Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/ypRoGjFbdQZLOO_SWzVItT3Fl_g.roa
File: ypRoGjFbdQZLOO_SWzVItT3Fl_g.roa (raw, json)
Hash identifier: BQMLKg8z9SiGVQBsF8yS3ElXGhHcqHr+nQ+RkKUc00w=
Subject key identifier: CA:94:68:1A:31:5B:75:06:4B:38:EF:D2:5B:35:48:B5:3D:C5:97:F8
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 018B1A861197D23CED4F3ADA6F08D284A913
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/ypRoGjFbdQZLOO_SWzVItT3Fl_g.roa
Signing time: Tue 10 Oct 2023 16:57:55 +0000
ROA not before: Tue 10 Oct 2023 16:57:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3356
IP address blocks: 82.206.48.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:1a:86:11:97:d2:3c:ed:4f:3a:da:6f:08:d2:84:a9:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Oct 10 16:57:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca94681a315b75064b38efd25b3548b53dc597f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:24:13:56:28:30:16:c3:73:bf:b9:4c:a7:43:
5b:3c:47:45:39:43:e0:d1:4e:a5:ea:9b:d2:f2:54:
15:12:68:ff:bf:e0:99:80:5f:8a:04:1a:62:67:ed:
4b:c3:93:95:20:07:5f:85:33:8d:4e:fb:57:c2:bf:
30:db:6d:47:cb:dc:0c:9b:91:41:a2:66:9f:08:c2:
d6:90:12:21:c8:75:b3:bb:fb:e7:2b:de:90:2e:37:
bf:69:d4:eb:af:0a:ce:59:45:f9:a8:ab:d2:7b:85:
aa:97:32:93:8a:a4:ff:9b:35:79:8d:96:c7:4c:cf:
4d:97:d6:af:50:9f:78:47:41:ab:aa:4b:d0:1e:15:
1a:5c:16:06:34:9f:7b:fb:54:34:27:e5:8d:61:4c:
2c:a3:55:be:30:f0:69:56:d4:cf:be:41:bb:52:7d:
d0:c4:66:73:ce:9d:d7:44:46:83:0b:f4:89:cf:a1:
36:85:e7:f3:26:d9:1b:61:29:ac:2e:da:76:64:ac:
17:c7:36:58:63:27:1a:b9:cf:85:a0:a7:13:fd:c6:
57:15:04:35:ba:d8:a2:29:c7:96:b7:89:8d:2a:81:
12:30:b9:29:08:2b:f2:5d:e1:82:d1:33:e7:10:ae:
57:71:3f:da:a8:c7:47:81:b4:a9:8a:52:a2:73:6f:
fc:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:94:68:1A:31:5B:75:06:4B:38:EF:D2:5B:35:48:B5:3D:C5:97:F8
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/ypRoGjFbdQZLOO_SWzVItT3Fl_g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.206.48.0/21
Signature Algorithm: sha256WithRSAEncryption
1a:90:23:26:cd:85:4b:c2:d0:86:08:b3:bc:6a:f9:ab:87:bc:
bb:7d:be:07:8c:fe:50:b7:63:a0:bb:72:40:a9:4f:97:2b:d8:
4b:12:1f:f9:d8:df:3f:24:8a:4c:0b:32:42:a0:bd:1d:4e:85:
3c:c3:be:dc:e2:9c:f0:f2:ee:e7:80:3d:b0:bb:27:26:4c:d0:
9b:71:f0:ac:d7:66:4a:51:8e:96:42:c7:26:88:ac:8f:bd:5e:
8d:43:74:a7:21:2d:89:e8:d9:7a:ca:7c:b1:42:70:9b:8e:85:
ba:4d:6f:b5:dc:8c:01:5d:0a:e3:8a:12:5c:21:4d:a0:6b:1e:
05:82:d1:bc:7a:fb:fc:68:a5:5d:a1:e8:bf:e0:19:ae:7e:18:
59:65:94:d8:a0:92:97:75:23:54:06:45:f1:2d:f5:cf:90:c9:
cd:18:3f:95:a4:56:17:01:27:9a:89:f3:ed:66:2b:d4:9f:e6:
67:e1:57:7f:b3:54:ed:61:62:41:ec:8a:3b:39:24:e1:ac:3d:
c0:9e:20:40:e4:0c:de:ed:bb:5f:e6:dc:a6:ed:21:81:97:28:
28:74:17:45:93:a5:05:7b:1c:38:da:60:ee:82:ff:a2:7d:49:
f8:4f:8d:4f:d0:6a:9e:7d:50:40:7c:b4:69:ae:96:20:1a:4e:
06:bd:7d:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYsahhGX0jztTzrabwjShKkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMxMDEwMTY1NzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTk0NjgxYTMxNWI3NTA2NGIzOGVmZDI1YjM1NDhiNTNkYzU5N2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CQTVigwFsNzv7lMp0NbPEdFOUPg
0U6l6pvS8lQVEmj/v+CZgF+KBBpiZ+1Lw5OVIAdfhTONTvtXwr8w221Hy9wMm5FB
omafCMLWkBIhyHWzu/vnK96QLje/adTrrwrOWUX5qKvSe4WqlzKTiqT/mzV5jZbH
TM9Nl9avUJ94R0GrqkvQHhUaXBYGNJ97+1Q0J+WNYUwso1W+MPBpVtTPvkG7Un3Q
xGZzzp3XREaDC/SJz6E2hefzJtkbYSmsLtp2ZKwXxzZYYycauc+FoKcT/cZXFQQ1
utiiKceWt4mNKoESMLkpCCvyXeGC0TPnEK5XcT/aqMdHgbSpilKic2/8/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqUaBoxW3UGSzjv0ls1SLU9xZf4MB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEveXBSb0dqRmJkUVpMT09fU1d6Vkl0VDNGbF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUs4wMA0G
CSqGSIb3DQEBCwUAA4IBAQAakCMmzYVLwtCGCLO8avmrh7y7fb4HjP5Qt2Ogu3JA
qU+XK9hLEh/52N8/JIpMCzJCoL0dToU8w77c4pzw8u7ngD2wuycmTNCbcfCs12ZK
UY6WQscmiKyPvV6NQ3SnIS2J6Nl6ynyxQnCbjoW6TW+13IwBXQrjihJcIU2gax4F
gtG8evv8aKVdoei/4BmufhhZZZTYoJKXdSNUBkXxLfXPkMnNGD+VpFYXASeaifPt
ZivUn+Zn4Vd/s1TtYWJB7Io7OSThrD3AniBA5Aze7btf5tym7SGBlygodBdFk6UF
exw42mDugv+ifUn4T41P0GqefVBAfLRprpYgGk4GvX1W
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:51:11 2025 by rpki-client