Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/OpcPfyTb1w8_AC4_dUsnh8VmUYs.roa
File: OpcPfyTb1w8_AC4_dUsnh8VmUYs.roa (raw, json)
Hash identifier: ljtqCdDhOpfuP1Om3bcR09L5qTW/AFhiiQZbeH/3i0U=
Subject key identifier: 3A:97:0F:7F:24:DB:D7:0F:3F:00:2E:3F:75:4B:27:87:C5:66:51:8B
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018C656FF8C1738F028B9C176FCDFF08B5FA
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/OpcPfyTb1w8_AC4_dUsnh8VmUYs.roa
Signing time: Wed 13 Dec 2023 23:08:06 +0000
ROA not before: Wed 13 Dec 2023 23:08:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 91.84.128.0/17 maxlen: 17
194.46.80.0/20 maxlen: 20
91.84.64.0/19 maxlen: 19
212.104.128.0/19 maxlen: 19
91.84.96.0/19 maxlen: 19
91.84.0.0/18 maxlen: 18
194.46.32.0/19 maxlen: 19
91.84.0.0/16 maxlen: 16
91.84.0.0/15 maxlen: 15
194.46.64.0/19 maxlen: 19
91.85.0.0/16 maxlen: 16
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:65:6f:f8:c1:73:8f:02:8b:9c:17:6f:cd:ff:08:b5:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Dec 13 23:08:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a970f7f24dbd70f3f002e3f754b2787c566518b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:97:c4:fe:d5:56:a6:93:a6:d3:79:50:0f:29:
48:f0:52:b1:02:e0:62:45:01:4b:91:fb:30:bb:d4:
2e:00:0b:7a:80:cb:4e:46:07:f7:13:d6:1b:08:c2:
39:30:e3:b0:0d:82:0c:86:04:10:e7:fe:0b:dc:e1:
18:82:38:bd:f5:4a:29:3e:1f:5b:e5:3d:06:15:a5:
c7:2b:c0:8b:9b:95:0c:b5:3e:c0:5f:31:e9:ef:30:
27:f0:99:3a:3d:37:41:d7:a3:94:db:3d:09:38:b2:
48:b8:08:46:b7:10:a1:e6:1f:e9:c9:f5:6f:ef:04:
56:b6:e9:8c:2b:3e:23:1b:69:31:2f:54:15:49:3e:
ff:f8:22:af:62:f6:92:b2:6a:ed:0e:1c:de:31:b2:
21:11:15:cb:13:33:c9:8b:bf:9b:25:84:dd:ef:36:
03:dd:47:f9:9a:ff:73:6e:aa:ca:ed:28:33:e1:94:
18:ac:04:f4:5b:cd:9d:17:07:d2:97:0b:b8:22:16:
e4:74:2d:44:05:ad:9c:c3:96:83:9c:28:84:03:40:
80:84:4b:7d:0c:a0:e1:b1:80:bf:c1:f6:5f:f9:07:
29:c6:92:55:e5:28:f2:42:cd:87:c0:19:56:0d:d6:
1d:73:56:fb:4c:24:5a:fe:38:7a:72:7b:8f:56:af:
9e:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:97:0F:7F:24:DB:D7:0F:3F:00:2E:3F:75:4B:27:87:C5:66:51:8B
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/OpcPfyTb1w8_AC4_dUsnh8VmUYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/15
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
1a:36:08:72:83:4b:a9:b4:b4:d3:0e:ff:8b:03:de:6a:27:42:
1a:04:a7:ee:64:b7:fc:a8:6d:74:c8:58:03:39:b9:4a:bf:af:
41:c6:38:91:a6:eb:e0:c1:78:1e:c8:ee:a1:de:d4:b7:b2:27:
31:fb:ed:47:21:e0:f5:61:c8:b1:2b:ad:ef:0c:ce:eb:05:bc:
fa:aa:aa:cf:6a:39:8b:67:77:93:2d:03:c7:f4:82:c5:54:dd:
ad:ba:33:0d:d6:aa:91:fd:4d:1a:a9:78:28:03:9e:3b:bd:f3:
6b:56:47:49:36:07:ae:27:1d:15:79:ab:8b:4d:03:fd:35:9d:
51:cf:d1:8f:5b:ae:a2:41:a9:e0:6d:0c:88:c9:65:df:42:9b:
43:08:7e:82:ce:5b:d8:6a:14:d2:9c:93:2f:83:1f:6d:df:6f:
de:ac:73:06:63:88:b6:7b:e1:7d:d8:28:95:fc:70:9b:16:23:
3b:e0:ac:e7:23:ca:86:21:a1:89:68:1c:c1:78:44:a9:a5:5e:
bd:82:de:92:09:bc:f9:ad:52:71:20:a3:cc:98:0a:33:34:8a:
b4:fa:1c:05:56:3e:6c:0d:29:e1:a0:92:bc:26:82:55:89:ad:
43:4b:56:c3:2c:68:6f:c3:44:80:b2:84:1e:86:35:42:61:77:
ec:c3:21:bd
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYxlb/jBc48Ci5wXb83/CLX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjMxMjEzMjMwODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTk3MGY3ZjI0ZGJkNzBmM2YwMDJlM2Y3NTRiMjc4N2M1NjY1MThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJfE/tVWppOm03lQDylI8FKxAuBi
RQFLkfswu9QuAAt6gMtORgf3E9YbCMI5MOOwDYIMhgQQ5/4L3OEYgji99UopPh9b
5T0GFaXHK8CLm5UMtT7AXzHp7zAn8Jk6PTdB16OU2z0JOLJIuAhGtxCh5h/pyfVv
7wRWtumMKz4jG2kxL1QVST7/+CKvYvaSsmrtDhzeMbIhERXLEzPJi7+bJYTd7zYD
3Uf5mv9zbqrK7Sgz4ZQYrAT0W82dFwfSlwu4IhbkdC1EBa2cw5aDnCiEA0CAhEt9
DKDhsYC/wfZf+QcpxpJV5SjyQs2HwBlWDdYdc1b7TCRa/jh6cnuPVq+ewQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFDqXD38k29cPPwAuP3VLJ4fFZlGLMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvT3BjUGZ5VGIxdzhfQUM0X2RVc25oOFZtVVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAtBAIAATAnAwMBW1QwDAME
BcIuIAMEBcIuQAMEBdRogDAMAwQE1GxQAwQC1GxYMA0GCSqGSIb3DQEBCwUAA4IB
AQAaNghyg0uptLTTDv+LA95qJ0IaBKfuZLf8qG10yFgDOblKv69BxjiRpuvgwXge
yO6h3tS3sicx++1HIeD1YcixK63vDM7rBbz6qqrPajmLZ3eTLQPH9ILFVN2tujMN
1qqR/U0aqXgoA547vfNrVkdJNgeuJx0VeauLTQP9NZ1Rz9GPW66iQangbQyIyWXf
QptDCH6CzlvYahTSnJMvgx9t32/erHMGY4i2e+F92CiV/HCbFiM74KznI8qGIaGJ
aBzBeESppV69gt6SCbz5rVJxIKPMmAozNIq0+hwFVj5sDSnhoJK8JoJVia1DS1bD
LGhvw0SAsoQehjVCYXfswyG9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:37 2024 by rpki-client on console-ams.rpki-client.org