Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/NFTKiNMh2Xn8pwGDRNQALrHgmAo.roa
File: NFTKiNMh2Xn8pwGDRNQALrHgmAo.roa (raw, json)
Hash identifier: UYoFEkNjc3EJGtgvFl47nE0yABsl5qsAEck6ZjVzt0Q=
Subject key identifier: 34:54:CA:88:D3:21:D9:79:FC:A7:01:83:44:D4:00:2E:B1:E0:98:0A
Certificate issuer: /CN=e180ebbbca0f890de353891421a83dd5b653d940
Certificate serial: 16B6E0E5
Authority key identifier: E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/NFTKiNMh2Xn8pwGDRNQALrHgmAo.roa
Signing time: Sun 20 Mar 2022 07:42:08 +0000
ROA not before: Sun 20 Mar 2022 07:42:08 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 194.67.69.0/24 maxlen: 24
194.67.70.0/24 maxlen: 24
194.67.80.0/23 maxlen: 23
194.67.82.0/23 maxlen: 23
194.67.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 381083877 (0x16b6e0e5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e180ebbbca0f890de353891421a83dd5b653d940
Validity
Not Before: Mar 20 07:42:08 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3454ca88d321d979fca7018344d4002eb1e0980a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:36:54:c3:b0:b0:33:43:b0:71:a4:62:09:cd:
d3:46:b5:42:0d:4b:e4:c3:93:39:32:fd:8d:37:21:
b9:ce:09:fa:27:2a:e6:88:52:b0:a3:c1:bb:86:d6:
a5:ad:2f:38:76:4f:81:46:fd:93:b0:02:06:ea:94:
a9:d9:f8:fd:c4:be:d7:c5:6a:d0:66:34:09:0c:40:
44:86:f9:cc:6a:ae:57:b2:21:be:ae:da:5a:0c:3a:
67:a9:e0:b2:ca:62:1b:b7:99:70:76:68:c3:13:55:
99:d3:f0:e4:bc:cc:4a:fb:f5:2e:d8:2d:d2:d8:66:
1e:6e:8b:d4:fb:bf:23:28:e1:6d:99:1d:a0:84:67:
88:80:da:3d:a5:74:f4:11:b8:00:d4:be:ae:fe:f0:
8f:46:2c:f0:4f:99:44:90:2e:a8:8e:93:34:ec:41:
ca:6e:82:97:c5:f0:a6:de:4c:72:d1:b1:b8:9f:ad:
1b:9b:88:3b:0e:7f:5a:06:93:67:5b:74:04:b9:36:
a4:f2:e5:c5:da:04:cd:a0:e7:2e:60:5e:36:ed:d0:
c5:e3:a8:09:b0:06:7e:a7:e6:9a:f1:50:b7:c5:8c:
d4:45:9f:43:0e:07:5b:4c:cc:b9:d0:be:d4:e2:93:
07:f3:37:35:64:a4:89:bc:d9:d2:f6:4b:7e:8b:60:
a6:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:54:CA:88:D3:21:D9:79:FC:A7:01:83:44:D4:00:2E:B1:E0:98:0A
X509v3 Authority Key Identifier:
keyid:E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/NFTKiNMh2Xn8pwGDRNQALrHgmAo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.67.69.0-194.67.70.255
194.67.80.0/22
194.67.95.0/24
Signature Algorithm: sha256WithRSAEncryption
86:c6:6e:fe:72:13:77:9a:6a:04:5d:48:65:9d:86:44:79:a2:
90:13:99:32:62:07:b7:0c:89:a2:c2:45:9c:b9:3c:f7:7d:90:
