Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/4NE9hKkYofY9n-8kY-NWGauxEuA.roa
File: 4NE9hKkYofY9n-8kY-NWGauxEuA.roa (raw, json)
Hash identifier: wET5+fyNLHJZotap8erIQyVC/8wnAfUs0AJpJB0GuFQ=
Subject key identifier: E0:D1:3D:84:A9:18:A1:F6:3D:9F:EF:24:63:E3:56:19:AB:B1:12:E0
Certificate issuer: /CN=ffd61ac8c56e38fdf61238036c73547270034631
Certificate serial: 0723DD9D
Authority key identifier: FF:D6:1A:C8:C5:6E:38:FD:F6:12:38:03:6C:73:54:72:70:03:46:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_9YayMVuOP32EjgDbHNUcnADRjE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/4NE9hKkYofY9n-8kY-NWGauxEuA.roa
Signing time: Sat 01 Jan 2022 00:57:19 +0000
ROA not before: Sat 01 Jan 2022 00:57:19 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39175
IP address blocks: 139.28.108.0/22 maxlen: 22
185.249.36.0/22 maxlen: 22
2a09:d340::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 119791005 (0x723dd9d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ffd61ac8c56e38fdf61238036c73547270034631
Validity
Not Before: Jan 1 00:57:19 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e0d13d84a918a1f63d9fef2463e35619abb112e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:f9:6c:58:8d:c2:47:7c:e0:c1:77:16:26:c2:
87:e8:d5:e9:e0:3d:77:a5:e6:f0:91:ca:63:fa:57:
35:c6:ee:90:e5:d7:c5:9e:cb:a1:51:2e:83:8d:51:
06:43:ed:7e:06:68:1d:a7:a2:96:5d:5e:e1:a6:3a:
4e:f8:7f:c0:e9:f3:e3:6d:85:bb:43:8d:20:2c:10:
98:4c:66:be:e5:ac:fd:06:be:3c:06:78:df:54:d6:
cc:76:6b:78:f4:7e:03:4b:a0:f0:bd:48:9f:c9:73:
12:7d:2a:c3:05:6f:26:67:98:a8:86:48:5b:7f:2e:
7d:5f:6a:06:60:eb:d3:17:60:23:b8:55:a8:ca:2f:
53:4f:2d:b7:49:11:0b:41:3f:44:a0:80:38:0f:25:
45:61:31:ac:aa:14:84:04:6e:80:36:b4:82:aa:49:
b5:61:10:b2:29:d4:65:bf:46:a9:3b:fd:19:88:af:
36:52:bb:cb:ed:1a:92:b4:08:46:d1:f0:cb:a5:35:
64:37:cd:51:be:2a:08:6b:e0:5d:7d:59:5b:ee:f6:
ff:a0:71:93:d8:fb:c1:10:17:28:42:c3:62:01:d0:
bf:6d:92:5b:ad:43:4b:99:82:fe:42:91:d1:35:d8:
aa:32:b7:b0:68:b5:13:24:c0:d1:81:8b:df:51:bc:
13:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:D1:3D:84:A9:18:A1:F6:3D:9F:EF:24:63:E3:56:19:AB:B1:12:E0
X509v3 Authority Key Identifier:
keyid:FF:D6:1A:C8:C5:6E:38:FD:F6:12:38:03:6C:73:54:72:70:03:46:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9YayMVuOP32EjgDbHNUcnADRjE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/4NE9hKkYofY9n-8kY-NWGauxEuA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/_9YayMVuOP32EjgDbHNUcnADRjE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
139.28.108.0/22
185.249.36.0/22
IPv6:
2a09:d340::/29
