Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/YL9q05DF_z-MD4ZkVLFi1-7z0zM.roa
File: YL9q05DF_z-MD4ZkVLFi1-7z0zM.roa (raw, json)
Hash identifier: HWUkFDgKJioZ7u/h8MwHNI24emNpV7LwHT2GuJh/MyA=
Subject key identifier: 60:BF:6A:D3:90:C5:FF:3F:8C:0F:86:64:54:B1:62:D7:EE:F3:D3:33
Certificate issuer: /CN=ee83bc458a3696d652fbef863e5ee40f0096f197
Certificate serial: 01856C81426D46F4A0A4D787B6EC1095055C
Authority key identifier: EE:83:BC:45:8A:36:96:D6:52:FB:EF:86:3E:5E:E4:0F:00:96:F1:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7oO8RYo2ltZS---GPl7kDwCW8Zc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/YL9q05DF_z-MD4ZkVLFi1-7z0zM.roa
Signing time: Sun 01 Jan 2023 08:44:48 +0000
ROA not before: Sun 01 Jan 2023 08:44:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203536
IP address blocks: 185.63.8.0/22 maxlen: 22
46.167.8.0/21 maxlen: 21
188.116.42.0/23 maxlen: 23
2a03:920::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:81:42:6d:46:f4:a0:a4:d7:87:b6:ec:10:95:05:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee83bc458a3696d652fbef863e5ee40f0096f197
Validity
Not Before: Jan 1 08:44:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60bf6ad390c5ff3f8c0f866454b162d7eef3d333
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:d0:50:83:0d:f5:52:a8:bf:65:92:83:58:91:
a7:b0:06:97:48:89:2d:0e:97:b5:37:52:fe:ff:64:
c6:2f:bf:b3:fd:40:6d:b1:a6:60:28:38:59:a8:7f:
63:e9:11:26:ac:b8:20:a0:32:96:fd:66:e2:f5:98:
a5:b9:14:9e:79:5b:8f:e6:02:6c:ea:af:dc:b0:89:
89:6b:3c:17:56:4c:14:2f:23:d3:b8:e0:99:68:87:
3c:cb:b5:53:48:4c:f4:d7:93:9e:a5:7a:3f:4b:6e:
0d:1d:7b:29:3f:9b:63:74:27:f6:45:3e:83:ae:73:
e8:96:30:01:cc:35:65:5a:10:2a:c2:17:a9:83:8b:
ee:2f:df:ca:ac:81:60:1b:a2:e9:34:05:44:c7:61:
1e:17:98:42:12:f8:6b:6d:fb:6e:be:0f:e8:2e:86:
74:e1:11:d7:f0:1a:9e:d1:11:05:6f:00:bf:ae:00:
91:40:f7:47:92:96:6e:63:84:c2:ad:4a:4c:34:4f:
02:6c:06:ea:8c:ab:c7:6a:d5:c0:55:db:cd:e1:eb:
2b:4d:6d:b0:58:fa:1b:67:59:ad:ef:1d:d5:02:13:
ce:85:e7:11:78:50:19:67:7a:04:b1:4b:80:49:eb:
e8:47:05:41:35:ab:c4:86:6b:5a:0a:db:ec:63:01:
ef:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:BF:6A:D3:90:C5:FF:3F:8C:0F:86:64:54:B1:62:D7:EE:F3:D3:33
X509v3 Authority Key Identifier:
keyid:EE:83:BC:45:8A:36:96:D6:52:FB:EF:86:3E:5E:E4:0F:00:96:F1:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7oO8RYo2ltZS---GPl7kDwCW8Zc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/YL9q05DF_z-MD4ZkVLFi1-7z0zM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7oO8RYo2ltZS---GPl7kDwCW8Zc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.167.8.0/21
185.63.8.0/22
188.116.42.0/23
IPv6:
2a03:920::/32
Signature Algorithm: sha256WithRSAEncryption
b0:30:6f:24:3b:a1:eb:15:ac:31:01:c5:69:36:0d:47:43:05:
39:1f:c8:ed:4c:93:b0:aa:70:c6:f9:51:27:8b:34:a3:70:69:
15:fa:4c:11:90:c1:1d:45:3a:32:4d:72:18:48:f3:b6:d3:38:
2f:22:87:94:87:9d:33:37:5d:4c:29:7c:da:91:1c:1c:c4:76:
2c:33:f7:e8:31:a3:b0:c2:20:1e:fd:b8:a4:7c:95:8b:38:46:
43:59:72:80:e1:f6:f3:bf:1f:b7:48:df:ce:cf:13:ee:96:44:
e8:c4:ac:8a:d4:20:32:5c:84:1b:59:d7:26:17:a8:ff:d9:e7:
4b:35:4c:9d:34:42:8f:6b:ec:a4:7c:91:55:35:09:72:1b:f8:
18:42:d9:76:42:41:cd:44:1c:1c:bb:99:92:fb:78:8f:92:9e:
4b:09:d0:e9:44:34:db:db:7e:5a:d8:24:7c:43:19:e4:29:0c:
97:9a:64:fb:0d:1a:0d:b8:0c:1b:b9:27:41:fb:7d:24:f9:3b:
21:68:aa:2a:d9:0c:cc:be:8f:56:75:8b:28:b2:78:bd:1f:52:
05:21:ce:cf:fc:9f:8b:04:f5:9d:04:0d:a3:63:6c:fb:50:8e:
2c:9f:92:2a:c7:de:79:7a:31:32:d2:33:3c:d9:c8:37:af:d3:
92:aa:89:62
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVsgUJtRvSgpNeHtuwQlQVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlODNiYzQ1OGEzNjk2ZDY1MmZiZWY4NjNlNWVlNDBmMDA5
NmYxOTcwHhcNMjMwMTAxMDg0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGJmNmFkMzkwYzVmZjNmOGMwZjg2NjQ1NGIxNjJkN2VlZjNkMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNBQgw31Uqi/ZZKDWJGnsAaXSIkt
Dpe1N1L+/2TGL7+z/UBtsaZgKDhZqH9j6REmrLggoDKW/Wbi9ZiluRSeeVuP5gJs
6q/csImJazwXVkwULyPTuOCZaIc8y7VTSEz015OepXo/S24NHXspP5tjdCf2RT6D
rnPoljABzDVlWhAqwhepg4vuL9/KrIFgG6LpNAVEx2EeF5hCEvhrbftuvg/oLoZ0
4RHX8Bqe0REFbwC/rgCRQPdHkpZuY4TCrUpMNE8CbAbqjKvHatXAVdvN4esrTW2w
WPobZ1mt7x3VAhPOhecReFAZZ3oEsUuASevoRwVBNavEhmtaCtvsYwHvTwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGC/atOQxf8/jA+GZFSxYtfu89MzMB8GA1UdIwQY
MBaAFO6DvEWKNpbWUvvvhj5e5A8AlvGXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN29POFJZbzJsdFpTLS0tR1BsN2tEd0NXOFpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yNzRmNWMtYTdiYy00NjRkLTk2NjYt
N2MyODFkMDdlMTU1LzEvWUw5cTA1REZfei1NRDRaa1ZMRmkxLTd6MHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yNzRmNWMtYTdiYy00NjRkLTk2NjYtN2MyODFkMDdlMTU1
LzEvN29POFJZbzJsdFpTLS0tR1BsN2tEd0NXOFpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLqcIAwQC
uT8IAwQBvHQqMA0EAgACMAcDBQAqAwkgMA0GCSqGSIb3DQEBCwUAA4IBAQCwMG8k
O6HrFawxAcVpNg1HQwU5H8jtTJOwqnDG+VEnizSjcGkV+kwRkMEdRToyTXIYSPO2
0zgvIoeUh50zN11MKXzakRwcxHYsM/foMaOwwiAe/bikfJWLOEZDWXKA4fbzvx+3
SN/OzxPulkToxKyK1CAyXIQbWdcmF6j/2edLNUydNEKPa+ykfJFVNQlyG/gYQtl2
QkHNRBwcu5mS+3iPkp5LCdDpRDTb235a2CR8QxnkKQyXmmT7DRoNuAwbuSdB+30k
+TshaKoq2QzMvo9WdYsosni9H1IFIc7P/J+LBPWdBA2jY2z7UI4sn5Iqx955ejEy
0jM82cg3r9OSqoli
-----END CERTIFICATE-----
Generated at Fri Nov 3 07:26:31 2023 by rpki-client on console-ams.rpki-client.org