Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yd-w7NK9HBY5XmiJc-pdJvBoU5k.roa
File: yd-w7NK9HBY5XmiJc-pdJvBoU5k.roa (raw, json)
Hash identifier: aPi5ATWbEVbe2HQcCLkMDVAK2NHcSSzE1F1AnLtCX8A=
Subject key identifier: C9:DF:B0:EC:D2:BD:1C:16:39:5E:68:89:73:EA:5D:26:F0:68:53:99
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01856D81D81A40BFA93FA27D83775ACE7E8E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yd-w7NK9HBY5XmiJc-pdJvBoU5k.roa
Signing time: Sun 01 Jan 2023 13:25:04 +0000
ROA not before: Sun 01 Jan 2023 13:25:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 22653
IP address blocks: 31.169.124.0/24 maxlen: 24
31.169.125.0/24 maxlen: 24
185.221.66.0/24 maxlen: 24
31.169.126.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
31.169.127.0/24 maxlen: 24
164.40.186.0/23 maxlen: 24
164.40.184.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
185.218.136.0/23 maxlen: 24
185.225.72.0/24 maxlen: 24
193.37.46.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:81:d8:1a:40:bf:a9:3f:a2:7d:83:77:5a:ce:7e:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 1 13:25:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c9dfb0ecd2bd1c16395e688973ea5d26f0685399
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:57:7b:bc:47:c5:14:3a:5a:ff:5c:f0:f3:8e:
ea:48:33:c9:9a:c1:81:bb:d7:5b:b5:58:55:97:de:
67:70:47:33:9e:7a:55:87:2b:fd:c6:24:e1:b4:1d:
9b:7e:72:5c:56:bb:14:b9:61:89:ae:da:b7:bc:ed:
bb:5c:10:26:b6:dc:be:49:45:9f:5a:70:28:24:80:
a5:bb:4d:57:9a:01:f0:bf:30:5f:c2:49:f0:c8:f8:
2d:ba:fc:48:46:ad:12:f2:62:f5:3a:d0:b9:b8:25:
cc:f2:67:c3:c5:d0:59:a1:ee:c8:57:3d:26:2b:59:
a5:43:4c:e2:f0:2f:41:03:18:f6:c9:86:ab:c2:28:
4f:a0:bd:44:17:c6:31:58:51:94:2a:e0:2f:d3:ad:
cc:2c:06:45:31:78:fb:dd:0b:19:3c:28:29:84:8d:
aa:a3:8d:32:74:ef:76:4e:65:74:b1:66:45:01:00:
d5:1c:7e:8e:8e:b9:fd:df:4d:97:fe:cf:5b:9b:34:
4a:05:18:32:59:d3:eb:3d:2a:c0:90:17:2f:c5:c5:
ba:8b:98:07:23:d8:14:53:4e:5a:c6:98:35:d9:e9:
4c:d3:4f:fa:bf:46:6b:e8:a1:2e:fa:53:83:3f:42:
9a:de:57:b3:d9:d3:78:a4:b6:8d:79:b7:c4:0d:d1:
20:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:DF:B0:EC:D2:BD:1C:16:39:5E:68:89:73:EA:5D:26:F0:68:53:99
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yd-w7NK9HBY5XmiJc-pdJvBoU5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.169.124.0/22
85.217.128.0/24
92.249.50.0/24
164.40.184.0/24
164.40.186.0/23
185.218.136.0/23
185.221.66.0/24
185.225.72.0/24
193.37.46.0/24
Signature Algorithm: sha256WithRSAEncryption
41:2e:48:9e:b6:6a:dc:e4:3d:4a:87:2e:78:3c:f9:b8:bc:0d:
a7:d5:97:0e:4f:8a:bc:19:6e:a8:06:64:94:5a:a4:06:63:54:
fc:27:3e:01:a2:c6:91:3c:87:69:3c:a8:a3:c3:4a:e3:df:9c:
0a:36:57:31:0d:eb:5a:4b:5a:7e:19:64:db:65:48:16:16:37:
ba:ac:ab:dd:c0:48:76:16:4d:2a:21:ea:c1:20:b0:35:c8:87:
74:0b:8d:97:ce:42:d1:68:91:60:1e:47:56:a1:9f:32:55:d8:
b2:dd:96:d1:ac:06:70:27:fc:6c:ea:16:8f:93:e6:0d:93:fb:
ae:60:59:93:8f:ca:ec:4a:aa:72:c7:58:8b:db:45:a4:5c:c0:
6f:83:38:d6:b6:fb:55:c3:e2:c0:3b:37:d8:2d:a4:ff:31:4a:
ca:ce:02:ab:16:51:ff:52:ba:d5:ec:0d:e2:65:65:4c:2f:68:
83:91:84:f1:d3:86:2e:ee:ca:e3:3f:e5:c9:e2:f0:c6:2f:65:
aa:6d:9c:61:73:26:4c:cb:db:36:a1:92:32:2a:91:47:cf:9c:
01:4c:76:01:63:8b:4b:9e:14:74:85:a7:2f:75:db:a4:89:a5:
3d:f3:79:4e:fc:7b:92:ad:a2:f1:e2:94:89:7d:7c:9c:a6:f8:
fe:1c:08:5c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVtgdgaQL+pP6J9g3dazn6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWRmYjBlY2QyYmQxYzE2Mzk1ZTY4ODk3M2VhNWQyNmYwNjg1Mzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVd7vEfFFDpa/1zw847qSDPJmsGB
u9dbtVhVl95ncEcznnpVhyv9xiThtB2bfnJcVrsUuWGJrtq3vO27XBAmtty+SUWf
WnAoJIClu01XmgHwvzBfwknwyPgtuvxIRq0S8mL1OtC5uCXM8mfDxdBZoe7IVz0m
K1mlQ0zi8C9BAxj2yYarwihPoL1EF8YxWFGUKuAv063MLAZFMXj73QsZPCgphI2q
o40ydO92TmV0sWZFAQDVHH6Ojrn9302X/s9bmzRKBRgyWdPrPSrAkBcvxcW6i5gH
I9gUU05axpg12elM00/6v0Zr6KEu+lODP0Ka3lez2dN4pLaNebfEDdEgJwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMnfsOzSvRwWOV5oiXPqXSbwaFOZMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveWQtdzdOSzlIQlk1WG1pSmMtcGRKdkJvVTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCH6l8AwQA
VdmAAwQAXPkyAwQApCi4AwQBpCi6AwQBudqIAwQAud1CAwQAueFIAwQAwSUuMA0G
CSqGSIb3DQEBCwUAA4IBAQBBLkietmrc5D1Khy54PPm4vA2n1ZcOT4q8GW6oBmSU
WqQGY1T8Jz4BosaRPIdpPKijw0rj35wKNlcxDetaS1p+GWTbZUgWFje6rKvdwEh2
Fk0qIerBILA1yId0C42XzkLRaJFgHkdWoZ8yVdiy3ZbRrAZwJ/xs6haPk+YNk/uu
YFmTj8rsSqpyx1iL20WkXMBvgzjWtvtVw+LAOzfYLaT/MUrKzgKrFlH/UrrV7A3i
ZWVML2iDkYTx04Yu7srjP+XJ4vDGL2WqbZxhcyZMy9s2oZIyKpFHz5wBTHYBY4tL
nhR0hacvddukiaU983lO/HuSraLx4pSJfXycpvj+HAhc
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:47 2024 by rpki-client on console-ams.rpki-client.org