Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/YZYZLivlmcL-vSFt1e8m0ZBepa4.roa
File: YZYZLivlmcL-vSFt1e8m0ZBepa4.roa (raw, json)
Hash identifier: k3f0s8UwFdkY6XgsRysuBGCecHrlsViAPdINVvudADI=
Subject key identifier: 61:96:19:2E:2B:E5:99:C2:FE:BD:21:6D:D5:EF:26:D1:90:5E:A5:AE
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 018CC2DAE501EB2774DFB7ACD9C2035DA32A
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/YZYZLivlmcL-vSFt1e8m0ZBepa4.roa
Signing time: Mon 01 Jan 2024 02:29:34 +0000
ROA not before: Mon 01 Jan 2024 02:29:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211857
IP address blocks: 188.214.104.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:da:e5:01:eb:27:74:df:b7:ac:d9:c2:03:5d:a3:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Jan 1 02:29:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6196192e2be599c2febd216dd5ef26d1905ea5ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:1d:a7:a0:a5:a5:7a:4d:cd:3e:1b:fa:4c:2d:
a5:3c:ea:24:cb:a2:9a:41:99:18:44:35:7e:22:e9:
b0:5f:37:a7:58:be:c9:b7:de:87:ad:6d:d7:14:91:
7b:d9:54:12:ae:94:91:98:63:64:4b:c7:eb:38:77:
c9:70:71:fe:ff:84:d7:1f:11:4a:7b:7e:88:3f:0b:
3c:a6:3c:b4:43:e4:27:3c:26:d9:86:4c:bd:3b:a0:
d1:b5:b1:ce:10:12:49:70:0e:97:2d:95:94:4d:56:
3f:06:e7:cf:89:56:d0:53:24:7a:e2:46:84:0b:38:
32:f0:ca:6c:ea:36:72:d7:4d:d6:cf:95:5b:24:98:
12:83:c9:69:55:d8:9f:e6:c9:ca:dd:a8:80:d2:f6:
fa:7f:bd:3c:84:64:4d:c0:69:2f:a3:8c:eb:49:51:
d2:19:15:c9:40:81:30:88:dd:fb:19:7c:a3:ab:67:
6f:1f:9c:ee:c6:78:da:8a:ee:95:f1:df:df:7a:d9:
bf:39:56:37:79:57:05:32:5a:98:80:65:99:c3:c3:
cf:ca:7f:49:bf:43:43:df:af:23:98:f6:56:a1:3e:
1a:f2:ca:57:d3:9a:76:24:ba:47:d4:45:5a:6f:ce:
d8:f9:2e:7d:f6:8f:5b:79:34:e1:86:5b:e3:73:e4:
b1:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:96:19:2E:2B:E5:99:C2:FE:BD:21:6D:D5:EF:26:D1:90:5E:A5:AE
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/YZYZLivlmcL-vSFt1e8m0ZBepa4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.214.104.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:af:3a:9b:48:e9:89:62:88:88:02:54:9c:fa:3c:13:ce:2c:
9b:d6:db:88:a6:79:45:63:24:52:c3:7e:d4:e9:0e:92:a2:2d:
42:81:36:0b:ab:6b:d3:69:0a:dd:af:42:48:93:1d:c3:5f:ea:
f4:f3:3d:1c:29:53:20:8c:e5:0f:f3:23:67:c4:79:2e:d7:fd:
05:e7:36:2e:8b:40:f7:f8:0a:c6:6d:2e:f4:de:c2:9b:26:4f:
c7:4c:92:50:84:1f:75:a5:24:0a:60:59:48:6e:39:e9:f5:b9:
45:3d:0f:0c:04:7c:8e:a0:e2:ed:65:14:39:91:c5:1d:82:af:
1c:27:da:26:39:fd:77:28:7d:17:01:5a:c9:da:db:51:74:a7:
1e:92:04:6d:21:92:d9:1b:65:ff:69:24:f2:e8:a4:3a:4e:8a:
04:6f:da:5f:ea:14:e9:6b:e3:7b:99:9d:c9:66:2b:ab:ed:c7:
3f:75:bd:3a:be:3b:c2:cb:ef:74:ad:d0:1b:14:30:f9:50:1a:
20:bf:ea:e3:3d:c4:6a:9e:09:48:71:74:c5:df:b7:d7:c8:c3:
1e:57:ea:ba:1f:bf:4d:14:0d:87:78:4c:9c:42:c3:54:07:98:
24:43:de:60:92:b0:83:fb:00:02:5a:80:12:94:ac:23:cd:30:
ee:83:79:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uUB6yd037es2cIDXaMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTk2MTkyZTJiZTU5OWMyZmViZDIxNmRkNWVmMjZkMTkwNWVhNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkx2noKWlek3NPhv6TC2lPOoky6Ka
QZkYRDV+IumwXzenWL7Jt96HrW3XFJF72VQSrpSRmGNkS8frOHfJcHH+/4TXHxFK
e36IPws8pjy0Q+QnPCbZhky9O6DRtbHOEBJJcA6XLZWUTVY/BufPiVbQUyR64kaE
Czgy8Mps6jZy103Wz5VbJJgSg8lpVdif5snK3aiA0vb6f708hGRNwGkvo4zrSVHS
GRXJQIEwiN37GXyjq2dvH5zuxnjaiu6V8d/fetm/OVY3eVcFMlqYgGWZw8PPyn9J
v0ND368jmPZWoT4a8spX05p2JLpH1EVab87Y+S599o9beTThhlvjc+SxfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGWGS4r5ZnC/r0hbdXvJtGQXqWuMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvWVpZWkxpdmxtY0wtdlNGdDFlOG0wWkJlcGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNZoMA0G
CSqGSIb3DQEBCwUAA4IBAQCarzqbSOmJYoiIAlSc+jwTziyb1tuIpnlFYyRSw37U
6Q6Soi1CgTYLq2vTaQrdr0JIkx3DX+r08z0cKVMgjOUP8yNnxHku1/0F5zYui0D3
+ArGbS703sKbJk/HTJJQhB91pSQKYFlIbjnp9blFPQ8MBHyOoOLtZRQ5kcUdgq8c
J9omOf13KH0XAVrJ2ttRdKcekgRtIZLZG2X/aSTy6KQ6TooEb9pf6hTpa+N7mZ3J
Ziur7cc/db06vjvCy+90rdAbFDD5UBogv+rjPcRqnglIcXTF37fXyMMeV+q6H79N
FA2HeEycQsNUB5gkQ95gkrCD+wACWoASlKwjzTDug3lg
-----END CERTIFICATE-----
Generated at Fri Sep 13 08:59:15 2024 by rpki-client on console-fra.rpki-client.org