Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YV4UjGUElEyvwcBVSCfc0l__sJM.roa
File: YV4UjGUElEyvwcBVSCfc0l__sJM.roa (raw, json)
Hash identifier: Dmd6UoXQaP0SItYD8ChL142hlXiTpsCoQ3CjlpkZ7Zw=
Subject key identifier: 61:5E:14:8C:65:04:94:4C:AF:C1:C0:55:48:27:DC:D2:5F:FF:B0:93
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01842167F1E5B80E2CFF2C78D20C1BF20C6F
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YV4UjGUElEyvwcBVSCfc0l__sJM.roa
Signing time: Sat 29 Oct 2022 01:42:50 +0000
ROA not before: Sat 29 Oct 2022 01:42:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60808
IP address blocks: 85.8.164.0/22 maxlen: 24
5.34.208.0/20 maxlen: 24
188.253.96.0/19 maxlen: 24
185.215.246.0/24 maxlen: 24
5.226.48.0/21 maxlen: 24
193.36.84.0/23 maxlen: 23
185.36.192.0/22 maxlen: 24
2a05:ec80::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:21:67:f1:e5:b8:0e:2c:ff:2c:78:d2:0c:1b:f2:0c:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 29 01:42:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=615e148c6504944cafc1c0554827dcd25fffb093
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:50:04:15:ce:4c:3c:7b:58:aa:59:8d:84:a9:
14:58:e0:81:41:49:6d:69:46:f0:b3:80:64:86:27:
c9:75:dc:ed:9a:44:bb:ab:af:1b:96:29:41:32:fb:
42:10:2a:d3:8d:1d:f3:23:89:f0:b3:fe:0b:86:a9:
67:3f:63:ec:86:1c:36:74:f0:bb:20:dc:4a:c0:5a:
c7:7c:fc:6c:a7:9f:ba:82:7a:06:ac:2c:80:26:1c:
2b:8f:20:80:4e:8a:12:bc:50:19:20:d1:a8:64:59:
fc:4e:c1:7c:9c:48:67:b7:9d:bc:f4:68:55:08:03:
4a:d4:04:c4:d9:1a:0d:53:9d:28:96:2d:23:83:03:
cd:a8:76:c1:ab:0c:88:93:09:82:f6:ee:bc:96:0b:
90:0d:e1:e4:93:2e:d1:ad:c3:54:24:08:6a:6f:14:
2b:a5:db:1b:35:3a:c9:ed:a1:aa:84:c3:fb:91:16:
c3:df:21:92:94:ff:1b:1b:fd:25:eb:cd:03:3f:d9:
12:52:7b:4f:4e:03:77:56:dc:ae:13:2b:28:d5:02:
13:4c:9c:92:d8:2a:62:4d:c9:cf:fe:60:8b:7f:71:
98:2b:79:5d:f3:cb:c0:49:64:f8:7a:67:65:fb:f8:
e6:3e:0c:f0:4a:bb:06:2d:ba:d0:63:87:70:0c:48:
0e:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:5E:14:8C:65:04:94:4C:AF:C1:C0:55:48:27:DC:D2:5F:FF:B0:93
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YV4UjGUElEyvwcBVSCfc0l__sJM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
5.226.48.0/21
85.8.164.0/22
185.36.192.0/22
185.215.246.0/24
188.253.96.0/19
193.36.84.0/23
IPv6:
2a05:ec80::/29
Signature Algorithm: sha256WithRSAEncryption
16:44:a3:ab:e4:b7:1a:b7:00:ce:0c:15:b1:d1:4a:0b:73:a8:
dd:2c:1d:fe:73:04:b5:87:95:df:e0:b4:cc:fe:f4:2f:7c:77:
af:5f:be:f7:7f:0b:ed:a8:1a:7d:be:01:c5:8d:b2:aa:95:bd:
d9:bb:30:be:ac:e1:0d:7d:b5:46:0b:af:34:a3:6a:18:16:fb:
c6:01:c2:85:d1:6e:3b:96:bd:f4:5d:02:45:5c:ce:ef:bd:d1:
dd:24:da:47:42:43:ee:9d:14:ef:9e:66:c2:9f:cf:e3:55:fb:
29:81:6f:45:93:07:25:d8:0c:d0:d1:74:cd:1a:87:db:e6:fb:
c7:a0:46:38:db:58:13:d5:ce:02:70:d2:bd:cb:6d:63:0f:67:
f6:d6:12:3c:54:a6:3d:62:2e:77:2b:86:c0:0a:6e:71:09:35:
a1:8e:d9:8b:ac:be:14:b3:06:87:38:37:d1:0d:17:cc:b7:4d:
29:dd:dc:cc:65:38:b4:1c:04:34:be:8a:ea:7f:c8:88:34:b7:
6d:bc:bd:97:67:b5:17:0e:03:3e:89:df:54:c1:60:1c:a4:66:
e5:77:8f:6b:9a:99:de:64:c2:da:40:ea:00:c3:9a:4e:67:9e:
92:28:6e:ec:49:ce:c4:8b:d5:ad:24:60:22:a5:1f:e0:bd:2d:
34:96:44:ba
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYQhZ/HluA4s/yx40gwb8gxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMDI5MDE0MjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTVlMTQ4YzY1MDQ5NDRjYWZjMWMwNTU0ODI3ZGNkMjVmZmZiMDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVAEFc5MPHtYqlmNhKkUWOCBQUlt
aUbws4BkhifJddztmkS7q68blilBMvtCECrTjR3zI4nws/4LhqlnP2Pshhw2dPC7
INxKwFrHfPxsp5+6gnoGrCyAJhwrjyCATooSvFAZINGoZFn8TsF8nEhnt5289GhV
CANK1ATE2RoNU50oli0jgwPNqHbBqwyIkwmC9u68lguQDeHkky7RrcNUJAhqbxQr
pdsbNTrJ7aGqhMP7kRbD3yGSlP8bG/0l680DP9kSUntPTgN3VtyuEyso1QITTJyS
2CpiTcnP/mCLf3GYK3ld88vASWT4emdl+/jmPgzwSrsGLbrQY4dwDEgOAwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFGFeFIxlBJRMr8HAVUgn3NJf/7CTMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWVY0VWpHVUVsRXl2d2NCVlNDZmMwbF9fc0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEBSLQAwQD
BeIwAwQCVQikAwQCuSTAAwQAudf2AwQFvP1gAwQBwSRUMA0EAgACMAcDBQMqBeyA
MA0GCSqGSIb3DQEBCwUAA4IBAQAWRKOr5LcatwDODBWx0UoLc6jdLB3+cwS1h5Xf
4LTM/vQvfHevX773fwvtqBp9vgHFjbKqlb3ZuzC+rOENfbVGC680o2oYFvvGAcKF
0W47lr30XQJFXM7vvdHdJNpHQkPunRTvnmbCn8/jVfspgW9Fkwcl2AzQ0XTNGofb
5vvHoEY421gT1c4CcNK9y21jD2f21hI8VKY9Yi53K4bACm5xCTWhjtmLrL4UswaH
ODfRDRfMt00p3dzMZTi0HAQ0vorqf8iINLdtvL2XZ7UXDgM+id9UwWAcpGbld49r
mpneZMLaQOoAw5pOZ56SKG7sSc7Ei9WtJGAipR/gvS00lkS6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org