Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/UfIGFLRLuFgxYDjtN8UZqivDzGs.roa
File: UfIGFLRLuFgxYDjtN8UZqivDzGs.roa (raw, json)
Hash identifier: XJVUFjro9oBUJHqGRMCupTtQ5nHWlThlOCbVc9K2Vls=
Subject key identifier: 51:F2:06:14:B4:4B:B8:58:31:60:38:ED:37:C5:19:AA:2B:C3:CC:6B
Certificate issuer: /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial: 0186A199152432FA5A194942A045C4868C4B
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/UfIGFLRLuFgxYDjtN8UZqivDzGs.roa
Signing time: Thu 02 Mar 2023 09:13:29 +0000
ROA not before: Thu 02 Mar 2023 09:13:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 6700
IP address blocks: 217.26.64.0/20 maxlen: 20
195.252.110.0/24 maxlen: 24
195.252.109.0/24 maxlen: 24
195.252.122.0/23 maxlen: 23
195.252.64.0/19 maxlen: 19
195.252.64.0/18 maxlen: 18
195.252.78.0/23 maxlen: 23
195.252.76.0/23 maxlen: 23
195.252.80.0/23 maxlen: 23
195.252.96.0/19 maxlen: 19
195.252.102.0/24 maxlen: 24
213.244.224.0/20 maxlen: 20
194.106.165.0/24 maxlen: 24
194.106.166.0/24 maxlen: 24
194.106.162.0/24 maxlen: 24
194.106.160.0/19 maxlen: 19
194.106.160.0/20 maxlen: 20
194.106.170.0/24 maxlen: 24
194.106.176.0/20 maxlen: 20
194.106.182.0/24 maxlen: 24
62.193.131.0/24 maxlen: 24
62.193.129.0/24 maxlen: 24
62.193.130.0/24 maxlen: 24
62.193.128.0/19 maxlen: 19
62.193.137.0/24 maxlen: 24
62.193.151.0/24 maxlen: 24
91.148.112.0/22 maxlen: 22
91.148.117.0/24 maxlen: 24
91.148.118.0/24 maxlen: 24
91.148.124.0/24 maxlen: 24
91.148.125.0/24 maxlen: 24
91.148.123.0/24 maxlen: 24
91.148.122.0/24 maxlen: 24
91.148.120.0/23 maxlen: 23
91.148.126.0/23 maxlen: 24
85.222.160.0/24 maxlen: 24
85.222.160.0/22 maxlen: 24
91.148.69.0/24 maxlen: 24
91.148.70.0/24 maxlen: 24
91.148.68.0/24 maxlen: 24
91.148.64.0/18 maxlen: 18
91.148.72.0/24 maxlen: 24
91.148.73.0/24 maxlen: 24
91.148.80.0/20 maxlen: 20
91.148.96.0/20 maxlen: 20
91.148.96.0/21 maxlen: 21
91.148.105.0/24 maxlen: 24
91.148.104.0/24 maxlen: 24
62.108.107.0/24 maxlen: 24
185.47.210.0/24 maxlen: 24
185.47.208.0/22 maxlen: 22
185.47.208.0/24 maxlen: 24
178.20.206.0/24 maxlen: 24
62.108.96.0/19 maxlen: 19
178.20.204.0/22 maxlen: 22
178.20.204.0/24 maxlen: 24
178.20.205.0/24 maxlen: 24
178.20.207.0/24 maxlen: 24
2001:8c8::/32 maxlen: 32
2a02:e40::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a1:99:15:24:32:fa:5a:19:49:42:a0:45:c4:86:8c:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Validity
Not Before: Mar 2 09:13:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=51f20614b44bb858316038ed37c519aa2bc3cc6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:7f:20:d1:67:68:88:3a:69:67:5f:4e:be:99:
03:71:85:5d:4e:af:60:1d:5e:79:2b:b9:40:de:43:
1b:c0:0d:ab:6a:df:a0:a0:35:35:28:0e:c2:cd:0c:
c7:de:24:2c:35:d7:e3:2e:8f:fe:19:64:67:d0:c6:
a6:94:4e:0d:77:34:0f:6d:fa:29:ae:f5:bd:55:dd:
bb:77:ab:8e:4e:32:93:2a:17:5e:a1:25:19:c0:1d:
7a:2d:98:eb:af:93:c9:99:37:e9:63:6b:00:62:42:
58:51:59:6f:48:5c:ec:bf:c4:cf:55:d6:1a:f8:aa:
8c:83:dd:8b:92:96:4c:58:7d:15:e7:09:55:d3:18:
2c:92:f8:22:6d:a7:fe:eb:49:72:3f:b2:da:32:a5:
74:9b:f3:b8:4d:4c:49:ed:d8:79:2e:ca:0a:90:c6:
7b:46:c6:57:a0:b9:a8:0f:cc:97:47:bb:d0:9f:08:
76:3c:0d:a4:03:00:73:f9:98:a2:84:bf:3c:87:58:
dd:e1:03:ea:e5:0c:38:86:bf:25:3a:ea:5e:a9:f1:
29:bf:d0:bc:d9:88:3f:40:df:9e:52:55:4e:90:95:
8f:74:61:90:aa:8c:fd:e7:e2:ac:bc:2c:2f:65:7d:
15:e6:b7:1a:30:7d:6e:ed:17:58:8e:de:e4:46:8b:
d9:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:F2:06:14:B4:4B:B8:58:31:60:38:ED:37:C5:19:AA:2B:C3:CC:6B
X509v3 Authority Key Identifier:
keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/UfIGFLRLuFgxYDjtN8UZqivDzGs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.108.96.0/19
62.193.128.0/19
85.222.160.0/22
91.148.64.0/18
178.20.204.0/22
185.47.208.0/22
194.106.160.0/19
195.252.64.0/18
213.244.224.0/20
217.26.64.0/20
IPv6:
2001:8c8::/32
2a02:e40::/32
Signature Algorithm: sha256WithRSAEncryption
86:dc:41:25:6a:cd:b7:7b:95:72:49:cd:ee:7c:8e:77:b8:ab:
3a:5b:d7:43:1e:77:8a:c2:f7:68:1c:69:33:f8:19:ff:80:12:
09:cb:d0:94:bc:32:80:8e:7c:23:b0:2e:de:9e:fa:13:8e:4d:
88:04:6b:fa:a3:5d:9e:95:3f:ca:af:95:e8:0b:3a:9d:ad:c6:
25:43:d9:25:21:6e:7f:54:0c:e5:53:63:a1:6b:2c:b9:57:dc:
24:c9:27:49:85:42:a5:cd:40:44:54:09:c7:69:51:c9:cc:dc:
9d:7f:d4:c1:e1:b4:82:94:5b:5f:68:7c:2b:59:38:3c:43:ff:
e1:39:55:9c:bc:ce:74:8e:77:37:23:9a:88:4f:76:68:96:10:
94:5e:1c:f2:c5:61:91:22:4c:0f:4c:da:18:a1:13:ea:29:1a:
d0:51:e8:59:2b:69:e3:ac:7f:45:34:fb:bf:18:d6:07:6f:88:
a9:fc:16:2d:5c:bf:bd:c9:31:4b:8d:b9:b7:95:70:bb:be:c5:
e6:03:39:bd:67:fe:79:84:02:aa:cd:c4:84:e1:a4:f1:d5:59:
df:bf:36:85:80:1f:b0:20:ac:e1:ef:d9:8b:ca:e6:3e:dc:8e:
08:b1:f1:9a:ea:8b:ed:d9:d0:cc:11:c8:fd:3b:f1:8c:8f:92:
c2:16:8e:da
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYahmRUkMvpaGUlCoEXEhoxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjMwMzAyMDkxMzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWYyMDYxNGI0NGJiODU4MzE2MDM4ZWQzN2M1MTlhYTJiYzNjYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqH8g0WdoiDppZ19OvpkDcYVdTq9g
HV55K7lA3kMbwA2rat+goDU1KA7CzQzH3iQsNdfjLo/+GWRn0MamlE4NdzQPbfop
rvW9Vd27d6uOTjKTKhdeoSUZwB16LZjrr5PJmTfpY2sAYkJYUVlvSFzsv8TPVdYa
+KqMg92LkpZMWH0V5wlV0xgskvgibaf+60lyP7LaMqV0m/O4TUxJ7dh5LsoKkMZ7
RsZXoLmoD8yXR7vQnwh2PA2kAwBz+ZiihL88h1jd4QPq5Qw4hr8lOupeqfEpv9C8
2Yg/QN+eUlVOkJWPdGGQqoz95+KsvCwvZX0V5rcaMH1u7RdYjt7kRovZxQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFFHyBhS0S7hYMWA47TfFGaorw8xrMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvVWZJR0ZMUkx1Rmd4WURqdE44VVpxaXZEekdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQFPmxgAwQF
PsGAAwQCVd6gAwQGW5RAAwQCshTMAwQCuS/QAwQFwmqgAwQGw/xAAwQE1fTgAwQE
2RpAMBQEAgACMA4DBQAgAQjIAwUAKgIOQDANBgkqhkiG9w0BAQsFAAOCAQEAhtxB
JWrNt3uVcknN7nyOd7irOlvXQx53isL3aBxpM/gZ/4ASCcvQlLwygI58I7Au3p76
E45NiARr+qNdnpU/yq+V6As6na3GJUPZJSFuf1QM5VNjoWssuVfcJMknSYVCpc1A
RFQJx2lRyczcnX/UweG0gpRbX2h8K1k4PEP/4TlVnLzOdI53NyOaiE92aJYQlF4c
8sVhkSJMD0zaGKET6ika0FHoWStp46x/RTT7vxjWB2+IqfwWLVy/vckxS425t5Vw
u77F5gM5vWf+eYQCqs3EhOGk8dVZ3782hYAfsCCs4e/Zi8rmPtyOCLHxmuqL7dnQ
zBHI/TvxjI+SwhaO2g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:19 2024 by rpki-client on console-ams.rpki-client.org