Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/c9b733-3bb4-4bbb-9636-74e620b1801b/1/iaDcBuPKER-9k9zW2TRNUueck18.roa
File: iaDcBuPKER-9k9zW2TRNUueck18.roa (raw, json)
Hash identifier: koOKOdseXTT09TT2gHfMo9mOFt+Q2DQVGo+RfN9NNXc=
Subject key identifier: 89:A0:DC:06:E3:CA:11:1F:BD:93:DC:D6:D9:34:4D:52:E7:9C:93:5F
Certificate issuer: /CN=42262920438231f321e3b8101088b20f90c08d46
Certificate serial: 018DE7BC393436D47913B53D3F8CCE953D04
Authority key identifier: 42:26:29:20:43:82:31:F3:21:E3:B8:10:10:88:B2:0F:90:C0:8D:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QiYpIEOCMfMh47gQEIiyD5DAjUY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/c9b733-3bb4-4bbb-9636-74e620b1801b/1/iaDcBuPKER-9k9zW2TRNUueck18.roa
Signing time: Mon 26 Feb 2024 23:24:48 +0000
ROA not before: Mon 26 Feb 2024 23:24:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212702
IP address blocks: 91.212.151.0/24 maxlen: 24
2a0d:ca00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:e7:bc:39:34:36:d4:79:13:b5:3d:3f:8c:ce:95:3d:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=42262920438231f321e3b8101088b20f90c08d46
Validity
Not Before: Feb 26 23:24:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=89a0dc06e3ca111fbd93dcd6d9344d52e79c935f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:bc:4d:bd:13:84:d7:7f:71:e6:b1:12:80:11:
8a:65:cf:0e:5a:44:4a:42:1a:d4:5e:7c:42:0b:02:
c3:4f:6f:27:9e:45:b3:df:4e:3c:31:1d:b7:f1:dc:
5c:83:19:23:67:0f:e5:e0:1c:9d:7a:48:e1:ee:fd:
ce:57:d6:1c:ad:b0:e5:a2:a3:91:6e:99:af:5d:b7:
24:bc:b8:8f:62:89:96:04:4f:2c:0b:e8:0e:6c:93:
61:db:d6:b5:98:bc:f7:cb:1d:e8:7c:b7:7b:f2:1f:
3d:52:68:63:3b:53:97:f1:47:95:d1:82:67:f8:55:
b4:d7:bc:ac:29:63:6e:31:a7:b5:5c:c3:d5:3c:f4:
48:61:0e:bc:cd:2e:8d:b0:1a:9f:d1:a0:e5:e4:7e:
73:56:4e:1e:26:6b:12:e4:3a:b8:5a:d1:2d:d5:ee:
0e:38:a0:9b:31:a2:5d:a9:0c:f7:58:24:64:4c:58:
a4:8e:e7:1f:b2:2f:a0:d2:6f:42:43:19:f6:b4:11:
04:6e:fd:59:2c:42:70:49:44:45:6f:84:30:c2:1c:
fb:6e:1b:79:d0:21:e0:28:c5:c1:64:35:32:7b:2d:
44:74:83:bc:a1:3b:9b:61:f4:79:0d:21:89:79:01:
74:e5:a1:b7:9f:d5:11:0e:aa:14:98:2f:83:10:06:
78:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:A0:DC:06:E3:CA:11:1F:BD:93:DC:D6:D9:34:4D:52:E7:9C:93:5F
X509v3 Authority Key Identifier:
keyid:42:26:29:20:43:82:31:F3:21:E3:B8:10:10:88:B2:0F:90:C0:8D:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiYpIEOCMfMh47gQEIiyD5DAjUY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c9b733-3bb4-4bbb-9636-74e620b1801b/1/iaDcBuPKER-9k9zW2TRNUueck18.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c9b733-3bb4-4bbb-9636-74e620b1801b/1/QiYpIEOCMfMh47gQEIiyD5DAjUY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.212.151.0/24
