Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/YPjFkeG61jrbVoRMeW8aVMdRi40.roa
File: YPjFkeG61jrbVoRMeW8aVMdRi40.roa (raw, json)
Hash identifier: NxnrC+Fnjx7ULN1tkmzR/xZ+Zx6JCzafkX/oQjj28Mc=
Subject key identifier: 60:F8:C5:91:E1:BA:D6:3A:DB:56:84:4C:79:6F:1A:54:C7:51:8B:8D
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 018748FDF6ABA0EC868E209DB0C25A2F0F20
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/YPjFkeG61jrbVoRMeW8aVMdRi40.roa
Signing time: Mon 03 Apr 2023 21:20:15 +0000
ROA not before: Mon 03 Apr 2023 21:20:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44477
IP address blocks: 94.131.96.0/24 maxlen: 24
94.131.98.0/24 maxlen: 24
94.131.97.0/24 maxlen: 24
94.131.99.0/24 maxlen: 24
94.131.102.0/24 maxlen: 24
94.131.101.0/24 maxlen: 24
94.131.100.0/24 maxlen: 24
94.131.105.0/24 maxlen: 24
94.131.106.0/24 maxlen: 24
94.131.110.0/24 maxlen: 24
94.131.109.0/24 maxlen: 24
94.131.108.0/24 maxlen: 24
94.131.107.0/24 maxlen: 24
94.131.111.0/24 maxlen: 24
94.131.116.0/24 maxlen: 24
94.131.114.0/24 maxlen: 24
95.164.84.0/22 maxlen: 24
95.164.8.0/22 maxlen: 24
95.164.16.0/22 maxlen: 24
95.164.44.0/22 maxlen: 24
94.131.2.0/24 maxlen: 24
94.131.3.0/24 maxlen: 24
94.131.8.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:48:fd:f6:ab:a0:ec:86:8e:20:9d:b0:c2:5a:2f:0f:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Apr 3 21:20:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60f8c591e1bad63adb56844c796f1a54c7518b8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:12:9d:0e:c0:a9:a2:1d:74:d0:3e:a5:fd:f3:
b1:4f:19:2b:c7:a9:a9:ad:cb:10:d8:b4:b1:95:de:
29:16:fa:25:ad:f0:f3:72:b2:fc:03:2f:98:ed:1c:
25:3c:32:3e:5f:65:74:a8:d7:05:ea:ec:81:25:c8:
ec:32:6c:ed:d2:64:d7:a7:53:18:81:32:05:1e:35:
9d:fb:8a:66:34:a7:af:94:a7:d0:83:dc:ed:fd:05:
82:e5:94:cd:91:e9:fe:bc:7a:91:c5:5e:b8:9b:e1:
0d:c8:b8:19:a6:62:ce:80:42:d2:c3:00:4f:92:6b:
0f:90:2d:3c:6e:53:54:b6:08:8b:7a:05:2e:98:75:
a6:a0:d4:18:90:67:e1:8f:78:17:2b:3f:ed:02:2d:
a8:db:2a:40:ff:21:6e:08:77:16:2b:98:13:16:af:
fc:41:9b:5a:bf:23:4a:f3:11:ae:ff:c7:9f:2d:9c:
21:ee:be:09:5e:f7:3c:86:cd:da:ad:c0:f6:0b:88:
19:a2:fa:ba:21:bf:b3:de:ae:82:55:f2:14:74:90:
da:de:1d:42:3c:54:d9:83:a7:e3:01:b2:6f:3b:82:
17:f5:d4:f7:c0:23:85:d2:a0:83:5b:f3:9b:4f:e9:
f1:d4:73:d1:e8:b1:1d:9b:54:1c:c9:96:c2:08:66:
58:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:F8:C5:91:E1:BA:D6:3A:DB:56:84:4C:79:6F:1A:54:C7:51:8B:8D