59:43:69:ec:43:df:90:85:69:fa:01:d1:1b:a4:ab:61:db:6e:
c5:56:37:4b:09:32:90:d5:b0:4c:53:42:fb:98:4a:80:de:c0:
5f:f8:27:eb:71:70:ce:3b:6b:e6:c1:31:45:f7:b0:c9:d8:5c:
45:a5:15:e6:c5:57:61:fc:a0:fb:ec:a5:d3:d8:38:aa:b5:b9:
6e:95:63:9f:3a:4e:b1:5f:e0:53:c1:72:e8:46:d0:0f:37:eb:
02:85:f4:87:13:ee:c7:71:22:d7:63:59:6c:ae:f7:05:30:c0:
a8:a5:7f:97:43:4f:4c:f1:9a:e9:a4:1a:75:bd:03:da:8e:22:
f6:e1:fd:f4:c4:1c:ed:62:a3:c6:5f:b0:d8:5c:b0:52:77:85:
a3:17:46:3b:bb:41:f5:f6:54:00:a5:81:a7:05:5c:91:a1:50:
61:ba:e8:a6:43:a2:cc:b4:f3:f4:94:f3:8e:4f:75:78:53:a3:
76:4e:a0:f0:f1:c3:04:29:5b:26:64:06:c6:05:73:56:4f:ca:
e2:78:c1:f6:ea:f3:44:70:7d:0f:fe:6e:88:33:36:c4:08:b5:
96:a6:22:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIEFrbg5TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
MTgwZWJiYmNhMGY4OTBkZTM1Mzg5MTQyMWE4M2RkNWI2NTNkOTQwMB4XDTIyMDMy
MDA3NDIwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzQ1NGNhODhkMzIx
ZDk3OWZjYTcwMTgzNDRkNDAwMmViMWUwOTgwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALI2VMOwsDNDsHGkYgnN00a1Qg1L5MOTOTL9jTchuc4J+icq
5ohSsKPBu4bWpa0vOHZPgUb9k7ACBuqUqdn4/cS+18Vq0GY0CQxARIb5zGquV7Ih
vq7aWgw6Z6ngsspiG7eZcHZowxNVmdPw5LzMSvv1Ltgt0thmHm6L1Pu/IyjhbZkd
oIRniIDaPaV09BG4ANS+rv7wj0Ys8E+ZRJAuqI6TNOxBym6Cl8Xwpt5MctGxuJ+t
G5uIOw5/WgaTZ1t0BLk2pPLlxdoEzaDnLmBeNu3QxeOoCbAGfqfmmvFQt8WM1EWf
Qw4HW0zMudC+1OKTB/M3NWSkibzZ0vZLfotgpgMCAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBQ0VMqI0yHZefynAYNE1AAuseCYCjAfBgNVHSMEGDAWgBThgOu7yg+JDeNT
iRQhqD3VtlPZQDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzRZRHJ1OG9QaVEzalU0a1VJYWc5MWJaVDJVQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjgvYTE4Y2YxLWEwODAtNDk0NS04YjIxLTA1NTU2OTU5YzQ1NS8x
L05GVEtpTk1oMlhuOHB3R0RSTlFBTHJIZ21Bby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgv
YTE4Y2YxLWEwODAtNDk0NS04YjIxLTA1NTU2OTU5YzQ1NS8xLzRZRHJ1OG9QaVEz
alU0a1VJYWc5MWJaVDJVQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGjAMAwQAwkNFAwQAwkNGAwQCwkNQAwQA
wkNfMA0GCSqGSIb3DQEBCwUAA4IBAQCGxm7+chN3mmoEXUhlnYZEeaKQE5kyYge3
DImiwkWcuTz3fZBZQ2nsQ9+QhWn6AdEbpKth227FVjdLCTKQ1bBMU0L7mEqA3sBf
+CfrcXDOO2vmwTFF97DJ2FxFpRXmxVdh/KD77KXT2DiqtblulWOfOk6xX+BTwXLo
RtAPN+sChfSHE+7HcSLXY1lsrvcFMMCopX+XQ09M8ZrppBp1vQPajiL24f30xBzt
YqPGX7DYXLBSd4WjF0Y7u0H19lQApYGnBVyRoVBhuuimQ6LMtPP0lPOOT3V4U6N2
TqDw8cMEKVsmZAbGBXNWT8rieMH26vNEcH0P/m6IMzbECLWWpiKW
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:37:59 2025 by rpki-client