Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/YE5zYQJRbP5shWQtrbdIdppB6-w.roa
File: YE5zYQJRbP5shWQtrbdIdppB6-w.roa (raw, json)
Hash identifier: 4UvH5qkJm30XYO9R+W9DDEmQaBadPeEz8Czj7iEtYfs=
Subject key identifier: 60:4E:73:61:02:51:6C:FE:6C:85:64:2D:AD:B7:48:76:9A:41:EB:EC
Certificate issuer: /CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Certificate serial: 07BCE805
Authority key identifier: 8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/YE5zYQJRbP5shWQtrbdIdppB6-w.roa
Signing time: Sat 01 Jan 2022 03:53:34 +0000
ROA not before: Sat 01 Jan 2022 03:53:34 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 20900
IP address blocks: 78.159.132.0/22 maxlen: 22
195.78.82.0/24 maxlen: 24
78.159.148.0/24 maxlen: 24
45.11.208.0/22 maxlen: 22
91.214.114.0/23 maxlen: 23
91.214.114.0/24 maxlen: 24
91.214.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 129820677 (0x7bce805)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Validity
Not Before: Jan 1 03:53:34 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=604e736102516cfe6c85642dadb748769a41ebec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:f7:07:8f:aa:d0:8f:ad:3d:3f:60:e0:fc:36:
c1:d4:63:38:c2:9a:0c:c2:b1:d6:0d:21:ee:c1:e7:
9d:4a:a4:51:4e:5a:94:4d:dc:21:91:b0:e8:7b:c3:
33:b6:f2:dc:70:5c:37:d0:a1:52:9b:e3:4e:15:a0:
56:71:b5:a2:4c:c9:12:1b:e1:b2:68:12:62:e5:1f:
20:b3:64:46:d8:f6:0f:86:6d:a7:3f:57:9e:44:8e:
1a:e3:89:4f:1d:aa:33:9d:99:b1:ca:27:b3:09:bf:
88:e0:48:c3:c0:70:36:5d:23:3b:bd:9f:7b:81:7d:
da:5e:8d:80:79:cc:fb:0f:b1:c3:26:ce:5f:d5:17:
4b:a8:ec:e0:8f:db:d9:72:ca:d8:9f:6e:9d:ab:45:
cb:5b:77:99:91:67:fd:ad:0c:8c:c9:e2:01:5e:ef:
d8:91:64:a6:90:3f:3a:35:c8:bf:1f:b0:82:43:fb:
3a:b0:8f:c2:ff:ab:65:63:a5:75:de:43:57:7c:79:
ba:a6:22:98:c1:21:2f:cb:c1:e5:5f:7d:a8:f2:b9:
01:98:c3:1b:18:19:25:7a:96:ec:12:e6:d3:df:b7:
ef:c5:6c:95:60:65:6b:57:f0:17:df:df:be:2a:6f:
07:a4:88:7e:5a:7e:93:fd:6c:df:16:7f:27:6d:b9:
ab:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:4E:73:61:02:51:6C:FE:6C:85:64:2D:AD:B7:48:76:9A:41:EB:EC
X509v3 Authority Key Identifier:
keyid:8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/YE5zYQJRbP5shWQtrbdIdppB6-w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.208.0/22
78.159.132.0/22
78.159.148.0/24
91.214.114.0/23
195.78.82.0/24
Signature Algorithm: sha256WithRSAEncryption
38:0d:8d:fc:c4:67:a3:ad:a5:24:4d:89:6d:2f:0c:c2:2f:e3:
e0:c9:28:be:27:31:6b:d4:97:94:78:f9:e7:08:4c:02:11:4c:
