Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/nCoKnq3epXUSlLiNNDZ62TGW8xs.roa
File: nCoKnq3epXUSlLiNNDZ62TGW8xs.roa (raw, json)
Hash identifier: aFWOEJuFHG2GDiWzuOI8OugrDDy3kzhmjmk6Z4+6afk=
Subject key identifier: 9C:2A:0A:9E:AD:DE:A5:75:12:94:B8:8D:34:36:7A:D9:31:96:F3:1B
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 018624851F07BFD672C9B023786C02C5BD15
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/nCoKnq3epXUSlLiNNDZ62TGW8xs.roa
Signing time: Mon 06 Feb 2023 02:19:09 +0000
ROA not before: Mon 06 Feb 2023 02:19:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209260
IP address blocks: 91.213.186.0/24 maxlen: 24
91.213.189.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.104.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:24:85:1f:07:bf:d6:72:c9:b0:23:78:6c:02:c5:bd:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Feb 6 02:19:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9c2a0a9eaddea5751294b88d34367ad93196f31b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:ae:81:52:08:99:94:7c:ad:68:ba:7c:20:df:
ff:8a:b8:ea:86:ce:c7:bc:4f:88:63:7c:0b:48:29:
df:65:0a:fc:86:76:24:76:2f:1f:e5:8b:a6:68:bc:
94:24:7e:8d:9b:b8:10:14:ad:a9:d1:81:e9:ad:67:
ff:36:54:5a:85:af:27:bc:3b:35:a6:2b:68:e9:cf:
22:ea:b7:0d:20:58:65:8d:d6:f8:ef:8a:48:6a:b9:
25:14:b1:17:18:62:c3:55:41:a6:a6:1e:31:1a:d7:
e7:57:d2:88:25:c1:3c:94:65:91:23:ef:26:05:11:
39:0c:63:68:0b:ed:5c:56:9d:71:83:42:94:9c:6e:
40:4f:cf:d5:75:36:9d:28:54:37:43:96:7d:d8:72:
10:32:5a:c6:62:65:86:be:50:72:9a:d8:2d:2c:7c:
95:dc:35:20:2f:90:64:ce:72:99:b1:32:2f:34:05:
87:d9:a9:2b:e9:16:4a:3f:06:4e:47:12:5c:d7:fe:
98:1a:20:86:3f:8f:08:00:d2:c0:4f:c8:8c:ce:f8:
e3:a9:7c:a0:4e:cc:b7:58:b7:5a:e4:d1:e2:7d:98:
38:f0:63:ab:72:f9:83:75:7e:dc:d9:64:12:3c:df:
b5:28:bd:66:78:c2:97:5b:9a:0a:ff:d0:8e:47:26:
83:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:2A:0A:9E:AD:DE:A5:75:12:94:B8:8D:34:36:7A:D9:31:96:F3:1B
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/nCoKnq3epXUSlLiNNDZ62TGW8xs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.104.0/24
91.208.109.0/24
91.213.186.0/24
91.213.189.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
b9:bd:8a:ec:d6:65:9e:65:59:12:75:f9:10:80:be:d9:b7:94:
43:c5:28:d9:d0:27:42:df:65:b3:22:79:8b:18:e6:68:36:3f:
83:7d:82:6d:6c:58:30:89:ab:99:81:c5:52:ec:17:f6:f4:c2:
82:98:57:45:48:49:8c:3b:95:19:22:f8:fe:60:0b:d7:25:96:
25:62:81:18:04:9e:f1:d0:21:11:21:df:d9:d3:cd:6c:77:65:
46:ee:59:54:ac:8a:b2:4a:02:1c:b6:26:4d:c2:37:2c:fd:88:
b7:2c:18:09:3c:76:a9:60:9c:1b:c2:ff:97:c0:d8:dc:84:5d:
d1:4d:0d:80:24:15:21:c1:93:4e:8f:f9:37:a2:0b:9e:ff:7f:
c7:6a:fc:11:f2:bf:4c:51:00:ac:a5:b6:31:c3:48:7a:92:78:
7d:fe:62:dd:77:70:84:d6:c7:df:31:a2:7f:b4:84:ea:27:78:
61:83:88:6c:89:dd:4a:d1:56:19:5c:02:1b:ad:e9:c2:f8:e9:
f3:76:0a:6a:2b:c8:5e:88:0c:b0:81:c0:21:d1:e6:8e:fa:4a:
6e:d5:0e:2b:71:d5:4d:e5:8a:ea:64:5b:88:2a:f3:6b:bc:41:
f3:dd:73:28:c2:01:b0:7c:67:51:10:10:9b:17:fc:96:93:3f:
49:aa:ec:1d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYYkhR8Hv9ZyybAjeGwCxb0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwMjA2MDIxOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzJhMGE5ZWFkZGVhNTc1MTI5NGI4OGQzNDM2N2FkOTMxOTZmMzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK6BUgiZlHytaLp8IN//irjqhs7H
vE+IY3wLSCnfZQr8hnYkdi8f5YumaLyUJH6Nm7gQFK2p0YHprWf/NlRaha8nvDs1
pito6c8i6rcNIFhljdb474pIarklFLEXGGLDVUGmph4xGtfnV9KIJcE8lGWRI+8m
BRE5DGNoC+1cVp1xg0KUnG5AT8/VdTadKFQ3Q5Z92HIQMlrGYmWGvlBymtgtLHyV
3DUgL5BkznKZsTIvNAWH2akr6RZKPwZORxJc1/6YGiCGP48IANLAT8iMzvjjqXyg
Tsy3WLda5NHifZg48GOrcvmDdX7c2WQSPN+1KL1meMKXW5oK/9CORyaDdQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJwqCp6t3qV1EpS4jTQ2etkxlvMbMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvbkNvS25xM2VwWFVTbExpTk5EWjYyVEdXOHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAW9BoAwQA
W9BtAwQAW9W6AwQAW9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQC5vYrs1mWe
ZVkSdfkQgL7Zt5RDxSjZ0CdC32WzInmLGOZoNj+DfYJtbFgwiauZgcVS7Bf29MKC
mFdFSEmMO5UZIvj+YAvXJZYlYoEYBJ7x0CERId/Z081sd2VG7llUrIqySgIctiZN
wjcs/Yi3LBgJPHapYJwbwv+XwNjchF3RTQ2AJBUhwZNOj/k3ogue/3/HavwR8r9M
UQCspbYxw0h6knh9/mLdd3CE1sffMaJ/tITqJ3hhg4hsid1K0VYZXAIbrenC+Onz
dgpqK8heiAywgcAh0eaO+kpu1Q4rcdVN5YrqZFuIKvNrvEHz3XMowgGwfGdREBCb
F/yWkz9Jquwd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org