Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/yEJxVTdNjatrKoQPnusQZ7MmF-E.roa
File: yEJxVTdNjatrKoQPnusQZ7MmF-E.roa (raw, json)
Hash identifier: r7BHZiP1tqwAATNsii9+c+F0lL0rxYg8AcLzujqbBus=
Subject key identifier: C8:42:71:55:37:4D:8D:AB:6B:2A:84:0F:9E:EB:10:67:B3:26:17:E1
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 0187AB014CD615E8EF79CD1B2B00524C4E4B
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/yEJxVTdNjatrKoQPnusQZ7MmF-E.roa
Signing time: Sat 22 Apr 2023 22:06:41 +0000
ROA not before: Sat 22 Apr 2023 22:06:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209260
IP address blocks: 91.213.186.0/24 maxlen: 24
91.213.189.0/24 maxlen: 24
194.156.150.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ab:01:4c:d6:15:e8:ef:79:cd:1b:2b:00:52:4c:4e:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Apr 22 22:06:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c8427155374d8dab6b2a840f9eeb1067b32617e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:97:74:d5:70:96:d0:59:c8:f1:03:e0:6e:f3:
67:a2:a2:f0:12:4f:86:0b:43:c3:bf:58:be:6c:11:
fe:3d:8e:83:f8:dc:5f:50:c3:d5:b7:21:6a:46:63:
1a:59:22:93:e3:33:db:9e:83:7b:f2:0a:bd:37:ab:
aa:7f:fb:38:9e:0b:3e:1d:03:b8:48:50:3b:82:e6:
9c:0a:a8:05:07:35:0e:b9:06:26:0a:bb:ff:58:79:
92:a0:7a:59:8f:e4:c8:ed:88:e8:1e:ba:23:f0:79:
3e:91:df:56:89:c7:78:42:01:53:74:28:1b:58:61:
5f:49:52:23:0c:31:38:db:11:4f:26:2e:71:7b:22:
83:d7:0a:b4:ee:ed:bd:7b:11:62:47:0d:dc:ec:1b:
57:c8:43:b7:7b:06:95:72:f4:d4:39:a8:9a:9a:cc:
63:7b:b3:fc:03:fd:af:42:91:09:86:f2:ef:c5:46:
99:35:c7:6f:ea:fe:91:25:f0:cc:87:c3:62:2c:8b:
04:e2:b4:6c:09:9b:4b:4c:b6:c8:45:e6:66:16:b5:
2f:a9:7c:90:c8:f9:f0:c0:c2:e5:1c:c0:7c:78:68:
65:91:8f:08:d6:41:3f:ee:d0:37:fb:4c:24:1b:77:
e4:b6:cd:86:35:f2:e7:d7:12:91:e8:78:94:53:b1:
89:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:42:71:55:37:4D:8D:AB:6B:2A:84:0F:9E:EB:10:67:B3:26:17:E1
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/yEJxVTdNjatrKoQPnusQZ7MmF-E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.109.0/24
91.213.186.0/24
91.213.189.0/24
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
86:d4:e9:84:b2:75:c5:3e:f2:43:06:c0:32:7a:71:07:97:13:
1b:36:fc:fc:7b:97:09:30:62:de:f3:47:e6:a8:fc:e5:f1:a9:
64:80:11:63:8e:e3:15:00:10:5a:f4:4f:8c:e1:ad:06:75:c9:
06:5c:b8:f6:2e:2b:0f:6b:cd:05:0b:37:ec:ef:f5:4b:f1:44:
6b:66:ae:d0:33:f1:fb:cb:0c:f5:77:c0:bf:27:5b:3b:f0:65:
08:20:3e:a0:5b:bb:1f:a3:90:1d:ab:a5:71:e6:f6:c5:67:f9:
fd:fe:b8:59:70:08:15:a6:07:86:32:65:f6:b6:d3:ec:8f:d0:
16:a2:f8:97:08:a2:f0:6e:a8:1f:1e:91:e0:d3:fe:67:d4:73:
87:9d:f3:cd:43:09:02:2e:4d:51:04:93:ee:57:cd:b5:4e:bd:
a6:27:4e:82:a0:cd:82:9e:36:d5:68:cb:66:3c:41:51:41:7d:
c3:14:b4:69:8a:70:82:09:92:78:cc:25:b9:ce:75:cc:81:33:
13:6d:e2:6c:08:50:da:d7:1e:10:ac:fe:c8:0b:6f:9e:6a:b7:
9b:bf:68:de:93:31:46:ff:07:22:26:02:17:24:2f:fa:81:77:
78:43:db:81:d3:1f:63:12:2e:7f:12:cb:be:c6:ff:e1:ba:15:
7a:28:d5:5e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYerAUzWFejvec0bKwBSTE5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNDIyMjIwNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODQyNzE1NTM3NGQ4ZGFiNmIyYTg0MGY5ZWViMTA2N2IzMjYxN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pd01XCW0FnI8QPgbvNnoqLwEk+G
C0PDv1i+bBH+PY6D+NxfUMPVtyFqRmMaWSKT4zPbnoN78gq9N6uqf/s4ngs+HQO4
SFA7guacCqgFBzUOuQYmCrv/WHmSoHpZj+TI7YjoHroj8Hk+kd9Wicd4QgFTdCgb
WGFfSVIjDDE42xFPJi5xeyKD1wq07u29exFiRw3c7BtXyEO3ewaVcvTUOaiamsxj
e7P8A/2vQpEJhvLvxUaZNcdv6v6RJfDMh8NiLIsE4rRsCZtLTLbIReZmFrUvqXyQ
yPnwwMLlHMB8eGhlkY8I1kE/7tA3+0wkG3fkts2GNfLn1xKR6HiUU7GJ2QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMhCcVU3TY2rayqED57rEGezJhfhMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEveUVKeFZUZE5qYXRyS29RUG51c1FaN01tRi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9BtAwQA
W9W6AwQAW9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQCG1OmEsnXFPvJDBsAy
enEHlxMbNvz8e5cJMGLe80fmqPzl8alkgBFjjuMVABBa9E+M4a0GdckGXLj2LisP
a80FCzfs7/VL8URrZq7QM/H7ywz1d8C/J1s78GUIID6gW7sfo5Adq6Vx5vbFZ/n9
/rhZcAgVpgeGMmX2ttPsj9AWoviXCKLwbqgfHpHg0/5n1HOHnfPNQwkCLk1RBJPu
V821Tr2mJ06CoM2CnjbVaMtmPEFRQX3DFLRpinCCCZJ4zCW5znXMgTMTbeJsCFDa
1x4QrP7IC2+earebv2jekzFG/wciJgIXJC/6gXd4Q9uB0x9jEi5/Esu+xv/huhV6
KNVe
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org