Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/z-y7S5VvfL1luqHyQX9LY6xsVj4.roa
File: z-y7S5VvfL1luqHyQX9LY6xsVj4.roa (raw, json)
Hash identifier: l1dsqPw4jmlX93va/Mm5OfuE3TEipGKjdHXF53k0V2E=
Subject key identifier: CF:EC:BB:4B:95:6F:7C:BD:65:BA:A1:F2:41:7F:4B:63:AC:6C:56:3E
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018D174E26A7468E7975B6CEA6F49A609024
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/z-y7S5VvfL1luqHyQX9LY6xsVj4.roa
Signing time: Wed 17 Jan 2024 12:03:34 +0000
ROA not before: Wed 17 Jan 2024 12:03:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 91.84.0.0/18 maxlen: 18
91.84.96.0/19 maxlen: 19
91.84.128.0/17 maxlen: 17
91.85.0.0/17 maxlen: 17
91.85.128.0/19 maxlen: 19
91.85.192.0/18 maxlen: 18
194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:17:4e:26:a7:46:8e:79:75:b6:ce:a6:f4:9a:60:90:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 17 12:03:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cfecbb4b956f7cbd65baa1f2417f4b63ac6c563e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:28:33:f1:da:68:c7:0b:4f:c5:d4:a9:dc:20:
00:0a:71:af:2c:a0:73:f1:27:5b:e2:24:c4:13:16:
1a:1c:fc:2d:a2:70:65:0b:e8:05:53:b1:de:ef:aa:
04:df:5a:7d:f1:70:fe:08:e1:61:8d:19:6a:4c:f8:
52:b6:0c:24:58:2c:64:0d:8f:88:34:1f:c8:c3:19:
5d:9b:8d:95:0e:0b:5d:6d:e1:15:a0:5b:14:46:b7:
10:00:c8:1d:b1:eb:fd:63:1a:12:34:0c:53:cc:75:
6d:e0:ea:a5:89:b0:39:a4:0c:0d:f3:b6:7d:5e:de:
e6:ae:f8:08:e2:68:88:63:89:43:4f:0c:07:f9:0c:
84:4c:d3:88:ac:d8:3d:21:88:5f:b8:ad:c7:eb:eb:
03:78:71:52:d1:14:41:b1:86:c7:63:aa:3b:32:e2:
d7:38:04:96:d1:7a:a5:74:5e:9b:58:3b:be:f2:ed:
e1:fb:e3:51:60:7e:a9:6c:39:05:ed:4d:99:43:0a:
d4:de:e2:62:6d:2b:fd:ca:55:35:1d:77:41:b5:65:
50:88:65:01:e2:70:47:36:e0:b9:76:c6:ee:40:23:
a9:4b:17:32:99:89:f6:e6:75:aa:d4:de:bb:d7:e4:
3e:2d:88:fd:eb:f1:e4:d0:eb:70:7f:a6:de:5b:09:
a6:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:EC:BB:4B:95:6F:7C:BD:65:BA:A1:F2:41:7F:4B:63:AC:6C:56:3E
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/z-y7S5VvfL1luqHyQX9LY6xsVj4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/18
91.84.96.0-91.85.159.255
91.85.192.0/18
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
4e:10:af:87:ca:54:33:17:a0:0b:dc:8c:03:d6:b9:49:71:aa:
6e:a9:5f:f1:f9:f9:81:72:b1:1b:e6:72:73:c1:0f:c0:e8:7b:
00:6e:72:41:f3:9d:e6:37:9b:d6:7e:60:00:e6:ad:10:05:f8:
f4:4b:91:b9:07:c2:34:a9:4d:a0:1c:a8:8c:79:85:9c:21:1b:
00:52:85:c8:09:55:2a:b9:d7:f7:9e:03:58:14:94:f8:5e:49:
b1:57:c4:59:7e:9e:64:44:12:57:ee:ca:bd:0d:82:83:8b:ba:
df:75:59:6f:35:c7:1c:10:70:b0:e9:6c:07:4a:b7:86:93:19:
ca:04:d3:05:f2:93:b9:83:35:22:ae:27:ba:87:81:b1:78:e9:
2f:ac:5c:eb:25:1a:7c:2e:1c:9c:54:5e:ad:da:9b:a8:74:e7:
b3:46:be:f9:3f:bd:8f:fb:bd:9f:f7:62:71:be:07:76:77:3c:
e2:8b:89:df:ed:4e:b8:52:02:7c:63:0e:23:86:90:ae:b5:1c:
2f:69:19:5c:ad:01:6c:a8:9b:5e:48:ea:2d:a4:06:39:c5:d4:
c7:94:b3:da:37:ba:2e:0d:2d:6c:07:e5:c0:a6:96:4c:51:74:
86:c0:d1:1a:43:06:d0:2f:41:9d:1f:5d:3c:3e:f7:48:51:e7:
37:01:fd:64
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY0XTianRo55dbbOpvSaYJAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTE3MTIwMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmVjYmI0Yjk1NmY3Y2JkNjViYWExZjI0MTdmNGI2M2FjNmM1NjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSgz8dpoxwtPxdSp3CAACnGvLKBz
8Sdb4iTEExYaHPwtonBlC+gFU7He76oE31p98XD+COFhjRlqTPhStgwkWCxkDY+I
NB/Iwxldm42VDgtdbeEVoFsURrcQAMgdsev9YxoSNAxTzHVt4OqlibA5pAwN87Z9
Xt7mrvgI4miIY4lDTwwH+QyETNOIrNg9IYhfuK3H6+sDeHFS0RRBsYbHY6o7MuLX
OASW0XqldF6bWDu+8u3h++NRYH6pbDkF7U2ZQwrU3uJibSv9ylU1HXdBtWVQiGUB
4nBHNuC5dsbuQCOpSxcymYn25nWq1N671+Q+LYj96/Hk0Otwf6beWwmmHQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFM/su0uVb3y9Zbqh8kF/S2OsbFY+MB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvei15N1M1VnZmTDFsdXFIeVFYOUxZNnhzVmo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQGW1QAMAwD
BAVbVGADBAVbVYADBAZbVcAwDAMEBcIuIAMEBcIuQAMEBdRogDAMAwQE1GxQAwQC
1GxYMA0GCSqGSIb3DQEBCwUAA4IBAQBOEK+HylQzF6AL3IwD1rlJcapuqV/x+fmB
crEb5nJzwQ/A6HsAbnJB853mN5vWfmAA5q0QBfj0S5G5B8I0qU2gHKiMeYWcIRsA
UoXICVUqudf3ngNYFJT4XkmxV8RZfp5kRBJX7sq9DYKDi7rfdVlvNcccEHCw6WwH
SreGkxnKBNMF8pO5gzUirie6h4GxeOkvrFzrJRp8LhycVF6t2puodOezRr75P72P
+72f92Jxvgd2dzzii4nf7U64UgJ8Yw4jhpCutRwvaRlcrQFsqJteSOotpAY5xdTH
lLPaN7ouDS1sB+XAppZMUXSGwNEaQwbQL0GdH108PvdIUec3Af1k
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:37 2024 by rpki-client on console-ams.rpki-client.org