Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vSZ0h7w8P128SHnW4fpESLnYCSM.roa
File: vSZ0h7w8P128SHnW4fpESLnYCSM.roa (raw, json)
Hash identifier: XQ6dDaymCdQsWbqAJs11mRVvsTzYYH0FPPEaTsXbS1o=
Subject key identifier: BD:26:74:87:BC:3C:3F:5D:BC:48:79:D6:E1:FA:44:48:B9:D8:09:23
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 01856D9D39D2097CA0D92B217A286FCF412A
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vSZ0h7w8P128SHnW4fpESLnYCSM.roa
Signing time: Sun 01 Jan 2023 13:54:58 +0000
ROA not before: Sun 01 Jan 2023 13:54:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 91.208.73.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:9d:39:d2:09:7c:a0:d9:2b:21:7a:28:6f:cf:41:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Jan 1 13:54:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bd267487bc3c3f5dbc4879d6e1fa4448b9d80923
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:ce:12:37:5a:c6:dd:03:0a:5d:77:82:0b:1d:
5d:f9:57:50:a6:ac:96:8f:b3:b6:f7:12:df:51:b1:
84:40:fa:cd:83:b2:a9:ae:64:79:68:0e:38:51:48:
48:71:fd:2d:3c:19:3f:7a:d2:0d:16:09:e1:2b:82:
3c:d6:20:38:60:2c:15:cc:09:76:ac:69:10:c1:b4:
48:7e:a3:cd:68:1d:47:ba:fe:02:3b:69:9f:47:da:
2c:15:0e:90:2a:75:e8:fa:e6:80:1f:42:ba:45:c2:
c9:6f:71:19:fa:f7:7d:d6:47:86:d4:52:ad:75:a0:
8f:55:ac:fb:36:1a:6c:c9:fe:bf:7c:2c:ef:04:27:
43:a7:7d:28:fc:67:32:2b:43:40:f1:73:97:9d:89:
f7:ad:4f:fe:de:02:91:6d:0d:53:60:b1:df:51:a7:
22:aa:11:e4:5a:99:c2:e6:16:26:89:5f:01:60:ae:
5a:b5:40:aa:42:fb:8b:7c:00:a2:97:fe:ac:dc:80:
fa:be:41:e9:ca:62:9b:4a:74:25:2b:3e:13:ce:3a:
43:db:6c:cd:5a:4a:51:3e:4f:a1:59:c0:d5:42:6e:
b7:bc:20:a1:4d:36:d3:77:82:a0:76:95:cd:7a:8f:
57:52:d6:18:32:be:06:b7:a5:df:47:2f:39:06:a5:
eb:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:26:74:87:BC:3C:3F:5D:BC:48:79:D6:E1:FA:44:48:B9:D8:09:23
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vSZ0h7w8P128SHnW4fpESLnYCSM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.73.0/24
91.213.200.0/24
194.156.151.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:70:dd:7d:7c:1c:cc:ab:1d:71:c7:73:b3:34:2b:00:34:99:
91:d6:73:98:86:62:52:6b:6f:23:3f:e6:29:22:7d:45:36:92:
3d:30:62:31:f6:4c:a2:6e:70:06:dd:bf:77:3d:e7:f9:8e:4c:
fb:e5:4d:de:b2:a0:d1:f0:61:2a:56:be:88:7b:70:0b:f7:16:
2b:40:6f:ee:16:34:7b:1a:2d:07:cc:c2:4f:0f:ad:6f:ac:5e:
8b:ad:3b:60:ab:6e:b2:6c:e7:f6:84:7e:5f:cc:37:59:fd:b9:
6c:aa:05:4e:60:59:2c:eb:5f:7a:54:02:51:70:fd:1a:82:cd:
2a:e6:52:86:c0:ee:5f:20:cb:a0:8d:51:c3:c6:69:be:ac:19:
4a:91:ae:54:1d:a4:33:e0:76:4a:5a:cc:f1:23:2f:29:0e:be:
1e:9c:51:ab:21:0a:1f:2e:f9:3b:e2:8a:c8:0c:1e:a5:44:66:
cb:79:21:67:87:f7:23:44:d2:25:46:ce:37:f9:cc:95:0e:ad:
2b:13:05:e6:61:05:15:2a:a6:cb:ea:d9:e4:ad:0f:bd:95:77:
5f:68:a7:d6:d2:c3:df:ec:51:89:0a:be:07:ac:20:a0:aa:15:
f6:79:c6:19:49:33:d4:e9:09:6c:ce:b1:06:87:3b:a7:c0:88:
4c:97:3e:bf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVtnTnSCXyg2Ssheihvz0EqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwMTAxMTM1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDI2NzQ4N2JjM2MzZjVkYmM0ODc5ZDZlMWZhNDQ0OGI5ZDgwOTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM4SN1rG3QMKXXeCCx1d+VdQpqyW
j7O29xLfUbGEQPrNg7KprmR5aA44UUhIcf0tPBk/etINFgnhK4I81iA4YCwVzAl2
rGkQwbRIfqPNaB1Huv4CO2mfR9osFQ6QKnXo+uaAH0K6RcLJb3EZ+vd91keG1FKt
daCPVaz7Nhpsyf6/fCzvBCdDp30o/GcyK0NA8XOXnYn3rU/+3gKRbQ1TYLHfUaci
qhHkWpnC5hYmiV8BYK5atUCqQvuLfACil/6s3ID6vkHpymKbSnQlKz4TzjpD22zN
WkpRPk+hWcDVQm63vCChTTbTd4KgdpXNeo9XUtYYMr4Gt6XfRy85BqXrWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL0mdIe8PD9dvEh51uH6REi52AkjMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvdlNaMGg3dzhQMTI4U0huVzRmcEVTTG5ZQ1NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9BJAwQA
W9XIAwQAwpyXMA0GCSqGSIb3DQEBCwUAA4IBAQBacN19fBzMqx1xx3OzNCsANJmR
1nOYhmJSa28jP+YpIn1FNpI9MGIx9kyibnAG3b93Pef5jkz75U3esqDR8GEqVr6I
e3AL9xYrQG/uFjR7Gi0HzMJPD61vrF6LrTtgq26ybOf2hH5fzDdZ/blsqgVOYFks
6196VAJRcP0ags0q5lKGwO5fIMugjVHDxmm+rBlKka5UHaQz4HZKWszxIy8pDr4e
nFGrIQofLvk74orIDB6lRGbLeSFnh/cjRNIlRs43+cyVDq0rEwXmYQUVKqbL6tnk
rQ+9lXdfaKfW0sPf7FGJCr4HrCCgqhX2ecYZSTPU6QlszrEGhzunwIhMlz6/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org