Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/syj29KTJr1o8mlHqzKbGLNgd5h8.roa
File: syj29KTJr1o8mlHqzKbGLNgd5h8.roa (raw, json)
Hash identifier: 2ZnvPr7tKHaTCc9AzO1RuZUv2/pcVWEnZCHol+oEXfU=
Subject key identifier: B3:28:F6:F4:A4:C9:AF:5A:3C:9A:51:EA:CC:A6:C6:2C:D8:1D:E6:1F
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 01852A37EB6BCDD2FF7EB66E24CFB2A854AB
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/syj29KTJr1o8mlHqzKbGLNgd5h8.roa
Signing time: Mon 19 Dec 2022 11:49:45 +0000
ROA not before: Mon 19 Dec 2022 11:49:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209260
IP address blocks: 91.213.189.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.104.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2a:37:eb:6b:cd:d2:ff:7e:b6:6e:24:cf:b2:a8:54:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Dec 19 11:49:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b328f6f4a4c9af5a3c9a51eacca6c62cd81de61f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:4a:53:15:e3:b8:ee:f4:8f:39:9f:f8:71:af:
85:7d:24:6c:4d:7d:ae:82:57:fa:67:e7:0d:19:c7:
fb:27:ab:e6:b8:a1:72:77:06:20:61:b2:ab:34:bc:
f0:07:0a:8a:41:26:83:73:a9:0e:87:43:62:d8:9a:
89:26:69:cd:cf:1c:6c:f5:e8:ea:24:be:32:0d:80:
36:0f:f8:3f:aa:d4:40:59:cb:f7:b8:8f:dc:87:c2:
61:1d:1d:32:fe:6e:88:f4:44:33:1a:87:49:e5:50:
9f:0d:ef:5f:d9:26:74:c3:fa:6e:ec:37:3a:60:ac:
9a:36:22:cd:82:b7:c6:89:df:ec:53:d8:c3:29:4f:
03:34:49:00:f1:b1:f7:a7:ec:89:3c:d3:1d:04:c2:
41:dc:d9:c4:a1:ae:2e:51:38:7e:21:a6:7a:99:dd:
32:ad:77:f5:eb:ba:f2:f0:3c:ff:11:91:3a:b2:83:
05:95:39:93:52:b0:31:08:0a:d8:95:c4:6f:e3:67:
d0:5d:8d:7a:ce:4f:06:53:69:5e:7b:a9:cb:12:cc:
44:d9:7f:f2:9e:31:6d:eb:3b:7b:a1:f8:58:94:e2:
c9:29:8e:67:db:16:3c:ec:1e:9d:d5:fd:a8:ff:aa:
57:7f:76:15:5e:23:ef:98:ae:da:61:5b:98:a1:50:
d3:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:28:F6:F4:A4:C9:AF:5A:3C:9A:51:EA:CC:A6:C6:2C:D8:1D:E6:1F
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/syj29KTJr1o8mlHqzKbGLNgd5h8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.104.0/24
91.208.109.0/24
91.213.189.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
28:9e:e5:94:5a:7e:52:0c:45:64:a2:4f:68:50:8b:c8:c5:c7:
8c:20:29:53:2c:da:30:1d:44:f9:13:83:78:ac:65:b6:61:54:
9a:7a:c5:d3:1a:82:22:51:0d:43:b7:95:8e:1c:2d:b9:1b:b1:
1c:d0:85:fd:9f:2c:d8:6d:b4:99:d7:0c:4b:5f:2d:15:bd:a5:
14:ec:d7:a0:c5:2f:aa:8b:7d:50:9e:73:01:ae:29:81:4e:17:
4f:4f:73:89:f9:1e:68:62:f9:a4:74:bb:11:95:48:a2:f3:ee:
1a:f5:65:f7:d0:78:fc:30:41:8d:9a:79:fa:dd:93:64:21:22:
31:f5:1f:2d:fd:4b:39:1f:13:6d:1a:e3:af:bd:95:0c:13:fe:
84:91:80:1d:5d:77:0c:36:bb:6b:41:6c:4b:6c:11:ae:37:b7:
66:d1:a0:68:f5:0a:96:9d:73:fc:c0:a9:27:ee:80:92:e6:8d:
ea:ab:4c:29:0c:c0:ec:cb:fb:07:56:af:17:c2:70:c2:1d:f6:
9d:f3:fa:1b:42:7e:3c:d7:ba:1f:fc:f4:b9:8e:40:55:83:9d:
14:95:68:07:c6:85:7e:24:34:a1:b3:57:8e:e1:cc:f5:71:bc:
b5:dc:51:d8:af:9d:92:a7:e2:0b:fa:9f:12:1f:70:a5:ab:d2:
5b:bd:e5:da
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYUqN+trzdL/frZuJM+yqFSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjIxMjE5MTE0OTQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI4ZjZmNGE0YzlhZjVhM2M5YTUxZWFjY2E2YzYyY2Q4MWRlNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkpTFeO47vSPOZ/4ca+FfSRsTX2u
glf6Z+cNGcf7J6vmuKFydwYgYbKrNLzwBwqKQSaDc6kOh0Ni2JqJJmnNzxxs9ejq
JL4yDYA2D/g/qtRAWcv3uI/ch8JhHR0y/m6I9EQzGodJ5VCfDe9f2SZ0w/pu7Dc6
YKyaNiLNgrfGid/sU9jDKU8DNEkA8bH3p+yJPNMdBMJB3NnEoa4uUTh+IaZ6md0y
rXf167ry8Dz/EZE6soMFlTmTUrAxCArYlcRv42fQXY16zk8GU2lee6nLEsxE2X/y
njFt6zt7ofhYlOLJKY5n2xY87B6d1f2o/6pXf3YVXiPvmK7aYVuYoVDTFQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLMo9vSkya9aPJpR6symxizYHeYfMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvc3lqMjlLVEpyMW84bWxIcXpLYkdMTmdkNWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9BoAwQA
W9BtAwQAW9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQAonuWUWn5SDEVkok9o
UIvIxceMIClTLNowHUT5E4N4rGW2YVSaesXTGoIiUQ1Dt5WOHC25G7Ec0IX9nyzY
bbSZ1wxLXy0VvaUU7NegxS+qi31QnnMBrimBThdPT3OJ+R5oYvmkdLsRlUii8+4a
9WX30Hj8MEGNmnn63ZNkISIx9R8t/Us5HxNtGuOvvZUME/6EkYAdXXcMNrtrQWxL
bBGuN7dm0aBo9QqWnXP8wKkn7oCS5o3qq0wpDMDsy/sHVq8XwnDCHfad8/obQn48
17of/PS5jkBVg50UlWgHxoV+JDShs1eO4cz1cby13FHYr52Sp+IL+p8SH3Clq9Jb
veXa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org