Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/YZOv8bKy2W2LZlIB7mC-6X01yas.roa
File: YZOv8bKy2W2LZlIB7mC-6X01yas.roa (raw, json)
Hash identifier: BBr2K8MGE/TjDQ2PEwWRIfbftu5PPsaXMyaQVUdSMt4=
Subject key identifier: 61:93:AF:F1:B2:B2:D9:6D:8B:66:52:01:EE:60:BE:E9:7D:35:C9:AB
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018D54904D97040936F1835CFE90445B7263
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/YZOv8bKy2W2LZlIB7mC-6X01yas.roa
Signing time: Mon 29 Jan 2024 09:32:39 +0000
ROA not before: Mon 29 Jan 2024 09:32:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 91.84.0.0/18 maxlen: 18
91.84.96.0/19 maxlen: 19
91.84.128.0/17 maxlen: 17
91.85.0.0/17 maxlen: 17
91.85.128.0/19 maxlen: 19
91.85.192.0/18 maxlen: 18
194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.104.129.0/24 maxlen: 24
212.104.130.0/24 maxlen: 24
212.104.132.0/24 maxlen: 24
212.104.136.0/24 maxlen: 24
212.104.143.0/24 maxlen: 24
212.104.149.0/24 maxlen: 24
212.104.150.0/24 maxlen: 24
212.104.152.0/24 maxlen: 24
212.104.155.0/24 maxlen: 24
212.104.156.0/24 maxlen: 24
212.104.159.0/24 maxlen: 24
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
212.108.88.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:54:90:4d:97:04:09:36:f1:83:5c:fe:90:44:5b:72:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 29 09:32:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6193aff1b2b2d96d8b665201ee60bee97d35c9ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:ba:c6:90:c5:f1:87:ed:7f:92:05:98:aa:ad:
e9:a7:97:a1:d6:99:f1:16:c5:42:af:fc:90:3e:da:
20:79:f9:58:d7:b4:9c:63:17:91:6b:ae:f6:33:fc:
6c:2c:d3:3b:97:6b:b0:97:48:c9:41:af:7d:6d:88:
09:11:f3:ca:6d:d2:64:91:2d:0f:d6:3a:a9:ba:9e:
a8:18:0c:30:d8:40:f2:97:02:d2:16:16:73:dd:18:
98:fd:23:a9:d0:39:66:d2:99:dc:4f:4b:e8:a7:70:
02:98:e1:f7:24:9e:7d:22:b5:76:2a:06:34:56:1d:
50:7c:9d:39:af:36:3b:eb:ee:4b:c9:e3:44:7c:72:
0d:d1:0b:0f:4d:45:64:d1:b8:e5:c0:ca:97:4a:00:
b6:33:f4:41:f5:31:10:21:5b:88:a8:e7:d2:c2:ef:
31:b3:4d:61:7b:52:fc:8b:4e:40:18:30:94:f8:f4:
88:d2:f6:19:cc:1d:b2:bd:dc:7b:71:d6:50:94:7a:
48:9e:3f:7d:77:55:c4:fa:55:ee:8e:7d:29:c7:25:
ae:f6:c7:8b:a5:a6:bd:ee:69:01:89:56:ff:cc:09:
fd:0f:a2:d0:c2:71:88:ca:3c:3d:87:50:ab:c5:d3:
a1:70:13:d6:52:ed:0d:7f:98:b9:24:85:31:be:7d:
54:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:93:AF:F1:B2:B2:D9:6D:8B:66:52:01:EE:60:BE:E9:7D:35:C9:AB
