Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/y5HHh42Y70iNQqHI5yp7-ZzVEwo.roa
File: y5HHh42Y70iNQqHI5yp7-ZzVEwo.roa (raw, json)
Hash identifier: pxveAplG/nIan2wqgGfldYiU1oomif2pQvFEWCQ3NlM=
Subject key identifier: CB:91:C7:87:8D:98:EF:48:8D:42:A1:C8:E7:2A:7B:F9:9C:D5:13:0A
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 414A3457
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/y5HHh42Y70iNQqHI5yp7-ZzVEwo.roa
Signing time: Sat 01 Jan 2022 05:58:35 +0000
ROA not before: Sat 01 Jan 2022 05:58:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15516
IP address blocks: 217.20.48.0/20 maxlen: 20
82.192.128.0/19 maxlen: 19
89.19.128.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1095382103 (0x414a3457)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: Jan 1 05:58:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cb91c7878d98ef488d42a1c8e72a7bf99cd5130a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:2c:ec:25:69:8b:4a:8a:4d:f0:7f:56:14:3a:
ff:8b:5c:10:4b:a7:97:d7:78:d6:45:66:d8:a0:cb:
9f:d2:5a:5b:8d:d9:a0:c5:d2:eb:cd:d8:02:63:47:
96:f9:6d:8d:1c:78:60:11:98:be:be:ab:0a:d5:5e:
8c:6f:33:cc:b3:2e:18:f0:ae:29:11:e1:00:84:54:
42:5a:a3:a3:67:d3:f3:60:b4:74:67:91:4b:8f:a0:
02:f9:9e:a9:dd:93:21:fd:88:bb:8c:cb:1c:61:b8:
a1:d0:ed:a4:0d:70:4a:24:34:9a:35:08:ec:ae:96:
46:68:f0:e4:df:57:5b:a9:79:4f:7d:61:0a:63:72:
e8:fe:b6:81:8f:da:99:12:fe:8a:ea:61:c6:61:af:
1a:6f:b3:de:e4:a7:cc:b5:34:1e:7d:f6:33:12:18:
ad:a1:e6:62:91:df:f9:3d:cf:13:d2:49:4c:f5:44:
3f:c7:fb:ae:24:c6:2e:06:40:44:3e:0e:e2:6c:52:
d2:3a:bf:66:fc:ac:7c:b4:fa:21:7f:fc:0c:4a:3f:
ea:c8:ab:d8:56:c5:8f:ff:c0:06:e0:7f:b9:35:56:
4f:57:b7:c6:fc:72:70:11:4a:68:2c:51:ea:54:b9:
73:fc:79:bb:3c:b1:ba:f9:8a:3b:e2:b8:ae:c7:1d:
85:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:91:C7:87:8D:98:EF:48:8D:42:A1:C8:E7:2A:7B:F9:9C:D5:13:0A
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/y5HHh42Y70iNQqHI5yp7-ZzVEwo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.192.128.0/19
89.19.128.0/19
217.20.48.0/20
Signature Algorithm: sha256WithRSAEncryption
88:d1:b0:7b:b9:ff:b0:83:dd:f7:e0:48:8b:58:8c:bb:db:25:
3a:e5:96:c9:b7:f9:e5:bc:b8:06:40:32:17:95:90:67:2c:97:
95:d5:1b:5f:51:94:4b:f3:06:19:3c:0d:44:99:f5:29:b1:6d:
6d:95:b7:f9:b1:88:cb:a9:2e:29:1d:a9:92:a6:b0:a9:24:c0:
44:f3:b7:7e:f6:da:9b:f8:ac:81:20:68:71:7e:92:84:95:e6:
39:ad:00:82:b6:c7:51:c2:d9:92:ca:2e:1b:89:74:7f:b5:3a:
54:e8:4d:66:50:ed:e4:0e:ee:48:f3:ab:c6:e0:8f:31:5d:a3:
2a:bb:dd:59:50:7e:3b:c9:6c:fb:df:ba:4b:48:5c:a0:58:6b:
68:a3:27:86:fb:9a:1a:ec:d3:bd:38:50:80:06:80:a2:67:5c:
35:00:a7:0a:52:09:f3:dc:bb:dd:b6:87:1e:d1:aa:50:b2:52:
8d:4f:76:25:0c:66:be:a8:41:2f:c2:05:a9:4c:40:4d:ec:31:
92:aa:bc:0b:3e:71:02:4d:c1:93:3e:1a:4e:27:2f:4c:7e:71:
19:c0:4d:ed:91:2b:b9:93:aa:1b:9b:42:28:d2:8d:44:49:72:
42:19:5f:c0:94:82:4d:c8:2d:fc:1a:61:4b:4d:96:1a:aa:c1:
1b:30:b1:a4
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEQUo0VzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZThiMjRjNzZhZDg3YTZjMWZlZGZmYWYwOGQ5YjE3YjQ1MjQ5OTkxMB4XDTIyMDEw
MTA1NTgzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2I5MWM3ODc4ZDk4
ZWY0ODhkNDJhMWM4ZTcyYTdiZjk5Y2Q1MTMwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALgs7CVpi0qKTfB/VhQ6/4tcEEunl9d41kVm2KDLn9JaW43Z
oMXS683YAmNHlvltjRx4YBGYvr6rCtVejG8zzLMuGPCuKRHhAIRUQlqjo2fT82C0
dGeRS4+gAvmeqd2TIf2Iu4zLHGG4odDtpA1wSiQ0mjUI7K6WRmjw5N9XW6l5T31h
CmNy6P62gY/amRL+iuphxmGvGm+z3uSnzLU0Hn32MxIYraHmYpHf+T3PE9JJTPVE
P8f7riTGLgZARD4O4mxS0jq/ZvysfLT6IX/8DEo/6sir2FbFj//ABuB/uTVWT1e3
xvxycBFKaCxR6lS5c/x5uzyxuvmKO+K4rscdhQMCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTLkceHjZjvSI1CocjnKnv5nNUTCjAfBgNVHSMEGDAWgBQuiyTHath6bB/t
/68I2bF7RSSZkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xvc2t4MnJZZW13ZjdmLXZDTm14ZTBVa21aRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmUvMDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8x
L3k1SEhoNDJZNzBpTlFxSEk1eXA3LVp6VkV3by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUv
MDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8xL0xvc2t4MnJZZW13
ZjdmLXZDTm14ZTBVa21aRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEBVLAgAMEBVkTgAMEBNkUMDANBgkq
hkiG9w0BAQsFAAOCAQEAiNGwe7n/sIPd9+BIi1iMu9slOuWWybf55by4BkAyF5WQ
ZyyXldUbX1GUS/MGGTwNRJn1KbFtbZW3+bGIy6kuKR2pkqawqSTARPO3fvbam/is
gSBocX6ShJXmOa0AgrbHUcLZksouG4l0f7U6VOhNZlDt5A7uSPOrxuCPMV2jKrvd
WVB+O8ls+9+6S0hcoFhraKMnhvuaGuzTvThQgAaAomdcNQCnClIJ89y73baHHtGq
ULJSjU92JQxmvqhBL8IFqUxATewxkqq8Cz5xAk3Bkz4aTicvTH5xGcBN7ZEruZOq
G5tCKNKNRElyQhlfwJSCTcgt/BphS02WGqrBGzCxpA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:00 2024 by rpki-client on console-fra.rpki-client.org