Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/e005c2-affa-458f-aaf8-8af56e733600/1/YdC3pbMDKzSOFkiTW9DnIziK8z4.roa
File: YdC3pbMDKzSOFkiTW9DnIziK8z4.roa (raw, json)
Hash identifier: m2OO0CNmp/8t7e0X2OuAlxczmjDVqgHcE03rdKSbFpU=
Subject key identifier: 61:D0:B7:A5:B3:03:2B:34:8E:16:48:93:5B:D0:E7:23:38:8A:F3:3E
Certificate issuer: /CN=4b57725b0a605d4ddcc464b70dcb3a162a5f055b
Certificate serial: 12194424
Authority key identifier: 4B:57:72:5B:0A:60:5D:4D:DC:C4:64:B7:0D:CB:3A:16:2A:5F:05:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S1dyWwpgXU3cxGS3Dcs6FipfBVs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/e005c2-affa-458f-aaf8-8af56e733600/1/YdC3pbMDKzSOFkiTW9DnIziK8z4.roa
Signing time: Thu 21 Apr 2022 07:13:05 +0000
ROA not before: Thu 21 Apr 2022 07:13:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 51407
IP address blocks: 46.32.216.0/23 maxlen: 23
46.32.214.0/23 maxlen: 23
46.32.218.0/23 maxlen: 23
46.32.220.0/23 maxlen: 23
5.34.162.0/23 maxlen: 23
5.34.164.0/23 maxlen: 23
5.34.166.0/23 maxlen: 23
46.28.138.0/23 maxlen: 23
95.215.131.0/24 maxlen: 24
37.60.144.0/23 maxlen: 23
37.60.144.0/21 maxlen: 21
46.28.142.0/23 maxlen: 23
37.60.148.0/23 maxlen: 23
37.60.146.0/23 maxlen: 23
37.60.150.0/23 maxlen: 23
31.25.74.0/23 maxlen: 23
31.25.72.0/23 maxlen: 23
31.25.78.0/23 maxlen: 23
31.25.76.0/23 maxlen: 23
31.13.163.0/24 maxlen: 24
31.13.162.0/23 maxlen: 23
31.13.160.0/23 maxlen: 23
31.13.164.0/23 maxlen: 23
31.13.166.0/23 maxlen: 23
46.32.192.0/21 maxlen: 21
46.32.192.0/23 maxlen: 23
185.7.120.0/23 maxlen: 23
185.7.122.0/23 maxlen: 23
46.32.194.0/23 maxlen: 23
46.32.198.0/23 maxlen: 23
46.32.196.0/23 maxlen: 23
46.32.202.0/23 maxlen: 23
46.32.200.0/24 maxlen: 24
46.32.206.0/23 maxlen: 23
46.32.204.0/23 maxlen: 23
46.32.208.0/24 maxlen: 24
46.32.212.0/23 maxlen: 23
46.32.210.0/23 maxlen: 23
188.227.233.0/24 maxlen: 24
188.227.232.0/24 maxlen: 24
188.227.232.0/23 maxlen: 23
188.227.238.0/23 maxlen: 23
188.227.236.0/23 maxlen: 23
188.227.235.0/24 maxlen: 24
188.227.234.0/23 maxlen: 23
188.227.234.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 303645732 (0x12194424)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b57725b0a605d4ddcc464b70dcb3a162a5f055b
Validity
Not Before: Apr 21 07:13:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=61d0b7a5b3032b348e1648935bd0e723388af33e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:fe:bf:86:35:e3:63:f1:e6:e5:17:1d:78:73:
b7:41:b6:5a:12:09:6f:ee:e3:4e:61:e7:69:91:d0:
af:70:cf:fb:ba:ef:12:94:89:a0:cc:1d:c9:5c:d7:
29:8b:3e:21:0b:32:ff:d7:57:dd:d0:38:37:b4:b7:
9c:fd:13:56:fb:b8:3a:41:a9:b4:cd:fb:64:04:a6:
1b:78:57:0b:57:77:dd:0b:d2:17:a1:de:21:03:5c:
35:4d:ab:21:66:74:35:02:e5:f7:9e:5c:82:d8:72:
88:91:20:6e:6d:a0:08:7c:da:b3:3b:b6:f3:24:a3:
8c:a3:36:8a:39:dd:23:fc:7a:b8:a8:b7:84:2a:64:
3b:e5:5c:7b:40:83:e2:1b:6a:33:87:b0:cd:b4:f2:
ab:13:c6:a3:6a:f9:8d:e0:5f:2a:ca:46:65:c2:f7:
