Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/YKkwOmrh7-YGWJV701VPQmiwSig.roa
File: YKkwOmrh7-YGWJV701VPQmiwSig.roa (raw, json)
Hash identifier: mays6qehvX7S14XiJwVkaKku8e0RjPCaXu58HrVXAao=
Subject key identifier: 60:A9:30:3A:6A:E1:EF:E6:06:58:95:7B:D3:55:4F:42:68:B0:4A:28
Certificate issuer: /CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Certificate serial: 018CC348CE0C5ECF0088EE11C63F47A67B08
Authority key identifier: 0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/YKkwOmrh7-YGWJV701VPQmiwSig.roa
Signing time: Mon 01 Jan 2024 04:29:37 +0000
ROA not before: Mon 01 Jan 2024 04:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8708
IP address blocks: 213.157.189.0/24 maxlen: 24
213.154.100.0/24 maxlen: 24
188.26.128.0/18 maxlen: 24
212.93.128.0/19 maxlen: 24
86.127.54.0/24 maxlen: 24
86.127.59.0/24 maxlen: 24
212.93.143.0/24 maxlen: 24
213.157.160.0/19 maxlen: 24
188.26.224.0/19 maxlen: 24
89.43.180.0/23 maxlen: 24
5.12.0.0/14 maxlen: 24
82.76.0.0/14 maxlen: 24
93.113.40.0/22 maxlen: 24
86.120.0.0/13 maxlen: 24
82.137.16.0/20 maxlen: 24
82.137.32.0/19 maxlen: 24
188.26.0.0/17 maxlen: 24
62.231.120.0/24 maxlen: 24
5.2.128.0/17 maxlen: 24
79.117.0.0/16 maxlen: 24
62.231.64.0/18 maxlen: 24
82.137.0.0/21 maxlen: 24
82.137.0.0/18 maxlen: 24
89.46.12.0/22 maxlen: 24
79.112.0.0/13 maxlen: 24
185.129.36.0/22 maxlen: 22
31.14.104.0/21 maxlen: 24
79.112.0.0/14 maxlen: 24
82.79.10.0/24 maxlen: 24
194.102.80.0/23 maxlen: 24
194.102.81.0/24 maxlen: 24
31.14.192.0/21 maxlen: 24
81.18.64.0/19 maxlen: 24
31.14.224.0/22 maxlen: 24
84.232.128.0/17 maxlen: 24
188.27.0.0/16 maxlen: 24
79.118.0.0/15 maxlen: 24
84.232.149.0/24 maxlen: 24
81.196.0.0/16 maxlen: 24
79.118.155.0/24 maxlen: 24
193.111.232.0/24 maxlen: 24
188.24.0.0/15 maxlen: 24
212.54.96.0/19 maxlen: 24
188.27.120.0/24 maxlen: 24
212.54.122.0/24 maxlen: 24
212.54.123.0/24 maxlen: 24
212.54.120.0/24 maxlen: 24
86.121.222.0/24 maxlen: 24
2a02:2f00::/28 maxlen: 48
2a02:2f09:3100::/48 maxlen: 48
2a03:9c20:1000::/48 maxlen: 48
2a03:9c20:f000::/48 maxlen: 48
2a02:2f0c:8002::/48 maxlen: 48
2a02:2f01:100::/48 maxlen: 48
2a03:9c20::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:ce:0c:5e:cf:00:88:ee:11:c6:3f:47:a6:7b:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Validity
Not Before: Jan 1 04:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=60a9303a6ae1efe60658957bd3554f4268b04a28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:1b:ab:a6:d5:ef:cc:2a:78:f7:6f:53:4d:b5:
bf:c1:fd:d5:3d:c9:ba:92:43:fa:26:55:5d:60:3a:
28:b4:46:c7:4c:1b:5a:ea:b0:ae:e6:0c:59:4a:23:
5e:77:1a:bf:3b:96:07:ca:38:85:f2:db:22:10:6c:
52:d4:2c:8a:b4:9f:98:eb:a3:dd:cf:30:4b:58:36:
e0:ee:8f:24:0e:63:17:ad:61:e4:50:bf:29:63:ea:
4a:02:5d:3c:5d:99:06:bb:dd:60:9d:a8:2d:d2:2d:
89:af:db:6e:0f:98:53:03:64:87:af:f9:a0:86:e0:
e6:0f:25:85:26:32:3e:06:f2:23:91:e8:b8:bd:ee:
b6:23:49:4d:2d:1a:36:64:58:d3:c7:b2:09:f8:a6:
f3:3d:39:37:71:f7:3c:4f:87:10:36:17:e4:e4:d0:
db:5c:5e:8a:88:10:60:ac:2c:9d:45:43:09:7f:30:
97:bd:b0:2d:a0:49:96:0c:8e:a1:ff:6e:65:93:0a:
88:ef:b3:52:3b:14:fe:d0:62:f9:a1:38:91:e6:2d:
c7:ab:71:ac:e2:4f:bc:20:24:11:c7:e1:6e:70:c4:
f2:c9:e1:83:83:2f:2e:7d:0b:c7:a0:50:91:33:a3:
ec:ec:77:6a:90:30:f1:23:ba:ae:e2:0a:9e:f7:d5:
68:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:A9:30:3A:6A:E1:EF:E6:06:58:95:7B:D3:55:4F:42:68:B0:4A:28
X509v3 Authority Key Identifier:
keyid:0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/YKkwOmrh7-YGWJV701VPQmiwSig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.2.128.0/17
5.12.0.0/14
31.14.104.0/21
31.14.192.0/21
31.14.224.0/22
62.231.64.0/18
79.112.0.0/13
81.18.64.0/19
81.196.0.0/16
82.76.0.0/14
82.137.0.0/18
84.232.128.0/17
86.120.0.0/13
89.43.180.0/23
89.46.12.0/22
93.113.40.0/22
185.129.36.0/22
188.24.0.0-188.26.191.255
188.26.224.0-188.27.255.255
193.111.232.0/24
194.102.80.0/23
212.54.96.0/19
212.93.128.0/19
213.154.100.0/24
213.157.160.0/19
IPv6:
2a02:2f00::/28
2a03:9c20::/32
Signature Algorithm: sha256WithRSAEncryption
86:4f:e4:13:32:49:28:20:2d:ae:14:c8:ff:95:b2:f0:cd:9a:
e7:35:bc:13:15:cf:e7:f9:cb:d8:0b:53:2c:0f:fa:9e:dc:a3:
1f:13:90:5b:e2:97:a8:36:2f:9d:2f:dc:fd:36:c2:23:2b:88:
72:e8:59:5d:83:c5:c8:8f:86:46:17:be:26:2e:e6:93:a4:49:
ad:25:b7:d9:2d:56:34:47:a7:9c:37:1f:b5:5c:1b:1b:fe:ab:
9c:27:c0:ff:f0:8d:2a:e7:91:73:6b:87:d8:de:49:47:78:b1:
c5:df:f8:eb:b1:a1:40:9c:f8:8c:b5:13:53:50:cc:4a:4a:a0:
24:64:8a:12:69:bd:07:0d:24:ed:be:36:47:e8:ef:f1:40:8b:
33:31:aa:cb:91:d8:e0:5a:75:fc:5b:97:d9:18:04:54:1f:cf:
ba:f3:f8:a5:0e:b7:a1:17:2e:fb:bb:17:e5:6f:22:dd:4a:66:
f4:64:6a:6e:1d:ee:d3:69:20:c0:58:55:ed:22:5a:c1:07:78:
8d:c0:66:14:04:8d:6e:2f:6d:05:4b:79:70:89:d6:66:3d:26:
db:3f:6a:d0:dd:fd:cc:a7:a6:8a:66:11:88:01:40:26:c6:2a:
f4:d9:1c:37:8b:00:a6:70:e7:f7:82:30:8e:bc:7b:97:a3:d5:
0d:01:84:c5
-----BEGIN CERTIFICATE-----
MIIFsTCCBJmgAwIBAgISAYzDSM4MXs8AiO4Rxj9HpnsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNTU2YWNiNWYzYjk2MWI1Y2MyNGEyOTk1ZjM0ZWU5MWY3
OWRjMTYwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGE5MzAzYTZhZTFlZmU2MDY1ODk1N2JkMzU1NGY0MjY4YjA0YTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhurptXvzCp4929TTbW/wf3VPcm6
kkP6JlVdYDootEbHTBta6rCu5gxZSiNedxq/O5YHyjiF8tsiEGxS1CyKtJ+Y66Pd
zzBLWDbg7o8kDmMXrWHkUL8pY+pKAl08XZkGu91gnagt0i2Jr9tuD5hTA2SHr/mg
huDmDyWFJjI+BvIjkei4ve62I0lNLRo2ZFjTx7IJ+KbzPTk3cfc8T4cQNhfk5NDb
XF6KiBBgrCydRUMJfzCXvbAtoEmWDI6h/25lkwqI77NSOxT+0GL5oTiR5i3Hq3Gs
4k+8ICQRx+FucMTyyeGDgy8ufQvHoFCRM6Ps7HdqkDDxI7qu4gqe99Vo1wIDAQAB
o4ICvTCCArkwHQYDVR0OBBYEFGCpMDpq4e/mBliVe9NVT0JosEooMB8GA1UdIwQY
MBaAFAtVastfO5YbXMJKKZXzTukfedwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEt
ZDJiYmYzN2RhYmI0LzEvWUtrd09tcmg3LVlHV0pWNzAxVlBRbWl3U2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEtZDJiYmYzN2RhYmI0
LzEvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHSBggrBgEFBQcBBwEB/wSBwjCBvzCBpgQCAAEwgZ8DBAcF
AoADAwIFDAMEAx8OaAMEAx8OwAMEAh8O4AMEBj7nQAMDA09wAwQFURJAAwMAUcQD
AwJSTAMEBlKJAAMEB1TogAMDA1Z4AwQBWSu0AwQCWS4MAwQCXXEoAwQCuYEkMAsD
AwO8GAMEBrwagDALAwQFvBrgAwMCvBgDBADBb+gDBAHCZlADBAXUNmADBAXUXYAD
BADVmmQDBAXVnaAwFAQCAAIwDgMFBCoCLwADBQAqA5wgMA0GCSqGSIb3DQEBCwUA
A4IBAQCGT+QTMkkoIC2uFMj/lbLwzZrnNbwTFc/n+cvYC1MsD/qe3KMfE5Bb4peo
Ni+dL9z9NsIjK4hy6Fldg8XIj4ZGF74mLuaTpEmtJbfZLVY0R6ecNx+1XBsb/quc
J8D/8I0q55Fza4fY3klHeLHF3/jrsaFAnPiMtRNTUMxKSqAkZIoSab0HDSTtvjZH
6O/xQIszMarLkdjgWnX8W5fZGARUH8+68/ilDrehFy77uxflbyLdSmb0ZGpuHe7T
aSDAWFXtIlrBB3iNwGYUBI1uL20FS3lwidZmPSbbP2rQ3f3Mp6aKZhGIAUAmxir0
2Rw3iwCmcOf3gjCOvHuXo9UNAYTF
-----END CERTIFICATE-----
Generated at Fri Apr 18 03:22:35 2025 by rpki-client