Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/YYTiwBmX8QE3kAHp8M9StP3kZBY.roa
File: YYTiwBmX8QE3kAHp8M9StP3kZBY.roa (raw, json)
Hash identifier: 7ILC4+qzQz7qnxfWafoS7yvXVl/4XAXnJ/ZQph7jp64=
Subject key identifier: 61:84:E2:C0:19:97:F1:01:37:90:01:E9:F0:CF:52:B4:FD:E4:64:16
Certificate issuer: /CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Certificate serial: 018A52DE241A3590383D045DCC39E7FCA7BF
Authority key identifier: 35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/YYTiwBmX8QE3kAHp8M9StP3kZBY.roa
Signing time: Fri 01 Sep 2023 22:30:04 +0000
ROA not before: Fri 01 Sep 2023 22:30:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208308
IP address blocks: 77.223.200.0/23 maxlen: 24
66.245.192.0/19 maxlen: 24
176.222.48.0/22 maxlen: 24
178.216.184.0/21 maxlen: 24
79.139.64.0/23 maxlen: 24
79.139.84.0/22 maxlen: 24
158.247.56.0/22 maxlen: 24
198.14.16.0/20 maxlen: 24
77.223.192.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:52:de:24:1a:35:90:38:3d:04:5d:cc:39:e7:fc:a7:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Validity
Not Before: Sep 1 22:30:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6184e2c01997f101379001e9f0cf52b4fde46416
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:16:5d:a7:a9:a0:f3:c2:90:f6:63:1e:55:c0:
98:08:bd:4d:bc:14:bb:71:20:85:a3:36:3d:8a:40:
8c:65:0d:f4:1c:55:81:67:f2:9c:74:a1:46:75:b3:
0a:5f:1f:ae:42:6d:87:ae:d9:0c:dd:fe:da:cf:a3:
81:3a:99:70:02:21:5c:79:4a:8e:86:5a:28:59:66:
07:3c:e4:28:37:cc:ac:1d:ac:5c:01:fa:b4:12:9c:
1d:2b:a7:5a:43:d9:b7:f7:73:79:d6:6f:cc:30:55:
fd:e7:2c:33:d7:c6:20:0c:84:90:e4:e9:31:01:39:
1e:51:f3:c2:4e:1d:70:3b:f2:05:f4:c5:98:9d:89:
c5:c8:58:22:16:06:be:78:7d:e0:f2:c5:32:dc:98:
75:6f:11:fb:a6:ef:8c:73:f5:e4:c2:d9:d3:ba:53:
b8:a5:8d:ee:38:be:4f:00:ee:60:62:d6:40:b1:29:
ec:22:89:08:f8:82:f9:84:5e:91:66:6e:53:52:bc:
e6:94:c5:24:79:00:87:e5:d1:7d:a9:73:e8:1c:f5:
f5:98:9d:9c:00:2a:ba:ac:aa:58:f4:e3:3e:74:9f:
ed:c6:f4:3a:cb:c3:92:fd:46:b7:dd:f8:15:c5:1f:
21:cd:2f:1f:7f:33:3f:ca:5b:f9:bb:e9:7b:61:37:
a6:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:84:E2:C0:19:97:F1:01:37:90:01:E9:F0:CF:52:B4:FD:E4:64:16
X509v3 Authority Key Identifier:
keyid:35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/YYTiwBmX8QE3kAHp8M9StP3kZBY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/NclgZQk5mLpCz7oRvw0X06xAPUA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
66.245.192.0/19
77.223.192.0-77.223.201.255
79.139.64.0/23
79.139.84.0/22
158.247.56.0/22
