Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Nkh4XKv6uHI2vq4z2zYVEFTf2iE.roa
File: Nkh4XKv6uHI2vq4z2zYVEFTf2iE.roa (raw, json)
Hash identifier: qifPF8cVfy/9JAO+kfc1RqZR7KIVfmia2CnvBnEZ85Y=
Subject key identifier: 36:48:78:5C:AB:FA:B8:72:36:BE:AE:33:DB:36:15:10:54:DF:DA:21
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0194179A5A252ADF5B86C129777B4F6CF49E
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Nkh4XKv6uHI2vq4z2zYVEFTf2iE.roa
Signing time: Mon 30 Dec 2024 12:46:19 +0000
ROA not before: Mon 30 Dec 2024 12:46:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210644
IP address blocks: 83.147.216.0/24 maxlen: 24
83.147.252.0/24 maxlen: 24
83.147.253.0/24 maxlen: 24
83.147.254.0/24 maxlen: 24
91.186.216.0/24 maxlen: 24
91.186.217.0/24 maxlen: 24
91.186.218.0/24 maxlen: 24
91.186.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:17:9a:5a:25:2a:df:5b:86:c1:29:77:7b:4f:6c:f4:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 30 12:46:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3648785cabfab87236beae33db36151054dfda21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:fe:23:99:fd:32:44:58:07:83:87:15:c3:2a:
9f:7f:58:59:59:27:d1:2f:02:c8:5d:a5:ca:7a:0b:
b8:c9:d0:ef:02:e7:cd:54:d8:21:d3:5d:0d:f6:3f:
53:08:1d:65:41:fb:fe:9e:af:6e:4f:f7:12:5b:28:
08:7b:42:d3:40:1d:7c:11:77:60:0b:3a:f4:7d:8a:
f1:86:0b:7d:ae:4c:60:bf:44:d2:17:a7:57:4b:6c:
e8:f4:8a:f3:54:55:0b:c7:89:52:44:7d:c7:7c:06:
78:f3:70:9c:de:b3:1a:35:31:43:b2:f5:d6:48:10:
eb:b3:87:23:47:39:30:c0:f7:c0:aa:4b:3b:3d:a4:
fe:bc:a9:18:d7:ec:f3:54:de:3d:45:0a:1e:9e:94:
31:3b:61:68:55:ee:33:ce:86:50:e5:dc:96:39:3d:
12:d6:dd:59:8c:87:2e:e6:19:da:d0:ec:25:1c:59:
ac:9b:85:ac:21:d7:6d:ee:5f:b0:18:67:81:5d:e9:
a8:15:ea:26:2b:27:ff:92:07:84:fa:e4:0e:a8:a8:
ef:b0:5a:43:38:5b:59:e4:96:91:ab:98:5c:d6:b1:
f1:28:ee:d4:38:68:38:82:fb:58:68:01:f5:0f:e5:
09:70:75:80:ca:38:a8:ba:44:1e:ff:a5:91:47:58:
ce:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:48:78:5C:AB:FA:B8:72:36:BE:AE:33:DB:36:15:10:54:DF:DA:21
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Nkh4XKv6uHI2vq4z2zYVEFTf2iE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.216.0/24
83.147.252.0-83.147.254.255
91.186.216.0/22
Signature Algorithm: sha256WithRSAEncryption
37:f5:69:b3:db:86:6d:a8:aa:45:a9:70:96:e6:e8:4b:a8:a8:
c0:75:26:19:0c:d1:7d:1e:db:ba:ca:a6:38:f8:1b:e4:09:31:
6a:de:00:39:0a:9c:d4:f7:3d:e0:33:c5:1b:25:be:3f:a6:fb:
36:cf:de:45:c7:be:a1:0d:46:e9:fe:cc:0a:18:ee:6d:49:34:
25:5c:d6:20:df:36:7c:e5:27:df:a5:0c:fc:f3:a3:5f:6f:69:
f2:8e:b6:c8:45:a5:d0:76:99:e7:93:a2:70:8a:94:b5:75:6a:
ea:e7:04:23:ef:d5:37:cf:85:20:b3:83:f6:02:ef:3c:68:9a:
c4:80:b5:08:80:14:71:c9:c7:6e:75:33:ac:95:de:46:49:99:
9c:fe:13:2a:d4:9e:12:c4:b3:2e:13:9a:9d:70:b8:20:87:9d:
42:27:fa:88:ec:98:e8:c5:e6:d0:47:bf:c7:00:c8:3c:5c:39:
4b:5c:85:9f:41:c6:6c:0a:08:80:56:56:5c:d4:18:cc:47:f1:
7a:8f:f2:dd:39:84:6b:da:03:bc:3b:fa:98:f6:43:e0:4c:2d:
5e:14:49:44:ca:5d:6c:ef:d1:1f:c2:c7:bc:8b:93:c9:a0:9f:
50:99:3f:db:d2:7f:54:f6:06:d4:f0:a6:3a:d1:69:8d:2a:f0:
42:1b:21:1c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQXmlolKt9bhsEpd3tPbPSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjMwMTI0NjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjQ4Nzg1Y2FiZmFiODcyMzZiZWFlMzNkYjM2MTUxMDU0ZGZkYTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/4jmf0yRFgHg4cVwyqff1hZWSfR
LwLIXaXKegu4ydDvAufNVNgh010N9j9TCB1lQfv+nq9uT/cSWygIe0LTQB18EXdg
Czr0fYrxhgt9rkxgv0TSF6dXS2zo9IrzVFULx4lSRH3HfAZ483Cc3rMaNTFDsvXW
SBDrs4cjRzkwwPfAqks7PaT+vKkY1+zzVN49RQoenpQxO2FoVe4zzoZQ5dyWOT0S
1t1ZjIcu5hna0OwlHFmsm4WsIddt7l+wGGeBXemoFeomKyf/kgeE+uQOqKjvsFpD
OFtZ5JaRq5hc1rHxKO7UOGg4gvtYaAH1D+UJcHWAyjioukQe/6WRR1jOJwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDZIeFyr+rhyNr6uM9s2FRBU39ohMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvTmtoNFhLdjZ1SEkydnE0ejJ6WVZFRlRmMmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAU5PYMAwD
BAJTk/wDBABTk/4DBAJbutgwDQYJKoZIhvcNAQELBQADggEBADf1abPbhm2oqkWp
cJbm6EuoqMB1JhkM0X0e27rKpjj4G+QJMWreADkKnNT3PeAzxRslvj+m+zbP3kXH
vqENRun+zAoY7m1JNCVc1iDfNnzlJ9+lDPzzo19vafKOtshFpdB2meeTonCKlLV1
aurnBCPv1TfPhSCzg/YC7zxomsSAtQiAFHHJx251M6yV3kZJmZz+EyrUnhLEsy4T
mp1wuCCHnUIn+ojsmOjF5tBHv8cAyDxcOUtchZ9BxmwKCIBWVlzUGMxH8XqP8t05
hGvaA7w7+pj2Q+BMLV4USUTKXWzv0R/Cx7yLk8mgn1CZP9vSf1T2BtTwpjrRaY0q
8EIbIRw=
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:12:55 2025 by rpki-client