Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/ycoRb2Wp-qTS1jl3JihFWKlyHIo.roa
File: ycoRb2Wp-qTS1jl3JihFWKlyHIo.roa (raw, json)
Hash identifier: eBN6UGqeNboNwDJtqgQs1A55T8kbeOh/UwkKWTBjjc0=
Subject key identifier: C9:CA:11:6F:65:A9:FA:A4:D2:D6:39:77:26:28:45:58:A9:72:1C:8A
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 0187CC61EB140432BC166A61767103949CC4
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/ycoRb2Wp-qTS1jl3JihFWKlyHIo.roa
Signing time: Sat 29 Apr 2023 09:39:41 +0000
ROA not before: Sat 29 Apr 2023 09:39:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.112.0/20 maxlen: 20
31.42.120.0/21 maxlen: 21
31.42.124.0/22 maxlen: 22
91.210.144.0/22 maxlen: 22
193.110.20.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:cc:61:eb:14:04:32:bc:16:6a:61:76:71:03:94:9c:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Apr 29 09:39:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c9ca116f65a9faa4d2d6397726284558a9721c8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:1c:23:c5:70:da:eb:77:11:9e:47:64:5d:89:
9e:30:ed:34:87:da:37:78:c5:01:0a:93:8b:31:61:
53:a2:9a:03:c2:7b:9a:80:f5:17:ce:52:1c:35:fc:
55:28:fb:fb:b5:3d:cc:78:e0:84:42:a7:07:6a:aa:
e5:4b:41:15:4b:ce:e1:0c:94:eb:1a:b0:85:2b:5f:
7f:34:cb:c0:3d:ab:27:20:d2:4f:3e:10:1f:71:f0:
42:62:b2:bf:3a:67:4f:a2:a6:d9:60:ee:b4:07:b0:
00:1f:77:98:04:52:1e:93:bf:ef:05:f5:1f:fb:9c:
18:34:ba:d0:68:6d:e6:57:56:bd:9b:51:15:c0:dd:
8b:a8:a8:60:d0:2b:b7:73:d2:e2:e7:8d:14:b4:ba:
25:eb:2e:16:ee:fc:85:05:6b:3d:40:b3:f0:21:d0:
37:17:b1:88:ee:20:07:45:e7:d1:d0:c9:f3:29:3b:
29:a5:ac:d0:75:23:4d:ed:02:07:f8:9b:65:c5:c8:
7b:0f:a5:fb:1c:e1:d7:39:0a:0c:e1:c4:6d:4b:29:
76:4b:02:a0:61:85:d1:9f:0b:9e:d1:c0:7b:ee:c9:
eb:81:e7:94:41:f0:da:60:ce:2c:e8:7f:6f:2e:c5:
ba:e9:a7:4e:9d:84:ca:58:a2:fd:a7:07:66:f4:93:
c7:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:CA:11:6F:65:A9:FA:A4:D2:D6:39:77:26:28:45:58:A9:72:1C:8A
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/ycoRb2Wp-qTS1jl3JihFWKlyHIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.112.0/20
91.210.144.0/22
193.110.20.0/22
Signature Algorithm: sha256WithRSAEncryption
2d:9d:42:dc:34:30:fd:87:70:ba:12:f5:e7:be:75:08:81:47:
9f:1c:62:31:c9:dd:f5:10:d9:3e:76:54:39:06:30:7c:43:ec:
ed:f5:a2:8a:53:49:f1:a1:42:b3:2b:37:cc:96:c6:4c:a4:f0:
3f:18:22:3b:fa:d8:b9:48:69:0b:54:3f:25:40:66:ee:03:69:
49:8c:42:3d:1b:b8:10:7d:d4:b1:8e:ed:7a:5a:c2:13:2b:a3:
21:a1:08:70:9a:13:c1:cd:c7:f8:28:75:6d:54:7e:cd:eb:64:
e1:b3:58:ad:5e:05:f4:01:24:0b:17:69:4e:88:c6:bc:e2:76:
6d:6b:43:0c:c7:7a:c9:00:ed:76:30:a4:e9:87:9e:0c:68:d1:
55:9a:56:b3:88:38:c8:2f:d2:14:e9:21:af:f9:ad:3a:88:fc:
83:31:c2:51:2e:fa:44:85:3c:6b:5a:a0:e1:28:79:22:a8:43:
3a:47:f2:a2:ab:e1:1f:69:0d:50:c1:cd:ee:6b:9e:95:13:9d:
0b:99:b9:9a:47:73:94:67:e8:3e:45:7b:52:ee:ec:a4:87:78:
94:44:7a:85:2a:e6:65:c8:43:c8:47:66:c2:a4:61:01:8c:dc:
c7:e9:14:86:60:b0:1b:49:30:30:a4:53:ea:c0:fa:a8:5b:91:
e7:68:b8:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYfMYesUBDK8FmphdnEDlJzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjMwNDI5MDkzOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWNhMTE2ZjY1YTlmYWE0ZDJkNjM5NzcyNjI4NDU1OGE5NzIxYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xwjxXDa63cRnkdkXYmeMO00h9o3
eMUBCpOLMWFTopoDwnuagPUXzlIcNfxVKPv7tT3MeOCEQqcHaqrlS0EVS87hDJTr
GrCFK19/NMvAPasnINJPPhAfcfBCYrK/OmdPoqbZYO60B7AAH3eYBFIek7/vBfUf
+5wYNLrQaG3mV1a9m1EVwN2LqKhg0Cu3c9Li540UtLol6y4W7vyFBWs9QLPwIdA3
F7GI7iAHRefR0MnzKTsppazQdSNN7QIH+Jtlxch7D6X7HOHXOQoM4cRtSyl2SwKg
YYXRnwue0cB77snrgeeUQfDaYM4s6H9vLsW66adOnYTKWKL9pwdm9JPHFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMnKEW9lqfqk0tY5dyYoRVipchyKMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEveWNvUmIyV3AtcVRTMWpsM0ppaEZXS2x5SElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEHypwAwQC
W9KQAwQCwW4UMA0GCSqGSIb3DQEBCwUAA4IBAQAtnULcNDD9h3C6EvXnvnUIgUef
HGIxyd31ENk+dlQ5BjB8Q+zt9aKKU0nxoUKzKzfMlsZMpPA/GCI7+ti5SGkLVD8l
QGbuA2lJjEI9G7gQfdSxju16WsITK6MhoQhwmhPBzcf4KHVtVH7N62Ths1itXgX0
ASQLF2lOiMa84nZta0MMx3rJAO12MKTph54MaNFVmlaziDjIL9IU6SGv+a06iPyD
McJRLvpEhTxrWqDhKHkiqEM6R/Kiq+EfaQ1Qwc3ua56VE50LmbmaR3OUZ+g+RXtS
7uykh3iURHqFKuZlyEPIR2bCpGEBjNzH6RSGYLAbSTAwpFPqwPqoW5HnaLjO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:49 2024 by rpki-client on console-ams.rpki-client.org