Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/y67Z35IAhaLdsXf0sTLM7dS_9-4.roa
File: y67Z35IAhaLdsXf0sTLM7dS_9-4.roa (raw, json)
Hash identifier: rtiJHXnvCqYQaKoksMhwK6vRxnNDAhSoH5GTc3snxMU=
Subject key identifier: CB:AE:D9:DF:92:00:85:A2:DD:B1:77:F4:B1:32:CC:ED:D4:BF:F7:EE
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 018A656BA68A9C9A49CA3D62BFA3B1C5FC14
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/y67Z35IAhaLdsXf0sTLM7dS_9-4.roa
Signing time: Tue 05 Sep 2023 12:57:48 +0000
ROA not before: Tue 05 Sep 2023 12:57:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.213.174.0/24 maxlen: 24
91.213.186.0/24 maxlen: 24
91.208.73.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
91.208.104.0/24 maxlen: 24
45.150.197.0/24 maxlen: 24
45.150.198.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:65:6b:a6:8a:9c:9a:49:ca:3d:62:bf:a3:b1:c5:fc:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Sep 5 12:57:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cbaed9df920085a2ddb177f4b132ccedd4bff7ee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:0f:7f:dd:dd:a1:8c:77:7a:b7:22:a0:a0:82:
c9:61:a7:cc:1e:19:83:12:ae:75:84:9d:55:fc:dd:
e9:1f:3b:08:19:aa:29:a6:9e:98:4e:00:32:16:2a:
02:75:25:31:91:ae:d2:d7:52:e1:d8:0d:3e:ab:24:
c6:f0:4e:9e:7a:02:9c:7c:8e:d1:8d:ef:6e:9b:bc:
2d:0f:32:d4:f5:74:5b:0c:fb:d6:a0:db:52:a3:2b:
04:47:26:a7:95:34:bc:48:2c:b0:5c:b4:bc:9f:44:
4a:6d:07:16:ee:28:14:f3:4f:32:ba:10:07:e8:a9:
96:84:0e:dd:56:ec:ee:a8:19:a1:8f:94:f7:18:64:
20:a2:a6:0c:9b:bf:83:d9:8b:36:62:f3:35:30:74:
ed:fa:2d:c0:43:76:80:3e:48:17:66:af:99:f0:7c:
c3:f6:ce:57:de:58:d2:42:46:af:46:54:6c:0f:8d:
0b:89:11:05:b3:bb:3f:43:4c:53:a8:8d:4d:f5:6f:
e2:13:3f:95:f5:85:e5:77:04:35:5f:36:f4:f2:5a:
91:c6:3e:d9:44:4e:be:58:cf:67:70:14:73:3f:64:
6c:3c:a0:d5:ba:46:75:ef:d2:90:74:4e:e3:6a:5f:
12:09:59:c9:51:76:63:32:e1:da:fa:40:6c:b8:7b:
eb:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:AE:D9:DF:92:00:85:A2:DD:B1:77:F4:B1:32:CC:ED:D4:BF:F7:EE
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/y67Z35IAhaLdsXf0sTLM7dS_9-4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.197.0-45.150.199.255
91.208.73.0/24
91.208.104.0/24
91.213.174.0/24
91.213.186.0/24
91.213.200.0/24
194.156.151.0/24
Signature Algorithm: sha256WithRSAEncryption
54:47:6a:ac:ea:b9:76:5d:38:8f:5c:72:b4:67:a1:75:0f:4a:
6c:90:ad:74:7c:b9:04:96:7d:96:07:a6:38:04:11:cb:52:71:
f0:99:ed:6e:a9:d9:e4:59:e5:bb:48:72:8f:08:dc:19:d1:73:
76:78:33:08:42:4b:06:47:48:53:0e:eb:e0:a6:f0:20:a9:33:
1b:fd:f5:4c:72:15:be:d9:80:ad:10:d6:b1:46:ad:51:b6:fe:
90:f3:a2:38:2a:fd:f9:21:56:0f:91:d0:d5:a2:23:a9:99:c4:
4c:77:93:6b:0a:31:e6:d4:0a:9f:71:23:06:fb:da:6f:c7:b1:
b8:48:11:ea:1d:b2:14:ab:9e:8e:f6:d3:08:6e:0d:64:78:59:
fc:89:5d:30:bb:f5:c2:25:28:03:cb:e6:4d:37:bd:06:4d:1c:
dc:bf:81:ee:be:75:fa:d1:d8:47:9f:63:79:6d:5e:1c:99:b7:
64:18:ee:b0:46:20:32:66:37:e9:2b:06:a9:e2:89:86:be:ab:
49:6c:14:44:57:12:c6:5e:73:11:46:76:cc:14:fc:6e:b8:23:
75:72:c0:b9:2e:e9:61:c0:2e:22:dc:78:ab:e8:31:d7:a7:8d:
96:24:46:89:a9:39:3c:69:8f:1a:2e:5c:69:9b:07:80:1c:21:
3e:35:31:f0
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYpla6aKnJpJyj1iv6OxxfwUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwOTA1MTI1NzQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmFlZDlkZjkyMDA4NWEyZGRiMTc3ZjRiMTMyY2NlZGQ0YmZmN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAig9/3d2hjHd6tyKgoILJYafMHhmD
Eq51hJ1V/N3pHzsIGaoppp6YTgAyFioCdSUxka7S11Lh2A0+qyTG8E6eegKcfI7R
je9um7wtDzLU9XRbDPvWoNtSoysERyanlTS8SCywXLS8n0RKbQcW7igU808yuhAH
6KmWhA7dVuzuqBmhj5T3GGQgoqYMm7+D2Ys2YvM1MHTt+i3AQ3aAPkgXZq+Z8HzD
9s5X3ljSQkavRlRsD40LiREFs7s/Q0xTqI1N9W/iEz+V9YXldwQ1Xzb08lqRxj7Z
RE6+WM9ncBRzP2RsPKDVukZ179KQdE7jal8SCVnJUXZjMuHa+kBsuHvrmwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFMuu2d+SAIWi3bF39LEyzO3Uv/fuMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEveTY3WjM1SUFoYUxkc1hmMHNUTE03ZFNfOS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAAtlsUD
BAMtlsADBABb0EkDBABb0GgDBABb1a4DBABb1boDBABb1cgDBADCnJcwDQYJKoZI
hvcNAQELBQADggEBAFRHaqzquXZdOI9ccrRnoXUPSmyQrXR8uQSWfZYHpjgEEctS
cfCZ7W6p2eRZ5btIco8I3BnRc3Z4MwhCSwZHSFMO6+Cm8CCpMxv99UxyFb7ZgK0Q
1rFGrVG2/pDzojgq/fkhVg+R0NWiI6mZxEx3k2sKMebUCp9xIwb72m/HsbhIEeod
shSrno720whuDWR4WfyJXTC79cIlKAPL5k03vQZNHNy/ge6+dfrR2EefY3ltXhyZ
t2QY7rBGIDJmN+krBqniiYa+q0lsFERXEsZecxFGdswU/G64I3VywLku6WHALiLc
eKvoMdenjZYkRompOTxpjxouXGmbB4AcIT41MfA=
-----END CERTIFICATE-----
Generated at Sun Apr 27 18:29:59 2025 by rpki-client