Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/nGg13tq3nAEc7BJWe_Ofti0O2qk.roa
File: nGg13tq3nAEc7BJWe_Ofti0O2qk.roa (raw, json)
Hash identifier: TyL6+emxNKmuErsSFoJ1Tum/YJvH5n8wjopRAVMiH+o=
Subject key identifier: 9C:68:35:DE:DA:B7:9C:01:1C:EC:12:56:7B:F3:9F:B6:2D:0E:DA:A9
Certificate issuer: /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial: 018CC8DF009ED066B4622563B28DCF93969C
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/nGg13tq3nAEc7BJWe_Ofti0O2qk.roa
Signing time: Tue 02 Jan 2024 06:31:47 +0000
ROA not before: Tue 02 Jan 2024 06:31:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9121
IP address blocks: 188.125.174.0/24 maxlen: 24
188.125.163.0/24 maxlen: 24
188.125.164.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.166.0/24 maxlen: 24
188.125.160.0/24 maxlen: 24
188.125.161.0/24 maxlen: 24
188.125.162.0/24 maxlen: 24
188.125.170.0/24 maxlen: 24
188.125.167.0/24 maxlen: 24
188.125.168.0/24 maxlen: 24
188.125.169.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:00:9e:d0:66:b4:62:25:63:b2:8d:cf:93:96:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Validity
Not Before: Jan 2 06:31:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9c6835dedab79c011cec12567bf39fb62d0edaa9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:fe:74:5a:26:d9:60:65:7f:f4:97:e6:cb:8f:
bb:ee:47:24:ec:86:ae:66:0a:42:87:92:2b:9a:dd:
37:10:9a:2b:59:cf:aa:b7:cb:f5:4a:a9:d1:c3:af:
91:b5:2e:ec:8a:9c:0e:92:6d:fe:4e:2c:b9:95:6e:
6d:99:3c:3a:2c:29:a8:99:e6:94:9e:6a:02:aa:87:
d8:81:39:3c:d8:e4:2f:c9:de:78:78:f6:fe:9a:86:
8f:e4:31:fb:79:33:c5:a1:af:1c:5a:f0:5e:4d:8b:
e8:f0:ff:a8:94:91:88:00:fa:5a:3f:51:d8:61:20:
e2:5b:0a:30:3e:4e:fc:fb:3c:4f:a8:79:71:0d:db:
61:bd:2e:2e:d8:6a:99:3c:5b:79:a3:e7:ce:03:b3:
6c:1e:d3:2b:99:db:c5:34:ab:25:5f:26:d3:58:db:
46:5a:a4:16:c8:06:e7:0e:03:71:d5:ac:b3:41:7d:
f9:9c:3f:9a:40:7d:65:fb:60:f5:a2:b1:26:f8:66:
05:62:d5:13:e1:0b:20:2c:57:7a:21:76:60:c5:d8:
22:f9:c8:6e:34:e0:58:19:58:48:2b:cc:b8:f5:45:
53:3b:a6:95:33:b0:e2:f6:bc:33:34:0f:4c:cf:e7:
42:6b:7b:23:e5:7c:da:47:24:87:59:f8:37:3b:2c:
51:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:68:35:DE:DA:B7:9C:01:1C:EC:12:56:7B:F3:9F:B6:2D:0E:DA:A9
X509v3 Authority Key Identifier:
keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/nGg13tq3nAEc7BJWe_Ofti0O2qk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.125.160.0-188.125.170.255
188.125.174.0/24
Signature Algorithm: sha256WithRSAEncryption
86:40:51:90:1f:cc:92:76:18:72:82:b7:44:3c:fa:ea:a6:c4:
f1:0c:16:57:95:0d:0f:cd:04:f4:e0:1b:10:6c:67:98:66:81:
4a:15:82:5f:4a:52:d2:b9:ab:1e:f4:1e:fc:cf:b8:cd:2b:5d:
b4:63:03:ca:d1:6c:7b:95:54:20:29:0c:c0:d7:bb:de:da:14:
df:9f:1c:cb:f2:dd:d4:c8:8a:0c:fa:fc:8f:46:ae:2b:75:2f:
f6:d3:a6:63:9e:24:8b:a0:09:0d:92:0f:8f:db:26:83:17:51:
0a:de:37:d1:42:a0:f3:de:ba:46:4a:a3:f8:6a:80:b7:f6:bd:
ba:a0:e6:ae:c0:03:4f:7e:12:7d:bf:8f:c9:b7:69:d3:b0:08:
02:16:0f:5d:50:b6:b8:21:e2:02:24:0e:47:10:3e:a4:dd:02:
92:bf:27:9e:2c:02:bf:c4:3b:1d:3f:32:36:89:c9:cf:63:f1:
ed:50:48:88:75:49:81:2e:7b:9c:62:ac:29:19:07:71:1a:95:
7c:b7:28:0e:90:82:b2:5e:a6:99:cd:26:2e:bb:1b:67:ab:fd:
c8:a0:a7:48:0e:b5:4f:42:15:37:bf:df:bd:92:23:fb:cd:c8:
e1:54:09:14:b9:8d:0b:67:1d:dd:78:7c:82:c2:90:66:9f:71:
b4:2a:f8:7c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzI3wCe0Ga0YiVjso3Pk5acMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjQwMTAyMDYzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY4MzVkZWRhYjc5YzAxMWNlYzEyNTY3YmYzOWZiNjJkMGVkYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0P50WibZYGV/9Jfmy4+77kck7Iau
ZgpCh5Irmt03EJorWc+qt8v1SqnRw6+RtS7sipwOkm3+Tiy5lW5tmTw6LCmomeaU
nmoCqofYgTk82OQvyd54ePb+moaP5DH7eTPFoa8cWvBeTYvo8P+olJGIAPpaP1HY
YSDiWwowPk78+zxPqHlxDdthvS4u2GqZPFt5o+fOA7NsHtMrmdvFNKslXybTWNtG
WqQWyAbnDgNx1ayzQX35nD+aQH1l+2D1orEm+GYFYtUT4QsgLFd6IXZgxdgi+chu
NOBYGVhIK8y49UVTO6aVM7Di9rwzNA9Mz+dCa3sj5XzaRySHWfg3OyxRfQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJxoNd7at5wBHOwSVnvzn7YtDtqpMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvbkdnMTN0cTNuQUVjN0JKV2VfT2Z0aTBPMnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAW8faAD
BAC8faoDBAC8fa4wDQYJKoZIhvcNAQELBQADggEBAIZAUZAfzJJ2GHKCt0Q8+uqm
xPEMFleVDQ/NBPTgGxBsZ5hmgUoVgl9KUtK5qx70HvzPuM0rXbRjA8rRbHuVVCAp
DMDXu97aFN+fHMvy3dTIigz6/I9Grit1L/bTpmOeJIugCQ2SD4/bJoMXUQreN9FC
oPPeukZKo/hqgLf2vbqg5q7AA09+En2/j8m3adOwCAIWD11Qtrgh4gIkDkcQPqTd
ApK/J54sAr/EOx0/MjaJyc9j8e1QSIh1SYEue5xirCkZB3EalXy3KA6QgrJeppnN
Ji67G2er/cigp0gOtU9CFTe/372SI/vNyOFUCRS5jQtnHd14fILCkGafcbQq+Hw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:25 2024 by rpki-client on console-ams.rpki-client.org