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/YZOv8bKy2W2LZlIB7mC-6X01yas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/18
91.84.96.0-91.85.159.255
91.85.192.0/18
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
5c:63:81:31:f6:a1:07:3e:3c:2e:b0:4a:0a:53:7e:e1:fa:b4:
0d:fa:f5:2d:2a:0c:d8:d1:d6:28:7e:d0:32:30:49:92:22:bf:
c1:a2:54:f2:96:16:ae:23:38:77:31:21:a7:5a:0b:da:1d:a7:
06:46:cb:77:30:a2:fd:da:8e:b5:d2:90:a9:ca:75:c2:b0:99:
54:11:42:66:9f:a0:d8:eb:19:7b:b2:93:89:d4:44:9a:24:54:
a3:fa:48:f8:8f:2e:0f:51:10:bd:cc:df:f0:3e:ef:d1:ff:4d:
1c:9b:c9:2d:fa:70:e1:2a:6f:26:c7:c9:e9:44:5b:0c:e6:56:
c0:dc:e7:3f:bf:d7:f3:5f:0d:85:ca:7c:20:d8:2d:f3:65:84:
13:35:95:ba:c0:2a:40:1e:91:04:fb:b3:79:db:01:f3:f6:44:
0b:aa:cb:1a:1f:37:d2:b4:c0:4d:a9:50:4e:29:25:4a:12:7f:
ad:ba:cb:cb:10:88:cf:d7:95:19:65:29:c2:3d:f1:86:dd:11:
f6:92:69:e6:6c:6e:cc:4e:9d:02:5e:d0:24:76:29:5e:38:ad:
14:ba:3c:ea:4e:a4:ad:96:18:f1:4b:81:a3:65:99:b8:ee:b1:
53:4b:53:9e:d9:90:b3:ea:95:2d:59:9f:65:86:8a:13:42:5b:
4f:8c:ce:52
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY1UkE2XBAk28YNc/pBEW3JjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTI5MDkzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTkzYWZmMWIyYjJkOTZkOGI2NjUyMDFlZTYwYmVlOTdkMzVjOWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7rGkMXxh+1/kgWYqq3pp5eh1pnx
FsVCr/yQPtogeflY17ScYxeRa672M/xsLNM7l2uwl0jJQa99bYgJEfPKbdJkkS0P
1jqpup6oGAww2EDylwLSFhZz3RiY/SOp0Dlm0pncT0vop3ACmOH3JJ59IrV2KgY0
Vh1QfJ05rzY76+5LyeNEfHIN0QsPTUVk0bjlwMqXSgC2M/RB9TEQIVuIqOfSwu8x
s01he1L8i05AGDCU+PSI0vYZzB2yvdx7cdZQlHpInj99d1XE+lXujn0pxyWu9seL
paa97mkBiVb/zAn9D6LQwnGIyjw9h1CrxdOhcBPWUu0Nf5i5JIUxvn1ULQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGGTr/Gystlti2ZSAe5gvul9NcmrMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvWVpPdjhiS3kyVzJMWmxJQjdtQy02WDAxeWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQGW1QAMAwD
BAVbVGADBAVbVYADBAZbVcAwDAMEBcIuIAMEBcIuQAMEBdRogDAMAwQE1GxQAwQC
1GxYMA0GCSqGSIb3DQEBCwUAA4IBAQBcY4Ex9qEHPjwusEoKU37h+rQN+vUtKgzY
0dYoftAyMEmSIr/BolTylhauIzh3MSGnWgvaHacGRst3MKL92o610pCpynXCsJlU
EUJmn6DY6xl7spOJ1ESaJFSj+kj4jy4PURC9zN/wPu/R/00cm8kt+nDhKm8mx8np
RFsM5lbA3Oc/v9fzXw2Fynwg2C3zZYQTNZW6wCpAHpEE+7N52wHz9kQLqssaHzfS
tMBNqVBOKSVKEn+tusvLEIjP15UZZSnCPfGG3RH2kmnmbG7MTp0CXtAkdileOK0U
ujzqTqStlhjxS4GjZZm47rFTS1Oe2ZCz6pUtWZ9lhooTQltPjM5S
-----END CERTIFICATE-----
Generated at Sat Apr 19 14:33:49 2025 by rpki-client