Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/NaiKIKTM2OjWsvTl-F5E5tDP4Tk.roa
File: NaiKIKTM2OjWsvTl-F5E5tDP4Tk.roa (raw, json)
Hash identifier: QqSdIl8BQPRjj/8H/ACZ1dLWWMMIYBzSKOXGXx7APeQ=
Subject key identifier: 35:A8:8A:20:A4:CC:D8:E8:D6:B2:F4:E5:F8:5E:44:E6:D0:CF:E1:39
Certificate issuer: /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial: 018A842430C4C72964B06E6024DAC4A73BB7
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/NaiKIKTM2OjWsvTl-F5E5tDP4Tk.roa
Signing time: Mon 11 Sep 2023 12:07:58 +0000
ROA not before: Mon 11 Sep 2023 12:07:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57314
IP address blocks: 91.231.132.0/22 maxlen: 22
94.141.116.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:84:24:30:c4:c7:29:64:b0:6e:60:24:da:c4:a7:3b:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
Validity
Not Before: Sep 11 12:07:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35a88a20a4ccd8e8d6b2f4e5f85e44e6d0cfe139
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:82:7a:3a:a5:ec:91:13:5f:87:6a:3b:43:ff:
ca:a7:b8:d1:a4:34:fe:f0:e4:08:4e:4d:d5:0a:df:
5c:54:63:1b:16:06:38:e0:e9:7f:ee:00:39:75:05:
9a:78:0f:f4:f9:2d:c4:4d:7d:1f:87:72:72:c5:f5:
75:70:66:7c:a1:99:cd:c9:70:17:f4:f5:d1:f2:e4:
74:c6:94:10:79:12:16:7e:76:96:a7:e9:67:5c:55:
09:72:9e:b3:6c:16:ed:5e:49:05:09:65:50:4d:2c:
92:e8:7c:3f:01:d2:4f:93:7a:bd:ac:f5:e8:42:90:
46:5d:ce:03:d5:66:9e:df:4c:1f:b1:2d:be:18:5e:
57:53:95:15:ed:b1:21:f0:5f:ab:bd:39:6f:b5:76:
40:2a:f7:a3:54:bb:05:b4:04:5e:87:9c:fe:68:f0:
25:91:fb:9a:9d:04:ff:4d:70:78:d7:b2:e9:8e:b7:
25:17:f3:90:e5:c9:72:d2:25:df:51:22:57:4f:29:
b8:fb:73:19:1d:d5:67:6c:d2:eb:8e:08:6d:cc:84:
cc:b4:c9:51:9f:70:ba:5c:ca:b3:25:a3:60:35:e2:
2b:9a:2d:f3:fa:9d:e5:64:eb:c5:8c:59:94:00:86:
8b:c4:a3:4f:79:08:03:d0:67:12:49:f7:64:a0:0d:
83:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:A8:8A:20:A4:CC:D8:E8:D6:B2:F4:E5:F8:5E:44:E6:D0:CF:E1:39
X509v3 Authority Key Identifier:
keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/NaiKIKTM2OjWsvTl-F5E5tDP4Tk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.132.0/22
94.141.116.0/22
Signature Algorithm: sha256WithRSAEncryption
5e:39:eb:d4:2d:82:1f:82:a6:55:ee:fb:6a:2a:33:36:ce:02:
e6:92:c6:77:6d:de:c7:4f:6d:cf:e1:8b:14:da:09:2d:08:56:
4c:8e:1b:68:2e:fd:6c:6b:99:5e:bd:4e:9d:b7:65:5d:d3:52:
88:97:d6:f1:39:04:3b:3b:c4:03:1b:a8:cb:45:3f:2e:51:31:
84:7f:cf:70:b0:49:c7:24:01:6e:9f:04:98:a1:c9:50:63:01:
92:06:5a:73:66:1e:ea:7d:51:15:1e:ee:fb:d9:3b:bb:f1:6a:
f0:ac:13:f9:e4:a2:b3:c0:07:ee:b1:49:71:08:9f:1f:5c:d9:
ec:9a:89:3b:a7:ee:8c:f2:60:ee:c9:70:1c:eb:d9:95:1c:a7:
27:63:e8:2c:91:f4:ca:48:14:d1:9d:cd:11:87:a5:e3:64:b8:
41:65:3b:ba:ab:81:51:5d:a8:c7:28:76:e2:8e:6d:a8:0d:68:
4f:b5:40:88:06:e7:c7:49:c9:e3:bd:95:d8:22:64:b9:e5:d2:
46:c5:b1:b7:79:b0:f6:3b:2a:18:77:8f:8f:33:e8:59:bd:4a:
eb:ac:8b:98:31:05:ac:4f:af:ff:eb:b1:c4:d7:e8:d2:95:1f:
5d:47:c6:43:40:9d:2c:2d:9f:36:c7:c5:2a:c4:23:1f:36:84:
36:e4:80:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYqEJDDExylksG5gJNrEpzu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjMwOTExMTIwNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE4OGEyMGE0Y2NkOGU4ZDZiMmY0ZTVmODVlNDRlNmQwY2ZlMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoJ6OqXskRNfh2o7Q//Kp7jRpDT+
8OQITk3VCt9cVGMbFgY44Ol/7gA5dQWaeA/0+S3ETX0fh3JyxfV1cGZ8oZnNyXAX
9PXR8uR0xpQQeRIWfnaWp+lnXFUJcp6zbBbtXkkFCWVQTSyS6Hw/AdJPk3q9rPXo
QpBGXc4D1Wae30wfsS2+GF5XU5UV7bEh8F+rvTlvtXZAKvejVLsFtAReh5z+aPAl
kfuanQT/TXB417LpjrclF/OQ5cly0iXfUSJXTym4+3MZHdVnbNLrjghtzITMtMlR
n3C6XMqzJaNgNeIrmi3z+p3lZOvFjFmUAIaLxKNPeQgD0GcSSfdkoA2D9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDWoiiCkzNjo1rL05fheRObQz+E5MB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvTmFpS0lLVE0yT2pXc3ZUbC1GNUU1dERQNFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+eEAwQC
Xo10MA0GCSqGSIb3DQEBCwUAA4IBAQBeOevULYIfgqZV7vtqKjM2zgLmksZ3bd7H
T23P4YsU2gktCFZMjhtoLv1sa5levU6dt2Vd01KIl9bxOQQ7O8QDG6jLRT8uUTGE
f89wsEnHJAFunwSYoclQYwGSBlpzZh7qfVEVHu772Tu78WrwrBP55KKzwAfusUlx
CJ8fXNnsmok7p+6M8mDuyXAc69mVHKcnY+gskfTKSBTRnc0Rh6XjZLhBZTu6q4FR
XajHKHbijm2oDWhPtUCIBufHScnjvZXYImS55dJGxbG3ebD2OyoYd4+PM+hZvUrr
rIuYMQWsT6//67HE1+jSlR9dR8ZDQJ0sLZ82x8UqxCMfNoQ25ID7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:44 2024 by rpki-client on console-ams.rpki-client.org