Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/NbgFPS0znVkqns4mRJO7mMJLovM.roa
File: NbgFPS0znVkqns4mRJO7mMJLovM.roa (raw, json)
Hash identifier: Pw9WUUcZwH3l5D40uXr7DIG6ZMgARYc8mn3EU/vz3QU=
Subject key identifier: 35:B8:05:3D:2D:33:9D:59:2A:9E:CE:26:44:93:BB:98:C2:4B:A2:F3
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018807BF2CFA48736A3EAB5FCB269FF87C38
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/NbgFPS0znVkqns4mRJO7mMJLovM.roa
Signing time: Wed 10 May 2023 22:19:09 +0000
ROA not before: Wed 10 May 2023 22:19:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 62.182.172.0/24 maxlen: 24
62.182.175.0/24 maxlen: 24
194.15.152.0/22 maxlen: 24
194.15.153.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:07:bf:2c:fa:48:73:6a:3e:ab:5f:cb:26:9f:f8:7c:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: May 10 22:19:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35b8053d2d339d592a9ece264493bb98c24ba2f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:c2:ea:a9:2a:f5:90:1b:ac:63:fc:8f:fb:ba:
bd:ec:cb:8c:cc:31:0d:b6:26:68:71:71:49:a7:e6:
bb:70:1f:11:00:d9:75:dd:f9:05:f7:ee:99:0e:82:
1d:76:42:bc:71:1f:bb:44:f3:0b:1e:b1:fd:81:b5:
90:4d:f8:65:01:a8:ee:c4:b2:65:d2:36:d6:4d:96:
b6:fb:7b:7d:3d:80:80:db:ad:62:f4:25:a5:7f:1a:
c1:40:95:2f:96:b1:fc:47:05:03:bf:3d:53:d6:9c:
0c:6f:e4:ce:d8:4a:c6:39:86:68:61:a7:74:fa:c8:
6a:53:3d:77:7c:43:a7:92:97:fa:1d:6a:91:37:c0:
38:eb:37:20:cf:6a:4c:42:18:d3:d5:09:9a:0e:b9:
dd:5b:83:2f:a5:b0:97:59:32:08:2d:98:13:3f:7b:
b7:50:0b:b4:9c:56:91:7a:ed:77:f6:b5:12:33:a0:
4d:f6:7d:7e:db:a4:c3:3c:84:6d:47:ee:ad:1a:6a:
b0:67:0c:33:58:25:f5:7f:35:b3:b0:d5:2c:ce:82:
01:0a:1d:9c:6e:55:8c:62:e2:7b:19:af:36:47:ea:
7d:cc:90:e9:db:aa:78:47:c4:72:14:20:5c:22:c9:
bc:ca:1a:f9:ba:59:23:0f:f1:68:86:1e:db:10:06:
4f:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:B8:05:3D:2D:33:9D:59:2A:9E:CE:26:44:93:BB:98:C2:4B:A2:F3
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/NbgFPS0znVkqns4mRJO7mMJLovM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.172.0/24
62.182.175.0/24
194.15.152.0/22
Signature Algorithm: sha256WithRSAEncryption
22:7e:6a:07:3a:92:98:3e:d2:ec:50:ee:d9:e4:6a:ea:a5:de:
c6:ca:2f:87:14:b9:16:85:bc:bc:17:48:36:b8:f3:62:0f:10:
0c:29:7e:11:d5:f3:82:ac:57:4b:ed:d6:3c:35:73:f3:2f:f1:
19:b0:16:a1:e9:4a:05:32:42:48:e4:a9:bf:88:6f:e9:33:df:
56:13:3f:63:f6:a4:fd:f3:d0:fb:e2:45:33:11:b6:91:c8:1d:
b8:0b:96:6a:73:df:12:83:64:14:ee:8a:01:37:6f:53:50:35:
b9:94:0c:e8:13:2a:29:86:1c:b8:f0:06:5b:54:ad:53:67:af:
1a:30:be:22:a6:62:32:e4:ed:6c:46:35:ab:15:4f:b0:8b:60:
dc:82:c7:69:3b:71:81:e7:82:db:9d:90:41:75:45:21:60:5b:
ae:0a:2a:5b:5c:14:03:1e:77:28:26:8b:93:68:8c:f9:4c:8a:
71:da:3d:f8:bb:e8:11:4c:fb:4b:5a:d8:a3:2f:f5:60:ef:51:
44:a6:ca:a2:0c:df:b4:e0:5b:ff:57:4d:99:64:3f:e7:7e:bd:
18:1a:c3:cf:8f:b1:6e:57:b4:ea:40:c4:bf:56:1c:1d:47:8c:
a2:e8:0e:57:e3:b3:50:84:b9:3e:42:28:ec:d9:76:83:b0:6f:
e7:af:2c:71
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYgHvyz6SHNqPqtfyyaf+Hw4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNTEwMjIxOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWI4MDUzZDJkMzM5ZDU5MmE5ZWNlMjY0NDkzYmI5OGMyNGJhMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMLqqSr1kBusY/yP+7q97MuMzDEN
tiZocXFJp+a7cB8RANl13fkF9+6ZDoIddkK8cR+7RPMLHrH9gbWQTfhlAajuxLJl
0jbWTZa2+3t9PYCA261i9CWlfxrBQJUvlrH8RwUDvz1T1pwMb+TO2ErGOYZoYad0
+shqUz13fEOnkpf6HWqRN8A46zcgz2pMQhjT1QmaDrndW4MvpbCXWTIILZgTP3u3
UAu0nFaReu139rUSM6BN9n1+26TDPIRtR+6tGmqwZwwzWCX1fzWzsNUszoIBCh2c
blWMYuJ7Ga82R+p9zJDp26p4R8RyFCBcIsm8yhr5ulkjD/Fohh7bEAZPZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDW4BT0tM51ZKp7OJkSTu5jCS6LzMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvTmJnRlBTMHpuVmtxbnM0bVJKTzdtTUpMb3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPrasAwQA
PravAwQCwg+YMA0GCSqGSIb3DQEBCwUAA4IBAQAifmoHOpKYPtLsUO7Z5Grqpd7G
yi+HFLkWhby8F0g2uPNiDxAMKX4R1fOCrFdL7dY8NXPzL/EZsBah6UoFMkJI5Km/
iG/pM99WEz9j9qT989D74kUzEbaRyB24C5Zqc98Sg2QU7ooBN29TUDW5lAzoEyop
hhy48AZbVK1TZ68aML4ipmIy5O1sRjWrFU+wi2DcgsdpO3GB54LbnZBBdUUhYFuu
CipbXBQDHncoJouTaIz5TIpx2j34u+gRTPtLWtijL/Vg71FEpsqiDN+04Fv/V02Z
ZD/nfr0YGsPPj7FuV7TqQMS/VhwdR4yi6A5X47NQhLk+Qijs2XaDsG/nryxx
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:39:24 2025 by rpki-client