Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/YNX4EXo91BQ5SHpanCsXj7Vn3yY.roa
File: YNX4EXo91BQ5SHpanCsXj7Vn3yY.roa (raw, json)
Hash identifier: 2UGPmidpEY+2p99CX9nvWU03abTwdeUA4ubDpIiwa8w=
Subject key identifier: 60:D5:F8:11:7A:3D:D4:14:39:48:7A:5A:9C:2B:17:8F:B5:67:DF:26
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 01879A66804794D55EA6ACFA1C6FF31348AC
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/YNX4EXo91BQ5SHpanCsXj7Vn3yY.roa
Signing time: Wed 19 Apr 2023 16:43:41 +0000
ROA not before: Wed 19 Apr 2023 16:43:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/22 maxlen: 24
185.149.12.0/24 maxlen: 24
185.149.13.0/24 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:9a:66:80:47:94:d5:5e:a6:ac:fa:1c:6f:f3:13:48:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Apr 19 16:43:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60d5f8117a3dd41439487a5a9c2b178fb567df26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:df:c2:4f:00:a2:47:e6:3c:dc:44:f1:ff:d7:
82:18:cf:ae:b0:6f:4f:f0:ab:0f:bd:b5:6a:01:cb:
a7:c1:44:bf:ff:8c:16:54:26:c6:7e:3c:64:3b:5e:
a8:0a:4f:c9:03:0d:9c:4f:25:c7:e5:c5:be:be:df:
1b:fc:ca:2f:f3:67:29:2f:71:a9:d4:70:66:eb:03:
48:9b:73:cc:97:52:ef:b1:54:66:02:4f:4a:ce:d7:
4d:7a:9d:14:0f:e5:68:e8:f9:16:77:35:c5:3e:6e:
2b:72:5d:54:c9:67:a9:c7:87:a6:0d:ab:f0:8b:86:
65:2d:1e:03:4e:85:e4:4b:95:4e:44:62:dc:5e:d1:
9e:9a:63:d2:5f:bd:73:4b:2e:bc:5e:86:0c:8c:79:
14:81:dd:20:6f:7a:57:b1:3b:a9:27:86:4b:46:75:
05:33:15:27:13:e2:e2:81:76:af:1a:03:ba:6c:a5:
21:9b:22:dd:4a:e8:9e:4a:c0:2d:f9:ac:78:52:9b:
e0:91:4f:1d:c4:a0:da:36:1a:ad:4c:87:55:c7:96:
e2:a4:9a:d3:f9:d9:a1:cb:9f:1d:1a:1b:6c:8b:90:
6d:d0:81:28:4a:1b:70:8e:e2:50:34:ce:58:6c:11:
0b:d1:ae:98:a0:d2:53:43:d5:88:b8:a5:4a:91:67:
57:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:D5:F8:11:7A:3D:D4:14:39:48:7A:5A:9C:2B:17:8F:B5:67:DF:26
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/YNX4EXo91BQ5SHpanCsXj7Vn3yY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
42:96:ae:92:ab:cb:33:f5:bb:9d:eb:47:ff:a3:31:b1:08:9e:
18:dd:7e:19:47:a6:dd:b4:05:a0:ad:51:c0:68:23:57:44:66:
07:62:0f:6b:55:db:69:c3:ec:66:e5:4a:78:8c:78:34:d7:ba:
77:ce:3e:30:89:9b:65:82:9d:9a:20:35:89:b8:16:fb:33:83:
f2:6b:ad:67:51:2b:d1:90:7c:24:47:99:71:08:28:af:3e:97:
08:d3:fe:95:a1:0f:db:5e:85:cd:b7:d2:61:a9:5c:1e:b4:f4:
bc:1a:3f:74:a2:e6:da:26:86:e2:a0:f6:66:af:f6:a8:2e:6a:
f2:65:a6:43:3e:b1:19:c7:67:56:e9:0c:ab:ea:7e:ee:d5:e7:
d4:63:64:89:f8:3d:bc:c4:71:7d:ca:8c:c0:3d:5e:76:8c:6c:
ce:f7:db:07:e6:dd:e3:85:e6:1d:ff:e8:b1:fb:24:c6:4b:37:
e9:98:55:72:4d:df:9d:92:0e:c7:5f:18:5c:6d:a3:a2:34:c9:
cc:bd:65:fc:fc:aa:18:bd:6f:f5:d2:04:bc:3b:30:ce:45:48:
dd:43:56:9a:fb:de:0e:e5:4b:d8:53:40:ad:ee:8e:75:92:55:
0f:f1:86:db:e0:ee:95:eb:bb:87:ee:68:14:1c:e1:10:f6:39:
c9:83:2e:56
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYeaZoBHlNVepqz6HG/zE0isMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNDE5MTY0MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQ1ZjgxMTdhM2RkNDE0Mzk0ODdhNWE5YzJiMTc4ZmI1NjdkZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9/CTwCiR+Y83ETx/9eCGM+usG9P
8KsPvbVqAcunwUS//4wWVCbGfjxkO16oCk/JAw2cTyXH5cW+vt8b/Mov82cpL3Gp
1HBm6wNIm3PMl1LvsVRmAk9KztdNep0UD+Vo6PkWdzXFPm4rcl1UyWepx4emDavw
i4ZlLR4DToXkS5VORGLcXtGemmPSX71zSy68XoYMjHkUgd0gb3pXsTupJ4ZLRnUF
MxUnE+LigXavGgO6bKUhmyLdSuieSsAt+ax4UpvgkU8dxKDaNhqtTIdVx5bipJrT
+dmhy58dGhtsi5Bt0IEoShtwjuJQNM5YbBEL0a6YoNJTQ9WIuKVKkWdXFQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGDV+BF6PdQUOUh6WpwrF4+1Z98mMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvWU5YNEVYbzkxQlE1U0hwYW5Dc1hqN1ZuM3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQFX2+AAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQBClq6Sq8sz
9bud60f/ozGxCJ4Y3X4ZR6bdtAWgrVHAaCNXRGYHYg9rVdtpw+xm5Up4jHg017p3
zj4wiZtlgp2aIDWJuBb7M4Pya61nUSvRkHwkR5lxCCivPpcI0/6VoQ/bXoXNt9Jh
qVwetPS8Gj90oubaJobioPZmr/aoLmryZaZDPrEZx2dW6Qyr6n7u1efUY2SJ+D28
xHF9yozAPV52jGzO99sH5t3jheYd/+ix+yTGSzfpmFVyTd+dkg7HXxhcbaOiNMnM
vWX8/KoYvW/10gS8OzDORUjdQ1aa+94O5UvYU0Ct7o51klUP8Ybb4O6V67uH7mgU
HOEQ9jnJgy5W
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org