Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/Nl3CT_RgFRdP4bRmNmbfGd-3fBc.roa
File: Nl3CT_RgFRdP4bRmNmbfGd-3fBc.roa (raw, json)
Hash identifier: 1vEIVhU2wOwNszkfIJhof1v8YngMblebTX5a2oaUikQ=
Subject key identifier: 36:5D:C2:4F:F4:60:15:17:4F:E1:B4:66:36:66:DF:19:DF:B7:7C:17
Certificate issuer: /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial: 0185A9A50C4C98BEF7C6B0A7D096F79D7ED5
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/Nl3CT_RgFRdP4bRmNmbfGd-3fBc.roa
Signing time: Fri 13 Jan 2023 05:40:44 +0000
ROA not before: Fri 13 Jan 2023 05:40:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199270
IP address blocks: 147.234.96.0/21 maxlen: 21
147.234.92.0/23 maxlen: 23
147.234.95.0/24 maxlen: 24
147.234.94.0/23 maxlen: 24
141.226.249.0/24 maxlen: 24
185.23.172.0/24 maxlen: 24
185.23.172.0/23 maxlen: 23
185.23.174.0/24 maxlen: 24
2a00:66a0::/35 maxlen: 35
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a9:a5:0c:4c:98:be:f7:c6:b0:a7:d0:96:f7:9d:7e:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
Validity
Not Before: Jan 13 05:40:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=365dc24ff46015174fe1b4663666df19dfb77c17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:85:89:dd:1c:3e:b0:9a:f8:9c:e2:96:d9:e6:
a4:2f:d5:bb:94:37:79:d6:a8:6b:cb:42:9f:8a:cc:
ba:ff:67:87:ff:b8:55:a4:e6:c1:fe:d5:ca:b2:bc:
5d:51:10:7c:b6:9f:01:4c:03:45:05:56:14:6f:a8:
3e:e8:d0:17:71:ea:96:89:94:59:ca:4e:2d:f4:73:
01:0e:5e:aa:cd:d5:40:3e:ff:c2:97:d9:8e:5b:b6:
13:e3:6d:44:25:68:77:6d:14:80:a1:c0:f4:db:94:
6d:37:fc:5f:12:cc:69:82:01:09:24:2b:9f:48:19:
68:b8:26:be:97:63:e1:da:75:c1:ab:62:26:79:e7:
80:46:df:08:40:b6:1c:bd:fb:4e:12:ae:3c:be:da:
42:db:08:05:93:ee:4f:bf:39:bd:a5:a1:d2:fb:45:
19:89:31:0b:15:df:e7:e3:5f:f8:2c:bb:21:31:25:
3a:27:bd:29:61:89:53:06:f8:27:73:ff:6f:c4:b6:
13:d0:94:6a:52:97:65:13:11:47:4b:3f:db:02:23:
a3:2c:96:44:72:67:c2:4e:79:5b:8b:0d:62:c5:46:
94:08:30:57:70:de:60:e9:0f:76:54:12:b4:0b:92:
af:91:61:87:fa:6b:93:c6:81:e9:b5:16:ef:31:7f:
db:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:5D:C2:4F:F4:60:15:17:4F:E1:B4:66:36:66:DF:19:DF:B7:7C:17
X509v3 Authority Key Identifier:
keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/Nl3CT_RgFRdP4bRmNmbfGd-3fBc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.226.249.0/24
147.234.92.0-147.234.103.255
185.23.172.0-185.23.174.255
IPv6:
2a00:66a0::/35
Signature Algorithm: sha256WithRSAEncryption
1b:7c:68:7e:4a:82:c2:8b:31:4b:f0:be:a0:03:55:55:5b:d0:
11:f5:95:b4:df:e2:7d:23:54:da:78:e6:c1:6e:ab:29:a4:47:
d2:5c:2f:a7:96:ff:ac:a3:f5:9b:ee:9f:1a:8f:ce:7e:5c:2d:
3c:8c:52:a7:ed:e3:e8:e6:ee:13:db:0d:5b:4a:8f:df:6e:47:
c0:78:8f:28:d6:98:53:0d:00:7a:90:7a:52:fb:f8:58:2e:90:
6b:b2:33:12:22:1a:04:ee:b3:be:25:82:58:82:f9:4f:63:f2:
bd:72:0a:81:7f:fe:d2:f5:4c:fc:76:19:c5:c4:8a:d0:46:ec:
84:ea:41:df:a5:c9:f4:c0:95:3a:23:f7:ef:c4:83:b6:bb:24:
7b:81:63:be:99:83:43:5e:d7:1b:17:99:d8:15:5f:8f:26:77:
f6:c3:77:35:c2:ee:9e:3f:08:f3:7c:c2:06:23:8c:82:b7:bc:
ab:68:62:7e:e3:b6:ca:c5:b7:d2:32:f7:54:fc:eb:17:90:0f:
6e:71:34:6d:d5:5e:84:bc:9f:da:03:5f:95:66:50:c8:6d:4d:
d9:1d:49:28:37:7a:01:03:e0:b2:e3:4a:ac:73:1f:85:89:94:
d2:07:2c:b7:c8:c3:c4:48:bd:bb:ec:a0:f9:d5:a8:f1:1f:f4:
64:e4:f1:ea
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYWppQxMmL73xrCn0Jb3nX7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjMwMTEzMDU0MDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjVkYzI0ZmY0NjAxNTE3NGZlMWI0NjYzNjY2ZGYxOWRmYjc3YzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4WJ3Rw+sJr4nOKW2eakL9W7lDd5
1qhry0Kfisy6/2eH/7hVpObB/tXKsrxdURB8tp8BTANFBVYUb6g+6NAXceqWiZRZ
yk4t9HMBDl6qzdVAPv/Cl9mOW7YT421EJWh3bRSAocD025RtN/xfEsxpggEJJCuf
SBlouCa+l2Ph2nXBq2ImeeeARt8IQLYcvftOEq48vtpC2wgFk+5Pvzm9paHS+0UZ
iTELFd/n41/4LLshMSU6J70pYYlTBvgnc/9vxLYT0JRqUpdlExFHSz/bAiOjLJZE
cmfCTnlbiw1ixUaUCDBXcN5g6Q92VBK0C5KvkWGH+muTxoHptRbvMX/bgwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDZdwk/0YBUXT+G0ZjZm3xnft3wXMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvTmwzQ1RfUmdGUmRQNGJSbU5tYmZHZC0zZkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAoBAIAATAiAwQAjeL5MAwD
BAKT6lwDBAOT6mAwDAMEArkXrAMEALkXrjAOBAIAAjAIAwYFKgBmoAAwDQYJKoZI
hvcNAQELBQADggEBABt8aH5KgsKLMUvwvqADVVVb0BH1lbTf4n0jVNp45sFuqymk
R9JcL6eW/6yj9ZvunxqPzn5cLTyMUqft4+jm7hPbDVtKj99uR8B4jyjWmFMNAHqQ
elL7+FgukGuyMxIiGgTus74lgliC+U9j8r1yCoF//tL1TPx2GcXEitBG7ITqQd+l
yfTAlToj9+/Eg7a7JHuBY76Zg0Ne1xsXmdgVX48md/bDdzXC7p4/CPN8wgYjjIK3
vKtoYn7jtsrFt9Iy91T86xeQD25xNG3VXoS8n9oDX5VmUMhtTdkdSSg3egED4LLj
SqxzH4WJlNIHLLfIw8RIvbvsoPnVqPEf9GTk8eo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:06 2024 by rpki-client on console-fra.rpki-client.org