Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/yrDAoCHVFcylcDMTOjMRyAErriw.roa
File: yrDAoCHVFcylcDMTOjMRyAErriw.roa (raw, json)
Hash identifier: 8tAKgaGQh94UJ978BZnvHQDRZQf6qIYQccZ3kmtsiOU=
Subject key identifier: CA:B0:C0:A0:21:D5:15:CC:A5:70:33:13:3A:33:11:C8:01:2B:AE:2C
Certificate issuer: /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial: 018964895A3379F8E47FFDEA8D425E378C2B
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/yrDAoCHVFcylcDMTOjMRyAErriw.roa
Signing time: Mon 17 Jul 2023 15:47:50 +0000
ROA not before: Mon 17 Jul 2023 15:47:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202656
IP address blocks: 194.34.249.0/24 maxlen: 24
176.53.135.0/24 maxlen: 24
176.53.134.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:89:5a:33:79:f8:e4:7f:fd:ea:8d:42:5e:37:8c:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
Validity
Not Before: Jul 17 15:47:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cab0c0a021d515cca57033133a3311c8012bae2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c6:0f:6b:54:ec:c1:46:46:94:c8:6c:ca:4c:
ec:f0:d2:1e:26:6e:4e:2e:97:d1:e9:3b:d2:01:79:
ad:fa:8d:c6:ac:16:f8:4f:cf:0d:7e:9e:73:ae:4f:
f6:2a:12:b0:86:a8:e6:a3:71:d1:46:70:c7:f8:55:
ce:5d:25:4e:87:4b:dc:61:2d:10:7b:a2:b1:91:cf:
9f:59:76:0d:0c:20:2f:0f:b4:ca:f5:2c:fb:0f:ef:
c6:41:bc:68:35:c3:ff:3a:0e:e9:14:29:c4:17:d1:
d5:bb:58:73:de:dc:e7:48:31:28:63:19:1d:dc:b9:
c3:d5:97:c6:4b:49:ab:f1:f6:41:6c:1f:07:db:db:
62:5c:90:c8:fb:d4:9c:26:ed:2f:ed:d8:23:f9:65:
70:37:69:dd:71:e4:a0:f1:4a:42:98:1e:78:ab:06:
82:22:fc:99:07:f0:44:1f:14:c7:ac:40:a0:22:b5:
59:d7:80:e8:95:32:41:69:11:91:a4:36:77:9f:a8:
08:04:9e:25:6b:76:04:99:79:57:7b:b5:7e:10:3d:
c8:ef:f2:c5:61:e7:57:05:e4:e9:ad:45:98:30:74:
b2:2b:32:ac:b2:8b:9c:fa:3f:be:a8:31:4e:8c:96:
71:94:f5:dd:89:55:bd:9a:a4:a9:97:7d:b7:ae:86:
6d:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:B0:C0:A0:21:D5:15:CC:A5:70:33:13:3A:33:11:C8:01:2B:AE:2C
X509v3 Authority Key Identifier:
keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/yrDAoCHVFcylcDMTOjMRyAErriw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.53.134.0/23
194.34.249.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:15:19:70:72:0d:56:30:d5:b3:9f:b6:a1:43:0b:49:60:2f:
5b:d4:1d:89:bd:0a:a5:09:15:67:a8:1b:12:eb:2d:7f:51:e0:
72:49:26:c4:c5:a8:3e:1b:81:dd:0d:a5:56:bb:49:8e:43:a5:
ba:a9:f2:b3:94:24:98:ac:0a:90:cc:ab:6e:f0:1a:0f:98:c3:
30:90:12:8c:96:c4:f1:6b:fb:f9:08:c0:cf:75:35:46:e8:d6:
48:bd:31:32:d6:7a:31:9c:69:1d:4f:90:49:96:29:e6:71:08:
23:e7:e0:3d:9f:8f:31:27:b0:9e:40:4b:8e:9e:6b:b6:7c:ba:
0b:f5:fa:69:ca:54:97:0c:d6:d6:dc:6c:84:31:bc:70:0c:43:
ad:b6:09:25:a5:6c:22:f2:f0:0b:46:c5:33:63:56:5e:37:20:
1e:f6:f0:00:d4:b7:ed:bf:6c:83:b7:f9:17:01:53:2d:37:77:
2c:53:99:2a:01:aa:f6:51:df:76:19:aa:e4:87:7c:28:77:2c:
a5:57:ac:dc:ef:12:ff:1a:4f:b8:f1:03:ec:1c:2e:81:5c:77:
7d:af:b7:28:96:48:f9:f1:fa:63:cd:61:ca:a7:a5:36:72:5e:
f9:26:45:75:5c:08:dc:d5:c5:3b:15:43:c6:ea:df:60:cf:0c:
ca:2b:05:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYlkiVozefjkf/3qjUJeN4wrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWIwYzBhMDIxZDUxNWNjYTU3MDMzMTMzYTMzMTFjODAxMmJhZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8YPa1TswUZGlMhsykzs8NIeJm5O
LpfR6TvSAXmt+o3GrBb4T88Nfp5zrk/2KhKwhqjmo3HRRnDH+FXOXSVOh0vcYS0Q
e6Kxkc+fWXYNDCAvD7TK9Sz7D+/GQbxoNcP/Og7pFCnEF9HVu1hz3tznSDEoYxkd
3LnD1ZfGS0mr8fZBbB8H29tiXJDI+9ScJu0v7dgj+WVwN2ndceSg8UpCmB54qwaC
IvyZB/BEHxTHrECgIrVZ14DolTJBaRGRpDZ3n6gIBJ4la3YEmXlXe7V+ED3I7/LF
YedXBeTprUWYMHSyKzKssouc+j++qDFOjJZxlPXdiVW9mqSpl323roZtUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMqwwKAh1RXMpXAzEzozEcgBK64sMB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEveXJEQW9DSFZGY3lsY0RNVE9qTVJ5QUVycml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsDWGAwQA
wiL5MA0GCSqGSIb3DQEBCwUAA4IBAQCrFRlwcg1WMNWzn7ahQwtJYC9b1B2JvQql
CRVnqBsS6y1/UeBySSbExag+G4HdDaVWu0mOQ6W6qfKzlCSYrAqQzKtu8BoPmMMw
kBKMlsTxa/v5CMDPdTVG6NZIvTEy1noxnGkdT5BJlinmcQgj5+A9n48xJ7CeQEuO
nmu2fLoL9fppylSXDNbW3GyEMbxwDEOttgklpWwi8vALRsUzY1ZeNyAe9vAA1Lft
v2yDt/kXAVMtN3csU5kqAar2Ud92Garkh3wodyylV6zc7xL/Gk+48QPsHC6BXHd9
r7colkj58fpjzWHKp6U2cl75JkV1XAjc1cU7FUPG6t9gzwzKKwVA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:04 2024 by rpki-client on console-fra.rpki-client.org