Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Nvnsbt-ihzAtzmsVTN_y3ASvQT4.roa
File: Nvnsbt-ihzAtzmsVTN_y3ASvQT4.roa (raw, json)
Hash identifier: M76IMDuBenF68WaTricBFsvJf2zMIYrkaL7q93P7Cm4=
Subject key identifier: 36:F9:EC:6E:DF:A2:87:30:2D:CE:6B:15:4C:DF:F2:DC:04:AF:41:3E
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B57B587E64D19B3801C565B74BE04E
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Nvnsbt-ihzAtzmsVTN_y3ASvQT4.roa
Signing time: Thu 02 Jan 2025 15:49:52 +0000
ROA not before: Thu 02 Jan 2025 15:49:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 83.147.232.0/22 maxlen: 24
83.147.244.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:7b:58:7e:64:d1:9b:38:01:c5:65:b7:4b:e0:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=36f9ec6edfa287302dce6b154cdff2dc04af413e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:0e:1c:fc:07:a6:d0:a3:4d:16:b3:de:98:d8:
cd:8c:d1:10:57:1d:e9:a6:62:cb:63:54:13:bf:d6:
b0:43:c0:45:ca:67:d6:23:36:76:49:8a:c6:57:19:
3a:83:f0:7b:82:06:08:97:18:98:84:fc:11:9c:02:
32:52:2b:a3:47:ea:d4:2d:ec:61:a2:77:36:21:42:
2e:2d:10:a1:8f:39:77:2a:e4:10:50:88:7a:27:ac:
68:e4:d3:fa:2e:84:40:13:f4:d2:b3:54:eb:37:f3:
f1:34:97:ac:85:dd:31:74:f0:5c:08:50:d2:2f:be:
e3:9a:a3:23:fa:ce:97:c7:9e:19:e7:d0:6f:9f:6c:
b5:12:66:23:8e:09:09:e8:92:58:f1:2a:02:0e:c5:
41:e7:39:65:4c:e3:09:b7:d4:d6:27:da:cc:53:70:
bc:a2:e8:65:32:2c:c8:6f:5c:b7:1e:e6:e7:57:5e:
60:53:54:32:a6:65:ff:c9:c2:53:34:1a:bd:23:87:
07:21:4c:0f:7d:d0:d4:f1:95:8b:6b:c9:f4:e1:80:
03:b1:e8:49:17:c5:27:f1:23:68:61:79:2c:f8:3f:
f0:85:41:36:5a:c4:fc:82:20:39:8f:c7:a7:f2:bd:
1e:45:6f:1c:ff:05:79:df:bb:7d:5b:19:b3:45:4d:
3e:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:F9:EC:6E:DF:A2:87:30:2D:CE:6B:15:4C:DF:F2:DC:04:AF:41:3E
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Nvnsbt-ihzAtzmsVTN_y3ASvQT4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.232.0/22
83.147.244.0/22
91.186.200.0/21
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
35:ae:a0:e0:05:6d:90:08:19:0e:24:3a:fe:7e:a1:39:91:28:
8f:b2:ea:cf:a8:75:42:50:cd:27:ed:60:b8:67:0b:67:65:51:
92:3d:c4:6e:af:48:6d:b1:ea:31:8f:78:5f:89:ec:9f:c5:c1:
71:75:94:e1:c8:79:86:99:23:51:b7:32:d8:30:cd:9f:31:94:
dc:4a:48:56:9d:f4:6f:b0:bd:37:74:0f:d5:6e:16:51:b6:d2:
24:65:da:9c:78:e5:30:a5:7d:87:c4:c0:2b:07:08:1f:02:58:
aa:bf:3c:58:cf:ed:66:74:1e:3c:25:05:7a:43:d8:1a:8f:38:
12:66:5e:de:88:08:a0:ba:b3:af:48:2f:ce:3b:e1:7f:fc:10:
9e:1e:09:a8:5f:49:78:99:bb:32:07:e9:02:5b:c7:9d:00:bf:
db:2c:75:bd:24:b0:01:14:44:1d:02:ca:ba:0c:12:95:92:98:
37:1a:fc:58:d0:cf:d7:78:e1:0d:da:12:c0:96:d0:fe:4a:6f:
32:41:3a:98:a1:a1:dd:e6:79:20:ea:e1:d2:1e:78:bf:c7:de:
fd:e0:3f:19:f5:78:57:a7:9f:73:05:3c:12:39:04:f9:65:3a:
4b:d3:e4:6d:12:64:cb:57:43:2c:27:23:0f:7f:36:d1:08:ed:
3b:86:70:00
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQntXtYfmTRmzgBxWW3S+BOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmY5ZWM2ZWRmYTI4NzMwMmRjZTZiMTU0Y2RmZjJkYzA0YWY0MTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0A4c/Aem0KNNFrPemNjNjNEQVx3p
pmLLY1QTv9awQ8BFymfWIzZ2SYrGVxk6g/B7ggYIlxiYhPwRnAIyUiujR+rULexh
onc2IUIuLRChjzl3KuQQUIh6J6xo5NP6LoRAE/TSs1TrN/PxNJeshd0xdPBcCFDS
L77jmqMj+s6Xx54Z59Bvn2y1EmYjjgkJ6JJY8SoCDsVB5zllTOMJt9TWJ9rMU3C8
ouhlMizIb1y3HubnV15gU1QypmX/ycJTNBq9I4cHIUwPfdDU8ZWLa8n04YADsehJ
F8Un8SNoYXks+D/whUE2WsT8giA5j8en8r0eRW8c/wV537t9WxmzRU0+qQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDb57G7foocwLc5rFUzf8twEr0E+MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvTnZuc2J0LWloekF0em1zVlROX3kzQVN2UVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCU5PoAwQC
U5P0AwQDW7rIAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQA1rqDgBW2QCBkOJDr+
fqE5kSiPsurPqHVCUM0n7WC4ZwtnZVGSPcRur0htseoxj3hfieyfxcFxdZThyHmG
mSNRtzLYMM2fMZTcSkhWnfRvsL03dA/VbhZRttIkZdqceOUwpX2HxMArBwgfAliq
vzxYz+1mdB48JQV6Q9gajzgSZl7eiAigurOvSC/OO+F//BCeHgmoX0l4mbsyB+kC
W8edAL/bLHW9JLABFEQdAsq6DBKVkpg3GvxY0M/XeOEN2hLAltD+Sm8yQTqYoaHd
5nkg6uHSHni/x9794D8Z9XhXp59zBTwSOQT5ZTpL0+RtEmTLV0MsJyMPfzbRCO07
hnAA
-----END CERTIFICATE-----
Generated at Sun Apr 20 03:36:10 2025 by rpki-client