Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/NfobF_JdvuUHCj8ve9wzw6JFVqA.roa
File: NfobF_JdvuUHCj8ve9wzw6JFVqA.roa (raw, json)
Hash identifier: aMnmKInM2y3IONEAejbDlYXV6OV3GFFTRe+jTOiF/j8=
Subject key identifier: 35:FA:1B:17:F2:5D:BE:E5:07:0A:3F:2F:7B:DC:33:C3:A2:45:56:A0
Certificate issuer: /CN=679a75debd65359a45317f203f11a321e14b2f2c
Certificate serial: 06E2F07A
Authority key identifier: 67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/NfobF_JdvuUHCj8ve9wzw6JFVqA.roa
Signing time: Fri 27 May 2022 21:01:13 +0000
ROA not before: Fri 27 May 2022 21:01:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 37.156.226.0/24 maxlen: 24
93.113.31.0/24 maxlen: 24
87.121.136.0/21 maxlen: 24
185.137.36.0/22 maxlen: 24
94.176.96.0/24 maxlen: 24
93.114.129.0/24 maxlen: 24
86.106.135.0/24 maxlen: 24
89.44.77.0/24 maxlen: 24
46.102.116.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 115535994 (0x6e2f07a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=679a75debd65359a45317f203f11a321e14b2f2c
Validity
Not Before: May 27 21:01:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=35fa1b17f25dbee5070a3f2f7bdc33c3a24556a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:f7:08:a0:4c:51:f1:5b:88:48:51:0b:bf:b5:
fa:08:16:19:5d:1c:66:fd:8c:7d:fc:3e:18:87:b7:
75:b9:6f:b0:6d:71:55:0f:cd:83:9d:18:6f:98:eb:
38:52:96:95:a5:4c:ec:5e:8e:a5:b4:e3:f4:fb:81:
af:fa:57:85:97:83:8c:3b:68:8c:89:9b:91:35:69:
b3:3c:a7:69:aa:3f:23:c0:83:75:bb:32:c2:31:bf:
99:47:0e:fc:c3:ca:ab:c8:fe:4b:5f:7e:e0:c0:f0:
cf:c6:bb:02:de:62:0d:01:53:92:e1:f9:d4:83:26:
ad:2c:92:24:81:21:72:d9:bc:ad:9a:4f:09:f2:86:
ff:94:af:1a:c1:a5:75:0c:f7:4f:bd:66:91:11:a3:
f0:1e:59:94:eb:e5:68:cd:30:4e:47:1f:30:e0:72:
db:ff:34:30:29:c9:1d:f5:34:ce:7f:a1:9e:44:64:
e6:d6:74:4d:b5:18:ee:95:22:3c:c7:86:60:e4:1c:
82:e4:a7:1b:4f:58:83:b3:de:25:e9:b2:a0:7b:9b:
d6:5d:c1:d6:39:05:86:81:22:c5:60:24:bc:41:4c:
e0:37:81:ff:02:cb:b6:d9:19:1e:25:37:7c:8d:7e:
fb:d4:fd:d1:d1:40:70:27:f0:63:43:fc:1f:ce:6d:
12:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:FA:1B:17:F2:5D:BE:E5:07:0A:3F:2F:7B:DC:33:C3:A2:45:56:A0
X509v3 Authority Key Identifier:
keyid:67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/NfobF_JdvuUHCj8ve9wzw6JFVqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/Z5p13r1lNZpFMX8gPxGjIeFLLyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.226.0/24
46.102.116.0/24
86.106.135.0/24
87.121.136.0/21
89.44.77.0/24
93.113.31.0/24
93.114.129.0/24
94.176.96.0/24
185.137.36.0/22
Signature Algorithm: sha256WithRSAEncryption
99:26:e0:fe:3a:84:8a:c4:9f:2c:05:ea:25:ab:b2:a7:f6:75:
