Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/VFmUdNcklRwXcjg98jAhmPf2MZA.roa
File: VFmUdNcklRwXcjg98jAhmPf2MZA.roa (raw, json)
Hash identifier: hkR1aPPFYBIGlWgVdsQeHgMyQg4ui4NlZLahDrI5foU=
Subject key identifier: 54:59:94:74:D7:24:95:1C:17:72:38:3D:F2:30:21:98:F7:F6:31:90
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 018C2C876B699C0B07BDB91887E630504C35
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/VFmUdNcklRwXcjg98jAhmPf2MZA.roa
Signing time: Sat 02 Dec 2023 21:55:21 +0000
ROA not before: Sat 02 Dec 2023 21:55:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.213.174.0/24 maxlen: 24
91.213.186.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
45.150.197.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:2c:87:6b:69:9c:0b:07:bd:b9:18:87:e6:30:50:4c:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Dec 2 21:55:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=54599474d724951c1772383df2302198f7f63190
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:c1:e3:39:04:e9:e3:ac:d6:35:c1:fb:bb:15:
ef:a8:94:09:80:2d:40:b0:7b:c2:13:b5:4f:3d:c3:
83:29:e2:44:23:bb:d6:2a:d6:78:2e:05:f0:79:8f:
6e:3a:ca:3b:54:9a:f3:9b:75:51:db:73:db:7f:3c:
cc:86:c4:19:9d:2f:05:07:b4:ee:f3:25:19:4f:35:
f3:81:a4:18:fc:7a:71:15:30:cb:90:ef:bc:7d:5d:
9e:c9:ad:b1:a2:bc:ab:c3:d7:c0:1b:8b:61:ba:4d:
32:aa:60:6d:5e:f9:b8:34:dc:fe:d9:1a:be:17:76:
8a:b1:5b:a9:92:53:13:e7:c2:27:c2:f9:2e:b5:08:
f7:b4:47:4f:f1:4f:42:dc:4a:00:b6:a4:64:6a:3f:
64:11:ca:15:91:ca:c3:d9:3d:79:69:b8:ef:ea:16:
09:2b:97:b8:86:dc:08:d8:f3:ad:1a:77:b1:b4:79:
b6:1b:95:63:82:06:26:17:e7:54:c7:0a:2d:62:5c:
4d:50:a9:22:ac:e1:15:43:84:9a:d6:f6:1b:c7:c9:
e0:33:33:d1:ef:b0:9f:f0:50:c6:17:22:1e:72:e0:
a1:d5:be:48:fd:6c:9b:54:05:17:bd:1d:5e:8f:31:
f9:e9:5c:e9:a4:3e:c4:27:63:f9:6a:6d:d5:e0:86:
fe:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:59:94:74:D7:24:95:1C:17:72:38:3D:F2:30:21:98:F7:F6:31:90
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/VFmUdNcklRwXcjg98jAhmPf2MZA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.197.0/24
91.213.174.0/24
91.213.186.0/24
194.156.150.0/23
Signature Algorithm: sha256WithRSAEncryption
1e:f3:ce:4a:a3:69:f6:24:99:c0:65:f4:9e:dd:14:53:ef:20:
4c:e1:2a:6e:f3:7a:35:d1:50:62:2b:0d:ac:dd:01:81:f3:a0:
74:6a:9c:4c:55:b8:25:34:57:bb:44:3b:18:1b:d7:a2:fc:9a:
63:e4:4d:d7:88:77:c6:d8:b8:7d:8b:7e:ee:f2:15:65:3f:46:
29:35:d8:f7:9e:8c:96:9b:db:db:ef:41:1a:bc:7d:8f:88:73:
2e:53:88:4c:40:19:ed:64:12:b0:c9:9e:26:43:c1:28:8d:de:
e1:54:59:4b:a1:67:e8:a6:93:c5:3d:7e:03:56:50:3f:f0:99:
e1:50:f3:c3:00:73:b0:6b:9f:5d:c4:54:6e:79:24:17:82:32:
c0:0f:73:60:c7:f7:15:75:b5:ef:cf:45:94:47:b4:9e:53:62:
b9:ea:26:0b:03:2a:67:38:36:f7:a4:0c:20:eb:cf:44:a5:5d:
90:59:0b:be:5b:75:34:7c:58:20:ff:e3:77:ea:4a:4d:5a:52:
ea:d0:01:e5:92:37:23:22:34:c4:94:71:ac:55:49:88:0f:5c:
89:8a:c3:c4:5d:4b:87:d5:a7:49:45:f6:8d:19:6e:38:64:94:
45:a8:c6:d4:95:46:ed:5d:08:ad:97:f7:90:25:06:62:71:e3:
70:fe:4b:bc
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYwsh2tpnAsHvbkYh+YwUEw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMxMjAyMjE1NTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDU5OTQ3NGQ3MjQ5NTFjMTc3MjM4M2RmMjMwMjE5OGY3ZjYzMTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8HjOQTp46zWNcH7uxXvqJQJgC1A
sHvCE7VPPcODKeJEI7vWKtZ4LgXweY9uOso7VJrzm3VR23PbfzzMhsQZnS8FB7Tu
8yUZTzXzgaQY/HpxFTDLkO+8fV2eya2xoryrw9fAG4thuk0yqmBtXvm4NNz+2Rq+
F3aKsVupklMT58InwvkutQj3tEdP8U9C3EoAtqRkaj9kEcoVkcrD2T15abjv6hYJ
K5e4htwI2POtGnextHm2G5VjggYmF+dUxwotYlxNUKkirOEVQ4Sa1vYbx8ngMzPR
77Cf8FDGFyIecuCh1b5I/WybVAUXvR1ejzH56VzppD7EJ2P5am3V4Ib+dwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFRZlHTXJJUcF3I4PfIwIZj39jGQMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvVkZtVWROY2tsUndYY2pnOThqQWhtUGYyTVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALZbFAwQA
W9WuAwQAW9W6AwQBwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQAe885Ko2n2JJnAZfSe
3RRT7yBM4Spu83o10VBiKw2s3QGB86B0apxMVbglNFe7RDsYG9ei/Jpj5E3XiHfG
2Lh9i37u8hVlP0YpNdj3noyWm9vb70EavH2PiHMuU4hMQBntZBKwyZ4mQ8Eojd7h
VFlLoWfoppPFPX4DVlA/8JnhUPPDAHOwa59dxFRueSQXgjLAD3Ngx/cVdbXvz0WU
R7SeU2K56iYLAypnODb3pAwg689EpV2QWQu+W3U0fFgg/+N36kpNWlLq0AHlkjcj
IjTElHGsVUmID1yJisPEXUuH1adJRfaNGW44ZJRFqMbUlUbtXQitl/eQJQZiceNw
/ku8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org