Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/r2a8zZgw054o-Nd49-2kcMVUGeo.roa
File: r2a8zZgw054o-Nd49-2kcMVUGeo.roa (raw, json)
Hash identifier: vuptkM/Oce3wmELWfSLQmt3BTtEF9MVODIOWNVikctw=
Subject key identifier: AF:66:BC:CD:98:30:D3:9E:28:F8:D7:78:F7:ED:A4:70:C5:54:19:EA
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 01899048A6A9DE58645C686840F7F81710EF
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/r2a8zZgw054o-Nd49-2kcMVUGeo.roa
Signing time: Wed 26 Jul 2023 03:40:27 +0000
ROA not before: Wed 26 Jul 2023 03:40:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.213.174.0/24 maxlen: 24
91.213.186.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
91.208.104.0/24 maxlen: 24
45.150.197.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:90:48:a6:a9:de:58:64:5c:68:68:40:f7:f8:17:10:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Jul 26 03:40:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=af66bccd9830d39e28f8d778f7eda470c55419ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:69:c1:1f:8a:25:5b:fc:39:11:5d:31:7e:43:
c5:18:d2:ec:6f:58:35:de:87:b1:b5:d0:18:20:71:
9e:d6:9a:68:cd:7a:f0:75:b9:51:50:1a:12:68:c7:
9d:77:a9:c6:58:38:5a:24:1f:c6:fd:ca:4d:84:b7:
68:88:bf:4c:d9:1b:c0:b2:be:f0:4e:82:1a:2f:a4:
1a:09:f9:d3:ec:ed:db:2d:87:29:8b:81:2f:ef:6f:
0a:49:d6:ac:75:db:51:17:a5:a6:51:13:b7:59:01:
fb:d4:8d:15:ee:02:98:7a:e4:d3:60:6e:14:44:c8:
ff:38:d8:c2:42:2a:c7:92:ed:cc:bd:99:e7:06:3c:
f1:e5:6a:da:be:0b:41:e5:11:2e:fe:ea:01:36:20:
8a:ed:fd:e1:e5:d0:5c:fc:75:f4:d4:7f:2d:33:03:
4a:95:a3:60:b0:c7:86:cb:a2:b5:47:a3:0f:e1:bf:
62:ae:78:dc:2e:1d:09:39:2d:2d:eb:fe:39:17:fe:
2f:55:00:29:9f:17:36:58:8b:0e:c5:61:70:fa:8d:
2e:bf:1e:76:5e:35:83:a8:43:81:f2:81:04:9a:11:
ef:b6:ec:07:ac:89:83:73:6f:d5:63:32:20:f8:04:
aa:f4:e3:ef:4d:44:82:31:29:95:80:85:56:e6:c5:
76:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:66:BC:CD:98:30:D3:9E:28:F8:D7:78:F7:ED:A4:70:C5:54:19:EA
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/r2a8zZgw054o-Nd49-2kcMVUGeo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.197.0/24
91.208.104.0/24
91.213.174.0/24
91.213.186.0/24
91.213.200.0/24
194.156.151.0/24
Signature Algorithm: sha256WithRSAEncryption
29:c1:c5:d3:78:39:30:f9:c3:ba:3c:91:df:8c:fe:4f:72:07:
72:eb:a3:98:5d:b2:c5:05:42:a8:b3:a1:c3:f4:0a:ab:ca:58:
1a:ba:3b:93:c7:65:bc:8a:77:bd:c9:8e:63:26:0b:9b:6a:e3:
e2:dc:9a:62:22:37:25:ee:d5:63:23:14:f8:a2:20:35:15:5d:
9a:da:ad:0c:b4:ea:5d:ad:91:ec:cd:ec:1e:38:6a:9e:25:b2:
4c:35:47:22:7c:93:bf:a5:11:f8:71:a8:fc:0c:bf:b9:a9:da:
16:6c:cf:9d:3e:3d:0e:fa:3c:3c:1b:27:6b:ba:63:0f:af:ea:
0b:85:d8:20:f9:10:7f:f9:67:e0:a8:0e:64:56:a6:e7:64:95:
ce:b3:33:d5:f2:8e:08:b6:31:fa:ac:3f:51:d1:75:2e:61:11:
e4:ae:4c:ca:57:b5:47:42:b8:da:3b:d0:1e:de:ac:dc:8e:4b:
78:61:8f:e6:cb:31:f9:7e:0c:9b:d7:16:97:f3:fb:ea:11:f9:
f5:b9:d5:40:c5:fc:b2:b8:7f:4c:06:ac:ec:1d:3d:41:86:0f:
3e:5d:c0:1c:8e:46:b6:54:21:e3:c3:81:08:33:67:4f:08:af:
ad:19:ba:35:55:e1:21:78:ce:e0:bf:7e:88:09:8b:d1:de:71:
63:07:92:31
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYmQSKap3lhkXGhoQPf4FxDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNzI2MDM0MDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjY2YmNjZDk4MzBkMzllMjhmOGQ3NzhmN2VkYTQ3MGM1NTQxOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGnBH4olW/w5EV0xfkPFGNLsb1g1
3oextdAYIHGe1ppozXrwdblRUBoSaMedd6nGWDhaJB/G/cpNhLdoiL9M2RvAsr7w
ToIaL6QaCfnT7O3bLYcpi4Ev728KSdasddtRF6WmURO3WQH71I0V7gKYeuTTYG4U
RMj/ONjCQirHku3MvZnnBjzx5WravgtB5REu/uoBNiCK7f3h5dBc/HX01H8tMwNK
laNgsMeGy6K1R6MP4b9irnjcLh0JOS0t6/45F/4vVQApnxc2WIsOxWFw+o0uvx52
XjWDqEOB8oEEmhHvtuwHrImDc2/VYzIg+ASq9OPvTUSCMSmVgIVW5sV29QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFK9mvM2YMNOeKPjXePftpHDFVBnqMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvcjJhOHpaZ3cwNTRvLU5kNDktMmtjTVZVR2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALZbFAwQA
W9BoAwQAW9WuAwQAW9W6AwQAW9XIAwQAwpyXMA0GCSqGSIb3DQEBCwUAA4IBAQAp
wcXTeDkw+cO6PJHfjP5Pcgdy66OYXbLFBUKos6HD9AqrylgaujuTx2W8ine9yY5j
JgubauPi3JpiIjcl7tVjIxT4oiA1FV2a2q0MtOpdrZHszeweOGqeJbJMNUcifJO/
pRH4caj8DL+5qdoWbM+dPj0O+jw8GydrumMPr+oLhdgg+RB/+WfgqA5kVqbnZJXO
szPV8o4ItjH6rD9R0XUuYRHkrkzKV7VHQrjaO9Ae3qzcjkt4YY/myzH5fgyb1xaX
8/vqEfn1udVAxfyyuH9MBqzsHT1Bhg8+XcAcjka2VCHjw4EIM2dPCK+tGbo1VeEh
eM7gv36ICYvR3nFjB5Ix
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org