Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/NTTzCcSFu9Cwq3nxxSGkFxIiFrM.roa
File: NTTzCcSFu9Cwq3nxxSGkFxIiFrM.roa (raw, json)
Hash identifier: FHPXDu/UAzQugl8NP5PymCeA8oBNZFmL1Hk/4PWs03g=
Subject key identifier: 35:34:F3:09:C4:85:BB:D0:B0:AB:79:F1:C5:21:A4:17:12:22:16:B3
Certificate issuer: /CN=cd0932bdb61085c76dd645c1e76eb71117547b93
Certificate serial: 018CC6B782A431A94EC4666FA6D6D92D99F8
Authority key identifier: CD:09:32:BD:B6:10:85:C7:6D:D6:45:C1:E7:6E:B7:11:17:54:7B:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zQkyvbYQhcdt1kXB5263ERdUe5M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/NTTzCcSFu9Cwq3nxxSGkFxIiFrM.roa
Signing time: Mon 01 Jan 2024 20:29:24 +0000
ROA not before: Mon 01 Jan 2024 20:29:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 30779
IP address blocks: 88.135.224.0/19 maxlen: 19
193.19.74.0/23 maxlen: 23
193.34.20.0/22 maxlen: 22
176.100.160.0/19 maxlen: 19
2001:67c:203c::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:82:a4:31:a9:4e:c4:66:6f:a6:d6:d9:2d:99:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd0932bdb61085c76dd645c1e76eb71117547b93
Validity
Not Before: Jan 1 20:29:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3534f309c485bbd0b0ab79f1c521a417122216b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:43:22:56:f4:33:66:43:c7:2e:3c:94:33:2c:
27:d8:5c:52:e1:cf:ec:93:f7:fc:72:f5:ec:0e:ed:
dc:bf:f1:78:be:0b:a3:e2:02:a4:cb:f5:90:d7:70:
ce:be:2c:ba:f2:0d:45:1d:8b:b7:77:8b:36:ff:f1:
e0:b1:0b:39:83:1a:ea:7c:09:13:c2:68:da:c4:4f:
e7:28:eb:6a:f7:ba:a1:1d:ca:c9:34:66:19:8b:e0:
e7:4f:9c:75:22:99:13:16:ae:e5:dd:a8:3f:b4:6c:
25:af:cc:5e:a2:39:b1:15:f9:dd:06:df:02:2e:27:
c0:34:0d:aa:dc:a5:97:4e:ec:05:90:b5:eb:65:66:
ce:34:7b:35:ea:90:8f:13:cb:39:90:11:77:6a:e6:
f7:aa:24:31:79:01:5b:c4:c6:c4:d0:bd:e9:33:94:
2d:36:89:de:8a:a7:70:97:82:57:c5:52:37:f3:ea:
5e:ea:8c:a7:45:97:3a:bf:95:d5:cd:35:8c:8a:b6:
a0:3d:46:07:c5:03:f5:3f:00:21:f6:b1:50:19:83:
f9:1e:23:06:48:a4:e9:0d:cf:05:c5:a7:8f:15:b2:
56:b0:96:0a:a6:cf:fc:18:13:c1:09:d8:0f:89:c4:
2e:e6:6b:59:4d:dc:93:7b:0a:01:3c:c8:62:78:62:
5f:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:34:F3:09:C4:85:BB:D0:B0:AB:79:F1:C5:21:A4:17:12:22:16:B3
X509v3 Authority Key Identifier:
keyid:CD:09:32:BD:B6:10:85:C7:6D:D6:45:C1:E7:6E:B7:11:17:54:7B:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zQkyvbYQhcdt1kXB5263ERdUe5M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/NTTzCcSFu9Cwq3nxxSGkFxIiFrM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/zQkyvbYQhcdt1kXB5263ERdUe5M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.135.224.0/19
176.100.160.0/19
