Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/YvvxJruVy3J3tkFtHm9CyY4tdIk.roa
File: YvvxJruVy3J3tkFtHm9CyY4tdIk.roa (raw, json)
Hash identifier: 8/FMVy13M/VZ0E/dqWcuRZzuyJPb8YvwiWW+pcy+KNc=
Subject key identifier: 62:FB:F1:26:BB:95:CB:72:77:B6:41:6D:1E:6F:42:C9:8E:2D:74:89
Certificate issuer: /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial: 018BD8092C0A8F4A3792105520C246D1EF2C
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/YvvxJruVy3J3tkFtHm9CyY4tdIk.roa
Signing time: Thu 16 Nov 2023 12:09:21 +0000
ROA not before: Thu 16 Nov 2023 12:09:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 65632
IP address blocks: 188.125.174.0/24 maxlen: 24
188.125.163.0/24 maxlen: 24
188.125.162.0/24 maxlen: 24
188.125.160.0/24 maxlen: 24
188.125.166.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.164.0/24 maxlen: 24
188.125.170.0/24 maxlen: 24
188.125.168.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d8:09:2c:0a:8f:4a:37:92:10:55:20:c2:46:d1:ef:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Validity
Not Before: Nov 16 12:09:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=62fbf126bb95cb7277b6416d1e6f42c98e2d7489
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:31:b7:1b:ef:d5:9c:80:24:c0:27:62:88:5e:
e6:4e:30:a4:5e:45:2f:3d:ff:b4:3e:69:df:14:dd:
49:8b:07:2c:e2:1d:ad:cb:37:51:6b:c3:fa:9a:3e:
c3:60:76:3f:4e:99:d7:1d:dc:4e:c8:9b:e3:bb:e4:
e1:e1:93:38:72:79:46:ef:57:24:40:9a:65:d5:e9:
97:ea:82:1a:c3:81:82:9d:8d:6f:3d:0e:bd:20:14:
1b:e5:cc:c9:a5:28:c0:68:51:8d:59:a0:0d:fe:fd:
38:85:75:0f:1d:28:dd:0c:19:ea:c6:f7:d5:e1:86:
2b:cf:dc:f3:44:e6:76:97:20:99:56:b1:0b:d1:89:
e8:7e:2f:e8:d4:88:37:3f:54:da:86:10:65:91:12:
22:92:66:cc:fd:07:10:e3:0c:68:d7:33:6c:4a:2f:
47:12:84:17:fd:d1:79:54:9c:ed:80:81:7d:19:df:
d0:de:5d:f0:2f:f1:55:40:c7:bf:ca:a8:20:29:62:
63:99:42:ed:b7:fe:f4:f1:b4:94:5d:19:11:67:41:
46:f6:3f:78:23:77:2b:bc:b1:56:87:12:e0:92:83:
35:45:19:a3:8c:ef:3e:3d:3c:bb:f3:97:d9:1c:60:
28:0b:95:ae:ce:a8:82:fa:ad:c7:64:16:86:de:5f:
a6:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:FB:F1:26:BB:95:CB:72:77:B6:41:6D:1E:6F:42:C9:8E:2D:74:89
X509v3 Authority Key Identifier:
keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/YvvxJruVy3J3tkFtHm9CyY4tdIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.125.160.0/24
188.125.162.0-188.125.166.255
188.125.168.0/24
188.125.170.0/24
188.125.174.0/24
Signature Algorithm: sha256WithRSAEncryption
94:f3:8a:2b:7a:91:4c:25:2b:fd:32:fb:74:a8:e6:7b:f4:d4:
41:a6:32:34:26:45:1a:72:82:e6:c0:68:28:82:99:6b:01:5e:
7a:fa:a7:b7:2d:24:73:3c:d1:c7:ea:6a:ad:db:38:19:8e:f0:
12:e9:37:52:e3:2e:77:b7:55:64:1d:54:08:4a:f8:ee:9a:27:
64:b8:73:0b:67:ca:a1:d2:ce:45:6b:88:1c:17:e5:b0:f8:94:
48:62:7a:16:ca:ef:a2:71:44:0b:7e:ed:84:d3:16:a0:e7:0c:
95:d6:b5:30:bd:b3:dd:9a:3f:a8:86:c2:fc:d5:17:bb:a3:2e:
1a:c1:18:fb:b0:9e:e3:c6:dc:8f:4d:dd:42:85:d9:92:fc:31:
f3:8f:9f:c1:af:ee:eb:5b:b6:d1:7a:eb:da:ab:4c:97:b9:83:
f7:a1:0f:e7:fe:d0:fd:d6:d4:b5:51:8a:8b:b4:5d:87:7a:a5:
bf:b5:1e:66:b6:4c:4f:d5:23:32:e2:6d:1a:4d:a3:07:2b:e9:
6a:25:1e:90:6e:36:f7:ad:61:12:15:14:11:32:36:f1:30:5e:
4d:9f:8b:90:3f:c5:3e:3f:8d:47:9c:da:52:aa:ef:9e:00:4c:
b6:fe:98:a5:df:60:9c:fd:12:e5:c1:ee:ce:cf:0d:24:f0:34:
89:e7:19:42
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYvYCSwKj0o3khBVIMJG0e8sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjMxMTE2MTIwOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmZiZjEyNmJiOTVjYjcyNzdiNjQxNmQxZTZmNDJjOThlMmQ3NDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTG3G+/VnIAkwCdiiF7mTjCkXkUv
Pf+0PmnfFN1Jiwcs4h2tyzdRa8P6mj7DYHY/TpnXHdxOyJvju+Th4ZM4cnlG71ck
QJpl1emX6oIaw4GCnY1vPQ69IBQb5czJpSjAaFGNWaAN/v04hXUPHSjdDBnqxvfV
4YYrz9zzROZ2lyCZVrEL0Ynofi/o1Ig3P1TahhBlkRIikmbM/QcQ4wxo1zNsSi9H
EoQX/dF5VJztgIF9Gd/Q3l3wL/FVQMe/yqggKWJjmULtt/708bSUXRkRZ0FG9j94
I3crvLFWhxLgkoM1RRmjjO8+PTy785fZHGAoC5WuzqiC+q3HZBaG3l+mHQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFGL78Sa7lctyd7ZBbR5vQsmOLXSJMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvWXZ2eEpydVZ5M0ozdGtGdEhtOUN5WTR0ZElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAvH2gMAwD
BAG8faIDBAC8faYDBAC8fagDBAC8faoDBAC8fa4wDQYJKoZIhvcNAQELBQADggEB
AJTziit6kUwlK/0y+3So5nv01EGmMjQmRRpygubAaCiCmWsBXnr6p7ctJHM80cfq
aq3bOBmO8BLpN1LjLne3VWQdVAhK+O6aJ2S4cwtnyqHSzkVriBwX5bD4lEhiehbK
76JxRAt+7YTTFqDnDJXWtTC9s92aP6iGwvzVF7ujLhrBGPuwnuPG3I9N3UKF2ZL8
MfOPn8Gv7utbttF669qrTJe5g/ehD+f+0P3W1LVRiou0XYd6pb+1Hma2TE/VIzLi
bRpNowcr6WolHpBuNvetYRIVFBEyNvEwXk2fi5A/xT4/jUec2lKq754ATLb+mKXf
YJz9EuXB7s7PDSTwNInnGUI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:25 2024 by rpki-client on console-ams.rpki-client.org