Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vts7TyfgdNCCFS3W3LB9_7W7_Yw.roa
File: vts7TyfgdNCCFS3W3LB9_7W7_Yw.roa (raw, json)
Hash identifier: B1osgVj4ob8QESwYEtuzYZhgtDsgCQS4pvMEkNSDcck=
Subject key identifier: BE:DB:3B:4F:27:E0:74:D0:82:15:2D:D6:DC:B0:7D:FF:B5:BB:FD:8C
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 0187AB014D9E84A495524F5BE20456840276
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vts7TyfgdNCCFS3W3LB9_7W7_Yw.roa
Signing time: Sat 22 Apr 2023 22:06:41 +0000
ROA not before: Sat 22 Apr 2023 22:06:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211975
IP address blocks: 91.213.189.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ab:01:4d:9e:84:a4:95:52:4f:5b:e2:04:56:84:02:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Apr 22 22:06:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bedb3b4f27e074d082152dd6dcb07dffb5bbfd8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:e0:3b:a3:75:44:13:94:2d:d3:3c:d0:32:5d:
91:83:34:b3:7f:77:50:59:c8:b0:d7:a5:90:d5:1b:
fe:ae:49:32:76:8a:60:35:24:d3:71:6f:79:cd:d6:
9b:68:96:ee:c1:e0:86:1e:e4:8f:20:a7:d4:7b:ae:
58:eb:05:d3:bf:39:fa:bf:16:0d:a2:52:a5:27:75:
8e:01:5e:81:7d:7e:08:3c:7c:64:eb:2f:4b:4b:6e:
e5:13:be:b6:b4:3e:2c:23:72:42:91:bd:bd:6a:b6:
04:d8:47:78:72:f2:b5:cc:75:27:20:69:b9:d5:c4:
da:ac:6f:3c:23:67:34:a5:1a:42:1f:f3:a9:fb:a1:
c7:67:6c:af:7a:d1:9e:11:51:ea:a7:80:11:b8:89:
5f:4a:0f:17:22:82:6a:e2:3f:a9:10:62:7c:ad:a2:
72:1e:d9:88:2a:2b:78:02:91:33:ac:9c:a0:91:61:
2e:d3:40:cd:9f:68:52:92:c5:1c:19:97:54:7b:5f:
71:76:09:55:54:2f:5d:63:a8:3a:d8:ba:24:bf:99:
ae:74:ab:2f:bf:08:82:e1:a4:e6:42:17:75:4d:ac:
86:f7:0e:e2:12:4b:76:a1:f8:ea:e3:6d:eb:27:fa:
5b:49:a7:26:55:1a:d4:74:79:43:65:e1:10:6a:2d:
db:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:DB:3B:4F:27:E0:74:D0:82:15:2D:D6:DC:B0:7D:FF:B5:BB:FD:8C
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/vts7TyfgdNCCFS3W3LB9_7W7_Yw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.109.0/24
91.213.189.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:0d:32:73:3d:7c:db:82:7b:b9:b3:52:3a:53:a1:07:19:0f:
21:92:2c:42:93:50:2f:2a:7b:64:89:d6:03:f1:c9:71:05:2d:
94:9e:a8:61:fa:08:19:8a:db:80:83:49:77:cd:e0:e5:98:63:
ee:ee:b9:36:ff:c5:e0:60:c7:5b:88:e1:40:48:22:8a:3e:ae:
b7:de:4b:e6:24:6a:c1:2e:c2:a5:9c:81:1f:4f:5d:59:31:eb:
38:cc:93:5d:95:a5:67:c6:e5:03:ee:97:3f:14:a7:77:77:ee:
8b:81:05:d1:d3:34:ea:e1:86:c5:8b:5b:d0:e4:ed:e0:a4:13:
32:61:97:8b:a2:25:df:f5:84:82:59:77:b1:6f:33:99:f6:08:
ed:42:d7:3d:17:f6:02:e2:33:ef:9c:7b:67:d3:79:82:9f:05:
f6:72:77:9d:78:72:4d:ed:51:95:66:49:48:5e:e0:fb:82:53:
c3:00:49:8f:12:cf:33:bd:d5:81:5f:d7:32:9a:99:89:d4:d7:
50:1b:2c:ba:30:db:7c:96:aa:4f:30:69:bd:ee:81:bf:f3:d0:
0e:e3:8d:6f:9e:69:02:65:a0:82:a8:3b:c5:94:91:e9:48:34:
f1:36:08:26:bc:c6:52:a6:8c:f9:66:42:23:c3:cf:d7:0e:8b:
92:40:09:bb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYerAU2ehKSVUk9b4gRWhAJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNDIyMjIwNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWRiM2I0ZjI3ZTA3NGQwODIxNTJkZDZkY2IwN2RmZmI1YmJmZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOA7o3VEE5Qt0zzQMl2RgzSzf3dQ
Wciw16WQ1Rv+rkkydopgNSTTcW95zdabaJbuweCGHuSPIKfUe65Y6wXTvzn6vxYN
olKlJ3WOAV6BfX4IPHxk6y9LS27lE762tD4sI3JCkb29arYE2Ed4cvK1zHUnIGm5
1cTarG88I2c0pRpCH/Op+6HHZ2yvetGeEVHqp4ARuIlfSg8XIoJq4j+pEGJ8raJy
HtmIKit4ApEzrJygkWEu00DNn2hSksUcGZdUe19xdglVVC9dY6g62Lokv5mudKsv
vwiC4aTmQhd1TayG9w7iEkt2ofjq423rJ/pbSacmVRrUdHlDZeEQai3b0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL7bO08n4HTQghUt1tywff+1u/2MMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvdnRzN1R5ZmdkTkNDRlMzVzNMQjlfN1c3X1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9BtAwQA
W9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQCNDTJzPXzbgnu5s1I6U6EHGQ8h
kixCk1AvKntkidYD8clxBS2Unqhh+ggZituAg0l3zeDlmGPu7rk2/8XgYMdbiOFA
SCKKPq633kvmJGrBLsKlnIEfT11ZMes4zJNdlaVnxuUD7pc/FKd3d+6LgQXR0zTq
4YbFi1vQ5O3gpBMyYZeLoiXf9YSCWXexbzOZ9gjtQtc9F/YC4jPvnHtn03mCnwX2
cnedeHJN7VGVZklIXuD7glPDAEmPEs8zvdWBX9cympmJ1NdQGyy6MNt8lqpPMGm9
7oG/89AO441vnmkCZaCCqDvFlJHpSDTxNggmvMZSpoz5ZkIjw8/XDouSQAm7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org