Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytW6CY8gHGuJ10opxM5NlVgK0uo.roa
File: ytW6CY8gHGuJ10opxM5NlVgK0uo.roa (raw, json)
Hash identifier: uWejXWvB9au5Utw/JWjW4ZAYxlpSot2TZ2KL2aPG8Mo=
Subject key identifier: CA:D5:BA:09:8F:20:1C:6B:89:D7:4A:29:C4:CE:4D:95:58:0A:D2:EA
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187EB20901004E506460FBC122DE36BA41B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytW6CY8gHGuJ10opxM5NlVgK0uo.roa
Signing time: Fri 05 May 2023 08:56:32 +0000
ROA not before: Fri 05 May 2023 08:56:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 94.156.234.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
176.125.253.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:eb:20:90:10:04:e5:06:46:0f:bc:12:2d:e3:6b:a4:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 5 08:56:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cad5ba098f201c6b89d74a29c4ce4d95580ad2ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:5d:bd:9e:cd:13:cd:80:39:0d:4b:e0:a4:97:
67:b4:45:af:7c:88:92:e2:34:33:f8:5d:f0:ad:07:
94:16:72:69:1a:bc:af:49:62:5c:3f:d2:3c:f0:f1:
f1:6a:b5:e0:5b:1e:3e:ca:ef:91:7e:9d:15:e9:d0:
a6:52:3f:7f:95:8e:b5:4c:cb:38:d5:ef:82:d8:f0:
88:7c:22:2f:a0:01:f9:b8:65:4b:95:a5:22:c4:7c:
14:e5:97:42:8a:02:28:6f:51:57:15:9b:7d:fc:45:
09:a5:d2:9e:77:a5:dc:5b:11:07:02:87:e8:96:67:
d4:09:4c:e3:67:b5:f6:58:df:b3:19:cb:56:f6:78:
45:e6:cb:78:dc:a0:26:28:73:14:07:0d:d1:74:50:
2a:18:9d:1f:5a:64:a9:a2:60:13:4f:71:b3:79:72:
eb:46:d7:cd:b2:9a:4c:24:c4:78:4b:86:c0:01:64:
d0:45:0a:ed:b8:65:17:44:0a:6e:91:ef:53:50:7e:
1b:cf:43:ca:9a:15:1f:0e:e0:6e:99:54:1e:fa:da:
75:f1:77:7b:89:06:39:50:3c:fe:83:dc:b9:25:8d:
84:36:90:78:da:15:81:ee:06:98:fa:cb:94:0b:a1:
b5:c1:7a:9b:99:b2:52:e6:11:50:c4:50:53:02:b6:
42:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:D5:BA:09:8F:20:1C:6B:89:D7:4A:29:C4:CE:4D:95:58:0A:D2:EA
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytW6CY8gHGuJ10opxM5NlVgK0uo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.78.0/24
94.156.234.0/24
176.125.252.0/23
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
53:19:19:06:f1:1f:f1:5d:18:c4:d1:22:ea:80:d7:50:fc:27:
99:77:4c:fd:a4:fa:95:9a:f3:c6:0c:fe:06:33:c1:c5:62:d6:
07:9c:e9:33:4f:34:53:d0:a0:b6:6c:bd:33:7c:77:09:03:1c:
03:19:f7:5c:fb:29:97:8c:86:82:69:41:6e:a2:50:67:6e:25:
7a:84:bd:e7:07:26:d9:49:be:68:e9:1d:a2:5a:d0:26:fd:7e:
5f:b3:fb:ed:0b:b4:14:f3:19:a1:45:6b:db:ba:3a:6c:03:a7:
3b:17:a9:ce:3e:2c:5e:e5:02:d4:82:6a:4d:84:3c:83:12:66:
3a:4f:0b:15:e0:41:31:1e:ef:b5:ae:55:6b:65:34:bb:d1:21:
d0:cc:18:d7:94:da:64:51:8f:79:7c:96:3c:68:c3:1a:76:22:
55:ab:dd:2f:01:c3:9b:f9:60:99:26:5e:de:75:87:c4:45:91:
8d:9c:f7:6e:90:de:5a:74:a6:da:69:df:e4:01:54:19:06:69:
58:27:8d:e4:1d:a6:76:f0:85:43:36:19:af:fb:d5:9f:41:ef:
10:1a:7f:98:e3:65:fd:12:69:78:7e:67:88:e8:46:4d:d2:56:
8d:9b:4f:2d:7d:61:07:09:81:c6:a1:e4:b7:ef:aa:6f:14:41:
56:35:7c:2d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYfrIJAQBOUGRg+8Ei3ja6QbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA1MDg1NjMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQ1YmEwOThmMjAxYzZiODlkNzRhMjljNGNlNGQ5NTU4MGFkMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAil29ns0TzYA5DUvgpJdntEWvfIiS
4jQz+F3wrQeUFnJpGryvSWJcP9I88PHxarXgWx4+yu+Rfp0V6dCmUj9/lY61TMs4
1e+C2PCIfCIvoAH5uGVLlaUixHwU5ZdCigIob1FXFZt9/EUJpdKed6XcWxEHAofo
lmfUCUzjZ7X2WN+zGctW9nhF5st43KAmKHMUBw3RdFAqGJ0fWmSpomATT3GzeXLr
RtfNsppMJMR4S4bAAWTQRQrtuGUXRApuke9TUH4bz0PKmhUfDuBumVQe+tp18Xd7
iQY5UDz+g9y5JY2ENpB42hWB7gaY+suUC6G1wXqbmbJS5hFQxFBTArZCLwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMrVugmPIBxriddKKcTOTZVYCtLqMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveXRXNkNZOGdIR3VKMTBvcHhNNU5sVmdLMHVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAXpxOAwQA
XpzqAwQBsH38AwQAwSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3DQEBCwUAA4IBAQBT
GRkG8R/xXRjE0SLqgNdQ/CeZd0z9pPqVmvPGDP4GM8HFYtYHnOkzTzRT0KC2bL0z
fHcJAxwDGfdc+ymXjIaCaUFuolBnbiV6hL3nBybZSb5o6R2iWtAm/X5fs/vtC7QU
8xmhRWvbujpsA6c7F6nOPixe5QLUgmpNhDyDEmY6TwsV4EExHu+1rlVrZTS70SHQ
zBjXlNpkUY95fJY8aMMadiJVq90vAcOb+WCZJl7edYfERZGNnPdukN5adKbaad/k
AVQZBmlYJ43kHaZ28IVDNhmv+9WfQe8QGn+Y42X9Eml4fmeI6EZN0laNm08tfWEH
CYHGoeS376pvFEFWNXwt
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:47 2024 by rpki-client on console-ams.rpki-client.org