IPv6:
2a0d:ca00::/32
Signature Algorithm: sha256WithRSAEncryption
44:f6:89:73:9d:6b:f1:e1:94:c7:99:0d:d1:cc:0c:0d:20:e8:
4f:67:7b:48:6c:f0:39:f2:2e:64:28:6c:88:c5:58:92:6c:61:
50:0d:31:2b:fb:71:b7:17:e3:2e:54:ae:9d:d2:87:e2:9f:8a:
0c:a0:a1:bf:9e:d6:61:17:7f:80:a1:7b:3c:1e:28:3c:e1:0d:
73:c2:be:ce:e1:e3:65:a2:0e:e2:09:25:6a:77:e6:52:05:0d:
18:c5:9b:f0:55:c1:a3:43:c6:56:3b:65:91:72:b2:dc:65:06:
e3:73:a4:a3:f6:a3:ec:2c:d0:39:8a:5e:ed:d7:3f:96:f9:84:
79:23:6f:ba:42:66:28:04:63:e7:01:e0:50:e3:a0:b8:60:fd:
c6:fd:e1:04:89:ec:c0:be:6c:74:cc:bc:bb:ec:11:ba:95:8b:
de:4e:9d:1f:bb:44:a1:6c:35:3b:c9:de:b1:b1:9c:ae:16:96:
10:a0:05:ea:4d:b4:45:40:4b:b9:5c:07:33:99:77:f6:b6:a2:
4e:30:2c:d0:bd:1a:de:b7:d5:44:26:51:84:7f:d3:87:30:ea:
5d:40:01:23:43:0a:7f:d5:b3:a3:c4:dd:eb:8b:f0:e9:2c:c4:
42:d1:cb:33:89:6a:5c:ff:dc:29:06:6e:25:b0:28:08:62:f0:
12:12:b6:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3nvDk0NtR5E7U9P4zOlT0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjYyOTIwNDM4MjMxZjMyMWUzYjgxMDEwODhiMjBmOTBj
MDhkNDYwHhcNMjQwMjI2MjMyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWEwZGMwNmUzY2ExMTFmYmQ5M2RjZDZkOTM0NGQ1MmU3OWM5MzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLxNvROE139x5rESgBGKZc8OWkRK
QhrUXnxCCwLDT28nnkWz3048MR238dxcgxkjZw/l4Bydekjh7v3OV9YcrbDloqOR
bpmvXbckvLiPYomWBE8sC+gObJNh29a1mLz3yx3ofLd78h89UmhjO1OX8UeV0YJn
+FW017ysKWNuMae1XMPVPPRIYQ68zS6NsBqf0aDl5H5zVk4eJmsS5Dq4WtEt1e4O
OKCbMaJdqQz3WCRkTFikjucfsi+g0m9CQxn2tBEEbv1ZLEJwSURFb4Qwwhz7bht5
0CHgKMXBZDUyey1EdIO8oTubYfR5DSGJeQF05aG3n9URDqoUmC+DEAZ4YQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFImg3AbjyhEfvZPc1tk0TVLnnJNfMB8GA1UdIwQY
MBaAFEImKSBDgjHzIeO4EBCIsg+QwI1GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlZcElFT0NNZk1oNDdnUUVJaXlENURBalVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9jOWI3MzMtM2JiNC00YmJiLTk2MzYt
NzRlNjIwYjE4MDFiLzEvaWFEY0J1UEtFUi05azl6VzJUUk5VdWVjazE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9jOWI3MzMtM2JiNC00YmJiLTk2MzYtNzRlNjIwYjE4MDFi
LzEvUWlZcElFT0NNZk1oNDdnUUVJaXlENURBalVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9SXMA0E
AgACMAcDBQAqDcoAMA0GCSqGSIb3DQEBCwUAA4IBAQBE9olznWvx4ZTHmQ3RzAwN
IOhPZ3tIbPA58i5kKGyIxViSbGFQDTEr+3G3F+MuVK6d0ofin4oMoKG/ntZhF3+A
oXs8Hig84Q1zwr7O4eNlog7iCSVqd+ZSBQ0YxZvwVcGjQ8ZWO2WRcrLcZQbjc6Sj
9qPsLNA5il7t1z+W+YR5I2+6QmYoBGPnAeBQ46C4YP3G/eEEiezAvmx0zLy77BG6
lYveTp0fu0ShbDU7yd6xsZyuFpYQoAXqTbRFQEu5XAczmXf2tqJOMCzQvRret9VE
JlGEf9OHMOpdQAEjQwp/1bOjxN3ri/DpLMRC0csziWpc/9wpBm4lsCgIYvASErac
-----END CERTIFICATE-----
Generated at Mon Jul 22 16:02:47 2024 by rpki-client on console-fra.rpki-client.org