Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/18dtRPiQNERTGRFusgh5FYvNb6A.roa
File: 18dtRPiQNERTGRFusgh5FYvNb6A.roa (raw, json)
Hash identifier: EVazhFyQCPwN/SpxF3nMaJY+2MhzCEAJeC9y4o+bsYc=
Subject key identifier: D7:C7:6D:44:F8:90:34:44:53:19:11:6E:B2:08:79:15:8B:CD:6F:A0
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 018ABEE5FA0533456506643ED72BFC1CA52E
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/18dtRPiQNERTGRFusgh5FYvNb6A.roa
Signing time: Fri 22 Sep 2023 21:57:37 +0000
ROA not before: Fri 22 Sep 2023 21:57:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.213.174.0/24 maxlen: 24
91.213.186.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
45.150.197.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:be:e5:fa:05:33:45:65:06:64:3e:d7:2b:fc:1c:a5:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Sep 22 21:57:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d7c76d44f89034445319116eb20879158bcd6fa0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:76:03:20:7d:64:9f:52:e7:8b:6a:fc:4e:b4:
b0:92:4a:1d:41:14:b1:2d:d4:57:08:62:75:0d:b9:
44:92:ae:b7:e8:a3:82:93:a4:a5:31:43:5b:52:74:
27:9f:47:24:78:60:73:1d:75:56:0e:ae:24:68:8e:
b3:6e:d0:69:c6:e6:82:9b:2a:93:27:00:3d:3a:65:
00:88:10:1c:1c:90:a9:76:50:0c:a5:01:2a:86:e0:
d3:5e:69:aa:e7:1f:fe:c4:94:ce:f5:de:37:a2:25:
1e:37:69:0f:43:de:38:41:be:cc:30:bd:44:34:74:
c3:73:aa:ea:22:0f:e8:3c:9e:9e:37:3b:df:bb:ac:
1b:8f:33:34:a9:8b:ea:e6:f4:82:b3:79:02:61:c0:
4f:2b:4e:16:4c:a7:c2:66:a8:d9:7f:59:ad:1c:e2:
31:40:09:ca:79:9d:d9:61:bd:ea:d5:4f:a1:8d:dd:
b8:bb:3f:60:6b:9a:4c:eb:08:6d:9b:eb:3b:c4:7a:
bb:f9:5c:12:9f:41:86:c8:5b:d7:a7:5c:50:19:43:
e3:30:d7:c7:14:1c:b3:a2:b8:f6:8d:df:e7:05:d6:
8d:0b:58:26:9b:24:7a:02:53:5b:94:53:e4:59:c8:
d7:2d:29:81:29:b8:8a:90:53:98:f1:d0:52:86:ae:
41:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:C7:6D:44:F8:90:34:44:53:19:11:6E:B2:08:79:15:8B:CD:6F:A0
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/18dtRPiQNERTGRFusgh5FYvNb6A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.197.0/24
91.213.174.0/24
91.213.186.0/24
194.156.150.0/23
Signature Algorithm: sha256WithRSAEncryption
a2:00:bc:20:80:3d:99:17:bb:0a:3c:dd:7d:cd:b8:25:ef:cf:
ac:a2:3a:13:be:50:e4:8f:a1:7c:83:f4:91:bb:3d:8d:2b:80:
48:3c:54:cb:2f:9a:a2:32:62:82:20:25:27:05:63:22:e4:4f:
c2:33:55:2f:12:80:10:d3:50:4e:9a:f9:36:93:61:87:8d:b6:
71:be:91:21:b4:1a:fe:bb:18:69:e6:4b:65:c0:09:14:18:fc:
9c:5f:aa:f3:92:0b:ad:20:fe:84:bb:40:a3:5d:63:df:e0:d9:
16:95:ed:c6:31:ac:0c:72:91:00:56:a0:6f:ad:ec:86:24:49:
93:8d:17:26:70:04:21:e3:d7:56:fc:13:a0:df:57:50:74:f5:
01:55:11:e8:b9:8f:9e:73:ef:8b:13:06:bd:c9:38:c7:92:2d:
10:53:7c:89:48:ac:08:2d:83:c3:1a:f8:d1:a8:d2:f3:00:22:
32:6f:39:23:3e:e9:6e:20:eb:2a:fa:b8:51:99:d5:22:88:6d:
b5:32:4a:7a:bd:81:61:29:2a:d4:b1:2b:5f:c1:d3:10:3c:39:
08:b6:6e:f6:88:6d:3f:48:8f:ea:c7:19:45:8d:e3:c5:6d:7f:
1e:a9:bf:50:4a:b3:c0:f4:fd:eb:c9:dc:63:c9:a5:8b:04:91:
50:f3:8f:71
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYq+5foFM0VlBmQ+1yv8HKUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwOTIyMjE1NzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M3NmQ0NGY4OTAzNDQ0NTMxOTExNmViMjA4NzkxNThiY2Q2ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHYDIH1kn1Lni2r8TrSwkkodQRSx
LdRXCGJ1DblEkq636KOCk6SlMUNbUnQnn0ckeGBzHXVWDq4kaI6zbtBpxuaCmyqT
JwA9OmUAiBAcHJCpdlAMpQEqhuDTXmmq5x/+xJTO9d43oiUeN2kPQ944Qb7MML1E
NHTDc6rqIg/oPJ6eNzvfu6wbjzM0qYvq5vSCs3kCYcBPK04WTKfCZqjZf1mtHOIx
QAnKeZ3ZYb3q1U+hjd24uz9ga5pM6whtm+s7xHq7+VwSn0GGyFvXp1xQGUPjMNfH
FByzorj2jd/nBdaNC1gmmyR6AlNblFPkWcjXLSmBKbiKkFOY8dBShq5BqQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNfHbUT4kDREUxkRbrIIeRWLzW+gMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMThkdFJQaVFORVJUR1JGdXNnaDVGWXZOYjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALZbFAwQA
W9WuAwQAW9W6AwQBwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQCiALwggD2ZF7sKPN19
zbgl78+sojoTvlDkj6F8g/SRuz2NK4BIPFTLL5qiMmKCICUnBWMi5E/CM1UvEoAQ
01BOmvk2k2GHjbZxvpEhtBr+uxhp5ktlwAkUGPycX6rzkgutIP6Eu0CjXWPf4NkW
le3GMawMcpEAVqBvreyGJEmTjRcmcAQh49dW/BOg31dQdPUBVRHouY+ec++LEwa9
yTjHki0QU3yJSKwILYPDGvjRqNLzACIybzkjPuluIOsq+rhRmdUiiG21Mkp6vYFh
KSrUsStfwdMQPDkItm72iG0/SI/qxxlFjePFbX8eqb9QSrPA9P3rydxjyaWLBJFQ
849x
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org