Signature Algorithm: sha256WithRSAEncryption
2b:44:bb:b8:ef:63:a4:f5:67:47:6d:0c:d1:5d:df:b5:3a:8d:
ed:cf:c7:26:4e:cc:ec:07:20:1b:33:d0:a9:b4:59:97:fe:26:
33:fd:6a:0a:f8:10:b8:5f:bf:a7:13:e0:e8:fe:b8:46:d8:38:
da:b4:4d:9a:c0:35:67:c0:d8:d5:b9:90:65:18:c6:50:0f:8f:
48:bb:6d:ef:2a:79:52:75:c7:92:cc:e1:41:8f:2b:0b:6e:2c:
65:ad:38:4a:a6:c5:bf:8b:46:c8:9d:41:5a:97:7c:82:35:c4:
d9:5a:5a:af:10:ce:b2:70:58:b6:df:2c:6f:d4:04:90:30:ab:
e0:84:12:4d:e8:bd:c7:c2:6d:85:2e:94:65:97:cd:0c:06:8a:
c6:0f:12:5a:ee:3b:ae:b0:a7:38:e5:90:e4:4d:ba:db:1a:39:
8d:59:b7:38:cf:d9:8b:8a:7b:af:16:46:2c:24:89:2c:c1:c2:
7d:00:71:8e:f8:f5:fb:8a:3f:fb:27:25:24:31:6a:4d:06:9b:
5b:bf:11:6e:2d:65:c6:82:73:fb:45:74:c9:5e:97:c3:74:c9:
fb:54:0c:e0:ad:6b:1b:d4:41:d7:3f:90:8c:36:88:31:3f:2f:
d9:1f:92:4d:2b:81:80:4c:81:9b:c4:52:dc:d9:1e:79:bd:a9:
da:21:e4:b6
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEByPdnTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZmQ2MWFjOGM1NmUzOGZkZjYxMjM4MDM2YzczNTQ3MjcwMDM0NjMxMB4XDTIyMDEw
MTAwNTcxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTBkMTNkODRhOTE4
YTFmNjNkOWZlZjI0NjNlMzU2MTlhYmIxMTJlMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOH5bFiNwkd84MF3FibCh+jV6eA9d6Xm8JHKY/pXNcbukOXX
xZ7LoVEug41RBkPtfgZoHaeill1e4aY6Tvh/wOnz422Fu0ONICwQmExmvuWs/Qa+
PAZ431TWzHZrePR+A0ug8L1In8lzEn0qwwVvJmeYqIZIW38ufV9qBmDr0xdgI7hV
qMovU08tt0kRC0E/RKCAOA8lRWExrKoUhARugDa0gqpJtWEQsinUZb9GqTv9GYiv
NlK7y+0akrQIRtHwy6U1ZDfNUb4qCGvgXX1ZW+72/6Bxk9j7wRAXKELDYgHQv22S
W61DS5mC/kKR0TXYqjK3sGi1EyTA0YGL31G8E50CAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBTg0T2EqRih9j2f7yRj41YZq7ES4DAfBgNVHSMEGDAWgBT/1hrIxW44/fYS
OANsc1RycANGMTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L185WWF5TVZ1T1AzMkVqZ0RiSE5VY25BRFJqRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTkvMTRkN2I4LWFmY2UtNDVhMS1iMjcyLTA0ZDk2ZmE4M2QwNy8x
LzRORTloS2tZb2ZZOW4tOGtZLU5XR2F1eEV1QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTkv
MTRkN2I4LWFmY2UtNDVhMS1iMjcyLTA0ZDk2ZmE4M2QwNy8xL185WWF5TVZ1T1Az
MkVqZ0RiSE5VY25BRFJqRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAoscbAMEArn5JDANBAIAAjAHAwUD
KgnTQDANBgkqhkiG9w0BAQsFAAOCAQEAK0S7uO9jpPVnR20M0V3ftTqN7c/HJk7M
7AcgGzPQqbRZl/4mM/1qCvgQuF+/pxPg6P64Rtg42rRNmsA1Z8DY1bmQZRjGUA+P
SLtt7yp5UnXHkszhQY8rC24sZa04SqbFv4tGyJ1BWpd8gjXE2VparxDOsnBYtt8s
b9QEkDCr4IQSTei9x8JthS6UZZfNDAaKxg8SWu47rrCnOOWQ5E262xo5jVm3OM/Z
i4p7rxZGLCSJLMHCfQBxjvj1+4o/+yclJDFqTQabW78Rbi1lxoJz+0V0yV6Xw3TJ
+1QM4K1rG9RB1z+QjDaIMT8v2R+STSuBgEyBm8RS3Nkeeb2p2iHktg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:52:34 2025 by rpki-client