Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/nYo9CYH9wUPo7i6Cx-EfpffE-FU.roa
File: nYo9CYH9wUPo7i6Cx-EfpffE-FU.roa (raw, json)
Hash identifier: mvG3iRonqqgsKDIKqNZl19zJfaKZefT7W89KcwxXlmg=
Subject key identifier: 9D:8A:3D:09:81:FD:C1:43:E8:EE:2E:82:C7:E1:1F:A5:F7:C4:F8:55
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 018229C359F2615058FAFB367FD2C43D9D33
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/nYo9CYH9wUPo7i6Cx-EfpffE-FU.roa
Signing time: Sat 23 Jul 2022 06:34:04 +0000
ROA not before: Sat 23 Jul 2022 06:34:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 210000
IP address blocks: 176.119.223.0/24 maxlen: 24
194.156.188.0/24 maxlen: 24
2a12:3fc0:1145::/48 maxlen: 48
2a12:3fc0:7000::/48 maxlen: 48
2a12:3fc0:2680::/48 maxlen: 48
2a12:3fc0:2696::/48 maxlen: 48
2a12:3fc0:8378::/48 maxlen: 48
2a12:3fc0:2698::/48 maxlen: 48
2a12:3fc0:7d13::/48 maxlen: 48
2a12:3fc0:75f3::/48 maxlen: 48
2a12:3fc0:7742::/48 maxlen: 48
2a12:3fc0:7502::/48 maxlen: 48
2a12:3fc0:7282::/48 maxlen: 48
2a12:3fc0:7002::/48 maxlen: 48
2a12:3fc0:7602::/48 maxlen: 48
2a12:3fc0:8175::/48 maxlen: 48
2a12:3fc0:8375::/48 maxlen: 48
2a12:3fc0:2650::/48 maxlen: 48
2a12:3fc0:7763::/48 maxlen: 48
2a12:3fc0:7003::/48 maxlen: 48
2a12:3fc0:7001::/48 maxlen: 48
2a12:3fc1::/32 maxlen: 48
2a12:3fc1::/48 maxlen: 48
2a12:3fc0:7777::/48 maxlen: 48
2a12:3fc0:7d12::/48 maxlen: 48
2a12:3fc0:7f52::/48 maxlen: 48
2a12:3fc0:7b12::/48 maxlen: 48
2a12:3fc0:7532::/48 maxlen: 48
2a12:3fc0:7452::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:29:c3:59:f2:61:50:58:fa:fb:36:7f:d2:c4:3d:9d:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Jul 23 06:34:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9d8a3d0981fdc143e8ee2e82c7e11fa5f7c4f855
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:57:61:50:a1:df:10:3f:00:76:ad:6e:8f:45:
9e:77:29:3a:a5:63:b9:e9:93:3b:b3:46:5d:63:1a:
70:14:f7:16:b6:9b:4c:6d:a3:bd:98:7b:05:89:30:
56:42:cd:3b:0b:db:b7:f3:5f:ec:79:d4:57:c5:80:
5f:ad:15:61:2d:d7:2a:e4:4e:d6:06:50:b0:e0:73:
b1:c8:2b:c7:56:ec:67:2f:76:51:a0:25:68:31:6b:
81:d0:b6:20:35:90:64:79:ad:ae:57:db:15:6b:11:
54:01:27:06:40:96:72:21:6f:91:e7:31:f2:14:67:
cd:b9:60:02:02:7b:e9:b5:30:2d:57:74:95:30:05:
2d:56:99:cf:d4:29:ce:78:7a:7a:72:e5:24:2e:92:
64:af:76:4b:5b:57:13:cb:5d:e8:f4:87:46:97:9b:
f4:16:c9:84:f3:bc:a2:5e:7e:af:96:5d:e5:c8:68:
4e:fe:23:42:28:72:f0:a3:1b:6a:ae:e9:ab:ae:30:
f9:92:5b:0c:64:ad:56:c3:83:5b:3d:7a:1f:6e:14:
29:d8:88:13:4a:e5:4c:47:8f:10:83:ae:4c:c6:34:
ec:0a:62:dd:ce:15:c4:3f:77:fb:58:e9:b7:54:b5:
68:e1:33:4a:bf:cc:c1:4f:77:9c:59:65:01:63:a8:
19:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:8A:3D:09:81:FD:C1:43:E8:EE:2E:82:C7:E1:1F:A5:F7:C4:F8:55
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/nYo9CYH9wUPo7i6Cx-EfpffE-FU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.223.0/24
194.156.188.0/24
IPv6:
2a12:3fc0:1145::/48
