Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/rCwojSzxGHKlkU0sEkqLHqP_GsA.roa
File: rCwojSzxGHKlkU0sEkqLHqP_GsA.roa (raw, json)
Hash identifier: H4NYqvYWCUrO6VUMxmXDvaxKYLW81YahxzDSCkmEmCc=
Subject key identifier: AC:2C:28:8D:2C:F1:18:72:A5:91:4D:2C:12:4A:8B:1E:A3:FF:1A:C0
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 0189CFEB1B8FA72C8D85C6B204AF966CCF9F
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/rCwojSzxGHKlkU0sEkqLHqP_GsA.roa
Signing time: Mon 07 Aug 2023 12:13:59 +0000
ROA not before: Mon 07 Aug 2023 12:13:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.213.174.0/24 maxlen: 24
91.213.186.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
91.208.104.0/24 maxlen: 24
45.150.197.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:cf:eb:1b:8f:a7:2c:8d:85:c6:b2:04:af:96:6c:cf:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Aug 7 12:13:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac2c288d2cf11872a5914d2c124a8b1ea3ff1ac0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:fb:cc:e5:9f:42:e5:5f:87:61:ad:7e:18:61:
4b:4c:5b:f9:6e:e9:90:3e:47:30:7b:6d:9e:37:fd:
a0:57:f9:07:f6:70:62:7c:ee:88:4b:61:1f:a3:bc:
8d:f5:c9:4e:ed:51:c5:0f:ec:f6:42:1f:b8:16:e3:
19:53:1a:d0:98:2e:4b:b9:53:04:13:14:10:db:01:
a8:c8:13:b4:e4:58:3f:13:a6:81:0b:04:bd:75:03:
99:c8:20:1a:08:85:6f:19:eb:89:24:29:ad:43:ef:
37:79:2d:dd:85:fa:fa:9a:be:33:99:eb:58:7b:78:
82:34:19:40:e3:d9:3f:b9:a4:6c:f7:a0:0d:dc:bb:
79:4d:50:56:52:04:28:73:17:ce:7f:03:b9:83:07:
c3:43:72:16:55:e8:0a:86:35:04:d4:08:0f:5e:82:
38:0c:64:62:06:78:e7:e9:dd:de:4a:15:d6:38:a1:
d4:75:46:be:9d:3b:4c:be:fd:40:52:2c:3f:64:b9:
09:01:a9:bd:82:9d:c8:a9:b2:12:50:ff:ce:cb:b2:
e1:77:83:a5:40:16:bc:b9:21:2d:9e:2d:bb:6c:08:
5f:fd:4e:e0:86:0d:e3:24:e9:5f:b5:a3:c5:92:aa:
d9:a1:8e:22:15:59:73:27:bb:42:ce:ac:83:a7:9d:
5c:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:2C:28:8D:2C:F1:18:72:A5:91:4D:2C:12:4A:8B:1E:A3:FF:1A:C0
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/rCwojSzxGHKlkU0sEkqLHqP_GsA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.197.0/24
91.208.104.0/24
91.213.174.0/24
91.213.186.0/24
91.213.200.0/24
194.156.151.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:2c:87:1f:dc:32:01:a9:fd:cf:9c:e1:75:cd:fc:e5:e8:df:
f6:5b:f5:52:f3:8e:b8:c6:ba:c6:c8:36:77:52:b5:25:c9:1d:
9e:31:35:29:24:ba:3b:3a:a2:be:45:72:5b:32:2f:d9:99:26:
85:6b:50:b8:6d:e9:63:fe:0a:1e:39:02:79:52:7e:e5:67:e4:
f1:60:af:29:2d:e9:7c:14:37:96:1d:97:25:94:66:17:d8:e7:
24:0d:41:76:ca:e6:c3:37:5a:4c:3e:62:77:03:aa:48:a9:76:
8e:26:68:e6:7e:c7:04:1d:a3:90:4b:8f:fd:19:e1:e7:86:e6:
ca:a3:0c:45:20:65:7a:28:41:eb:7e:82:31:43:fc:23:7e:b9:
39:c1:94:d5:d6:2e:b4:98:99:6d:c8:6e:b4:ea:22:02:a2:dc:
22:31:ae:ce:15:41:98:b6:77:e8:1f:02:5e:61:7c:c0:90:da:
0d:de:a3:3c:75:f9:d2:a9:f2:b6:86:af:ea:54:62:05:71:13:
7a:01:2a:bb:0e:88:98:51:42:e1:8b:e0:4c:a1:14:5c:0b:cf:
9e:55:8f:28:ff:dc:2d:a6:d8:5b:1e:07:9f:ae:8f:64:25:fc:
66:97:db:28:05:86:38:64:fe:a0:49:c0:72:f3:cb:28:5c:7b:
2a:1f:2c:9c
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYnP6xuPpyyNhcayBK+WbM+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwODA3MTIxMzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzJjMjg4ZDJjZjExODcyYTU5MTRkMmMxMjRhOGIxZWEzZmYxYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/vM5Z9C5V+HYa1+GGFLTFv5bumQ
Pkcwe22eN/2gV/kH9nBifO6IS2Efo7yN9clO7VHFD+z2Qh+4FuMZUxrQmC5LuVME
ExQQ2wGoyBO05Fg/E6aBCwS9dQOZyCAaCIVvGeuJJCmtQ+83eS3dhfr6mr4zmetY
e3iCNBlA49k/uaRs96AN3Lt5TVBWUgQocxfOfwO5gwfDQ3IWVegKhjUE1AgPXoI4
DGRiBnjn6d3eShXWOKHUdUa+nTtMvv1AUiw/ZLkJAam9gp3IqbISUP/Oy7Lhd4Ol
QBa8uSEtni27bAhf/U7ghg3jJOlftaPFkqrZoY4iFVlzJ7tCzqyDp51cSQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKwsKI0s8RhypZFNLBJKix6j/xrAMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvckN3b2pTenhHSEtsa1Uwc0VrcUxIcVBfR3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALZbFAwQA
W9BoAwQAW9WuAwQAW9W6AwQAW9XIAwQAwpyXMA0GCSqGSIb3DQEBCwUAA4IBAQAs
LIcf3DIBqf3PnOF1zfzl6N/2W/VS8464xrrGyDZ3UrUlyR2eMTUpJLo7OqK+RXJb
Mi/ZmSaFa1C4belj/goeOQJ5Un7lZ+TxYK8pLel8FDeWHZcllGYX2OckDUF2yubD
N1pMPmJ3A6pIqXaOJmjmfscEHaOQS4/9GeHnhubKowxFIGV6KEHrfoIxQ/wjfrk5
wZTV1i60mJltyG606iICotwiMa7OFUGYtnfoHwJeYXzAkNoN3qM8dfnSqfK2hq/q
VGIFcRN6ASq7DoiYUULhi+BMoRRcC8+eVY8o/9wtpthbHgefro9kJfxml9soBYY4
ZP6gScBy88soXHsqHyyc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org