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/YPjFkeG61jrbVoRMeW8aVMdRi40.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.2.0/23
94.131.8.0/21
94.131.96.0-94.131.102.255
94.131.105.0-94.131.111.255
94.131.114.0/24
94.131.116.0/24
95.164.8.0/22
95.164.16.0/22
95.164.44.0/22
95.164.84.0/22
Signature Algorithm: sha256WithRSAEncryption
10:1f:05:ef:ac:16:c2:8b:02:75:07:6b:2f:6e:8a:99:68:c5:
e9:0f:39:3f:15:60:41:0d:d5:ff:d1:ed:e0:a0:2b:88:25:a9:
8d:20:de:1a:31:dd:e7:48:67:24:25:fc:9d:b4:d3:1b:f8:4e:
f6:21:03:d1:1a:3d:9b:c0:3b:3c:ef:14:77:5f:80:52:e7:73:
0c:79:89:95:8a:80:92:67:26:2e:33:94:4e:42:22:01:88:2e:
7f:05:04:69:e1:d4:40:c7:77:72:ee:cf:3f:06:41:74:11:3b:
85:2a:e8:fa:5e:cd:e3:d6:17:f4:6e:4d:23:c8:05:08:33:fe:
53:94:27:e9:42:2f:a8:33:2d:be:f6:69:ab:2a:40:2e:92:a0:
16:46:73:b7:0d:61:69:22:b8:c7:1c:15:8d:d8:7e:02:3f:d0:
82:da:e0:b8:4a:15:d7:5a:51:49:d9:a9:4f:5d:5a:f6:ff:72:
80:69:1c:0b:8b:3a:6e:59:dd:bc:47:e9:63:05:75:b5:4a:e7:
bc:54:3b:28:16:95:d8:16:3f:cb:fc:03:ea:98:1e:d5:f6:90:
57:f2:7c:0c:85:f0:26:34:53:c5:34:71:d3:d6:7d:a7:2f:77:
19:09:0b:7c:ee:57:7f:f5:f5:ad:8e:6c:a3:24:34:56:1a:e7:
e3:f0:7e:19
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYdI/faroOyGjiCdsMJaLw8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjMwNDAzMjEyMDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGY4YzU5MWUxYmFkNjNhZGI1Njg0NGM3OTZmMWE1NGM3NTE4YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphKdDsCpoh100D6l/fOxTxkrx6mp
rcsQ2LSxld4pFvolrfDzcrL8Ay+Y7RwlPDI+X2V0qNcF6uyBJcjsMmzt0mTXp1MY
gTIFHjWd+4pmNKevlKfQg9zt/QWC5ZTNken+vHqRxV64m+ENyLgZpmLOgELSwwBP
kmsPkC08blNUtgiLegUumHWmoNQYkGfhj3gXKz/tAi2o2ypA/yFuCHcWK5gTFq/8
QZtavyNK8xGu/8efLZwh7r4JXvc8hs3arcD2C4gZovq6Ib+z3q6CVfIUdJDa3h1C
PFTZg6fjAbJvO4IX9dT3wCOF0qCDW/ObT+nx1HPR6LEdm1QcyZbCCGZYJwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGD4xZHhutY621aETHlvGlTHUYuNMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvWVBqRmtlRzYxanJiVm9STWVXOGFWTWRSaTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQBXoMCAwQD
XoMIMAwDBAVeg2ADBABeg2YwDAMEAF6DaQMEBF6DYAMEAF6DcgMEAF6DdAMEAl+k
CAMEAl+kEAMEAl+kLAMEAl+kVDANBgkqhkiG9w0BAQsFAAOCAQEAEB8F76wWwosC
dQdrL26KmWjF6Q85PxVgQQ3V/9Ht4KAriCWpjSDeGjHd50hnJCX8nbTTG/hO9iED
0Ro9m8A7PO8Ud1+AUudzDHmJlYqAkmcmLjOUTkIiAYgufwUEaeHUQMd3cu7PPwZB
dBE7hSro+l7N49YX9G5NI8gFCDP+U5Qn6UIvqDMtvvZpqypALpKgFkZztw1haSK4
xxwVjdh+Aj/QgtrguEoV11pRSdmpT11a9v9ygGkcC4s6blndvEfpYwV1tUrnvFQ7
KBaV2BY/y/wD6pge1faQV/J8DIXwJjRTxTRx09Z9py93GQkLfO5Xf/X1rY5soyQ0
Vhrn4/B+GQ==
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:34:57 2025 by rpki-client