Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/yGKdhCBvDo5KvuBBCyiwU0O7TBI.roa
File: yGKdhCBvDo5KvuBBCyiwU0O7TBI.roa (raw, json)
Hash identifier: ZoSEwLGbUx1HefkC5CBpoEpBi7Ky4W2JgMT6k0v9gec=
Subject key identifier: C8:62:9D:84:20:6F:0E:8E:4A:BE:E0:41:0B:28:B0:53:43:BB:4C:12
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 018570FBD0728D0CC40330992AFE7AB243B4
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/yGKdhCBvDo5KvuBBCyiwU0O7TBI.roa
Signing time: Mon 02 Jan 2023 05:37:09 +0000
ROA not before: Mon 02 Jan 2023 05:37:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 192.53.136.0/21 maxlen: 21
155.193.2.0/23 maxlen: 23
192.53.64.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:fb:d0:72:8d:0c:c4:03:30:99:2a:fe:7a:b2:43:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Jan 2 05:37:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c8629d84206f0e8e4abee0410b28b05343bb4c12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:cf:0c:cc:fd:e3:65:0d:62:1d:8e:72:51:1f:
ea:29:80:5d:65:e5:ca:fc:29:46:ad:8d:61:58:6a:
5f:f6:ba:ba:47:a2:35:fd:85:dc:da:26:8c:b9:a2:
9c:f7:03:0c:21:47:6d:d4:39:a1:c1:be:a7:a8:96:
50:52:f1:43:fc:b8:9f:b2:5f:8c:6b:78:70:5a:7e:
2c:34:0a:94:77:67:8e:df:7e:f4:ea:54:30:f6:fc:
79:18:41:71:80:df:0d:63:75:9b:22:f9:b4:92:58:
71:33:ab:b1:9e:8d:48:3b:2c:e3:8a:14:43:5e:2b:
f8:5f:77:82:da:80:ce:68:22:ea:08:1c:98:7f:e6:
8b:d1:7e:d1:8e:db:3f:8a:5e:69:6f:c3:61:bb:c8:
bb:5c:2d:eb:bf:4e:d7:0f:81:40:a7:5e:d9:07:41:
04:18:ec:f8:6f:26:91:74:fb:0f:bf:8c:f0:9c:33:
9c:71:28:65:b1:b4:d1:70:4c:24:22:8e:db:b7:3c:
fc:1a:6f:3d:da:eb:2c:12:b0:24:25:f8:bf:92:a7:
79:cc:ff:15:27:eb:e7:28:a0:66:9f:39:d1:52:53:
c4:e6:5a:82:5c:33:df:3b:31:c4:96:93:ea:b8:7d:
72:c3:43:c9:21:6f:aa:a5:9d:cf:ba:fb:2e:11:e2:
5f:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:62:9D:84:20:6F:0E:8E:4A:BE:E0:41:0B:28:B0:53:43:BB:4C:12
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/yGKdhCBvDo5KvuBBCyiwU0O7TBI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
155.193.2.0/23
192.53.64.0/21
192.53.136.0/21
Signature Algorithm: sha256WithRSAEncryption
60:a5:e9:d5:36:56:fa:0c:49:30:84:2e:9a:d9:6c:d0:af:07:
ad:bf:77:00:c9:2f:a6:ec:21:a3:e9:bb:bd:ff:54:fb:ef:c7:
71:9f:7c:4b:8a:7b:52:7e:19:3e:30:d1:69:f6:37:f6:8f:09:
6c:44:57:91:8b:d2:56:85:f8:cb:c9:d1:97:c9:ab:e6:a1:4e:
5f:a2:06:d1:92:69:89:8d:87:5f:36:9e:92:8c:d9:d9:c0:54:
50:48:cd:54:d8:f8:0a:8f:19:11:8f:c2:2b:5b:68:1f:3e:65:
9a:db:c1:c8:57:86:5c:0d:f5:e8:90:b0:f1:c4:ca:63:fc:7f:
e7:db:b9:6a:82:76:83:64:99:4b:b6:e6:92:ff:71:5a:59:92:
4e:a8:8f:27:f9:20:87:5b:0b:94:91:0b:11:1c:80:33:aa:a7:
35:fe:83:39:ed:87:95:75:71:0e:ca:e1:b9:3f:37:01:75:d2:
60:a9:a3:86:49:4d:78:13:2d:07:80:85:83:f1:ae:05:40:a8:
7e:0a:67:65:1b:0e:5d:f7:97:34:ca:ab:94:c6:34:b5:60:fa:
7c:2e:31:97:3d:4c:f3:12:c4:5b:a3:af:87:2f:ee:2b:fb:bd:
0f:d4:00:0f:60:c7:57:b6:ee:65:3d:c7:37:96:5f:8a:ae:fe:
49:70:e7:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVw+9ByjQzEAzCZKv56skO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwMTAyMDUzNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODYyOWQ4NDIwNmYwZThlNGFiZWUwNDEwYjI4YjA1MzQzYmI0YzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM8MzP3jZQ1iHY5yUR/qKYBdZeXK
/ClGrY1hWGpf9rq6R6I1/YXc2iaMuaKc9wMMIUdt1Dmhwb6nqJZQUvFD/Lifsl+M
a3hwWn4sNAqUd2eO33706lQw9vx5GEFxgN8NY3WbIvm0klhxM6uxno1IOyzjihRD
Xiv4X3eC2oDOaCLqCByYf+aL0X7Rjts/il5pb8Nhu8i7XC3rv07XD4FAp17ZB0EE
GOz4byaRdPsPv4zwnDOccShlsbTRcEwkIo7btzz8Gm892ussErAkJfi/kqd5zP8V
J+vnKKBmnznRUlPE5lqCXDPfOzHElpPquH1yw0PJIW+qpZ3PuvsuEeJfMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMhinYQgbw6OSr7gQQsosFNDu0wSMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEveUdLZGhDQnZEbzVLdnVCQkN5aXdVME83VEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBm8ECAwQD
wDVAAwQDwDWIMA0GCSqGSIb3DQEBCwUAA4IBAQBgpenVNlb6DEkwhC6a2WzQrwet
v3cAyS+m7CGj6bu9/1T778dxn3xLintSfhk+MNFp9jf2jwlsRFeRi9JWhfjLydGX
yavmoU5fogbRkmmJjYdfNp6SjNnZwFRQSM1U2PgKjxkRj8IrW2gfPmWa28HIV4Zc
DfXokLDxxMpj/H/n27lqgnaDZJlLtuaS/3FaWZJOqI8n+SCHWwuUkQsRHIAzqqc1
/oM57YeVdXEOyuG5PzcBddJgqaOGSU14Ey0HgIWD8a4FQKh+CmdlGw5d95c0yquU
xjS1YPp8LjGXPUzzEsRbo6+HL+4r+70P1AAPYMdXtu5lPcc3ll+Krv5JcOcN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org