Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/nnJewuXPr9xxy3qxVSDv-8FdZSU.roa
File: nnJewuXPr9xxy3qxVSDv-8FdZSU.roa (raw, json)
Hash identifier: X1HMy8nmRsr0FDAtBTO2zFkM8UYLxbQttA+u9Dq8veU=
Subject key identifier: 9E:72:5E:C2:E5:CF:AF:DC:71:CB:7A:B1:55:20:EF:FB:C1:5D:65:25
Certificate issuer: /CN=0e282a15c1a5d154bbda872b357607a91f950aa5
Certificate serial: 019425FDA9214024DD2F231A4F1239420B6F
Authority key identifier: 0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/nnJewuXPr9xxy3qxVSDv-8FdZSU.roa
Signing time: Thu 02 Jan 2025 07:49:28 +0000
ROA not before: Thu 02 Jan 2025 07:49:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57033
IP address blocks: 31.43.162.0/24 maxlen: 24
193.107.83.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:a9:21:40:24:dd:2f:23:1a:4f:12:39:42:0b:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e282a15c1a5d154bbda872b357607a91f950aa5
Validity
Not Before: Jan 2 07:49:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9e725ec2e5cfafdc71cb7ab15520effbc15d6525
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:11:09:c7:26:bf:74:20:98:d4:e2:08:a3:14:
b3:9b:7c:a9:ba:a9:2a:86:ea:c4:fa:9b:0c:7d:8d:
d2:8e:f7:54:e2:21:74:60:8c:fe:1e:70:23:69:69:
6e:37:53:c9:81:35:d4:33:7e:33:a5:c9:22:75:7b:
73:a6:26:8b:14:7c:8f:90:24:94:0e:5b:ad:ed:10:
22:bc:a5:b5:05:e5:e0:e3:70:81:a2:59:a4:5c:85:
93:bd:d5:5f:26:40:3f:aa:8f:4a:7b:c0:ce:c0:51:
08:34:8e:62:b6:6d:42:47:20:58:8b:e0:31:0a:49:
95:04:e5:c8:f9:b5:b3:39:91:30:59:12:5d:58:d6:
29:0c:18:cd:ab:34:95:19:46:2d:3b:72:a7:27:d5:
f8:c0:b4:68:78:e3:11:08:6d:b2:bc:56:ed:ab:ff:
94:28:e1:20:a2:07:9d:9b:a1:46:56:1f:52:5d:ed:
73:a5:89:d7:aa:a8:88:54:4e:39:40:5b:24:af:20:
46:69:52:c6:66:23:7f:37:f6:e5:2c:d3:ab:ab:22:
61:0e:2c:5e:c9:5b:65:b8:db:45:1b:67:9f:16:66:
c7:b5:59:32:20:f5:bb:31:62:30:69:5b:9d:de:ab:
dc:a0:53:91:a1:7f:5a:b2:f0:36:de:97:fe:0e:ab:
ee:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:72:5E:C2:E5:CF:AF:DC:71:CB:7A:B1:55:20:EF:FB:C1:5D:65:25
X509v3 Authority Key Identifier:
keyid:0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/nnJewuXPr9xxy3qxVSDv-8FdZSU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.162.0/24
193.107.83.0/24
Signature Algorithm: sha256WithRSAEncryption
87:09:fc:57:fa:35:e8:d6:71:35:c0:27:58:9b:d8:2d:4d:5b:
cb:ac:9d:2f:cb:e3:20:8c:25:c5:2a:c3:4f:84:07:e3:c0:ff:
22:24:20:d0:00:be:01:ed:84:3e:3b:10:07:e6:0b:e7:a2:c2:
d0:14:02:4c:0c:ac:a7:b1:ea:e3:14:41:1c:c3:5a:fd:52:12:
e6:e5:b7:54:a9:0b:de:9e:fc:73:22:5a:48:e2:c1:ac:6b:b3:
b7:ee:2e:88:6f:3d:96:db:3d:d8:91:8d:2e:5e:ef:fa:1a:b4:
a4:5f:90:da:1b:53:26:3d:86:99:32:e4:81:ec:3f:c9:3d:57:
9c:fe:13:e8:a4:0a:35:cc:c4:69:6f:de:3f:d1:de:ca:47:8c:
1e:d0:3c:37:13:db:e2:5a:48:6b:0f:5e:40:99:8f:50:61:87:
aa:41:c8:ec:82:2c:8b:52:e3:bd:79:f3:72:aa:55:07:5d:b8:
cf:01:20:a3:ba:7b:8a:6e:17:7b:cf:45:25:56:b1:5e:05:8b:
29:ea:77:1b:8b:30:cd:6c:df:5a:5d:56:1e:3e:c2:68:6e:96:
57:4e:76:35:67:df:43:8e:7e:c9:d5:e4:2f:c4:1e:46:0b:09:
43:df:ac:ff:c8:d7:1a:34:7f:fb:94:58:8a:25:2e:13:ef:2f:
71:b6:9b:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/akhQCTdLyMaTxI5QgtvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjgyYTE1YzFhNWQxNTRiYmRhODcyYjM1NzYwN2E5MWY5
NTBhYTUwHhcNMjUwMTAyMDc0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTcyNWVjMmU1Y2ZhZmRjNzFjYjdhYjE1NTIwZWZmYmMxNWQ2NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxEJxya/dCCY1OIIoxSzm3ypuqkq
hurE+psMfY3SjvdU4iF0YIz+HnAjaWluN1PJgTXUM34zpckidXtzpiaLFHyPkCSU
Dlut7RAivKW1BeXg43CBolmkXIWTvdVfJkA/qo9Ke8DOwFEINI5itm1CRyBYi+Ax
CkmVBOXI+bWzOZEwWRJdWNYpDBjNqzSVGUYtO3KnJ9X4wLRoeOMRCG2yvFbtq/+U
KOEgogedm6FGVh9SXe1zpYnXqqiIVE45QFskryBGaVLGZiN/N/blLNOrqyJhDixe
yVtluNtFG2efFmbHtVkyIPW7MWIwaVud3qvcoFORoX9asvA23pf+DqvuFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ5yXsLlz6/ccct6sVUg7/vBXWUlMB8GA1UdIwQY
MBaAFA4oKhXBpdFUu9qHKzV2B6kflQqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYt
Nzg3NDFhYzkzYjMwLzEvbm5KZXd1WFByOXh4eTNxeFZTRHYtOEZkWlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYtNzg3NDFhYzkzYjMw
LzEvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyuiAwQA
wWtTMA0GCSqGSIb3DQEBCwUAA4IBAQCHCfxX+jXo1nE1wCdYm9gtTVvLrJ0vy+Mg
jCXFKsNPhAfjwP8iJCDQAL4B7YQ+OxAH5gvnosLQFAJMDKynserjFEEcw1r9UhLm
5bdUqQvenvxzIlpI4sGsa7O37i6Ibz2W2z3YkY0uXu/6GrSkX5DaG1MmPYaZMuSB
7D/JPVec/hPopAo1zMRpb94/0d7KR4we0Dw3E9viWkhrD15AmY9QYYeqQcjsgiyL
UuO9efNyqlUHXbjPASCjunuKbhd7z0UlVrFeBYsp6ncbizDNbN9aXVYePsJobpZX
TnY1Z99Djn7J1eQvxB5GCwlD36z/yNcaNH/7lFiKJS4T7y9xtpuX
-----END CERTIFICATE-----
Generated at Mon Apr 21 04:37:45 2025 by rpki-client