Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/hYaakuYJwQryDfgbuwrEPyxBLnA.roa
File: hYaakuYJwQryDfgbuwrEPyxBLnA.roa (raw, json)
Hash identifier: 4VSTBUzy+YVPbltaHF3T8hZlDd0xNRhn4nwv0sL1IbI=
Subject key identifier: 85:86:9A:92:E6:09:C1:0A:F2:0D:F8:1B:BB:0A:C4:3F:2C:41:2E:70
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 01849A02A85943C9235F9858A2F9CC8C349F
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/hYaakuYJwQryDfgbuwrEPyxBLnA.roa
Signing time: Mon 21 Nov 2022 11:46:16 +0000
ROA not before: Mon 21 Nov 2022 11:46:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202228
IP address blocks: 94.240.52.0/24 maxlen: 24
94.240.53.0/24 maxlen: 24
94.240.54.0/24 maxlen: 24
94.240.55.0/24 maxlen: 24
94.240.60.0/24 maxlen: 24
94.240.61.0/24 maxlen: 24
91.106.26.0/24 maxlen: 24
91.106.27.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:9a:02:a8:59:43:c9:23:5f:98:58:a2:f9:cc:8c:34:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Nov 21 11:46:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=85869a92e609c10af20df81bbb0ac43f2c412e70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:6a:bb:08:5c:0a:1e:ba:68:e7:c5:a3:04:2b:
70:a1:3e:ff:c4:7a:68:d0:09:43:f2:9a:45:d5:5c:
7b:20:e8:4a:be:2c:ab:65:e1:09:1e:45:a2:a0:f5:
a0:28:4f:eb:3b:65:2e:78:a9:99:7c:3c:a8:4e:c7:
fe:a9:50:52:09:45:65:50:b9:62:bb:42:9a:ee:1f:
e8:4b:48:e4:63:56:df:d1:17:50:96:89:50:aa:d7:
92:cd:56:3d:d6:82:06:05:6d:2c:17:8d:97:90:3a:
e8:86:17:f9:49:6e:77:4f:50:5d:49:17:b1:30:8f:
f4:bd:16:f6:e2:5b:d0:d5:35:95:1e:05:7d:50:92:
4b:2c:24:6e:e6:a4:f6:3d:7a:f6:ee:d8:2d:16:8c:
69:ac:3c:ec:40:eb:9a:2a:61:ce:f9:47:09:b5:be:
13:6c:6d:00:31:ce:fa:fd:be:6b:88:93:b8:f4:5e:
73:96:e4:e2:af:60:6f:de:dd:f2:ae:0c:24:69:60:
9e:2a:3a:03:2a:cb:33:94:b0:e8:94:6b:31:15:22:
c6:b7:fc:17:94:c7:39:2d:3c:0a:8a:14:c3:14:6e:
e6:3d:ff:b2:90:eb:47:cc:06:0c:ff:92:39:c9:ed:
cf:a8:82:da:74:1c:37:b1:7e:09:12:a4:1a:32:df:
51:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:86:9A:92:E6:09:C1:0A:F2:0D:F8:1B:BB:0A:C4:3F:2C:41:2E:70
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/hYaakuYJwQryDfgbuwrEPyxBLnA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.26.0/23
94.240.52.0/22
94.240.60.0/23
Signature Algorithm: sha256WithRSAEncryption
94:4a:15:bd:fb:cf:63:0e:bd:0e:84:60:15:2b:93:03:1d:bb:
3c:82:b6:a0:20:84:79:24:ca:9b:57:3d:75:38:d7:d3:73:1f:
4b:61:8b:fb:b7:27:bf:07:c6:e1:49:49:a4:df:b0:f7:10:2c:
27:48:0d:8c:bf:db:0a:03:7e:8a:30:4e:d2:4e:3a:9f:64:f4:
35:e2:8b:79:b9:ac:71:41:36:85:67:06:78:f2:66:fc:3c:fb:
1e:20:e6:23:07:fd:a7:85:de:6f:3c:35:83:bd:62:00:d4:e6:
ec:1a:2a:8d:0a:8a:67:1e:9e:e5:c1:d6:7f:b1:0f:36:4e:39:
d6:79:9a:9a:05:b5:4c:ca:d9:b6:7f:8f:fc:ac:05:66:eb:09:
4f:07:a8:a8:c0:b1:dc:13:f2:27:f8:c0:87:0a:49:49:ea:ed:
7f:74:68:51:89:b9:f0:48:86:ae:6f:b9:b4:29:5f:5b:dd:08:
75:4d:04:78:ea:d3:e5:e4:fe:e3:1d:6a:bf:02:3e:50:ca:0e:
98:e5:87:b1:fd:85:8d:24:44:be:fe:ce:ab:55:72:64:af:c8:
ec:1e:20:83:bc:cc:e7:a8:dc:36:98:9a:78:18:51:1a:5a:e9:
13:ae:32:df:4a:a7:2a:84:9a:b6:c1:c4:0f:d4:65:ee:9d:d1:
17:50:fa:60
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYSaAqhZQ8kjX5hYovnMjDSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjIxMTIxMTE0NjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTg2OWE5MmU2MDljMTBhZjIwZGY4MWJiYjBhYzQzZjJjNDEyZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2q7CFwKHrpo58WjBCtwoT7/xHpo
0AlD8ppF1Vx7IOhKviyrZeEJHkWioPWgKE/rO2UueKmZfDyoTsf+qVBSCUVlULli
u0Ka7h/oS0jkY1bf0RdQlolQqteSzVY91oIGBW0sF42XkDrohhf5SW53T1BdSRex
MI/0vRb24lvQ1TWVHgV9UJJLLCRu5qT2PXr27tgtFoxprDzsQOuaKmHO+UcJtb4T
bG0AMc76/b5riJO49F5zluTir2Bv3t3yrgwkaWCeKjoDKsszlLDolGsxFSLGt/wX
lMc5LTwKihTDFG7mPf+ykOtHzAYM/5I5ye3PqILadBw3sX4JEqQaMt9RmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIWGmpLmCcEK8g34G7sKxD8sQS5wMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvaFlhYWt1WUp3UXJ5RGZnYnV3ckVQeXhCTG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW2oaAwQC
XvA0AwQBXvA8MA0GCSqGSIb3DQEBCwUAA4IBAQCUShW9+89jDr0OhGAVK5MDHbs8
gragIIR5JMqbVz11ONfTcx9LYYv7tye/B8bhSUmk37D3ECwnSA2Mv9sKA36KME7S
TjqfZPQ14ot5uaxxQTaFZwZ48mb8PPseIOYjB/2nhd5vPDWDvWIA1ObsGiqNCopn
Hp7lwdZ/sQ82TjnWeZqaBbVMytm2f4/8rAVm6wlPB6iowLHcE/In+MCHCklJ6u1/
dGhRibnwSIaub7m0KV9b3Qh1TQR46tPl5P7jHWq/Aj5Qyg6Y5Yex/YWNJES+/s6r
VXJkr8jsHiCDvMznqNw2mJp4GFEaWukTrjLfSqcqhJq2wcQP1GXundEXUPpg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:12 2024 by rpki-client on console-ams.rpki-client.org