Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vJ2g2d6IEupveXkBz619oQjSjqo.roa
File: vJ2g2d6IEupveXkBz619oQjSjqo.roa (raw, json)
Hash identifier: MedD2aPsLDLj2h9V8gESRgly/XLwUcOZGXRPtKoBJUw=
Subject key identifier: BC:9D:A0:D9:DE:88:12:EA:6F:79:79:01:CF:AD:7D:A1:08:D2:8E:AA
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 0187E777FDA55BC3F1E2D94DAF3B92F5468B
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vJ2g2d6IEupveXkBz619oQjSjqo.roa
Signing time: Thu 04 May 2023 15:53:33 +0000
ROA not before: Thu 04 May 2023 15:53:33 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209260
IP address blocks: 91.213.189.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:e7:77:fd:a5:5b:c3:f1:e2:d9:4d:af:3b:92:f5:46:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: May 4 15:53:33 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bc9da0d9de8812ea6f797901cfad7da108d28eaa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:26:70:b1:83:86:a9:cd:e4:f0:55:38:75:3f:
c5:5b:6f:0a:01:96:6f:8f:dd:43:61:cb:21:52:94:
04:d4:18:7b:8b:8b:14:e0:dd:9f:80:d7:c5:c8:8b:
11:7e:43:6c:0e:90:a7:b7:dd:07:5d:55:c1:eb:4f:
1d:86:02:ba:f7:02:a4:4b:d2:0f:4a:62:90:d4:7d:
0a:7c:4c:52:e3:90:ac:c4:d9:c9:ce:88:7e:26:71:
9b:69:51:2a:fe:43:3d:26:ca:39:c6:8e:c0:b1:d4:
96:90:61:25:93:e1:9c:a7:0d:35:a5:60:30:cd:c2:
be:5a:40:6e:5e:3c:f3:2c:47:d8:7e:35:e0:09:a5:
a4:be:32:da:09:0a:92:25:e4:9f:7a:51:b8:01:c5:
57:fe:6f:53:8c:da:23:d7:10:23:6e:cb:3b:63:53:
27:6a:17:b3:35:c5:0c:27:67:96:ec:6b:52:3d:49:
b2:6f:49:1e:c0:26:c6:70:7d:e3:17:96:67:f5:e7:
cb:a3:0c:ad:17:8e:22:62:ee:c1:b5:ff:11:84:e6:
8c:ef:b8:1a:fa:68:c8:9f:cb:3a:5d:d3:d8:27:4b:
e6:ed:18:22:78:16:73:d9:eb:69:4a:22:cb:49:12:
4b:12:28:6a:b9:69:88:84:e1:20:01:3a:fe:3e:c8:
d7:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:9D:A0:D9:DE:88:12:EA:6F:79:79:01:CF:AD:7D:A1:08:D2:8E:AA
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vJ2g2d6IEupveXkBz619oQjSjqo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.109.0/24
91.213.189.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
19:1f:6e:34:59:e6:d6:61:a2:7b:13:bb:da:3a:d7:c7:4c:01:
a4:e8:96:4a:b5:99:f4:d9:15:21:68:c4:50:d7:0a:65:ee:c5:
61:1f:51:95:9f:45:a5:e6:c5:db:e0:8c:76:a1:72:6b:d5:a3:
9c:75:5b:ad:ed:cc:f9:a9:f2:fa:8b:cb:87:ac:40:3d:35:5c:
ab:5a:f1:13:6b:2d:85:75:22:28:25:67:e7:fa:75:d2:22:f4:
96:93:af:0c:39:f1:35:3a:c4:60:93:aa:c5:2e:43:b2:4b:7c:
05:e8:fb:1a:41:34:d9:65:c2:80:cc:1d:11:2d:fb:de:50:75:
4c:6c:5e:28:1d:7e:6d:16:4e:4c:06:c6:b0:20:39:cf:d1:1f:
6c:09:92:a3:53:d9:e1:4f:d6:9a:2f:7d:6b:1e:ff:3f:91:12:
f3:40:e1:92:6a:36:f5:d1:fd:93:94:08:e9:df:6e:94:f7:a3:
3c:d9:85:4a:bf:68:04:49:92:dc:ba:55:89:7f:8f:32:5d:0a:
c8:96:d1:ef:31:a6:94:f2:5e:f6:64:d9:cd:88:b1:18:ba:18:
97:f1:3b:b0:85:ba:52:d5:da:58:7e:4e:0b:ae:7a:cf:46:11:
ed:c0:0e:c1:e2:ce:c1:e5:d4:c8:51:cb:dd:bd:cd:34:90:c8:
b9:bb:b5:9a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYfnd/2lW8Px4tlNrzuS9UaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNTA0MTU1MzMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzlkYTBkOWRlODgxMmVhNmY3OTc5MDFjZmFkN2RhMTA4ZDI4ZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriZwsYOGqc3k8FU4dT/FW28KAZZv
j91DYcshUpQE1Bh7i4sU4N2fgNfFyIsRfkNsDpCnt90HXVXB608dhgK69wKkS9IP
SmKQ1H0KfExS45CsxNnJzoh+JnGbaVEq/kM9Jso5xo7AsdSWkGElk+Gcpw01pWAw
zcK+WkBuXjzzLEfYfjXgCaWkvjLaCQqSJeSfelG4AcVX/m9TjNoj1xAjbss7Y1Mn
ahezNcUMJ2eW7GtSPUmyb0kewCbGcH3jF5Zn9efLowytF44iYu7Btf8RhOaM77ga
+mjIn8s6XdPYJ0vm7RgieBZz2etpSiLLSRJLEihquWmIhOEgATr+PsjXbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLydoNneiBLqb3l5Ac+tfaEI0o6qMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvdkoyZzJkNklFdXB2ZVhrQno2MTlvUWpTanFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9BtAwQA
W9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQAZH240WebWYaJ7E7vaOtfHTAGk
6JZKtZn02RUhaMRQ1wpl7sVhH1GVn0Wl5sXb4Ix2oXJr1aOcdVut7cz5qfL6i8uH
rEA9NVyrWvETay2FdSIoJWfn+nXSIvSWk68MOfE1OsRgk6rFLkOyS3wF6PsaQTTZ
ZcKAzB0RLfveUHVMbF4oHX5tFk5MBsawIDnP0R9sCZKjU9nhT9aaL31rHv8/kRLz
QOGSajb10f2TlAjp326U96M82YVKv2gESZLculWJf48yXQrIltHvMaaU8l72ZNnN
iLEYuhiX8TuwhbpS1dpYfk4LrnrPRhHtwA7B4s7B5dTIUcvdvc00kMi5u7Wa
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org