Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/oTBX3DAQEZscuUWdgWM0iCi02FI.roa
File: oTBX3DAQEZscuUWdgWM0iCi02FI.roa (raw, json)
Hash identifier: YFLJezVi5DDe1WwVkAtuZG7d5gq5gcUfSepZ/ihS4L0=
Subject key identifier: A1:30:57:DC:30:10:11:9B:1C:B9:45:9D:81:63:34:88:28:B4:D8:52
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 0187FACECC33FB6844B69551F524D1C9C572
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/oTBX3DAQEZscuUWdgWM0iCi02FI.roa
Signing time: Mon 08 May 2023 10:01:09 +0000
ROA not before: Mon 08 May 2023 10:01:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.213.174.0/24 maxlen: 24
91.213.186.0/24 maxlen: 24
91.213.189.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
45.150.197.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:fa:ce:cc:33:fb:68:44:b6:95:51:f5:24:d1:c9:c5:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: May 8 10:01:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a13057dc3010119b1cb9459d8163348828b4d852
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:e4:09:c5:7c:a9:ff:57:60:9d:48:af:50:9b:
ef:55:e4:ad:7b:c5:f2:3d:58:02:5a:25:93:62:c6:
c4:75:b2:37:f3:73:0f:10:4f:59:c6:50:e4:15:45:
ea:58:32:36:f0:bc:ad:27:3e:22:f2:db:d1:13:54:
4f:5d:63:62:f0:35:b7:9f:91:e3:da:c3:19:a3:bc:
ff:09:fb:51:5f:1b:9e:93:ec:ba:f2:71:25:89:09:
5c:69:11:4e:0e:c6:ff:2b:e1:c0:55:aa:c5:b6:d1:
35:0a:b1:00:1a:ea:4a:6a:37:f4:6e:d1:ec:9a:3e:
10:1a:b0:ec:b9:d8:66:98:e3:0a:d5:07:79:07:a5:
48:57:8f:af:70:05:ef:97:3a:7b:a7:4d:ad:4a:32:
19:a7:49:bd:1d:00:85:2e:94:97:7a:08:29:54:45:
72:64:c9:e2:7b:a8:ec:3e:6f:3b:0f:8b:fb:13:2c:
71:fa:e8:7e:e6:9e:e8:03:67:c0:1a:e4:0a:81:6c:
c9:25:fc:12:9e:ca:6a:74:d9:01:f5:e2:4d:29:16:
fa:23:a8:37:71:f2:77:de:22:de:36:a6:5a:cf:9d:
b3:35:a7:ce:6e:e0:10:8f:c3:59:bd:6e:37:66:43:
a1:01:c9:89:cf:48:10:49:aa:c1:8e:be:ea:f3:fb:
de:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:30:57:DC:30:10:11:9B:1C:B9:45:9D:81:63:34:88:28:B4:D8:52
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/oTBX3DAQEZscuUWdgWM0iCi02FI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.197.0/24
91.208.109.0/24
91.213.174.0/24
91.213.186.0/24
91.213.189.0/24
91.213.200.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:f7:13:e2:6f:75:2a:62:0d:50:1c:40:aa:4c:22:7c:c7:c9:
12:2e:18:60:92:92:ad:ea:c3:33:fe:e4:44:e4:f9:d3:fb:3c:
7f:c4:1e:bb:32:2f:85:92:c1:32:e1:50:d3:13:0f:6d:4b:7d:
6f:bd:08:b4:fc:9d:e1:88:c1:95:0e:7f:fd:45:c8:ce:0c:0c:
b5:6f:82:64:92:84:25:4c:51:18:34:04:1b:9c:96:bb:87:42:
72:88:ed:41:40:47:13:ec:09:de:d9:94:08:51:b6:c8:b7:28:
86:12:32:26:cd:a2:b7:1b:6c:9a:19:1d:82:fb:d7:90:a8:b7:
2d:13:7d:95:d1:f0:30:48:7d:bf:5f:09:3e:6f:01:df:03:d2:
8e:92:9a:dd:fc:04:36:6d:e7:e0:72:98:c1:96:99:e6:58:3e:
31:02:35:24:17:ed:9d:1b:ab:f8:4a:39:c9:e4:5a:6d:6f:79:
db:a4:1e:ae:c3:84:3f:1a:d2:8e:5b:7c:27:fa:53:bb:d3:29:
44:5e:7a:93:34:e8:ea:14:e2:74:f2:33:d5:de:70:b9:91:99:
aa:0e:87:fa:3d:04:26:53:be:7d:a6:de:e0:c8:46:1d:89:3d:
58:91:f3:0b:c7:84:32:56:41:e2:0c:59:96:06:7f:e4:62:b1:
b3:c9:4b:bc
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYf6zswz+2hEtpVR9STRycVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNTA4MTAwMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMwNTdkYzMwMTAxMTliMWNiOTQ1OWQ4MTYzMzQ4ODI4YjRkODUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOQJxXyp/1dgnUivUJvvVeSte8Xy
PVgCWiWTYsbEdbI383MPEE9ZxlDkFUXqWDI28LytJz4i8tvRE1RPXWNi8DW3n5Hj
2sMZo7z/CftRXxuek+y68nEliQlcaRFODsb/K+HAVarFttE1CrEAGupKajf0btHs
mj4QGrDsudhmmOMK1Qd5B6VIV4+vcAXvlzp7p02tSjIZp0m9HQCFLpSXeggpVEVy
ZMnie6jsPm87D4v7Eyxx+uh+5p7oA2fAGuQKgWzJJfwSnspqdNkB9eJNKRb6I6g3
cfJ33iLeNqZaz52zNafObuAQj8NZvW43ZkOhAcmJz0gQSarBjr7q8/veZwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKEwV9wwEBGbHLlFnYFjNIgotNhSMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvb1RCWDNEQVFFWnNjdVVXZGdXTTBpQ2kwMkZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALZbFAwQA
W9BtAwQAW9WuAwQAW9W6AwQAW9W9AwQAW9XIAwQAwpyWMA0GCSqGSIb3DQEBCwUA
A4IBAQAd9xPib3UqYg1QHECqTCJ8x8kSLhhgkpKt6sMz/uRE5PnT+zx/xB67Mi+F
ksEy4VDTEw9tS31vvQi0/J3hiMGVDn/9RcjODAy1b4JkkoQlTFEYNAQbnJa7h0Jy
iO1BQEcT7Ane2ZQIUbbItyiGEjImzaK3G2yaGR2C+9eQqLctE32V0fAwSH2/Xwk+
bwHfA9KOkprd/AQ2befgcpjBlpnmWD4xAjUkF+2dG6v4SjnJ5Fptb3nbpB6uw4Q/
GtKOW3wn+lO70ylEXnqTNOjqFOJ08jPV3nC5kZmqDof6PQQmU759pt7gyEYdiT1Y
kfMLx4QyVkHiDFmWBn/kYrGzyUu8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org