Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/YO5Z2MNfQQeWMDVGYywJmamKfOE.roa
File: YO5Z2MNfQQeWMDVGYywJmamKfOE.roa (raw, json)
Hash identifier: y9yWgqiEY/iUbTHGBmt3Cvow1FpU2bijRiplQ4uq3y0=
Subject key identifier: 60:EE:59:D8:C3:5F:41:07:96:30:35:46:63:2C:09:99:A9:8A:7C:E1
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 01857C094C124EC80D04A4C861C411AD41AD
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/YO5Z2MNfQQeWMDVGYywJmamKfOE.roa
Signing time: Wed 04 Jan 2023 09:07:41 +0000
ROA not before: Wed 04 Jan 2023 09:07:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 91.213.200.0/24 maxlen: 24
194.156.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7c:09:4c:12:4e:c8:0d:04:a4:c8:61:c4:11:ad:41:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Jan 4 09:07:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60ee59d8c35f410796303546632c0999a98a7ce1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b9:04:b6:da:da:50:43:4f:80:e5:9d:fc:6f:
5f:b1:33:60:c0:d2:21:67:26:4c:07:49:5d:b5:86:
c3:e7:85:e8:5f:e4:b3:1c:ce:ae:c7:52:f4:34:89:
6b:d6:af:a6:a9:7f:4c:c0:a3:bc:f4:1a:e5:75:35:
15:80:c6:19:7b:43:64:f5:ef:a2:30:fb:8e:d9:d3:
5f:f7:69:0a:7b:b9:72:6b:fb:31:84:95:04:fc:70:
44:2e:7d:90:95:e8:e0:b3:89:68:e5:04:6c:19:86:
14:b7:ba:da:51:58:e4:0e:4b:71:9b:a6:75:1b:14:
07:6e:26:3d:09:48:23:f3:ba:54:df:04:24:84:d8:
68:51:c2:36:f3:47:8a:26:f7:2a:42:ee:78:cf:fd:
ac:81:10:4c:7d:59:21:20:08:e4:c0:42:59:91:bb:
85:5c:b2:a8:e0:bb:1c:1c:c3:b4:16:18:2b:2c:3c:
4b:07:1d:66:1d:cc:73:36:64:2e:cf:bf:88:00:51:
29:d6:92:91:a7:e2:42:78:11:d7:13:b4:98:35:05:
db:a3:db:31:44:d3:86:4b:db:5e:e8:78:07:11:bf:
53:66:e8:13:2f:7a:71:46:67:c1:e5:10:4b:30:72:
36:c5:9f:81:45:53:86:1f:f0:92:c1:35:07:1c:dc:
6a:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:EE:59:D8:C3:5F:41:07:96:30:35:46:63:2C:09:99:A9:8A:7C:E1
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/YO5Z2MNfQQeWMDVGYywJmamKfOE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.213.200.0/24
194.156.151.0/24
Signature Algorithm: sha256WithRSAEncryption
75:d8:b1:89:f3:ad:0f:6f:f2:01:70:1e:4b:07:d2:da:b0:7c:
d9:3c:d1:c1:26:36:7c:d9:01:d9:13:00:f7:f6:9f:91:28:55:
6e:1b:5c:36:5b:ff:94:1c:3e:97:07:c0:d8:19:1b:10:af:99:
64:fd:7d:a8:85:03:a1:84:ac:94:67:11:a5:f7:e2:36:7b:13:
31:01:9a:96:67:d5:d0:b5:16:7d:c1:e7:f3:2e:a8:41:88:28:
ce:aa:08:1c:da:51:00:97:fe:af:e6:97:22:5d:aa:b1:50:43:
c6:5b:66:c2:e5:c1:a2:85:d8:11:cb:68:2c:69:2a:cb:8d:cd:
12:03:03:6c:a4:2d:90:ee:73:25:0a:71:fc:08:52:8b:fd:94:
92:3d:96:52:4e:be:98:e4:43:f1:0b:e3:46:38:8d:04:df:52:
e6:80:77:74:94:f0:da:6a:59:e2:f0:62:4d:ae:0f:a6:25:f7:
60:c7:9d:50:c5:52:7f:cf:dd:c8:b7:70:db:89:76:c1:09:62:
ad:e7:95:53:56:16:62:a7:9b:a7:e5:01:db:dc:07:f4:57:67:
6b:09:dc:81:df:14:9d:63:ad:2a:b1:c4:ca:49:e9:03:53:99:
3e:f4:4f:36:26:61:38:a6:30:f7:e3:71:3e:60:9a:e0:9f:af:
ce:a0:fa:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYV8CUwSTsgNBKTIYcQRrUGtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwMTA0MDkwNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGVlNTlkOGMzNWY0MTA3OTYzMDM1NDY2MzJjMDk5OWE5OGE3Y2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbkEttraUENPgOWd/G9fsTNgwNIh
ZyZMB0ldtYbD54XoX+SzHM6ux1L0NIlr1q+mqX9MwKO89BrldTUVgMYZe0Nk9e+i
MPuO2dNf92kKe7lya/sxhJUE/HBELn2Qlejgs4lo5QRsGYYUt7raUVjkDktxm6Z1
GxQHbiY9CUgj87pU3wQkhNhoUcI280eKJvcqQu54z/2sgRBMfVkhIAjkwEJZkbuF
XLKo4LscHMO0FhgrLDxLBx1mHcxzNmQuz7+IAFEp1pKRp+JCeBHXE7SYNQXbo9sx
RNOGS9te6HgHEb9TZugTL3pxRmfB5RBLMHI2xZ+BRVOGH/CSwTUHHNxqhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGDuWdjDX0EHljA1RmMsCZmpinzhMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvWU81WjJNTmZRUWVXTURWR1l5d0ptYW1LZk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9XIAwQA
wpyXMA0GCSqGSIb3DQEBCwUAA4IBAQB12LGJ860Pb/IBcB5LB9LasHzZPNHBJjZ8
2QHZEwD39p+RKFVuG1w2W/+UHD6XB8DYGRsQr5lk/X2ohQOhhKyUZxGl9+I2exMx
AZqWZ9XQtRZ9wefzLqhBiCjOqggc2lEAl/6v5pciXaqxUEPGW2bC5cGihdgRy2gs
aSrLjc0SAwNspC2Q7nMlCnH8CFKL/ZSSPZZSTr6Y5EPxC+NGOI0E31LmgHd0lPDa
alni8GJNrg+mJfdgx51QxVJ/z93It3DbiXbBCWKt55VTVhZip5un5QHb3Af0V2dr
CdyB3xSdY60qscTKSekDU5k+9E82JmE4pjD343E+YJrgn6/OoPoq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org