Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/NRrhgd-sT8yn7TAM5glms5ruWhs.roa
File: NRrhgd-sT8yn7TAM5glms5ruWhs.roa (raw, json)
Hash identifier: HaCJorPOmXNshRi2DbSQMH0CkscTNfJLZZtf/JPIogo=
Subject key identifier: 35:1A:E1:81:DF:AC:4F:CC:A7:ED:30:0C:E6:09:66:B3:9A:EE:5A:1B
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 018570CBD0C0D8179AF23F5CFA1F8C920A2E
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/NRrhgd-sT8yn7TAM5glms5ruWhs.roa
Signing time: Mon 02 Jan 2023 04:44:43 +0000
ROA not before: Mon 02 Jan 2023 04:44:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3301
IP address blocks: 217.208.0.0/13 maxlen: 13
194.18.0.0/16 maxlen: 16
195.252.32.0/19 maxlen: 19
194.16.0.0/15 maxlen: 15
195.198.0.0/16 maxlen: 16
62.20.0.0/16 maxlen: 16
195.67.0.0/16 maxlen: 16
192.16.152.0/23 maxlen: 23
2.255.191.0/24 maxlen: 24
2.255.190.0/24 maxlen: 24
192.16.153.0/24 maxlen: 24
194.236.0.0/15 maxlen: 15
193.44.0.0/15 maxlen: 15
192.150.58.0/23 maxlen: 23
192.150.64.0/22 maxlen: 22
192.150.60.0/22 maxlen: 22
192.150.68.0/23 maxlen: 23
192.150.78.0/23 maxlen: 23
213.64.0.0/14 maxlen: 14
212.28.192.0/19 maxlen: 19
194.22.0.0/15 maxlen: 15
81.228.4.0/24 maxlen: 24
81.228.4.0/23 maxlen: 23
2.248.0.0/13 maxlen: 13
81.228.5.0/24 maxlen: 24
194.218.0.0/16 maxlen: 16
212.181.0.0/16 maxlen: 16
95.192.0.0/12 maxlen: 12
78.64.0.0/12 maxlen: 12
81.224.0.0/12 maxlen: 12
90.224.0.0/12 maxlen: 12
192.150.80.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:cb:d0:c0:d8:17:9a:f2:3f:5c:fa:1f:8c:92:0a:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: Jan 2 04:44:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=351ae181dfac4fcca7ed300ce60966b39aee5a1b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:29:bd:ca:81:ae:fa:a6:5c:05:2c:a5:a4:33:
3a:ef:72:f3:54:88:10:d3:2c:53:fa:f7:e6:3e:67:
41:b5:66:11:25:8c:26:30:9c:6f:85:91:d9:e0:be:
70:84:73:fc:3e:5e:02:dc:4f:7e:4e:6a:16:2e:28:
13:36:a9:a0:8c:28:28:93:58:42:35:d1:7f:19:74:
c1:25:51:8e:b4:5f:b1:25:0b:97:12:08:80:7e:2d:
76:6c:d8:c8:12:eb:e7:40:08:9a:8f:ab:b9:97:aa:
88:d2:8a:3a:d9:7e:51:e2:3a:79:80:f7:63:51:5b:
fc:b0:ae:5e:02:cf:09:a7:75:d3:6e:eb:0e:70:4a:
a5:b7:2d:25:96:75:f7:68:37:f7:de:eb:ce:6d:f3:
1b:69:f8:d1:4a:b6:ec:6d:53:d9:6f:8a:56:4c:dc:
15:bf:89:7a:b4:cd:ad:fa:d3:e2:d4:d8:ac:a9:4c:
76:37:02:3c:06:44:ae:af:a1:86:8e:d4:aa:1d:a1:
ee:65:00:a7:f7:03:a2:5b:58:97:6c:63:1d:78:52:
bc:c3:5f:3f:c2:16:4e:b0:28:ae:5d:4b:9f:6e:24:
18:f6:03:b5:c5:81:e1:2f:09:e8:16:35:90:9a:ba:
1e:fe:0e:7a:97:63:04:f6:f1:bb:3c:45:0b:9e:90:
f8:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:1A:E1:81:DF:AC:4F:CC:A7:ED:30:0C:E6:09:66:B3:9A:EE:5A:1B
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/NRrhgd-sT8yn7TAM5glms5ruWhs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.248.0.0/13