2a12:3fc0:2650::/48
2a12:3fc0:2680::/48
2a12:3fc0:2696::/48
2a12:3fc0:2698::/48
2a12:3fc0:7000::/46
2a12:3fc0:7282::/48
2a12:3fc0:7452::/48
2a12:3fc0:7502::/48
2a12:3fc0:7532::/48
2a12:3fc0:75f3::/48
2a12:3fc0:7602::/48
2a12:3fc0:7742::/48
2a12:3fc0:7763::/48
2a12:3fc0:7777::/48
2a12:3fc0:7b12::/48
2a12:3fc0:7d12::/47
2a12:3fc0:7f52::/48
2a12:3fc0:8175::/48
2a12:3fc0:8375::/48
2a12:3fc0:8378::/48
2a12:3fc1::/32
Signature Algorithm: sha256WithRSAEncryption
77:32:ea:f0:11:cd:1f:a9:53:f7:ef:3f:82:53:53:2d:b0:16:
d6:0b:3f:d3:8f:0c:a2:f8:20:de:e8:47:d5:95:31:88:a2:f7:
03:a6:93:ff:3d:7b:35:85:93:08:a1:d0:59:65:60:e5:3f:17:
6e:d9:e4:d1:5a:14:6a:90:82:dd:11:6a:ab:ac:5c:4e:53:c6:
e4:fa:46:c3:e1:1a:d9:c0:c9:a2:ac:50:62:59:9a:5c:53:e2:
3e:b0:fe:8f:3e:a6:8c:b1:8c:89:4b:c0:33:cd:80:53:69:71:
81:fa:95:ae:e1:74:0b:61:3b:59:be:f4:f4:8f:41:a3:4d:c9:
0d:ab:be:fc:f7:f4:80:92:21:55:59:23:8c:98:4a:e2:c4:23:
80:14:ef:4b:09:8d:19:82:f2:42:58:7a:90:f9:a3:49:bc:2e:
51:1d:eb:95:83:3d:d3:19:4d:ec:50:74:2e:42:4e:78:53:80:
84:a8:ad:38:c0:91:27:ed:33:9b:bc:e7:b0:f6:a0:1c:f1:73:
9d:74:74:f2:d0:c6:46:d9:76:9e:14:ab:7b:f6:34:74:5c:a9:
51:b6:72:53:a8:f4:e4:7b:4a:c7:83:db:f0:24:43:25:79:f9:
92:1e:e0:53:20:ff:bb:b3:b5:8d:14:83:02:aa:7a:c0:6c:91:
14:e6:a9:5a
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgISAYIpw1nyYVBY+vs2f9LEPZ0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjIwNzIzMDYzNDA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDhhM2QwOTgxZmRjMTQzZThlZTJlODJjN2UxMWZhNWY3YzRmODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1dhUKHfED8Adq1uj0Wedyk6pWO5
6ZM7s0ZdYxpwFPcWtptMbaO9mHsFiTBWQs07C9u381/sedRXxYBfrRVhLdcq5E7W
BlCw4HOxyCvHVuxnL3ZRoCVoMWuB0LYgNZBkea2uV9sVaxFUAScGQJZyIW+R5zHy
FGfNuWACAnvptTAtV3SVMAUtVpnP1CnOeHp6cuUkLpJkr3ZLW1cTy13o9IdGl5v0
FsmE87yiXn6vll3lyGhO/iNCKHLwoxtqrumrrjD5klsMZK1Ww4NbPXofbhQp2IgT
SuVMR48Qg65MxjTsCmLdzhXEP3f7WOm3VLVo4TNKv8zBT3ecWWUBY6gZnwIDAQAB
o4IC4DCCAtwwHQYDVR0OBBYEFJ2KPQmB/cFD6O4ugsfhH6X3xPhVMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvbllvOUNZSDl3VVBvN2k2Q3gtRWZwZmZFLUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH1BggrBgEFBQcBBwEB/wSB5TCB4jASBAIAATAMAwQAsHff
AwQAwpy8MIHLBAIAAjCBxAMHACoSP8ARRQMHACoSP8AmUAMHACoSP8AmgAMHACoS
P8AmlgMHACoSP8AmmAMHAioSP8BwAAMHACoSP8ByggMHACoSP8B0UgMHACoSP8B1
AgMHACoSP8B1MgMHACoSP8B18wMHACoSP8B2AgMHACoSP8B3QgMHACoSP8B3YwMH
ACoSP8B3dwMHACoSP8B7EgMHASoSP8B9EgMHACoSP8B/UgMHACoSP8CBdQMHACoS
P8CDdQMHACoSP8CDeAMFACoSP8EwDQYJKoZIhvcNAQELBQADggEBAHcy6vARzR+p
U/fvP4JTUy2wFtYLP9OPDKL4IN7oR9WVMYii9wOmk/89ezWFkwih0FllYOU/F27Z
5NFaFGqQgt0RaqusXE5TxuT6RsPhGtnAyaKsUGJZmlxT4j6w/o8+poyxjIlLwDPN
gFNpcYH6la7hdAthO1m+9PSPQaNNyQ2rvvz39ICSIVVZI4yYSuLEI4AU70sJjRmC
8kJYepD5o0m8LlEd65WDPdMZTexQdC5CTnhTgISorTjAkSftM5u857D2oBzxc510
dPLQxkbZdp4Uq3v2NHRcqVG2clOo9OR7SseD2/AkQyV5+ZIe4FMg/7uztY0UgwKq
esBskRTmqVo=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:02:33 2025 by rpki-client