30:ca:d5:22:c3:87:1a:c9:62:1f:22:17:3e:23:5b:9b:d4:bb:
c0:f3:77:b7:b1:44:f9:78:79:70:12:35:68:da:e8:8d:9e:5f:
ba:9f:bf:1e:14:33:bf:bc:71:77:e4:9d:e3:d3:47:ec:85:58:
4a:89:df:20:95:5a:4d:ea:b0:b2:5f:51:54:fb:5c:ae:2c:d7:
af:e7:99:11:fb:8a:39:fc:aa:09:06:5b:01:13:a9:2a:b1:8f:
02:67:08:95:80:99:e6:51:8b:40:69:9d:ee:7a:ab:d2:6a:c5:
24:1d:f4:dd:08:1f:dc:ae:4e:97:4a:38:2a:48:dd:34:7d:a7:
e8:f5:5a:3d:0a:77:7a:26:ac:9f:a1:ee:9a:9c:e7:b4:3b:f0:
b2:bf:be:62:50:77:36:e2:5f:7a:05:6b:4f:8a:0a:8a:64:39:
35:9a:12:56:10:4c:7b:01:c9:80:d5:a1:fe:56:f0:68:ee:f0:
1d:a1:80:93:15:d2:d3:d5:28:e6:08:1a:ac:22:fe:ba:48:22:
f9:e8:84:09:f4:f4:16:94:68:a4:75:35:d6:44:53:10:d5:80:
c6:3b:d0:51:44:2c:23:c4:d3:5c:cf:0e:76:dd:4a:3c:eb:88:
4c:02:eb:6d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEBuLwejANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NzlhNzVkZWJkNjUzNTlhNDUzMTdmMjAzZjExYTMyMWUxNGIyZjJjMB4XDTIyMDUy
NzIxMDExM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzVmYTFiMTdmMjVk
YmVlNTA3MGEzZjJmN2JkYzMzYzNhMjQ1NTZhMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALL3CKBMUfFbiEhRC7+1+ggWGV0cZv2Mffw+GIe3dblvsG1x
VQ/Ng50Yb5jrOFKWlaVM7F6OpbTj9PuBr/pXhZeDjDtojImbkTVpszynaao/I8CD
dbsywjG/mUcO/MPKq8j+S19+4MDwz8a7At5iDQFTkuH51IMmrSySJIEhctm8rZpP
CfKG/5SvGsGldQz3T71mkRGj8B5ZlOvlaM0wTkcfMOBy2/80MCnJHfU0zn+hnkRk
5tZ0TbUY7pUiPMeGYOQcguSnG09Yg7PeJemyoHub1l3B1jkFhoEixWAkvEFM4DeB
/wLLttkZHiU3fI1++9T90dFAcCfwY0P8H85tEn8CAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBQ1+hsX8l2+5QcKPy973DPDokVWoDAfBgNVHSMEGDAWgBRnmnXevWU1mkUx
fyA/EaMh4UsvLDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1o1cDEzcjFsTlpwRk1YOGdQeEdqSWVGTEx5dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvN2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8x
L05mb2JGX0pkdnVVSENqOHZlOXd6dzZKRlZxQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUv
N2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8xL1o1cDEzcjFsTlpw
Rk1YOGdQeEdqSWVGTEx5dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEACWc4gMEAC5mdAMEAFZqhwMEA1d5
iAMEAFksTQMEAF1xHwMEAF1ygQMEAF6wYAMEArmJJDANBgkqhkiG9w0BAQsFAAOC
AQEAmSbg/jqEisSfLAXqJauyp/Z1MMrVIsOHGsliHyIXPiNbm9S7wPN3t7FE+Xh5
cBI1aNrojZ5fup+/HhQzv7xxd+Sd49NH7IVYSonfIJVaTeqwsl9RVPtcrizXr+eZ
EfuKOfyqCQZbAROpKrGPAmcIlYCZ5lGLQGmd7nqr0mrFJB303Qgf3K5Ol0o4Kkjd
NH2n6PVaPQp3eiasn6HumpzntDvwsr++YlB3NuJfegVrT4oKimQ5NZoSVhBMewHJ
gNWh/lbwaO7wHaGAkxXS09Uo5ggarCL+ukgi+eiECfT0FpRopHU11kRTENWAxjvQ
UUQsI8TTXM8Odt1KPOuITALrbQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:30 2023 by rpki-client on console-ams.rpki-client.org