Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/NrpFVspafHyFguBm1AYbpg5YQM8.roa
File: NrpFVspafHyFguBm1AYbpg5YQM8.roa (raw, json)
Hash identifier: wI+QaeLM3PWhz6EAp2sy7qwgjZHf1tA/ROjFeNVIZXY=
Subject key identifier: 36:BA:45:56:CA:5A:7C:7C:85:82:E0:66:D4:06:1B:A6:0E:58:40:CF
Certificate issuer: /CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
Certificate serial: 031350EA
Authority key identifier: 1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/NrpFVspafHyFguBm1AYbpg5YQM8.roa
Signing time: Tue 15 Feb 2022 05:17:52 +0000
ROA not before: Tue 15 Feb 2022 05:17:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 24875
IP address blocks: 217.144.171.0/24 maxlen: 24
217.144.168.0/24 maxlen: 24
217.144.169.0/24 maxlen: 24
217.144.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 51597546 (0x31350ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
Validity
Not Before: Feb 15 05:17:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=36ba4556ca5a7c7c8582e066d4061ba60e5840cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:47:9e:5b:8b:06:c0:22:9f:7e:21:b2:21:b1:
64:a9:f0:a3:89:3d:64:b8:c0:af:e9:cc:30:26:1d:
e1:df:d4:19:51:ec:4f:cb:9e:bd:e0:6a:31:27:47:
12:2d:0a:27:a6:da:16:fa:00:32:e1:44:68:6f:a6:
d9:16:f9:e3:94:57:11:cf:b8:a1:4b:32:5f:b6:c0:
72:95:e7:91:82:62:b5:8b:b5:05:1a:b5:9c:f4:a8:
19:64:15:33:5a:6f:9e:4b:96:94:bb:e7:72:66:d7:
d0:29:45:1a:bc:26:bb:7c:82:72:92:44:3c:d7:24:
e6:6d:b3:01:d1:ed:b9:b2:da:65:f1:33:73:15:6a:
7d:b1:bc:28:a8:25:2b:af:18:be:48:6c:43:9f:e2:
0b:7a:28:17:10:87:f2:91:db:88:67:53:1c:37:98:
4e:34:c4:36:d6:bc:5f:5f:ad:f4:5d:6b:8f:c6:bb:
9f:82:da:8e:3a:77:cb:4d:ce:53:c5:88:08:83:dc:
bb:46:b7:09:ce:36:8e:ab:1b:f1:3b:61:4f:b8:65:
76:d2:b1:a3:81:72:c2:59:14:9f:41:d0:9c:49:1e:
43:50:8f:19:e2:83:cd:49:ff:aa:d1:34:ef:00:e0:
13:b3:3a:71:ea:2a:5f:88:a2:8a:3f:24:b7:3c:d7:
4f:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:BA:45:56:CA:5A:7C:7C:85:82:E0:66:D4:06:1B:A6:0E:58:40:CF
X509v3 Authority Key Identifier:
keyid:1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/NrpFVspafHyFguBm1AYbpg5YQM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.144.168.0/22
Signature Algorithm: sha256WithRSAEncryption
9b:d2:77:a7:8e:8a:ed:99:1d:6d:00:26:ad:b3:1c:e2:f0:2c:
66:bf:25:16:ee:3a:24:af:eb:fe:0d:62:e9:e0:bc:ef:52:d7:
19:1a:98:a7:84:fe:b8:69:48:20:b0:97:14:76:b9:fa:3b:6e:
2b:0a:9c:94:c9:c9:aa:c6:63:b4:a8:98:e7:cd:e6:c6:c9:b9:
9a:40:e1:06:d9:7e:ce:cf:68:4b:6f:d2:c7:87:00:4a:b3:6e:
1b:ea:b8:57:8e:67:77:4f:3b:86:49:e7:1a:a1:2a:0a:4a:38:
76:1b:73:9e:56:62:91:99:59:d2:bf:62:88:e4:e1:87:97:b5:
e0:be:a6:3a:16:29:38:89:20:84:ad:25:0b:fc:c0:b3:42:60:
df:10:9c:2b:40:db:9a:6d:7a:7c:a1:ef:dc:87:14:b1:a0:fa:
3c:b6:18:4b:de:54:8c:b3:28:4e:12:3f:33:f0:41:a5:f2:19:
8d:66:77:1b:c2:8e:dd:70:a4:07:e6:be:71:f2:ca:64:21:cd:
3e:dc:dc:58:2f:2c:92:c6:16:10:04:4b:58:4a:a1:93:c8:47:
57:44:ce:65:e8:27:bd:3c:3c:ba:da:e3:67:79:c6:65:bb:b6:
98:ec:28:37:68:27:34:9d:2e:1d:d4:3f:fb:46:db:fc:ca:c8:
03:9d:59:53
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAxNQ6jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZTlhOTJkYWYwOGMyMGI0NjkxYjkyNWNmMDMyZTU0OTFmZTBhY2MwMB4XDTIyMDIx
NTA1MTc1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzZiYTQ1NTZjYTVh
N2M3Yzg1ODJlMDY2ZDQwNjFiYTYwZTU4NDBjZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMFHnluLBsAin34hsiGxZKnwo4k9ZLjAr+nMMCYd4d/UGVHs
T8ueveBqMSdHEi0KJ6baFvoAMuFEaG+m2Rb545RXEc+4oUsyX7bAcpXnkYJitYu1
BRq1nPSoGWQVM1pvnkuWlLvncmbX0ClFGrwmu3yCcpJEPNck5m2zAdHtubLaZfEz
cxVqfbG8KKglK68YvkhsQ5/iC3ooFxCH8pHbiGdTHDeYTjTENta8X1+t9F1rj8a7
n4Lajjp3y03OU8WICIPcu0a3Cc42jqsb8TthT7hldtKxo4FywlkUn0HQnEkeQ1CP
GeKDzUn/qtE07wDgE7M6ceoqX4iiij8ktzzXT/MCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ2ukVWylp8fIWC4GbUBhumDlhAzzAfBgNVHSMEGDAWgBQempLa8IwgtGkb
klzwMuVJH+CswDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hwcVMydkNNSUxScEc1SmM4RExsU1JfZ3JNQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvYzE0MTE1LThjZjgtNDBjOC04N2M4LWNlODJlYmUxMWFjOC8x
L05ycEZWc3BhZkh5Rmd1Qm0xQVlicGc1WVFNOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
YzE0MTE1LThjZjgtNDBjOC04N2M4LWNlODJlYmUxMWFjOC8xL0hwcVMydkNNSUxS
cEc1SmM4RExsU1JfZ3JNQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtmQqDANBgkqhkiG9w0BAQsFAAOC
AQEAm9J3p46K7ZkdbQAmrbMc4vAsZr8lFu46JK/r/g1i6eC871LXGRqYp4T+uGlI
ILCXFHa5+jtuKwqclMnJqsZjtKiY583mxsm5mkDhBtl+zs9oS2/Sx4cASrNuG+q4
V45nd087hknnGqEqCko4dhtznlZikZlZ0r9iiOThh5e14L6mOhYpOIkghK0lC/zA
s0Jg3xCcK0Dbmm16fKHv3IcUsaD6PLYYS95UjLMoThI/M/BBpfIZjWZ3G8KO3XCk
B+a+cfLKZCHNPtzcWC8sksYWEARLWEqhk8hHV0TOZegnvTw8utrjZ3nGZbu2mOwo
N2gnNJ0uHdQ/+0bb/MrIA51ZUw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:29:47 2025 by rpki-client