Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Y1rEIeiOFkZu2sBGTBR7JnnlMaQ.roa
File: Y1rEIeiOFkZu2sBGTBR7JnnlMaQ.roa (raw, json)
Hash identifier: 6DrkjIssFcKw+UbirHSH9ygbKHZcaL4GRbM26eHFY/M=
Subject key identifier: 63:5A:C4:21:E8:8E:16:46:6E:DA:C0:46:4C:14:7B:26:79:E5:31:A4
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018C684C1A42472E8180427D40B780CAADC7
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Y1rEIeiOFkZu2sBGTBR7JnnlMaQ.roa
Signing time: Thu 14 Dec 2023 12:27:47 +0000
ROA not before: Thu 14 Dec 2023 12:27:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 91.84.0.0/18 maxlen: 18
194.46.32.0/19 maxlen: 19
91.84.128.0/17 maxlen: 17
194.46.64.0/19 maxlen: 19
91.85.0.0/16 maxlen: 16
194.46.80.0/20 maxlen: 20
91.84.64.0/19 maxlen: 19
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
91.84.96.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:68:4c:1a:42:47:2e:81:80:42:7d:40:b7:80:ca:ad:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Dec 14 12:27:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=635ac421e88e16466edac0464c147b2679e531a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:91:bd:58:cc:dd:07:29:6b:dc:4a:e1:47:f0:
84:21:25:fa:99:2b:e5:01:1d:33:ab:88:80:20:80:
7f:a1:4a:43:3e:ba:4f:43:fa:34:ba:03:65:40:d1:
91:06:ee:38:0c:c8:e1:92:9f:33:2e:ff:1d:2a:2f:
c6:d1:7d:1c:58:34:fc:a8:9f:b7:1c:8c:09:d1:8a:
99:56:88:9b:1a:01:2b:c1:c2:22:ab:09:a8:95:dd:
2c:e0:69:bf:ec:8e:ec:44:3b:02:8f:7f:b1:33:f1:
ae:b0:49:14:76:82:6c:ac:d5:03:d6:dd:3b:84:a7:
00:fd:8a:87:34:e6:bf:30:55:13:d2:ec:6b:37:40:
07:7a:5d:0b:cc:15:55:92:6f:cb:78:94:c0:f6:99:
ea:1b:eb:50:bd:f5:a7:3b:ee:72:12:7f:09:b8:4b:
51:b1:94:2b:bf:ab:b2:03:f1:12:32:11:9e:7f:fd:
7c:f2:19:a6:10:a9:d1:29:aa:c1:3f:8f:58:eb:e3:
3c:a7:8a:a3:b5:cd:ba:bb:6f:30:28:85:d5:b0:8e:
e0:64:9c:77:3d:ab:09:52:53:55:79:d9:a7:6d:15:
1e:c0:cd:60:05:df:7f:1d:85:df:fb:32:5e:e9:04:
6d:02:a9:80:43:71:d8:14:a7:9b:9c:68:ba:cd:03:
e4:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:5A:C4:21:E8:8E:16:46:6E:DA:C0:46:4C:14:7B:26:79:E5:31:A4
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Y1rEIeiOFkZu2sBGTBR7JnnlMaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/15
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
70:86:f0:7a:09:86:6b:fe:15:31:3e:50:86:14:8c:83:d4:1a:
8f:a2:45:a5:c6:3a:1e:1a:13:6d:f0:b9:43:b5:1e:fe:8c:c0:
01:4a:8e:59:eb:8f:31:76:e5:20:6a:e2:98:68:fa:3c:cf:13:
7f:d9:44:bd:8b:bb:29:29:9c:6c:28:46:38:03:0a:0b:12:10:
9b:df:05:d0:da:18:43:ee:29:aa:39:a3:73:da:ce:5f:be:b3:
11:b5:a9:31:6f:27:99:66:fa:6c:c9:85:c0:11:44:f0:22:77:
fa:b3:2c:19:56:c4:67:c5:f2:a1:e5:08:71:7c:cd:08:ec:d7:
dc:f7:b4:d0:f0:0e:72:26:67:a9:c2:be:01:1f:db:c7:c4:d3:
30:12:10:48:58:31:e0:71:cd:d1:a2:f9:51:ec:ed:94:bd:71:
9e:11:3e:00:40:a9:dc:18:49:85:43:47:3a:a8:c9:18:3d:51:
1d:77:fd:ed:c0:49:a0:83:4e:90:cf:86:70:17:75:f6:7b:f6:
ed:9b:cb:f6:56:99:e1:60:64:f7:66:7c:c0:66:32:13:87:42:
4b:6b:01:87:cc:2f:63:24:7e:56:0b:d4:a0:ec:7f:7a:b8:56:
61:eb:e4:cd:b6:64:e1:f7:46:57:1d:dc:02:e3:34:72:db:3a:
5b:26:b8:c1
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYxoTBpCRy6BgEJ9QLeAyq3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjMxMjE0MTIyNzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVhYzQyMWU4OGUxNjQ2NmVkYWMwNDY0YzE0N2IyNjc5ZTUzMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pG9WMzdBylr3ErhR/CEISX6mSvl
AR0zq4iAIIB/oUpDPrpPQ/o0ugNlQNGRBu44DMjhkp8zLv8dKi/G0X0cWDT8qJ+3
HIwJ0YqZVoibGgErwcIiqwmold0s4Gm/7I7sRDsCj3+xM/GusEkUdoJsrNUD1t07
hKcA/YqHNOa/MFUT0uxrN0AHel0LzBVVkm/LeJTA9pnqG+tQvfWnO+5yEn8JuEtR
sZQrv6uyA/ESMhGef/188hmmEKnRKarBP49Y6+M8p4qjtc26u28wKIXVsI7gZJx3
PasJUlNVedmnbRUewM1gBd9/HYXf+zJe6QRtAqmAQ3HYFKebnGi6zQPkMwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFGNaxCHojhZGbtrARkwUeyZ55TGkMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvWTFyRUllaU9Ga1p1MnNCR1RCUjdKbm5sTWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAtBAIAATAnAwMBW1QwDAME
BcIuIAMEBcIuQAMEBdRogDAMAwQE1GxQAwQC1GxYMA0GCSqGSIb3DQEBCwUAA4IB
AQBwhvB6CYZr/hUxPlCGFIyD1BqPokWlxjoeGhNt8LlDtR7+jMABSo5Z648xduUg
auKYaPo8zxN/2US9i7spKZxsKEY4AwoLEhCb3wXQ2hhD7imqOaNz2s5fvrMRtakx
byeZZvpsyYXAEUTwInf6sywZVsRnxfKh5QhxfM0I7Nfc97TQ8A5yJmepwr4BH9vH
xNMwEhBIWDHgcc3RovlR7O2UvXGeET4AQKncGEmFQ0c6qMkYPVEdd/3twEmgg06Q
z4ZwF3X2e/btm8v2VpnhYGT3ZnzAZjITh0JLawGHzC9jJH5WC9Sg7H96uFZh6+TN
tmTh90ZXHdwC4zRy2zpbJrjB
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:37 2024 by rpki-client on console-ams.rpki-client.org