Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/YySpZR0MRH9F8W0nMCYBPrCZyFA.roa
File: YySpZR0MRH9F8W0nMCYBPrCZyFA.roa (raw, json)
Hash identifier: XGJDE7g2YtjrzYtyi+tnIOsQo7UOrU5RCknoohryZ3U=
Subject key identifier: 63:24:A9:65:1D:0C:44:7F:45:F1:6D:27:30:26:01:3E:B0:99:C8:50
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 01849A02A7ED8882D45915EE88440A7081D5
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/YySpZR0MRH9F8W0nMCYBPrCZyFA.roa
Signing time: Mon 21 Nov 2022 11:46:15 +0000
ROA not before: Mon 21 Nov 2022 11:46:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.63.0/24 maxlen: 24
94.240.62.0/23 maxlen: 23
91.106.30.0/23 maxlen: 23
94.240.0.0/19 maxlen: 19
91.106.26.0/23 maxlen: 23
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:9a:02:a7:ed:88:82:d4:59:15:ee:88:44:0a:70:81:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Nov 21 11:46:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6324a9651d0c447f45f16d273026013eb099c850
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:3e:12:b2:1a:09:46:13:34:80:ef:93:a6:bf:
a9:0a:2f:3b:e9:c3:8d:33:90:f7:0e:32:ff:28:5f:
17:d2:6b:5f:19:9d:67:1f:d2:35:fc:da:aa:2a:02:
ea:de:53:66:44:cd:b1:be:e7:2c:b8:e8:3f:04:a9:
63:67:a7:2b:12:f0:0c:bd:ab:77:a6:b5:bc:c6:37:
fe:47:d3:d5:2b:b4:0d:6d:60:a3:8f:28:92:0b:e5:
df:98:d3:2e:ec:12:67:4e:8a:34:b5:9e:6a:3d:85:
9c:19:ed:aa:b0:a0:9c:16:14:93:83:4d:41:26:03:
62:60:2e:0f:45:5c:9e:c3:d2:b8:2e:07:a0:6a:18:
2b:49:ec:f7:0d:61:42:d0:bb:59:7b:95:ed:de:c2:
cd:b3:95:95:bc:1a:07:f6:09:fc:da:5d:85:9a:13:
ab:86:70:85:15:8f:41:2d:9e:2a:f9:eb:53:ec:09:
c3:0f:0d:ba:aa:03:d0:a0:ea:07:e7:16:e4:28:f5:
b9:ee:03:af:47:6b:e7:d3:47:6b:e5:cc:76:51:88:
59:93:90:e7:30:35:3f:d3:b2:20:e4:2b:30:de:79:
10:76:17:f0:fd:9b:2d:17:cc:6e:2b:ed:47:b1:6b:
80:85:8c:ba:9f:8e:f6:e8:21:82:11:9d:dc:82:9c:
07:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:24:A9:65:1D:0C:44:7F:45:F1:6D:27:30:26:01:3E:B0:99:C8:50
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/YySpZR0MRH9F8W0nMCYBPrCZyFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.55.255
94.240.62.0/23
185.139.16.0/22
194.152.46.0/23
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
1a:b7:90:65:2b:1c:e0:4f:91:0a:97:8b:44:83:43:80:43:b6:
b9:6a:9c:70:0f:18:c5:49:14:2c:82:ed:02:63:47:a9:b7:73:
2c:eb:e6:b1:24:cd:5d:51:94:09:11:b4:54:c1:dd:be:c9:20:
36:f8:e1:a4:5f:db:16:97:d3:ab:ab:47:39:5b:c0:46:a9:df:
5a:5e:17:29:89:07:4d:5a:4a:a5:2a:31:b4:2d:ae:43:55:e0:
f6:9d:94:a1:55:67:ac:d8:48:93:77:7e:11:ea:a3:a3:63:e8:
b9:98:18:c8:f6:1b:69:7c:cf:59:aa:ad:f2:31:6a:f6:9a:5b:
5d:75:f9:c7:97:a0:c5:c4:bf:5d:b5:f8:5b:60:85:45:55:c7:
fb:1a:de:3b:21:a3:c8:7b:76:fc:f4:3d:8d:64:7a:bf:4c:cb:
a3:56:00:0f:64:e3:6a:f1:8e:a7:6e:a6:35:3f:d5:82:5f:62:
18:4e:cf:56:53:1b:f4:ef:6a:ee:cd:09:17:42:1a:52:f0:10:
02:e4:70:25:94:db:d3:be:4c:ed:94:2f:ad:81:cb:d2:88:d6:
51:49:d8:96:3d:f7:be:c7:ad:91:16:bf:60:86:ec:76:4a:94:
dc:13:b2:9c:18:20:37:15:2b:f5:ec:2d:c2:e4:77:fd:12:7e:
06:ad:b6:77
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYSaAqftiILUWRXuiEQKcIHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjIxMTIxMTE0NjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI0YTk2NTFkMGM0NDdmNDVmMTZkMjczMDI2MDEzZWIwOTljODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT4SshoJRhM0gO+Tpr+pCi876cON
M5D3DjL/KF8X0mtfGZ1nH9I1/NqqKgLq3lNmRM2xvucsuOg/BKljZ6crEvAMvat3
prW8xjf+R9PVK7QNbWCjjyiSC+XfmNMu7BJnToo0tZ5qPYWcGe2qsKCcFhSTg01B
JgNiYC4PRVyew9K4LgegahgrSez3DWFC0LtZe5Xt3sLNs5WVvBoH9gn82l2FmhOr
hnCFFY9BLZ4q+etT7AnDDw26qgPQoOoH5xbkKPW57gOvR2vn00dr5cx2UYhZk5Dn
MDU/07Ig5Csw3nkQdhfw/ZstF8xuK+1HsWuAhYy6n4726CGCEZ3cgpwHPQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFGMkqWUdDER/RfFtJzAmAT6wmchQMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvWXlTcFpSME1SSDlGOFcwbk1DWUJQckNaeUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBFBAIAATA/AwQCW2oYAwQB
W2oeMAsDAwRe8AMEAF7wKAMEAF7wKjAMAwQCXvAsAwQDXvAwAwQBXvA+AwQCuYsQ
AwQBwpguMA0EAgACMAcDBQAqAW6AMA0GCSqGSIb3DQEBCwUAA4IBAQAat5BlKxzg
T5EKl4tEg0OAQ7a5apxwDxjFSRQsgu0CY0ept3Ms6+axJM1dUZQJEbRUwd2+ySA2
+OGkX9sWl9Orq0c5W8BGqd9aXhcpiQdNWkqlKjG0La5DVeD2nZShVWes2EiTd34R
6qOjY+i5mBjI9htpfM9Zqq3yMWr2mltddfnHl6DFxL9dtfhbYIVFVcf7Gt47IaPI
e3b89D2NZHq/TMujVgAPZONq8Y6nbqY1P9WCX2IYTs9WUxv072ruzQkXQhpS8BAC
5HAllNvTvkztlC+tgcvSiNZRSdiWPfe+x62RFr9ghux2SpTcE7KcGCA3FSv17C3C
5Hf9En4GrbZ3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:12 2024 by rpki-client on console-ams.rpki-client.org