Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8_zQDdYeOXA2uKttnMqhajC14fA.roa
File: 8_zQDdYeOXA2uKttnMqhajC14fA.roa (raw, json)
Hash identifier: fIpAhSIktPMEL6Q3/VbUn/yTMzu71EpkTibK2AfL0wQ=
Subject key identifier: F3:FC:D0:0D:D6:1E:39:70:36:B8:AB:6D:9C:CA:A1:6A:30:B5:E1:F0
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 0184641AB69A1B0D9B5A1B6013D94C2D38EC
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8_zQDdYeOXA2uKttnMqhajC14fA.roa
Signing time: Fri 11 Nov 2022 00:33:03 +0000
ROA not before: Fri 11 Nov 2022 00:33:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209260
IP address blocks: 91.213.186.0/24 maxlen: 24
91.213.189.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.104.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:64:1a:b6:9a:1b:0d:9b:5a:1b:60:13:d9:4c:2d:38:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Nov 11 00:33:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f3fcd00dd61e397036b8ab6d9ccaa16a30b5e1f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:af:bd:17:40:62:98:99:bb:4b:bc:78:12:3c:
d8:e8:c0:12:13:65:e8:52:99:53:aa:20:ad:34:f1:
83:8c:dd:e3:b6:58:75:81:7c:3e:95:99:da:f4:a6:
8b:43:6d:fd:c1:96:ce:88:5b:f2:66:07:35:99:e7:
60:69:89:9d:d5:72:5d:cf:4c:02:a5:d0:e1:b5:47:
fd:c7:ea:0b:80:c8:20:97:d1:4b:61:b8:15:48:98:
96:61:ae:7a:8a:86:c9:e9:43:dd:dc:3e:5d:b1:bf:
93:d4:d4:47:c7:cb:74:22:2e:85:f5:1f:c3:aa:bc:
fe:07:69:93:72:80:ad:b3:d0:80:57:30:a6:33:c0:
2b:25:59:2c:c4:ba:ad:5f:f0:72:41:2a:cc:5e:b8:
32:ea:3c:e1:b6:c8:6b:38:ea:1e:ff:ec:cd:dc:ea:
62:2d:17:ff:6c:75:eb:7b:60:d2:91:c8:7b:ca:18:
37:3b:b8:c6:6f:6c:84:42:af:be:9b:03:1d:92:e8:
f6:74:a8:15:de:24:93:e3:84:7e:3b:10:4a:df:fb:
e0:d9:b4:90:52:01:da:67:e7:b3:b8:07:3b:d9:1c:
91:f4:f3:f6:5c:53:89:f3:ee:30:ea:39:5f:02:51:
70:da:7d:7a:65:66:18:45:49:ad:eb:c4:ed:d6:8b:
f5:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:FC:D0:0D:D6:1E:39:70:36:B8:AB:6D:9C:CA:A1:6A:30:B5:E1:F0
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8_zQDdYeOXA2uKttnMqhajC14fA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.104.0/24
91.208.109.0/24
91.213.186.0/24
91.213.189.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:10:27:c2:8c:7c:b0:3e:51:53:14:99:3b:64:f4:4d:36:87:
e7:38:d3:7e:97:9b:96:70:66:90:d0:a3:a4:c4:24:97:7a:29:
10:5b:9d:1c:58:79:1e:2d:18:dd:23:3f:2e:d8:a8:e2:10:4d:
e6:9d:08:6e:7f:8d:7e:26:bd:09:22:4a:d5:d4:6f:9a:ed:75:
62:c9:22:6a:38:55:11:f9:2d:ba:95:dc:7c:12:76:0e:40:ac:
3a:a3:c4:ff:b6:8d:54:a7:2c:7f:f8:ca:5e:47:8f:c8:23:bb:
90:7c:df:04:87:d1:04:95:7d:4a:b5:df:70:bb:77:e9:0b:70:
65:6a:44:04:4e:a4:1e:3d:8f:eb:24:a0:07:3e:5b:b1:e1:02:
8b:b7:97:13:ad:62:1e:b6:63:10:30:e9:f7:a0:28:70:bf:56:
41:78:2d:2e:19:fa:e6:ee:9a:92:f6:9d:fd:ea:5f:65:2d:ef:
60:83:b2:ef:1c:f3:11:55:60:f8:41:19:f9:48:07:60:46:03:
33:9b:bf:a5:e3:3f:e0:de:63:d8:2d:16:c4:8b:bf:ea:ec:21:
e5:93:a4:1c:a7:ab:af:f8:1e:10:ec:db:aa:e0:3d:38:50:48:
ae:c6:0b:9a:2f:81:c1:ec:5c:e5:aa:a1:90:aa:2a:51:cf:18:
01:33:c8:db
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYRkGraaGw2bWhtgE9lMLTjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjIxMTExMDAzMzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2ZjZDAwZGQ2MWUzOTcwMzZiOGFiNmQ5Y2NhYTE2YTMwYjVlMWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqa+9F0BimJm7S7x4EjzY6MASE2Xo
UplTqiCtNPGDjN3jtlh1gXw+lZna9KaLQ239wZbOiFvyZgc1medgaYmd1XJdz0wC
pdDhtUf9x+oLgMggl9FLYbgVSJiWYa56iobJ6UPd3D5dsb+T1NRHx8t0Ii6F9R/D
qrz+B2mTcoCts9CAVzCmM8ArJVksxLqtX/ByQSrMXrgy6jzhtshrOOoe/+zN3Opi
LRf/bHXre2DSkch7yhg3O7jGb2yEQq++mwMdkuj2dKgV3iST44R+OxBK3/vg2bSQ
UgHaZ+ezuAc72RyR9PP2XFOJ8+4w6jlfAlFw2n16ZWYYRUmt68Tt1ov14wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPP80A3WHjlwNrirbZzKoWowteHwMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvOF96UURkWWVPWEEydUt0dG5NcWhhakMxNGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAW9BoAwQA
W9BtAwQAW9W6AwQAW9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQBdECfCjHyw
PlFTFJk7ZPRNNofnONN+l5uWcGaQ0KOkxCSXeikQW50cWHkeLRjdIz8u2KjiEE3m
nQhuf41+Jr0JIkrV1G+a7XViySJqOFUR+S26ldx8EnYOQKw6o8T/to1Upyx/+Mpe
R4/II7uQfN8Eh9EElX1Ktd9wu3fpC3BlakQETqQePY/rJKAHPlux4QKLt5cTrWIe
tmMQMOn3oChwv1ZBeC0uGfrm7pqS9p396l9lLe9gg7LvHPMRVWD4QRn5SAdgRgMz
m7+l4z/g3mPYLRbEi7/q7CHlk6Qcp6uv+B4Q7Nuq4D04UEiuxguaL4HB7FzlqqGQ
qipRzxgBM8jb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org