Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/YzSzmWvKfMGKrByz8oOoIlykwno.roa
File: YzSzmWvKfMGKrByz8oOoIlykwno.roa (raw, json)
Hash identifier: Auy5zkgfFoMfCG9uPM9/t6IO6llGaxhmYNWXL3OkLu0=
Subject key identifier: 63:34:B3:99:6B:CA:7C:C1:8A:AC:1C:B3:F2:83:A8:22:5C:A4:C2:7A
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 0189EF6A2B81DFBEBDA02A2E9F5359867E6B
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/YzSzmWvKfMGKrByz8oOoIlykwno.roa
Signing time: Sun 13 Aug 2023 15:00:59 +0000
ROA not before: Sun 13 Aug 2023 15:00:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20640
IP address blocks: 82.206.32.0/19 maxlen: 19
217.173.128.0/19 maxlen: 22
217.140.64.0/19 maxlen: 22
217.140.72.0/21 maxlen: 21
82.206.0.0/19 maxlen: 19
217.140.80.0/21 maxlen: 21
2001:4b88::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ef:6a:2b:81:df:be:bd:a0:2a:2e:9f:53:59:86:7e:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Aug 13 15:00:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6334b3996bca7cc18aac1cb3f283a8225ca4c27a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:27:3b:13:4f:c5:14:b5:b9:00:73:97:38:86:
06:f7:8e:80:e7:5a:ec:ec:7a:4a:60:af:60:c5:9a:
94:c3:0d:5c:19:58:2b:75:92:57:d7:dc:ec:2c:35:
79:3f:dc:51:06:9b:c0:eb:71:90:1f:36:d7:12:f0:
b0:e2:11:18:a2:26:c2:e1:c8:94:25:6e:f2:b9:bc:
e0:05:9d:1d:86:53:fe:d3:d4:aa:1d:f0:b1:27:73:
f0:8f:13:a1:99:ff:12:66:d4:0c:6a:f6:f3:a7:04:
6e:73:12:84:22:a4:70:bd:e3:b3:c1:cb:c9:0d:cf:
05:8a:e9:c2:4a:67:67:e9:67:2f:6b:37:11:40:37:
cf:be:c9:f0:58:5a:1d:d9:df:45:57:3e:f2:68:e4:
0a:36:8e:79:d5:92:68:b7:8a:b0:0a:90:ed:6f:54:
53:b3:b7:2f:a8:30:ba:32:89:2d:e9:fb:5f:48:9a:
c8:4b:63:c0:b5:3c:40:68:d1:52:44:8a:e9:96:6e:
a3:64:ad:e7:8d:4b:f2:52:21:b7:50:0d:5f:6e:07:
29:fb:39:95:c0:45:ce:50:62:4d:49:13:7a:f1:b8:
44:da:bf:a8:4b:23:73:33:08:9e:84:03:91:a7:e6:
e4:9c:00:20:e9:85:bf:40:ef:1a:ef:a2:c3:40:d5:
59:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:34:B3:99:6B:CA:7C:C1:8A:AC:1C:B3:F2:83:A8:22:5C:A4:C2:7A
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/YzSzmWvKfMGKrByz8oOoIlykwno.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.206.0.0/18
217.140.64.0/19
217.173.128.0/19
IPv6:
2001:4b88::/32
Signature Algorithm: sha256WithRSAEncryption
83:de:b0:dd:34:72:6f:64:ea:a1:d8:5c:0f:6e:db:81:a7:74:
50:c3:4c:11:ca:86:e3:12:b1:5b:c8:35:a2:4d:74:d9:d3:36:
8e:51:fd:a8:34:08:e7:3c:c7:c6:cc:9b:45:a5:44:8f:3f:f5:
1a:a8:6c:f0:2d:75:45:f8:5c:f2:a9:d5:d4:fc:88:9e:95:f5:
e6:22:6f:d0:ac:84:b7:36:71:dd:9b:f6:86:ba:d7:eb:88:57:
7f:ad:cf:ed:82:99:fa:98:59:b8:ab:d4:fa:22:6f:c0:45:45:
4f:56:32:f5:c6:93:36:cc:30:14:2a:7d:c2:a2:7b:dc:cc:11:
38:fb:24:04:51:42:c0:c5:54:b6:5b:3f:31:36:82:2a:f5:cb:
55:4c:7a:e7:7d:ef:2b:a1:24:f1:8c:31:ee:58:31:46:eb:10:
45:f0:90:54:0a:0d:d9:20:00:4c:c4:fa:a3:08:e2:4b:48:28:
28:3f:51:fb:e8:26:62:9a:66:eb:9d:fd:55:54:5a:5a:5d:4a:
e8:0c:46:5b:29:aa:e0:c1:e8:d9:21:c0:b6:11:19:3b:47:95:
66:b1:c1:cc:60:8b:39:47:99:09:01:5f:92:b4:cb:09:e9:ce:
18:4d:e1:f1:e4:ee:82:e0:66:0b:ce:bc:68:e9:fa:18:49:86:
56:a0:f4:97
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYnvaiuB3769oCoun1NZhn5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMwODEzMTUwMDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM0YjM5OTZiY2E3Y2MxOGFhYzFjYjNmMjgzYTgyMjVjYTRjMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCc7E0/FFLW5AHOXOIYG946A51rs
7HpKYK9gxZqUww1cGVgrdZJX19zsLDV5P9xRBpvA63GQHzbXEvCw4hEYoibC4ciU
JW7yubzgBZ0dhlP+09SqHfCxJ3PwjxOhmf8SZtQMavbzpwRucxKEIqRwveOzwcvJ
Dc8FiunCSmdn6WcvazcRQDfPvsnwWFod2d9FVz7yaOQKNo551ZJot4qwCpDtb1RT
s7cvqDC6Mokt6ftfSJrIS2PAtTxAaNFSRIrplm6jZK3njUvyUiG3UA1fbgcp+zmV
wEXOUGJNSRN68bhE2r+oSyNzMwiehAORp+bknAAg6YW/QO8a76LDQNVZOQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGM0s5lrynzBiqwcs/KDqCJcpMJ6MB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvWXpTem1XdktmTUdLckJ5ejhvT29JbHlrd25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQGUs4AAwQF
2YxAAwQF2a2AMA0EAgACMAcDBQAgAUuIMA0GCSqGSIb3DQEBCwUAA4IBAQCD3rDd
NHJvZOqh2FwPbtuBp3RQw0wRyobjErFbyDWiTXTZ0zaOUf2oNAjnPMfGzJtFpUSP
P/UaqGzwLXVF+FzyqdXU/IielfXmIm/QrIS3NnHdm/aGutfriFd/rc/tgpn6mFm4
q9T6Im/ARUVPVjL1xpM2zDAUKn3ConvczBE4+yQEUULAxVS2Wz8xNoIq9ctVTHrn
fe8roSTxjDHuWDFG6xBF8JBUCg3ZIABMxPqjCOJLSCgoP1H76CZimmbrnf1VVFpa
XUroDEZbKargwejZIcC2ERk7R5VmscHMYIs5R5kJAV+StMsJ6c4YTeHx5O6C4GYL
zrxo6foYSYZWoPSX
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:13:48 2025 by rpki-client