Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Nn9D6T6nEOgsRqtLDMaY-s9K1jo.roa
File: Nn9D6T6nEOgsRqtLDMaY-s9K1jo.roa (raw, json)
Hash identifier: dlgqL3WFZo5XfFoHDiM9FC6oaWCG99xr3AOFfx/Opfc=
Subject key identifier: 36:7F:43:E9:3E:A7:10:E8:2C:46:AB:4B:0C:C6:98:FA:CF:4A:D6:3A
Certificate issuer: /CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
Certificate serial: 01860D26808E4D7035BCC33F3109E7E30746
Authority key identifier: 0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Nn9D6T6nEOgsRqtLDMaY-s9K1jo.roa
Signing time: Wed 01 Feb 2023 13:24:32 +0000
ROA not before: Wed 01 Feb 2023 13:24:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12312
IP address blocks: 212.172.0.0/16 maxlen: 16
195.78.160.0/19 maxlen: 19
194.162.0.0/16 maxlen: 16
80.83.96.0/20 maxlen: 20
62.144.0.0/16 maxlen: 16
79.140.176.0/20 maxlen: 20
194.112.16.0/20 maxlen: 20
62.246.0.0/16 maxlen: 16
195.52.0.0/16 maxlen: 23
195.63.0.0/16 maxlen: 16
62.26.0.0/15 maxlen: 23
185.210.52.0/22 maxlen: 22
195.185.0.0/16 maxlen: 16
2001:4091::/32 maxlen: 32
2a01:5c8::/32 maxlen: 32
2001:4090::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:0d:26:80:8e:4d:70:35:bc:c3:3f:31:09:e7:e3:07:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
Validity
Not Before: Feb 1 13:24:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=367f43e93ea710e82c46ab4b0cc698facf4ad63a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:5b:3d:73:0a:f1:1a:95:c3:a2:eb:ed:57:3b:
1a:d6:25:c2:47:92:22:26:55:d9:9f:b7:04:d2:0a:
5e:f4:f0:c1:7f:d4:2f:80:fd:d2:5a:28:f5:2b:c7:
13:da:a0:05:a5:96:ed:0e:4e:e1:1e:69:85:f2:3b:
ab:09:87:2a:bf:12:cf:30:d5:17:59:c0:32:18:ac:
8a:72:21:8d:30:72:5b:69:54:a6:2f:b3:b6:1f:4a:
fa:e1:00:54:b9:51:ba:c6:5b:84:28:85:e5:7c:bb:
ff:6c:4e:a0:7b:fe:f4:12:ea:ff:a2:cd:4a:7b:9a:
0b:98:a4:c8:81:9e:aa:d5:3b:1e:bc:4d:39:d4:76:
94:e2:fc:a6:6f:c2:6d:5d:39:8c:e1:76:61:9f:96:
47:26:af:dd:9b:8c:e9:ed:ed:a3:7d:44:9b:16:63:
11:9d:ef:77:9c:a4:33:e1:1e:c6:43:40:32:4e:c6:
d9:b5:e9:b5:fb:a4:f6:2e:6e:06:97:c0:fa:ea:5c:
7e:aa:7b:b8:46:a9:e2:84:17:79:7a:f8:10:6c:2d:
60:49:8f:f2:73:34:d7:eb:42:bc:15:9b:4e:40:1a:
b8:51:95:ea:a1:88:11:98:ea:a6:5e:97:e0:db:f8:
2f:18:55:62:b4:5b:ff:61:c3:f6:d4:8b:13:80:58:
ca:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:7F:43:E9:3E:A7:10:E8:2C:46:AB:4B:0C:C6:98:FA:CF:4A:D6:3A
X509v3 Authority Key Identifier:
keyid:0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Nn9D6T6nEOgsRqtLDMaY-s9K1jo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.26.0.0/15
62.144.0.0/16
62.246.0.0/16
79.140.176.0/20
80.83.96.0/20
185.210.52.0/22
194.112.16.0/20
194.162.0.0/16
195.52.0.0/16
195.63.0.0/16
195.78.160.0/19
195.185.0.0/16
212.172.0.0/16
IPv6:
