Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/T_s5oIWPxAj4M-He75QqNUkYaLo.roa
File: T_s5oIWPxAj4M-He75QqNUkYaLo.roa (raw, json)
Hash identifier: mAcKrSWyTMOtsJ2dIZ+NQCcEgv3QajyGvcmKxm93RkU=
Subject key identifier: 4F:FB:39:A0:85:8F:C4:08:F8:33:E1:DE:EF:94:2A:35:49:18:68:BA
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 01856D9D3E68A50CE7C33E50AF5878E1121D
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/T_s5oIWPxAj4M-He75QqNUkYaLo.roa
Signing time: Sun 01 Jan 2023 13:54:59 +0000
ROA not before: Sun 01 Jan 2023 13:54:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211975
IP address blocks: 91.213.189.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.104.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:9d:3e:68:a5:0c:e7:c3:3e:50:af:58:78:e1:12:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Jan 1 13:54:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ffb39a0858fc408f833e1deef942a35491868ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:bd:83:e0:f1:02:f8:63:f7:7a:db:48:d9:69:
bb:20:4a:ca:76:75:32:b3:97:f4:59:9d:3d:91:48:
b6:b3:4a:b7:98:74:77:93:f7:ec:e3:21:ca:8e:77:
26:97:c7:03:17:0b:7f:01:81:89:e1:b4:d6:3a:3d:
62:72:b1:66:0a:27:c1:57:af:5d:2b:1e:6c:3b:e4:
e0:cb:7f:66:0d:c1:db:a2:53:4d:dd:cb:30:c2:fb:
a8:62:ef:61:33:9d:86:0a:64:f6:d5:07:44:a0:58:
0b:a6:a1:40:8f:89:f5:ad:8c:bc:e9:1c:8b:36:9a:
36:54:5c:47:53:53:1f:84:14:c5:c9:ef:6b:38:88:
27:e5:34:98:89:97:79:70:ee:e9:df:f9:ff:c2:53:
4f:ba:dc:d9:c1:36:2b:fb:0b:43:52:c6:47:be:99:
93:86:44:86:4b:a3:a0:52:5c:c9:1e:32:9e:57:4c:
5c:c9:e0:08:b6:d8:47:b7:2d:aa:56:26:ab:61:7a:
5b:0e:b6:33:f3:80:2d:9d:e7:3e:9d:36:ee:b7:36:
fc:c6:a3:cb:93:2e:c4:18:ff:76:e0:c5:b0:69:eb:
1d:c0:87:b7:1e:fd:7f:02:e8:dd:fe:63:d5:57:5a:
ef:01:f1:f9:1b:93:02:e5:bd:b2:2a:09:43:75:ca:
e8:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:FB:39:A0:85:8F:C4:08:F8:33:E1:DE:EF:94:2A:35:49:18:68:BA
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/T_s5oIWPxAj4M-He75QqNUkYaLo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.104.0/24
91.208.109.0/24
91.213.189.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:f3:bc:66:1a:4b:62:61:3f:b4:f5:fa:54:a4:03:3e:22:65:
25:84:f4:f9:e6:b0:f0:93:0a:83:41:2d:30:b0:34:10:17:e5:
2a:3f:6f:75:d3:61:ae:60:3d:eb:5f:84:b2:e9:52:b4:cc:58:
bd:13:66:5a:5f:d0:0d:13:c9:7b:21:9c:9f:95:b7:b9:17:ff:
4c:a6:49:a7:4c:8b:44:0e:65:32:af:89:28:d2:77:b1:45:83:
ce:fe:fa:a9:b6:2e:6e:23:d5:a3:28:cb:87:25:28:da:63:52:
06:f0:b7:6d:31:67:11:05:b7:2e:cf:88:03:ad:f7:31:ca:2f:
ce:99:6f:cb:1f:7d:fc:50:42:89:46:ff:a8:a1:bc:74:92:57:
4d:2b:3c:75:64:44:4d:3d:db:51:9c:ce:94:6d:9a:63:20:60:
6b:d8:7d:7a:c5:6e:46:f5:2f:33:1c:ca:63:e7:88:5c:f2:4e:
0a:2b:d7:27:76:aa:30:71:06:45:41:83:45:16:26:78:2c:9d:
c3:68:f6:c3:50:cf:c9:71:86:2b:1b:b3:17:09:d6:0d:5f:2e:
b3:39:87:0a:36:5b:e2:ec:a0:bf:cc:0b:ef:fe:06:b1:82:ee:
0b:ed:47:4c:d1:b1:99:c7:10:c8:09:6a:58:72:a0:bb:67:82:
a8:85:21:13
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVtnT5opQznwz5Qr1h44RIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwMTAxMTM1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZiMzlhMDg1OGZjNDA4ZjgzM2UxZGVlZjk0MmEzNTQ5MTg2OGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl72D4PEC+GP3ettI2Wm7IErKdnUy
s5f0WZ09kUi2s0q3mHR3k/fs4yHKjncml8cDFwt/AYGJ4bTWOj1icrFmCifBV69d
Kx5sO+Tgy39mDcHbolNN3cswwvuoYu9hM52GCmT21QdEoFgLpqFAj4n1rYy86RyL
Npo2VFxHU1MfhBTFye9rOIgn5TSYiZd5cO7p3/n/wlNPutzZwTYr+wtDUsZHvpmT
hkSGS6OgUlzJHjKeV0xcyeAItthHty2qViarYXpbDrYz84Atnec+nTbutzb8xqPL
ky7EGP924MWwaesdwIe3Hv1/Aujd/mPVV1rvAfH5G5MC5b2yKglDdcrohwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFE/7OaCFj8QI+DPh3u+UKjVJGGi6MB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvVF9zNW9JV1B4QWo0TS1IZTc1UXFOVWtZYUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9BoAwQA
W9BtAwQAW9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQBe87xmGktiYT+09fpU
pAM+ImUlhPT55rDwkwqDQS0wsDQQF+UqP29102GuYD3rX4Sy6VK0zFi9E2ZaX9AN
E8l7IZyflbe5F/9MpkmnTItEDmUyr4ko0nexRYPO/vqpti5uI9WjKMuHJSjaY1IG
8LdtMWcRBbcuz4gDrfcxyi/OmW/LH338UEKJRv+oobx0kldNKzx1ZERNPdtRnM6U
bZpjIGBr2H16xW5G9S8zHMpj54hc8k4KK9cndqowcQZFQYNFFiZ4LJ3DaPbDUM/J
cYYrG7MXCdYNXy6zOYcKNlvi7KC/zAvv/gaxgu4L7UdM0bGZxxDICWpYcqC7Z4Ko
hSET
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org