Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/g-NICv3ORG7d2_NY2SMQF3Aa1b8.roa
File: g-NICv3ORG7d2_NY2SMQF3Aa1b8.roa (raw, json)
Hash identifier: mbJ1zay+FoporxlckaN9bkA1RjP9Bh9TsuDbxhyQqyM=
Subject key identifier: 83:E3:48:0A:FD:CE:44:6E:DD:DB:F3:58:D9:23:10:17:70:1A:D5:BF
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 01879D420223CE9595B1F0DD3605301A70F9
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/g-NICv3ORG7d2_NY2SMQF3Aa1b8.roa
Signing time: Thu 20 Apr 2023 06:02:41 +0000
ROA not before: Thu 20 Apr 2023 06:02:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/24 maxlen: 24
185.149.13.0/24 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:9d:42:02:23:ce:95:95:b1:f0:dd:36:05:30:1a:70:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Apr 20 06:02:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=83e3480afdce446edddbf358d9231017701ad5bf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:90:1d:54:6d:06:0e:99:02:f8:05:5e:94:a6:
2a:66:f6:13:17:c6:ec:11:21:2b:26:05:85:26:0e:
a9:16:13:45:b3:9f:74:44:b1:98:7b:49:3e:45:5f:
28:20:38:72:8e:1a:8a:06:97:92:f0:4c:dd:ba:1a:
10:29:79:de:26:1a:58:ac:4a:be:66:29:7b:8d:e9:
c8:ed:47:f4:6e:83:d7:22:a8:78:fb:5f:fe:f0:44:
92:12:ba:34:b2:d8:b7:9a:fd:70:f3:88:7c:3b:6a:
15:5c:31:5a:d6:19:d1:c2:1a:d6:bb:ce:61:37:13:
fb:25:4e:80:71:35:fd:cf:55:70:4d:85:e3:cc:59:
49:53:fa:c7:b7:7d:1a:2b:ba:0c:b0:39:3b:7d:77:
f3:63:e2:9d:57:6e:dd:3c:9c:4f:6d:7a:87:ef:ab:
1d:6e:75:10:d2:04:d5:c7:8b:0f:0c:02:fd:78:2e:
96:76:7a:35:b0:5a:e4:a9:86:19:40:34:89:ba:31:
c8:2d:ca:11:42:b9:8a:ce:cb:79:60:34:d3:dc:87:
15:4b:eb:2e:ea:c8:08:46:14:3a:e5:7d:9e:7c:47:
bc:36:ac:3d:48:34:93:31:07:63:e4:15:d0:d2:5e:
04:54:28:01:df:3c:ea:46:c8:fd:80:78:16:d4:0a:
3a:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:E3:48:0A:FD:CE:44:6E:DD:DB:F3:58:D9:23:10:17:70:1A:D5:BF
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/g-NICv3ORG7d2_NY2SMQF3Aa1b8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/23
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
47:b6:a2:38:f6:a9:09:e4:4f:5f:32:1d:16:2d:dc:6a:60:a5:
d2:2c:d6:dc:7c:a0:90:fe:66:dd:e7:9e:c1:1d:7b:e1:85:fe:
36:f9:4b:02:7d:06:26:ee:2f:74:8d:b1:97:c5:07:be:79:65:
8f:44:31:af:e2:92:95:f8:25:52:ad:91:c4:82:b5:73:ef:0b:
95:dc:af:80:0f:fb:5f:04:dc:07:28:8a:8c:50:76:ca:c2:9d:
57:ce:15:e4:d2:48:10:68:90:19:ba:68:0a:12:5d:ee:fe:80:
aa:2c:7e:2a:1a:e3:fe:1d:c8:8a:d2:26:9c:b7:f2:f1:d2:38:
8b:21:11:a2:c0:1b:5d:27:59:0d:b9:ca:0a:5f:37:12:40:fd:
e4:27:4c:79:fc:33:f0:a5:da:24:5a:3a:ef:44:e2:3f:63:87:
34:2f:d5:84:4b:17:61:95:7a:3c:11:fa:08:9d:b4:0e:db:31:
d3:ed:a1:64:27:7b:e1:6d:cd:e8:d9:72:61:4a:5e:4b:1d:bf:
a5:e5:01:c6:ad:0a:93:0d:8b:ac:89:2e:c4:81:0b:e0:f8:af:
02:6e:c1:2c:33:96:9e:02:50:04:98:e5:29:70:ef:3f:22:62:
37:b5:3b:7f:77:84:8f:d4:2b:87:51:0d:f9:09:8d:04:67:64:
26:98:25:53
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYedQgIjzpWVsfDdNgUwGnD5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNDIwMDYwMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2UzNDgwYWZkY2U0NDZlZGRkYmYzNThkOTIzMTAxNzcwMWFkNWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopAdVG0GDpkC+AVelKYqZvYTF8bs
ESErJgWFJg6pFhNFs590RLGYe0k+RV8oIDhyjhqKBpeS8EzduhoQKXneJhpYrEq+
Zil7jenI7Uf0boPXIqh4+1/+8ESSEro0sti3mv1w84h8O2oVXDFa1hnRwhrWu85h
NxP7JU6AcTX9z1VwTYXjzFlJU/rHt30aK7oMsDk7fXfzY+KdV27dPJxPbXqH76sd
bnUQ0gTVx4sPDAL9eC6Wdno1sFrkqYYZQDSJujHILcoRQrmKzst5YDTT3IcVS+su
6sgIRhQ65X2efEe8Nqw9SDSTMQdj5BXQ0l4EVCgB3zzqRsj9gHgW1Ao6vwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIPjSAr9zkRu3dvzWNkjEBdwGtW/MB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvZy1OSUN2M09SRzdkMl9OWTJTTVFGM0FhMWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQFX2+AAwQBuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQBHtqI49qkJ
5E9fMh0WLdxqYKXSLNbcfKCQ/mbd557BHXvhhf42+UsCfQYm7i90jbGXxQe+eWWP
RDGv4pKV+CVSrZHEgrVz7wuV3K+AD/tfBNwHKIqMUHbKwp1XzhXk0kgQaJAZumgK
El3u/oCqLH4qGuP+HciK0iact/Lx0jiLIRGiwBtdJ1kNucoKXzcSQP3kJ0x5/DPw
pdokWjrvROI/Y4c0L9WESxdhlXo8EfoInbQO2zHT7aFkJ3vhbc3o2XJhSl5LHb+l
5QHGrQqTDYusiS7EgQvg+K8CbsEsM5aeAlAEmOUpcO8/ImI3tTt/d4SP1CuHUQ35
CY0EZ2QmmCVT
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:01 2023 by rpki-client on console-fra.rpki-client.org