Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/YChrPM81EzeXeXGZK57kbhwOQlo.roa
File: YChrPM81EzeXeXGZK57kbhwOQlo.roa (raw, json)
Hash identifier: XmT/5GJ5JOmsX7EFCnkA6Pr+ZBfYyP5hOY27NGq2hzc=
Subject key identifier: 60:28:6B:3C:CF:35:13:37:97:79:71:99:2B:9E:E4:6E:1C:0E:42:5A
Certificate issuer: /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial: 018CCA2B63EB57F66CD605C04A2480022D91
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/YChrPM81EzeXeXGZK57kbhwOQlo.roa
Signing time: Tue 02 Jan 2024 12:34:50 +0000
ROA not before: Tue 02 Jan 2024 12:34:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35711
IP address blocks: 193.203.39.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2b:63:eb:57:f6:6c:d6:05:c0:4a:24:80:02:2d:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Validity
Not Before: Jan 2 12:34:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=60286b3ccf351337977971992b9ee46e1c0e425a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:9f:c8:8a:8e:28:77:75:e2:4c:1b:8d:2c:59:
86:34:2f:f8:d8:46:fd:52:36:62:8f:bd:9b:45:41:
b9:ed:e0:49:09:08:48:23:49:4a:fb:64:56:b7:05:
c1:63:55:78:68:ec:e0:93:a4:af:2e:5b:aa:3e:0d:
fc:8d:98:6d:d5:55:51:04:fb:9b:1e:33:e7:7d:60:
1b:71:a2:82:f9:5a:af:e7:e8:f7:f1:93:c8:88:37:
3f:13:6d:77:30:2b:ba:4d:76:58:7e:99:70:75:72:
d5:12:67:d8:4f:e0:10:2f:72:15:50:cf:31:71:2a:
19:94:46:be:7d:cb:d0:97:fa:ca:98:60:ec:f4:6c:
7f:36:9a:01:15:b0:34:9a:98:f5:cb:ea:d0:a5:1c:
02:86:d1:3b:a5:fd:80:60:27:ce:20:b7:f4:02:cf:
b0:e7:6e:33:8e:62:a4:a5:69:a8:16:6e:70:6a:de:
2b:2b:f3:62:00:43:fd:7e:5c:88:e4:c0:00:9f:4e:
fc:ae:50:1d:c2:38:e5:e3:24:41:e7:93:ba:0f:d4:
32:d5:b3:b4:98:fa:ae:25:ef:3c:20:4b:c7:bf:b3:
3d:eb:fa:e8:7b:8c:f0:ca:a5:c7:e8:fa:f8:fc:b0:
18:15:d2:49:d0:3d:57:49:83:4d:81:9b:71:48:81:
a9:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:28:6B:3C:CF:35:13:37:97:79:71:99:2B:9E:E4:6E:1C:0E:42:5A
X509v3 Authority Key Identifier:
keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/YChrPM81EzeXeXGZK57kbhwOQlo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.203.39.0/24
Signature Algorithm: sha256WithRSAEncryption
05:8f:ab:8e:b5:b0:5a:d5:fd:cb:a4:12:a5:44:43:8d:7c:15:
6d:e0:92:32:5c:63:04:94:df:b3:0d:b4:08:67:e8:a4:f6:11:
23:50:4c:e4:c4:5d:9d:3b:bf:20:5f:05:5e:7c:7d:be:d4:e6:
4a:49:e6:d9:2b:a7:d4:30:a9:05:4e:89:70:3c:eb:20:ec:9b:
bb:a6:31:74:ea:b5:4b:50:8d:be:e1:a9:d9:fc:62:af:e1:ae:
99:44:5f:c5:72:5d:5a:d0:e9:b7:31:61:50:94:05:a5:dd:5e:
8f:24:db:e8:91:b6:57:ec:b1:f7:60:b7:f2:38:82:25:2c:b7:
e1:cb:5b:12:82:a2:85:e3:c5:0f:ab:83:22:a8:ee:8e:1a:92:
2a:65:ee:af:c8:1f:a1:fc:ee:96:65:9f:b9:03:93:68:29:0f:
42:09:09:e8:d7:9c:09:43:c1:f7:97:a8:c5:90:78:1e:23:f6:
cb:d6:13:81:eb:5e:50:a5:83:56:67:c8:a2:52:91:03:91:1a:
5f:67:42:8c:60:6f:99:04:d1:e2:7e:91:7a:ca:35:02:bb:05:
d4:f3:77:3c:d5:23:db:5e:f0:ed:7f:83:5b:11:89:c0:ff:c1:
c8:aa:96:bf:0e:ea:63:db:a8:b1:e2:99:20:cd:22:84:31:be:
0d:d4:c7:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2PrV/Zs1gXASiSAAi2RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDI4NmIzY2NmMzUxMzM3OTc3OTcxOTkyYjllZTQ2ZTFjMGU0MjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ/Iio4od3XiTBuNLFmGNC/42Eb9
UjZij72bRUG57eBJCQhII0lK+2RWtwXBY1V4aOzgk6SvLluqPg38jZht1VVRBPub
HjPnfWAbcaKC+Vqv5+j38ZPIiDc/E213MCu6TXZYfplwdXLVEmfYT+AQL3IVUM8x
cSoZlEa+fcvQl/rKmGDs9Gx/NpoBFbA0mpj1y+rQpRwChtE7pf2AYCfOILf0As+w
524zjmKkpWmoFm5wat4rK/NiAEP9flyI5MAAn078rlAdwjjl4yRB55O6D9Qy1bO0
mPquJe88IEvHv7M96/roe4zwyqXH6Pr4/LAYFdJJ0D1XSYNNgZtxSIGpZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAoazzPNRM3l3lxmSue5G4cDkJaMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvWUNoclBNODFFemVYZVhHWks1N2tiaHdPUWxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcsnMA0G
CSqGSIb3DQEBCwUAA4IBAQAFj6uOtbBa1f3LpBKlREONfBVt4JIyXGMElN+zDbQI
Z+ik9hEjUEzkxF2dO78gXwVefH2+1OZKSebZK6fUMKkFTolwPOsg7Ju7pjF06rVL
UI2+4anZ/GKv4a6ZRF/Fcl1a0Om3MWFQlAWl3V6PJNvokbZX7LH3YLfyOIIlLLfh
y1sSgqKF48UPq4MiqO6OGpIqZe6vyB+h/O6WZZ+5A5NoKQ9CCQno15wJQ8H3l6jF
kHgeI/bL1hOB615QpYNWZ8iiUpEDkRpfZ0KMYG+ZBNHifpF6yjUCuwXU83c81SPb
XvDtf4NbEYnA/8HIqpa/Dupj26ix4pkgzSKEMb4N1Mdu
-----END CERTIFICATE-----
Generated at Mon Nov 4 13:10:14 2024 by rpki-client on console-fra.rpki-client.org