Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/NMUi_J3FX-kg2XLqH_7qFPDMf5U.roa
File: NMUi_J3FX-kg2XLqH_7qFPDMf5U.roa (raw, json)
Hash identifier: 9aPX4N832xhQs/SPPV2F97Vl1q1whbOoQ04fK0kHbow=
Subject key identifier: 34:C5:22:FC:9D:C5:5F:E9:20:D9:72:EA:1F:FE:EA:14:F0:CC:7F:95
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0184766DE61B28F9AE8A0817CF09C306ECB2
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/NMUi_J3FX-kg2XLqH_7qFPDMf5U.roa
Signing time: Mon 14 Nov 2022 13:57:04 +0000
ROA not before: Mon 14 Nov 2022 13:57:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211529
IP address blocks: 194.5.95.0/24 maxlen: 24
45.66.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:76:6d:e6:1b:28:f9:ae:8a:08:17:cf:09:c3:06:ec:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Nov 14 13:57:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=34c522fc9dc55fe920d972ea1ffeea14f0cc7f95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b8:8f:e7:c0:42:48:20:a8:3f:bb:f7:4e:72:
77:65:bd:0e:8f:69:6c:bd:a5:ac:2d:b0:7e:2c:20:
a9:f7:a3:e6:4d:ef:33:74:1e:ed:8a:1b:41:9b:f1:
ec:cd:dd:1e:85:92:f2:16:77:48:1e:75:32:7a:e2:
ce:87:60:5f:02:94:de:43:e1:a3:7d:7e:81:11:b4:
fa:95:37:09:31:aa:b3:6b:77:af:8c:85:6d:5f:49:
70:a3:a0:58:08:c9:aa:5c:1b:b6:6a:cc:89:d4:53:
e1:02:f1:0a:ba:d2:2b:2f:64:0e:c7:2a:66:d8:82:
0a:42:46:72:0b:00:23:96:da:56:f0:e4:fa:da:85:
11:22:bc:17:cb:89:45:0c:92:c6:44:2a:9a:9d:3e:
81:f1:2f:b6:1c:ad:a8:a1:1f:82:a3:58:56:b7:c2:
a1:df:d1:8c:f6:e6:a9:ff:ee:f7:e7:dd:e6:9c:4c:
ad:f3:e5:a7:d5:b6:75:e2:36:70:6a:b1:6d:e5:e3:
9c:3e:64:d3:c7:67:16:e2:88:fe:ce:3b:2b:5c:9a:
bb:ff:3b:9e:d5:d6:4c:a5:49:43:4e:29:85:fe:b7:
21:30:f7:c1:72:bd:3f:27:6e:dd:db:4a:19:51:0a:
8e:e6:37:c2:1b:69:7d:ae:50:f1:14:44:50:cf:03:
23:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:C5:22:FC:9D:C5:5F:E9:20:D9:72:EA:1F:FE:EA:14:F0:CC:7F:95
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/NMUi_J3FX-kg2XLqH_7qFPDMf5U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.118.0/24
194.5.95.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:1b:20:2a:e6:3f:76:bf:ff:90:8f:5f:29:7e:9e:26:00:c2:
2b:1c:e7:ed:4b:57:a2:f5:e1:a4:b9:0b:c4:0e:f3:09:af:27:
71:10:b6:85:16:5b:aa:12:d7:ca:cd:b1:ff:14:28:ae:5d:79:
28:cd:9e:95:97:68:d7:d8:96:68:36:12:1d:3c:6e:3e:91:49:
38:1e:e5:2d:9c:a2:f7:34:9e:c5:12:48:9b:d8:6f:aa:b6:cf:
98:84:1a:75:f6:86:30:49:48:8d:8c:97:4e:d2:ac:31:cb:3b:
b2:2f:88:00:84:7d:5e:68:57:5c:a2:1e:f7:dd:8e:77:2a:74:
b5:a8:14:22:bc:79:32:4b:a0:ff:40:bc:72:06:aa:0e:f2:2c:
32:4f:b2:66:ae:44:68:c2:f7:e6:92:fd:d3:7f:69:f6:6b:f9:
08:4b:dd:b8:e6:20:f4:22:1b:13:50:82:10:fc:dc:a4:b6:e0:
17:35:3f:65:65:7a:76:94:5b:58:04:9b:92:fc:08:c7:ac:9b:
a2:04:92:12:51:58:3f:d6:44:ee:d7:df:f6:57:dc:63:df:09:
91:2c:01:c3:34:50:02:b6:f3:0f:fe:a4:56:25:59:1a:b6:5d:
c5:f0:ad:cd:6e:ea:67:9d:f6:6e:88:21:82:bf:53:13:34:85:
bb:bd:d0:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYR2beYbKPmuiggXzwnDBuyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMTE0MTM1NzA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGM1MjJmYzlkYzU1ZmU5MjBkOTcyZWExZmZlZWExNGYwY2M3Zjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7iP58BCSCCoP7v3TnJ3Zb0Oj2ls
vaWsLbB+LCCp96PmTe8zdB7tihtBm/Hszd0ehZLyFndIHnUyeuLOh2BfApTeQ+Gj
fX6BEbT6lTcJMaqza3evjIVtX0lwo6BYCMmqXBu2asyJ1FPhAvEKutIrL2QOxypm
2IIKQkZyCwAjltpW8OT62oURIrwXy4lFDJLGRCqanT6B8S+2HK2ooR+Co1hWt8Kh
39GM9uap/+73593mnEyt8+Wn1bZ14jZwarFt5eOcPmTTx2cW4oj+zjsrXJq7/zue
1dZMpUlDTimF/rchMPfBcr0/J27d20oZUQqO5jfCG2l9rlDxFERQzwMjMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDTFIvydxV/pINly6h/+6hTwzH+VMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvTk1VaV9KM0ZYLWtnMlhMcUhfN3FGUERNZjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUJ2AwQA
wgVfMA0GCSqGSIb3DQEBCwUAA4IBAQA7GyAq5j92v/+Qj18pfp4mAMIrHOftS1ei
9eGkuQvEDvMJrydxELaFFluqEtfKzbH/FCiuXXkozZ6Vl2jX2JZoNhIdPG4+kUk4
HuUtnKL3NJ7FEkib2G+qts+YhBp19oYwSUiNjJdO0qwxyzuyL4gAhH1eaFdcoh73
3Y53KnS1qBQivHkyS6D/QLxyBqoO8iwyT7JmrkRowvfmkv3Tf2n2a/kIS9245iD0
IhsTUIIQ/NyktuAXNT9lZXp2lFtYBJuS/AjHrJuiBJISUVg/1kTu19/2V9xj3wmR
LAHDNFACtvMP/qRWJVkatl3F8K3NbupnnfZuiCGCv1MTNIW7vdC9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org