62.20.0.0/16
78.64.0.0/12
81.224.0.0/12
90.224.0.0/12
95.192.0.0/12
192.16.152.0/23
192.150.58.0-192.150.69.255
192.150.78.0-192.150.81.255
193.44.0.0/15
194.16.0.0-194.18.255.255
194.22.0.0/15
194.218.0.0/16
194.236.0.0/15
195.67.0.0/16
195.198.0.0/16
195.252.32.0/19
212.28.192.0/19
212.181.0.0/16
213.64.0.0/14
217.208.0.0/13
Signature Algorithm: sha256WithRSAEncryption
77:df:5a:c0:8b:49:20:34:c8:bc:2a:26:f3:36:7e:c7:6f:e0:
24:8e:63:ba:53:6b:1f:b0:57:4f:15:85:bb:fc:dd:20:b2:30:
0d:89:b0:60:a7:47:67:89:2a:4c:85:8e:d9:8e:b7:d8:f8:09:
49:60:ae:a2:e5:ad:15:a6:79:98:ef:44:aa:43:02:ed:44:2d:
7f:08:18:71:7f:ea:f7:a2:82:6b:52:e3:a5:f7:ce:f0:bc:d2:
03:4d:4d:7b:18:44:27:f8:8d:8b:b1:a4:e1:91:8a:f0:0e:d0:
5c:78:17:61:89:81:ed:6b:cb:fb:7f:13:17:9d:2c:7b:c4:da:
8d:b6:ff:76:5c:2a:87:8c:bc:c9:d5:10:4e:d7:34:cd:c2:36:
2b:dd:95:b0:40:d7:ee:9d:b5:17:d4:ce:dc:e7:13:8b:33:16:
7c:7a:f0:8d:db:88:48:9d:a3:e8:62:c1:11:e0:31:d7:a6:78:
2b:f3:2e:d4:8f:a3:49:5a:6b:3f:fb:dc:25:38:e1:24:6f:54:
ba:cb:da:94:14:95:48:af:b3:19:b0:ed:4b:a6:7e:b4:ff:6b:
0a:9b:ef:ce:cf:be:a6:e8:74:03:f2:5f:fe:85:d4:9f:d3:2d:
0d:18:ce:0d:c2:1e:25:c0:2a:f3:c4:63:dc:b7:ab:39:a1:ba:
2e:bf:32:5e
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgISAYVwy9DA2Bea8j9c+h+MkgouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjMwMTAyMDQ0NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTFhZTE4MWRmYWM0ZmNjYTdlZDMwMGNlNjA5NjZiMzlhZWU1YTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSm9yoGu+qZcBSylpDM673LzVIgQ
0yxT+vfmPmdBtWYRJYwmMJxvhZHZ4L5whHP8Pl4C3E9+TmoWLigTNqmgjCgok1hC
NdF/GXTBJVGOtF+xJQuXEgiAfi12bNjIEuvnQAiaj6u5l6qI0oo62X5R4jp5gPdj
UVv8sK5eAs8Jp3XTbusOcEqlty0llnX3aDf33uvObfMbafjRSrbsbVPZb4pWTNwV
v4l6tM2t+tPi1NisqUx2NwI8BkSur6GGjtSqHaHuZQCn9wOiW1iXbGMdeFK8w18/
whZOsCiuXUufbiQY9gO1xYHhLwnoFjWQmroe/g56l2ME9vG7PEULnpD4BwIDAQAB
o4ICjTCCAokwHQYDVR0OBBYEFDUa4YHfrE/Mp+0wDOYJZrOa7lobMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvTlJyaGdkLXNUOHluN1RBTTVnbG1zNXJ1V2hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGiBggrBgEFBQcBBwEB/wSBkjCBjzCBjAQCAAEwgYUDAwMC
+AMDAD4UAwMETkADAwRR4AMDBFrgAwMEX8ADBAHAEJgwDAMEAcCWOgMEAcCWRDAM
AwQBwJZOAwQBwJZQAwMBwSwwCgMDBMIQAwMAwhIDAwHCFgMDAMLaAwMBwuwDAwDD
QwMDAMPGAwQFw/wgAwQF1BzAAwMA1LUDAwLVQAMDA9nQMA0GCSqGSIb3DQEBCwUA
A4IBAQB331rAi0kgNMi8KibzNn7Hb+AkjmO6U2sfsFdPFYW7/N0gsjANibBgp0dn
iSpMhY7ZjrfY+AlJYK6i5a0VpnmY70SqQwLtRC1/CBhxf+r3ooJrUuOl987wvNID
TU17GEQn+I2LsaThkYrwDtBceBdhiYHta8v7fxMXnSx7xNqNtv92XCqHjLzJ1RBO
1zTNwjYr3ZWwQNfunbUX1M7c5xOLMxZ8evCN24hInaPoYsER4DHXpngr8y7Uj6NJ
Wms/+9wlOOEkb1S6y9qUFJVIr7MZsO1Lpn60/2sKm+/Oz76m6HQD8l/+hdSf0y0N
GM4Nwh4lwCrzxGPct6s5obouvzJe
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:07:08 2025 by rpki-client