0f:43:f4:df:9f:07:c8:33:5c:b5:cc:29:16:9d:70:da:aa:bc:
e6:47:5e:30:5c:bc:6c:da:50:d5:cc:c6:c2:7c:9f:18:79:d0:
70:b3:89:2b:57:21:ad:c1:03:bb:b2:4f:b1:c0:f7:a5:d2:af:
65:d6:cc:4d:26:e3:d2:fd:fd:48:72:d0:bf:f9:42:4f:02:b5:
93:a0:30:c1:b8:26:8d:5b:68:35:57:17:bd:52:2f:e6:4c:cf:
31:6c:4e:e6:1b:dc:b4:29:eb:7c:37:46:4e:74:a1:45:bd:10:
6c:70:bd:66:8e:4b:21:40:8f:f5:3c:3f:09:38:f8:e8:e6:40:
03:ad:cb:60:1a:98:25:c9:6e:53:50:16:4f:2e:56:03:0d:d3:
84:c9:53:9c:5b:0d:3f:ec:10:f6:dc:ec:ea:51:e8:2d:cd:6e:
a6:eb:65:de:d8:87:73:59:e9:cb:df:2d:a8:b9:dc:15:7c:fc:
b7:9d:94:1f:8f:da:e9:7d:a3:f3:1b:49:bb:50:a0:d2:8e:a2:
d8:95:25:d8:52:4c:71:fc:4b:c7:12:74:c9:21:72:20:b5:87:
46:23:c5:d2
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEB7zoBTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YzA2MDA0MGVmM2EwODIzYWE5NzNmMGQwNTkyYjFkZGE4MDhmNzgyMB4XDTIyMDEw
MTAzNTMzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjA0ZTczNjEwMjUx
NmNmZTZjODU2NDJkYWRiNzQ4NzY5YTQxZWJlYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAML3B4+q0I+tPT9g4Pw2wdRjOMKaDMKx1g0h7sHnnUqkUU5a
lE3cIZGw6HvDM7by3HBcN9ChUpvjThWgVnG1okzJEhvhsmgSYuUfILNkRtj2D4Zt
pz9XnkSOGuOJTx2qM52Zsconswm/iOBIw8BwNl0jO72fe4F92l6NgHnM+w+xwybO
X9UXS6js4I/b2XLK2J9unatFy1t3mZFn/a0MjMniAV7v2JFkppA/OjXIvx+wgkP7
OrCPwv+rZWOldd5DV3x5uqYimMEhL8vB5V99qPK5AZjDGxgZJXqW7BLm09+378Vs
lWBla1fwF9/fvipvB6SIflp+k/1s3xZ/J225q70CAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRgTnNhAlFs/myFZC2tt0h2mkHr7DAfBgNVHSMEGDAWgBSMBgBA7zoII6qX
Pw0FkrHdqAj3gjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pBWUFRTzg2Q0NPcWx6OE5CWkt4M2FnSTk0SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjkvZTc1NDllLTViMjUtNDIwMC04OGI5LTRlNGEzNWRkMzY3Ny8x
L1lFNXpZUUpSYlA1c2hXUXRyYmRJZHBwQjYtdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkv
ZTc1NDllLTViMjUtNDIwMC04OGI5LTRlNGEzNWRkMzY3Ny8xL2pBWUFRTzg2Q0NP
cWx6OE5CWkt4M2FnSTk0SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAi0L0AMEAk6fhAMEAE6flAMEAVvW
cgMEAMNOUjANBgkqhkiG9w0BAQsFAAOCAQEAOA2N/MRno62lJE2JbS8Mwi/j4Mko
vicxa9SXlHj55whMAhFMD0P0358HyDNctcwpFp1w2qq85kdeMFy8bNpQ1czGwnyf
GHnQcLOJK1chrcEDu7JPscD3pdKvZdbMTSbj0v39SHLQv/lCTwK1k6AwwbgmjVto
NVcXvVIv5kzPMWxO5hvctCnrfDdGTnShRb0QbHC9Zo5LIUCP9Tw/CTj46OZAA63L
YBqYJcluU1AWTy5WAw3ThMlTnFsNP+wQ9tzs6lHoLc1uputl3tiHc1npy98tqLnc
FXz8t52UH4/a6X2j8xtJu1Cg0o6i2JUl2FJMcfxLxxJ0ySFyILWHRiPF0g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:20 2024 by rpki-client on console-fra.rpki-client.org