e:9b42::/32
Signature Algorithm: sha256WithRSAEncryption
0a:a8:37:fd:af:83:54:2e:6c:60:75:5b:3d:87:ce:5f:4a:10:
e7:62:fc:99:5e:e8:cc:51:f6:77:d9:17:09:a8:9a:96:f1:ca:
b8:8f:79:b6:59:e1:4d:a0:b7:28:46:37:4b:46:8e:59:af:29:
98:cf:27:2a:6c:dd:0f:86:4f:f3:2a:b7:ac:97:27:44:2f:57:
6e:0f:d5:2f:f8:ea:3a:9a:3e:c3:be:c3:47:3f:bf:fc:61:01:
dc:c5:29:94:7c:73:72:dc:f5:a1:ff:6d:01:03:cf:2f:cd:85:
7b:1d:ef:1f:32:e5:dc:4a:b7:2a:2d:11:cc:35:d3:59:2f:ec:
b0:ad:0d:79:4c:37:68:bc:5d:07:ed:bb:fd:b0:74:3b:1e:86:
0c:db:95:26:b0:2d:46:ae:73:4b:de:3f:ae:83:10:12:4e:f2:
eb:66:c0:f1:2e:cb:ea:1d:1d:74:c4:77:22:b8:88:d0:d5:74:
28:42:42:9b:22:1c:9c:ae:c4:48:18:66:b0:79:86:7e:5f:f4:
b4:ae:b1:59:7e:8d:d0:1e:82:7a:e1:58:c4:94:5e:28:be:dd:
c0:62:96:fd:17:9c:a6:d2:f3:b9:52:d7:28:84:4a:d4:71:62:
49:69:c2:be:c4:16:81:f0:f2:98:d0:c3:c8:65:a0:dd:0c:d2:
90:6d:40:b1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbptDKidr7/5VYaXMkBmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNGY0OTdkMTU3ODQ3MDA1MzM2Yjc3NzM2MWIxZDIwOTA1
YzUyMTMwHhcNMjQwMTAxMTQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE4ODBjYzMzM2RlNmQ2NDE3ZjdjY2I5YzA4MmNhMmU3YTA0MGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS9ucI5Rjwf/DkUnExZ4Se/DqV41
F0a1k4fpR5Jfuk4kHWFiX1IvFPg2W2/dJgs5invQKbRZ5D8q2UPAEpPlqqr5ucBG
DTx3leJDGe7OSmhHO517BTf7UFEMEo/DPDTKwicdeQdkz+xS0IbKsKo1jMaMH6yc
VsUeEGkBItrE4RcUZMg8yW9nHlcCA4klANEQSmbKsvgP9YdJ60jMwNNkW0QJxdSA
y2DPIP6ppRZdbItDWbY7DCXaxEFENLENTMW7dvMKAXArqR4BURGB+9fsO2DAAAuE
Ggl+XyLZaid1lkLscR7aeHMXfTucgTN2oe//Ud4Ov2BJRV6Goxg29RknzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDWogMwzPebWQX98y5wILKLnoEDDMB8GA1UdIwQY
MBaAFNJPSX0VeEcAUza3dzYbHSCQXFITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGs5SmZSVjRSd0JUTnJkM05oc2RJSkJjVWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jZjNjYTMtMWNkNy00MzEyLWJhNzMt
ODNjODU5NjIyOWZhLzEvTmFpQXpETTk1dFpCZjN6TG5BZ3NvdWVnUU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jZjNjYTMtMWNkNy00MzEyLWJhNzMtODNjODU5NjIyOWZh
LzEvMGs5SmZSVjRSd0JUTnJkM05oc2RJSkJjVWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYjfMA0E
AgACMAcDBQAqDptCMA0GCSqGSIb3DQEBCwUAA4IBAQAKqDf9r4NULmxgdVs9h85f
ShDnYvyZXujMUfZ32RcJqJqW8cq4j3m2WeFNoLcoRjdLRo5ZrymYzycqbN0Phk/z
KreslydEL1duD9Uv+Oo6mj7DvsNHP7/8YQHcxSmUfHNy3PWh/20BA88vzYV7He8f
MuXcSrcqLRHMNdNZL+ywrQ15TDdovF0H7bv9sHQ7HoYM25UmsC1GrnNL3j+ugxAS
TvLrZsDxLsvqHR10xHciuIjQ1XQoQkKbIhycrsRIGGaweYZ+X/S0rrFZfo3QHoJ6
4VjElF4ovt3AYpb9F5ym0vO5UtcohErUcWJJacK+xBaB8PKY0MPIZaDdDNKQbUCx
-----END CERTIFICATE-----
Generated at Thu May 2 16:21:03 2024 by rpki-client on console-ams.rpki-client.org