Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/xTFkiKZPF4O6HcMNSUG5PnlfBSg.roa
File: xTFkiKZPF4O6HcMNSUG5PnlfBSg.roa (raw, json)
Hash identifier: r6INj4jfRhStfw8iZLi/R12aOsteAhMQh9EZbGBloNI=
Subject key identifier: C5:31:64:88:A6:4F:17:83:BA:1D:C3:0D:49:41:B9:3E:79:5F:05:28
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 018470CDC0745CD966C87340FAD478732719
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/xTFkiKZPF4O6HcMNSUG5PnlfBSg.roa
Signing time: Sun 13 Nov 2022 11:44:03 +0000
ROA not before: Sun 13 Nov 2022 11:44:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 91.208.69.0/24 maxlen: 24
91.208.73.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:70:cd:c0:74:5c:d9:66:c8:73:40:fa:d4:78:73:27:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Nov 13 11:44:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c5316488a64f1783ba1dc30d4941b93e795f0528
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:73:a8:d3:23:9d:13:ad:c8:d2:64:34:d5:cf:
13:85:e2:79:ea:21:20:7c:f4:1a:e0:f8:5c:e0:a0:
ef:33:06:92:ba:ce:c7:5a:db:44:28:41:f3:73:ec:
3c:fc:fa:1d:80:ef:d4:ba:a1:87:b6:67:90:3e:51:
2a:62:34:97:4f:25:f9:53:2e:26:e9:98:50:25:9e:
7b:2a:78:09:3f:ca:19:49:1d:da:e8:94:9c:14:fc:
e7:1c:9d:4f:cd:17:85:78:98:e5:88:f5:44:ed:0b:
6a:33:a8:12:94:e6:9f:24:c6:6a:69:4a:da:d4:05:
f7:a1:67:2b:8a:c6:2b:94:fb:e5:46:05:f1:3f:d8:
25:78:a3:cd:b8:1e:a6:d3:6e:93:aa:e8:c0:26:d6:
3f:ef:88:e5:e3:ea:40:b9:06:55:16:ce:ee:95:c2:
02:28:83:f1:fb:43:2e:fa:e3:ac:82:48:66:a5:0b:
87:db:ae:e1:db:27:32:74:e9:ba:1d:15:b3:75:f9:
be:41:c8:d4:01:c2:9b:11:59:60:65:9e:a8:63:b7:
a3:a4:8e:1a:87:7d:9b:33:25:e0:e6:ea:6a:18:7a:
ff:2f:38:4c:a2:32:7f:bf:cd:4d:52:a9:7b:7d:f6:
7c:12:b1:3e:19:ff:30:f2:9c:a8:2c:ef:fd:de:02:
5c:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:31:64:88:A6:4F:17:83:BA:1D:C3:0D:49:41:B9:3E:79:5F:05:28
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/xTFkiKZPF4O6HcMNSUG5PnlfBSg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.69.0/24
91.208.73.0/24
91.213.200.0/24
194.156.151.0/24
Signature Algorithm: sha256WithRSAEncryption
45:e4:54:23:d8:a3:2f:51:b7:4d:93:2e:ff:0a:2f:37:3b:69:
46:86:52:ed:b6:cf:d7:9c:cc:34:ca:bc:80:56:5f:39:ad:00:
a7:d9:38:d6:7a:49:05:44:03:2e:6c:8d:c6:23:c6:31:db:e5:
73:90:15:a0:1b:e0:3e:70:29:e0:a3:fb:6b:a1:98:02:91:49:
d3:df:fc:67:5c:32:f1:05:0c:91:c7:c8:e9:e9:01:b1:7e:8c:
30:28:7e:05:0a:9f:f9:17:44:be:73:f5:01:7c:31:a5:c1:c0:
8c:64:ad:6e:4d:7d:8b:a2:bb:23:94:f2:c9:19:e8:21:85:b5:
6b:c1:72:bf:48:f0:21:89:64:23:91:d9:83:0b:72:39:f5:28:
ad:55:df:eb:9e:61:a9:3b:fd:8c:e8:69:b0:a9:0b:8b:12:c6:
8b:97:de:ac:62:79:d0:a1:c4:f5:51:80:1a:6a:93:03:3d:9e:
81:a6:61:fd:02:01:61:50:15:90:78:6b:6d:74:0f:b6:ec:59:
38:cf:bc:16:e0:23:68:9c:d8:fd:4c:ee:72:fa:40:bf:f8:3b:
8b:12:5a:dd:56:e4:fe:c6:67:c2:49:4c:86:fb:01:f9:8a:ae:
91:dd:9c:29:ba:94:58:4f:4f:f7:8a:d6:f1:94:6b:3a:82:ef:
5b:53:e2:0b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYRwzcB0XNlmyHNA+tR4cycZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjIxMTEzMTE0NDAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTMxNjQ4OGE2NGYxNzgzYmExZGMzMGQ0OTQxYjkzZTc5NWYwNTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3Oo0yOdE63I0mQ01c8TheJ56iEg
fPQa4Phc4KDvMwaSus7HWttEKEHzc+w8/PodgO/UuqGHtmeQPlEqYjSXTyX5Uy4m
6ZhQJZ57KngJP8oZSR3a6JScFPznHJ1PzReFeJjliPVE7QtqM6gSlOafJMZqaUra
1AX3oWcrisYrlPvlRgXxP9gleKPNuB6m026TqujAJtY/74jl4+pAuQZVFs7ulcIC
KIPx+0Mu+uOsgkhmpQuH267h2ycydOm6HRWzdfm+QcjUAcKbEVlgZZ6oY7ejpI4a
h32bMyXg5upqGHr/LzhMojJ/v81NUql7ffZ8ErE+Gf8w8pyoLO/93gJcpQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMUxZIimTxeDuh3DDUlBuT55XwUoMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEveFRGa2lLWlBGNE82SGNNTlNVRzVQbmxmQlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9BFAwQA
W9BJAwQAW9XIAwQAwpyXMA0GCSqGSIb3DQEBCwUAA4IBAQBF5FQj2KMvUbdNky7/
Ci83O2lGhlLtts/XnMw0yryAVl85rQCn2TjWekkFRAMubI3GI8Yx2+VzkBWgG+A+
cCngo/troZgCkUnT3/xnXDLxBQyRx8jp6QGxfowwKH4FCp/5F0S+c/UBfDGlwcCM
ZK1uTX2LorsjlPLJGeghhbVrwXK/SPAhiWQjkdmDC3I59SitVd/rnmGpO/2M6Gmw
qQuLEsaLl96sYnnQocT1UYAaapMDPZ6BpmH9AgFhUBWQeGttdA+27Fk4z7wW4CNo
nNj9TO5y+kC/+DuLElrdVuT+xmfCSUyG+wH5iq6R3ZwpupRYT0/3itbxlGs6gu9b
U+IL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org