2001:4090::/31
2a01:5c8::/32
Signature Algorithm: sha256WithRSAEncryption
75:9b:61:4a:59:e3:f9:bc:bf:12:74:38:a4:a0:ab:03:f1:7c:
5a:11:f9:b4:bf:f3:55:ee:9b:a5:ea:56:54:83:03:fb:00:5f:
1f:5c:e7:bb:49:f5:9f:84:7c:68:0b:9e:27:7d:a7:0f:77:9d:
cd:00:fa:67:38:b3:be:81:fa:5b:c3:fb:8c:12:44:ab:01:57:
24:a5:ed:1c:ae:65:ce:2a:5a:70:24:8f:28:c0:74:13:30:e3:
9f:0a:41:86:fd:40:52:dd:14:88:df:b2:cb:ad:3d:5b:e1:23:
54:e3:fc:fc:ab:a8:65:87:b3:dc:73:18:d6:13:65:b9:9c:08:
26:64:56:61:7b:b7:bf:0b:fd:6e:02:01:d5:a3:34:1d:78:20:
c3:4a:00:3a:ba:61:48:67:96:62:a3:52:4e:97:d8:b6:96:00:
de:c3:f2:f2:73:f6:04:4d:3d:75:39:01:12:cd:33:cb:56:52:
3d:4f:10:b7:82:f8:e4:53:95:e5:ae:59:af:a4:65:68:ed:ea:
ab:3c:c2:10:53:f9:c3:dd:87:85:14:24:30:90:02:87:b5:d7:
66:a6:b4:bc:2c:c7:08:b7:c1:51:91:cc:fa:ef:b0:ef:a5:22:
c9:dd:a6:c1:44:cf:80:ee:eb:17:86:f9:86:79:83:00:c3:aa:
24:8f:b3:3b
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYYNJoCOTXA1vMM/MQnn4wdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMWQ3MmFjMDgyNmUwOWJjMGQxN2RkZWU4YmE4N2Q5NzMx
ZGQ0MTMwHhcNMjMwMjAxMTMyNDMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjdmNDNlOTNlYTcxMGU4MmM0NmFiNGIwY2M2OThmYWNmNGFkNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1s9cwrxGpXDouvtVzsa1iXCR5Ii
JlXZn7cE0gpe9PDBf9QvgP3SWij1K8cT2qAFpZbtDk7hHmmF8jurCYcqvxLPMNUX
WcAyGKyKciGNMHJbaVSmL7O2H0r64QBUuVG6xluEKIXlfLv/bE6ge/70Eur/os1K
e5oLmKTIgZ6q1TsevE051HaU4vymb8JtXTmM4XZhn5ZHJq/dm4zp7e2jfUSbFmMR
ne93nKQz4R7GQ0AyTsbZtem1+6T2Lm4Gl8D66lx+qnu4RqnihBd5evgQbC1gSY/y
czTX60K8FZtOQBq4UZXqoYgRmOqmXpfg2/gvGFVitFv/YcP21IsTgFjKmwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFDZ/Q+k+pxDoLEarSwzGmPrPStY6MB8GA1UdIwQY
MBaAFAodcqwIJuCbwNF93ui6h9lzHdQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2gxeXJBZ200SnZBMFgzZTZMcUgyWE1kMUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82MzQxZGEtMmIzNC00ZDQ1LTljMTct
OTU4MTEyYTQ4OWE0LzEvTm45RDZUNm5FT2dzUnF0TERNYVktczlLMWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82MzQxZGEtMmIzNC00ZDQ1LTljMTctOTU4MTEyYTQ4OWE0
LzEvQ2gxeXJBZ200SnZBMFgzZTZMcUgyWE1kMUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBMBAIAATBGAwMBPhoDAwA+
kAMDAD72AwQET4ywAwQEUFNgAwQCudI0AwQEwnAQAwMAwqIDAwDDNAMDAMM/AwQF
w06gAwMAw7kDAwDUrDAUBAIAAjAOAwUBIAFAkAMFACoBBcgwDQYJKoZIhvcNAQEL
BQADggEBAHWbYUpZ4/m8vxJ0OKSgqwPxfFoR+bS/81Xum6XqVlSDA/sAXx9c57tJ
9Z+EfGgLnid9pw93nc0A+mc4s76B+lvD+4wSRKsBVySl7RyuZc4qWnAkjyjAdBMw
458KQYb9QFLdFIjfssutPVvhI1Tj/PyrqGWHs9xzGNYTZbmcCCZkVmF7t78L/W4C
AdWjNB14IMNKADq6YUhnlmKjUk6X2LaWAN7D8vJz9gRNPXU5ARLNM8tWUj1PELeC
+ORTleWuWa+kZWjt6qs8whBT+cPdh4UUJDCQAoe112amtLwsxwi3wVGRzPrvsO+l
IsndpsFEz4Du6xeG+YZ5gwDDqiSPszs=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:07 2025 by rpki-client