193.19.74.0/23
193.34.20.0/22
IPv6:
2001:67c:203c::/48
Signature Algorithm: sha256WithRSAEncryption
9c:e9:58:ac:01:b3:a2:f5:9d:03:e2:dd:1d:e2:72:57:3f:b3:
ab:a5:05:b9:90:8c:05:ce:62:0d:9c:d3:ae:74:1e:da:12:e2:
3b:ea:22:37:7e:17:81:1e:c5:1b:61:59:0d:10:c8:48:36:fe:
60:43:b4:0a:5d:31:08:5f:49:18:bb:f8:98:dd:fe:af:be:d0:
27:fd:e8:cc:be:63:00:00:f4:7c:df:96:47:48:48:60:26:95:
fa:d6:47:80:b4:b8:a8:53:71:96:64:8d:f1:99:41:b1:41:54:
f0:9a:61:64:08:60:99:c4:dd:66:06:26:21:07:87:62:64:6a:
35:01:cc:00:4f:f3:1f:2f:23:4d:cf:85:bc:92:92:ca:2c:67:
df:36:8d:d5:72:9b:61:b7:4a:90:da:8e:18:01:97:41:7b:bf:
cf:f2:40:53:e1:a1:19:9b:56:16:d4:e4:f1:24:0c:b8:f2:07:
72:60:52:bf:97:58:80:5e:cb:c7:81:a9:f6:d7:bf:b1:b6:c8:
cf:5d:0f:a3:b3:3b:ba:b1:09:52:f7:b0:77:40:a7:72:c0:30:
03:4b:ac:73:72:4c:eb:2c:49:11:f8:6e:5e:96:6b:73:36:a3:
d6:76:e2:c1:66:5e:0a:2b:9e:5a:af:6f:66:fb:8e:7e:34:4f:
41:2f:2b:4a
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzGt4KkMalOxGZvptbZLZn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMDkzMmJkYjYxMDg1Yzc2ZGQ2NDVjMWU3NmViNzExMTc1
NDdiOTMwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM0ZjMwOWM0ODViYmQwYjBhYjc5ZjFjNTIxYTQxNzEyMjIxNmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkMiVvQzZkPHLjyUMywn2FxS4c/s
k/f8cvXsDu3cv/F4vguj4gKky/WQ13DOviy68g1FHYu3d4s2//HgsQs5gxrqfAkT
wmjaxE/nKOtq97qhHcrJNGYZi+DnT5x1IpkTFq7l3ag/tGwlr8xeojmxFfndBt8C
LifANA2q3KWXTuwFkLXrZWbONHs16pCPE8s5kBF3aub3qiQxeQFbxMbE0L3pM5Qt
Noneiqdwl4JXxVI38+pe6oynRZc6v5XVzTWMiragPUYHxQP1PwAh9rFQGYP5HiMG
SKTpDc8FxaePFbJWsJYKps/8GBPBCdgPicQu5mtZTdyTewoBPMhieGJfVQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFDU08wnEhbvQsKt58cUhpBcSIhazMB8GA1UdIwQY
MBaAFM0JMr22EIXHbdZFwedutxEXVHuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelFreXZiWVFoY2R0MWtYQjUyNjNFUmRVZTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8wYThiMWYtY2E3Mi00ZWRhLWE3MTct
NDgyYzg2ZGIyMDQwLzEvTlRUekNjU0Z1OUN3cTNueHhTR2tGeElpRnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8wYThiMWYtY2E3Mi00ZWRhLWE3MTctNDgyYzg2ZGIyMDQw
LzEvelFreXZiWVFoY2R0MWtYQjUyNjNFUmRVZTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQFWIfgAwQF
sGSgAwQBwRNKAwQCwSIUMA8EAgACMAkDBwAgAQZ8IDwwDQYJKoZIhvcNAQELBQAD
ggEBAJzpWKwBs6L1nQPi3R3iclc/s6ulBbmQjAXOYg2c0650HtoS4jvqIjd+F4Ee
xRthWQ0QyEg2/mBDtApdMQhfSRi7+Jjd/q++0Cf96My+YwAA9HzflkdISGAmlfrW
R4C0uKhTcZZkjfGZQbFBVPCaYWQIYJnE3WYGJiEHh2JkajUBzABP8x8vI03PhbyS
ksosZ982jdVym2G3SpDajhgBl0F7v8/yQFPhoRmbVhbU5PEkDLjyB3JgUr+XWIBe
y8eBqfbXv7G2yM9dD6OzO7qxCVL3sHdAp3LAMANLrHNyTOssSRH4bl6Wa3M2o9Z2
4sFmXgornlqvb2b7jn40T0EvK0o=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:25 2025 by rpki-client