176.222.48.0/22
178.216.184.0/21
198.14.16.0/20
Signature Algorithm: sha256WithRSAEncryption
7d:fe:34:f5:91:d9:3c:c5:a3:af:5b:07:eb:aa:21:17:e2:55:
58:7a:c1:fa:c5:d8:fa:d8:f3:e9:aa:c9:1a:03:68:fe:6f:1a:
3e:09:0b:8b:a3:99:19:42:c8:a5:46:87:a8:ca:a7:73:a1:79:
a9:6a:8c:00:de:02:db:a8:36:23:81:f7:b7:7e:00:f7:3a:46:
1e:ad:2b:88:6e:ab:e6:db:35:d2:ef:23:b7:84:0f:ef:48:6a:
19:f4:73:98:ab:26:7c:32:58:27:af:39:27:91:55:74:5a:16:
ee:14:ad:33:95:0e:10:8f:dd:7f:ac:70:16:48:86:16:03:6e:
84:7d:f5:c8:55:92:82:3f:c6:df:6d:e0:57:cc:bc:f6:ed:26:
40:8b:23:b7:e8:0b:f1:66:49:ad:27:34:f1:3d:65:48:ad:37:
14:60:43:ae:96:31:c5:3b:dd:81:c9:7a:91:5d:71:f9:e4:0e:
5b:fc:1c:75:b0:cd:0a:ac:bd:4d:50:d3:38:5b:5d:c7:89:15:
b9:88:3c:a2:e1:b2:b1:d6:f8:c6:b7:6f:57:5c:3c:02:21:4e:
29:c0:72:fb:07:7f:70:5f:2b:79:41:af:20:07:0f:75:56:bb:
f1:4c:c9:82:33:1b:47:57:1b:9a:5b:e5:2e:e2:f9:c2:bd:78:
2a:62:09:58
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYpS3iQaNZA4PQRdzDnn/Ke/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1Yzk2MDY1MDkzOTk4YmE0MmNmYmExMWJmMGQxN2QzYWM0
MDNkNDAwHhcNMjMwOTAxMjIzMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTg0ZTJjMDE5OTdmMTAxMzc5MDAxZTlmMGNmNTJiNGZkZTQ2NDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxZdp6mg88KQ9mMeVcCYCL1NvBS7
cSCFozY9ikCMZQ30HFWBZ/KcdKFGdbMKXx+uQm2HrtkM3f7az6OBOplwAiFceUqO
hlooWWYHPOQoN8ysHaxcAfq0EpwdK6daQ9m393N51m/MMFX95ywz18YgDISQ5Okx
ATkeUfPCTh1wO/IF9MWYnYnFyFgiFga+eH3g8sUy3Jh1bxH7pu+Mc/XkwtnTulO4
pY3uOL5PAO5gYtZAsSnsIokI+IL5hF6RZm5TUrzmlMUkeQCH5dF9qXPoHPX1mJ2c
ACq6rKpY9OM+dJ/txvQ6y8OS/Ua33fgVxR8hzS8ffzM/ylv5u+l7YTemdQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGGE4sAZl/EBN5AB6fDPUrT95GQWMB8GA1UdIwQY
MBaAFDXJYGUJOZi6Qs+6Eb8NF9OsQD1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMt
NmJhYzM0OTg3MDE5LzEvWVlUaXdCbVg4UUUza0FIcDhNOVN0UDNrWkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMtNmJhYzM0OTg3MDE5
LzEvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQFQvXAMAwD
BAZN38ADBAFN38gDBAFPi0ADBAJPi1QDBAKe9zgDBAKw3jADBAOy2LgDBATGDhAw
DQYJKoZIhvcNAQELBQADggEBAH3+NPWR2TzFo69bB+uqIRfiVVh6wfrF2PrY8+mq
yRoDaP5vGj4JC4ujmRlCyKVGh6jKp3OhealqjADeAtuoNiOB97d+APc6Rh6tK4hu
q+bbNdLvI7eED+9Iahn0c5irJnwyWCevOSeRVXRaFu4UrTOVDhCP3X+scBZIhhYD
boR99chVkoI/xt9t4FfMvPbtJkCLI7foC/FmSa0nNPE9ZUitNxRgQ66WMcU73YHJ
epFdcfnkDlv8HHWwzQqsvU1Q0zhbXceJFbmIPKLhsrHW+Ma3b1dcPAIhTinAcvsH
f3BfK3lBryAHD3VWu/FMyYIzG0dXG5pb5S7i+cK9eCpiCVg=
-----END CERTIFICATE-----
Generated at Tue Sep 12 12:14:12 2023 by rpki-client on console-ams.rpki-client.org