Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/y_at9SnZq4MQTCOGQlcaVOySREw.roa
File: y_at9SnZq4MQTCOGQlcaVOySREw.roa (raw, json)
Hash identifier: HBYEBC+CNiiMN1WLCFh5gwMW+MqGvD61T7pkqxh/SXE=
Subject key identifier: CB:F6:AD:F5:29:D9:AB:83:10:4C:23:86:42:57:1A:54:EC:92:44:4C
Certificate issuer: /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial: 018F51C5ED50F538AE3A5D4C6ABCACB29C91
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/y_at9SnZq4MQTCOGQlcaVOySREw.roa
Signing time: Tue 07 May 2024 06:37:56 +0000
ROA not before: Tue 07 May 2024 06:37:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57043
IP address blocks: 5.253.63.0/24 maxlen: 24
79.133.180.0/24 maxlen: 24
185.233.184.0/24 maxlen: 24
185.244.48.0/24 maxlen: 24
185.244.49.0/24 maxlen: 24
185.250.45.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:51:c5:ed:50:f5:38:ae:3a:5d:4c:6a:bc:ac:b2:9c:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
Validity
Not Before: May 7 06:37:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cbf6adf529d9ab83104c238642571a54ec92444c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:4e:46:f1:e2:05:d1:0c:1f:39:91:5e:6a:30:
01:cd:15:c5:44:a8:d8:50:3a:20:85:81:b5:c0:cd:
e1:d5:4d:80:d1:88:a1:15:45:07:e7:35:80:0e:e6:
07:50:22:54:7f:a0:fb:1c:5b:46:6b:ce:ef:59:eb:
c3:b3:81:de:a5:bf:07:f9:65:f1:5c:f3:1d:2f:be:
2f:f7:66:1f:63:ab:b2:01:b5:9d:f5:42:16:94:8b:
a9:04:76:61:eb:26:c9:ac:53:f9:f9:45:4a:f0:65:
d8:ce:e3:5f:73:b9:69:b9:42:66:6e:83:09:9d:2c:
4b:f2:04:e9:d0:d8:a0:04:2e:b8:9c:d4:ed:4b:70:
dd:06:7b:3f:8b:8b:7e:ee:d5:2b:6e:0d:e4:ee:d4:
4f:e0:a2:a6:c6:4d:27:1e:41:8b:76:9f:99:a5:61:
4a:79:a4:49:ac:54:e2:2e:4e:51:d2:ee:29:8b:13:
88:c3:61:6e:a9:da:77:8e:a5:c9:48:78:5d:01:2b:
7e:78:eb:47:41:52:81:63:e7:37:ab:e9:ac:f1:45:
58:3b:02:28:f0:bd:76:88:a7:c5:f6:f7:c9:ab:72:
0e:f0:ff:6f:90:11:06:29:f5:17:d8:91:02:2f:fb:
bb:f7:ed:2e:53:e8:66:5a:87:3f:90:27:77:d0:0a:
33:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:F6:AD:F5:29:D9:AB:83:10:4C:23:86:42:57:1A:54:EC:92:44:4C
X509v3 Authority Key Identifier:
keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/y_at9SnZq4MQTCOGQlcaVOySREw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.63.0/24
79.133.180.0/24
185.233.184.0/24
185.244.48.0/23
185.250.45.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:97:61:aa:16:c2:58:65:a6:bf:33:26:93:d9:76:ce:a7:16:
7d:9e:86:c2:ba:a7:1f:80:8e:a5:eb:37:9f:32:7b:c8:a0:79:
00:9b:cd:62:91:33:62:6c:1d:4b:7c:9f:54:c1:1c:2a:23:be:
0b:9f:f6:b3:de:81:e5:eb:5e:b0:b3:97:3f:62:43:f6:c9:f0:
6a:26:be:55:09:4a:28:50:ed:b2:8a:a2:da:50:50:94:85:51:
5d:dc:17:92:4a:be:d2:c5:e9:2e:f7:54:da:02:a7:b8:c1:e8:
0a:4c:be:80:ea:cc:95:70:ab:43:69:e4:25:03:ca:4d:6e:ea:
bc:b0:75:7b:47:53:42:fb:b6:e2:67:41:54:ce:ce:b2:b0:21:
d7:59:56:17:6f:49:fe:ae:e8:e9:d4:a8:68:c0:7d:bb:6e:dd:
6e:1d:a3:d4:3f:3f:0e:8c:64:6d:37:2d:21:2e:8e:c3:44:3c:
a8:98:88:93:6a:14:89:5a:34:b3:1c:9c:33:2d:d8:1d:61:90:
30:b1:34:66:1f:2d:5c:51:0c:c9:eb:86:39:5d:90:59:9c:e3:
68:19:15:39:4d:a3:5b:c5:94:86:a2:3f:18:85:bf:9e:f4:00:
ff:b8:a9:7f:15:c4:a7:77:9f:ab:90:6d:de:07:2d:87:8e:48:
8a:e8:92:89
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY9Rxe1Q9TiuOl1MarysspyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjQwNTA3MDYzNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmY2YWRmNTI5ZDlhYjgzMTA0YzIzODY0MjU3MWE1NGVjOTI0NDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE5G8eIF0QwfOZFeajABzRXFRKjY
UDoghYG1wM3h1U2A0YihFUUH5zWADuYHUCJUf6D7HFtGa87vWevDs4Hepb8H+WXx
XPMdL74v92YfY6uyAbWd9UIWlIupBHZh6ybJrFP5+UVK8GXYzuNfc7lpuUJmboMJ
nSxL8gTp0NigBC64nNTtS3DdBns/i4t+7tUrbg3k7tRP4KKmxk0nHkGLdp+ZpWFK
eaRJrFTiLk5R0u4pixOIw2Fuqdp3jqXJSHhdASt+eOtHQVKBY+c3q+ms8UVYOwIo
8L12iKfF9vfJq3IO8P9vkBEGKfUX2JECL/u79+0uU+hmWoc/kCd30AozzQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMv2rfUp2auDEEwjhkJXGlTskkRMMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEveV9hdDlTblpxNE1RVENPR1FsY2FWT3lTUkV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUtNDkyYWIzNzI2ODlk
LzEvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQABf0/AwQA
T4W0AwQAuem4AwQBufQwAwQAufotMA0GCSqGSIb3DQEBCwUAA4IBAQCbl2GqFsJY
Zaa/MyaT2XbOpxZ9nobCuqcfgI6l6zefMnvIoHkAm81ikTNibB1LfJ9UwRwqI74L
n/az3oHl616ws5c/YkP2yfBqJr5VCUooUO2yiqLaUFCUhVFd3BeSSr7Sxeku91Ta
Aqe4wegKTL6A6syVcKtDaeQlA8pNbuq8sHV7R1NC+7biZ0FUzs6ysCHXWVYXb0n+
rujp1KhowH27bt1uHaPUPz8OjGRtNy0hLo7DRDyomIiTahSJWjSzHJwzLdgdYZAw
sTRmHy1cUQzJ64Y5XZBZnONoGRU5TaNbxZSGoj8Yhb+e9AD/uKl/FcSnd5+rkG3e
By2HjkiK6JKJ
-----END CERTIFICATE-----
Generated at Wed Jul 17 09:20:40 2024 by rpki-client on console-ams.rpki-client.org