Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/yVLuAoX7QxpIKaiAtrIDEyia50c.roa
File: yVLuAoX7QxpIKaiAtrIDEyia50c.roa (raw, json)
Hash identifier: aYhtNFe4EAJK26Bk3k/ZQOODBOCadP3fXHYfIWv1CQY=
Subject key identifier: C9:52:EE:02:85:FB:43:1A:48:29:A8:80:B6:B2:03:13:28:9A:E7:47
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018D59781BB7ACD28FB584D5D9660702DCE1
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/yVLuAoX7QxpIKaiAtrIDEyia50c.roa
Signing time: Tue 30 Jan 2024 08:24:20 +0000
ROA not before: Tue 30 Jan 2024 08:24:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59729
IP address blocks: 78.136.248.0/24 maxlen: 24
78.136.249.0/24 maxlen: 24
78.136.250.0/24 maxlen: 24
78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
88.204.43.0/24 maxlen: 24
88.204.44.0/24 maxlen: 24
88.204.45.0/24 maxlen: 24
88.204.46.0/24 maxlen: 24
88.204.47.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:59:78:1b:b7:ac:d2:8f:b5:84:d5:d9:66:07:02:dc:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jan 30 08:24:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c952ee0285fb431a4829a880b6b20313289ae747
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:cb:d3:38:e7:3b:a9:d4:c7:18:2e:a1:e9:91:
2e:d5:44:15:3b:82:c6:10:f9:7e:ed:34:56:f3:9d:
94:b7:d9:60:78:a3:71:e9:e0:9c:a7:8e:8c:fe:b2:
65:a0:85:3c:35:7b:bc:e0:a7:32:7d:02:c0:97:4c:
b0:b3:fe:c2:42:3b:fa:05:a3:95:1d:a5:08:38:1b:
b5:a1:3a:c5:d3:d2:dd:be:fe:c3:db:97:04:91:d4:
b3:57:4f:b6:ea:7a:a4:41:aa:28:a1:ec:e6:55:a4:
8d:7e:35:3a:38:43:bc:8d:3b:2d:dd:9d:5d:70:26:
69:8b:86:07:75:8d:ad:d3:3a:6d:4d:c2:77:4f:7d:
03:f9:7b:0c:98:d2:7c:7f:05:73:22:41:a9:e2:c7:
62:44:f8:6b:00:a5:c1:89:d5:bc:27:02:4f:54:49:
26:a4:bd:dd:2a:94:8f:9d:2c:6c:64:92:bc:ea:b7:
5d:28:8e:99:00:37:ac:2c:41:23:32:b0:c1:4f:cd:
b1:80:af:26:2f:a3:7b:87:2f:b8:23:05:b8:a6:08:
68:0f:6b:6e:de:97:0f:37:f8:62:59:94:27:db:38:
b2:3a:d7:f7:f3:2a:f8:a1:47:17:80:18:52:71:e1:
27:4d:47:10:e6:4f:fe:65:24:a3:52:78:6a:38:b4:
17:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:52:EE:02:85:FB:43:1A:48:29:A8:80:B6:B2:03:13:28:9A:E7:47
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/yVLuAoX7QxpIKaiAtrIDEyia50c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0-78.136.254.255
88.204.43.0-88.204.47.255
Signature Algorithm: sha256WithRSAEncryption
14:4e:c4:d7:d3:e5:6b:41:e4:b3:67:80:75:63:59:6e:d1:00:
84:c7:60:56:c2:cc:c9:0c:db:dc:b1:ee:b9:ac:87:1f:07:84:
2c:be:c9:bf:3a:92:90:b7:80:37:1e:3e:bb:86:97:33:a1:a8:
a4:60:f9:8f:98:34:d6:9f:42:a4:18:01:87:b0:00:7a:38:06:
b4:18:29:09:11:eb:ef:1d:13:3b:11:85:57:18:6c:91:21:f6:
33:37:0b:31:0c:a7:18:f3:5a:f1:78:dc:c3:ba:3b:a2:87:da:
ea:ab:81:ed:f7:42:fa:3d:4c:7a:e3:b6:07:6b:fb:32:6a:97:
6f:38:93:52:66:ae:76:00:9f:87:a8:84:fb:a1:e4:d3:6a:08:
68:c1:74:11:99:59:4b:70:c6:ee:f1:c9:fc:04:d2:6b:66:1d:
99:ab:6b:38:62:9e:05:ca:76:a7:f2:6c:e4:68:ec:a0:3a:4f:
0e:24:d1:93:04:34:69:5f:60:d7:2c:0b:f1:87:37:0e:8a:fc:
14:57:1b:cd:bb:62:b7:f0:d2:78:6f:10:c1:1b:de:e2:c9:4b:
d5:2e:26:ff:12:2c:be:cb:86:78:bd:41:cf:fe:81:d4:98:54:
4e:df:7f:28:92:bd:60:62:af:9d:68:87:3b:d8:cc:d9:95:e1:
34:21:49:5d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY1ZeBu3rNKPtYTV2WYHAtzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjQwMTMwMDgyNDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTUyZWUwMjg1ZmI0MzFhNDgyOWE4ODBiNmIyMDMxMzI4OWFlNzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MvTOOc7qdTHGC6h6ZEu1UQVO4LG
EPl+7TRW852Ut9lgeKNx6eCcp46M/rJloIU8NXu84KcyfQLAl0yws/7CQjv6BaOV
HaUIOBu1oTrF09Ldvv7D25cEkdSzV0+26nqkQaoooezmVaSNfjU6OEO8jTst3Z1d
cCZpi4YHdY2t0zptTcJ3T30D+XsMmNJ8fwVzIkGp4sdiRPhrAKXBidW8JwJPVEkm
pL3dKpSPnSxsZJK86rddKI6ZADesLEEjMrDBT82xgK8mL6N7hy+4IwW4pghoD2tu
3pcPN/hiWZQn2ziyOtf38yr4oUcXgBhSceEnTUcQ5k/+ZSSjUnhqOLQXpQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFMlS7gKF+0MaSCmogLayAxMomudHMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEveVZMdUFvWDdReHBJS2FpQXRySURFeWlhNTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBANOiPgD
BABOiP4wDAMEAFjMKwMEBFjMIDANBgkqhkiG9w0BAQsFAAOCAQEAFE7E19Pla0Hk
s2eAdWNZbtEAhMdgVsLMyQzb3LHuuayHHweELL7JvzqSkLeANx4+u4aXM6GopGD5
j5g01p9CpBgBh7AAejgGtBgpCRHr7x0TOxGFVxhskSH2MzcLMQynGPNa8Xjcw7o7
oofa6quB7fdC+j1MeuO2B2v7MmqXbziTUmaudgCfh6iE+6Hk02oIaMF0EZlZS3DG
7vHJ/ATSa2YdmatrOGKeBcp2p/Js5GjsoDpPDiTRkwQ0aV9g1ywL8Yc3Dor8FFcb
zbtit/DSeG8QwRve4slL1S4m/xIsvsuGeL1Bz/6B1JhUTt9/KJK9YGKvnWiHO9jM
2ZXhNCFJXQ==
-----END CERTIFICATE-----
Generated at Mon Mar 4 17:22:42 2024 by rpki-client on console-ams.rpki-client.org