53:0c:90:d7:fb:d6:09:7f:86:29:ad:8b:68:9d:5a:
91:fc:16:13:25:65:f8:1f:a6:eb:5f:22:2d:4b:5b:
5c:89:92:a1:e5:51:ff:1f:d3:c3:ad:e1:4d:90:4a:
17:4f:7c:8a:02:99:5d:42:ce:1f:2e:6d:7a:ba:92:
dd:e0:42:0f:22:97:0f:b0:57:be:ec:8d:91:85:5a:
93:53:1a:72:38:88:6e:ae:11:fd:bf:37:a0:8c:18:
ec:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:D0:B7:A5:B3:03:2B:34:8E:16:48:93:5B:D0:E7:23:38:8A:F3:3E
X509v3 Authority Key Identifier:
keyid:4B:57:72:5B:0A:60:5D:4D:DC:C4:64:B7:0D:CB:3A:16:2A:5F:05:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1dyWwpgXU3cxGS3Dcs6FipfBVs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e005c2-affa-458f-aaf8-8af56e733600/1/YdC3pbMDKzSOFkiTW9DnIziK8z4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e005c2-affa-458f-aaf8-8af56e733600/1/S1dyWwpgXU3cxGS3Dcs6FipfBVs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.162.0-5.34.167.255
31.13.160.0/21
31.25.72.0/21
37.60.144.0/21
46.28.138.0/23
46.28.142.0/23
46.32.192.0-46.32.200.255
46.32.202.0-46.32.208.255
46.32.210.0-46.32.221.255
95.215.131.0/24
185.7.120.0/22
188.227.232.0/21
Signature Algorithm: sha256WithRSAEncryption
61:29:40:81:70:e2:49:ff:e9:04:1d:38:68:07:08:48:6c:b3:
cb:b7:cc:a8:e5:bb:97:0c:49:df:ce:4e:de:9d:06:21:32:0f:
79:b1:1a:ed:91:f2:90:dc:f6:96:3a:f7:40:2f:75:6e:d1:5a:
a3:15:a7:ca:a7:8f:3c:35:35:35:20:51:d9:d9:0a:d4:5a:3e:
0d:60:43:8e:bb:af:1e:16:65:48:8a:02:31:74:43:3b:5a:9f:
1c:77:13:42:12:e2:d1:16:e5:ed:35:64:e7:56:02:3f:3a:54:
4e:da:17:4e:a5:13:c7:c8:34:ce:d7:0a:6c:94:90:1f:5f:58:
f3:8c:3e:40:6c:c3:f1:42:a1:9f:c9:29:84:b4:ff:af:fb:60:
aa:02:10:7e:d3:f6:c7:97:3e:3c:e6:97:29:8f:75:25:3c:70:
f4:3c:d4:00:dc:37:79:42:31:2b:f6:a0:3c:58:f0:11:16:f7:
4c:00:66:06:db:aa:84:a4:69:0c:a3:b2:4e:12:6b:c2:34:08:
bd:d5:a6:b5:50:a7:9d:7e:0a:79:0d:7c:84:30:fe:ec:e4:63:
1f:8a:2a:f4:39:79:28:70:3a:91:0b:46:7c:ae:26:f9:a4:56:
c2:e0:c4:e9:5f:8e:0b:7f:66:c1:9c:53:73:d9:63:cd:a4:d9:
ce:9d:92:14
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIEEhlEJDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
YjU3NzI1YjBhNjA1ZDRkZGNjNDY0YjcwZGNiM2ExNjJhNWYwNTViMB4XDTIyMDQy
MTA3MTMwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjFkMGI3YTViMzAz
MmIzNDhlMTY0ODkzNWJkMGU3MjMzODhhZjMzZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK7+v4Y142Px5uUXHXhzt0G2WhIJb+7jTmHnaZHQr3DP+7rv
EpSJoMwdyVzXKYs+IQsy/9dX3dA4N7S3nP0TVvu4OkGptM37ZASmG3hXC1d33QvS
F6HeIQNcNU2rIWZ0NQLl955cgthyiJEgbm2gCHzaszu28ySjjKM2ijndI/x6uKi3
hCpkO+Vce0CD4htqM4ewzbTyqxPGo2r5jeBfKspGZcL3UwyQ1/vWCX+GKa2LaJ1a
kfwWEyVl+B+m618iLUtbXImSoeVR/x/Tw63hTZBKF098igKZXULOHy5terqS3eBC
DyKXD7BXvuyNkYVak1MacjiIbq4R/b83oIwY7FsCAwEAAaOCAmwwggJoMB0GA1Ud
DgQWBBRh0LelswMrNI4WSJNb0OcjOIrzPjAfBgNVHSMEGDAWgBRLV3JbCmBdTdzE
ZLcNyzoWKl8FWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1MxZHlXd3BnWFUzY3hHUzNEY3M2RmlwZkJWcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvZTAwNWMyLWFmZmEtNDU4Zi1hYWY4LThhZjU2ZTczMzYwMC8x
L1lkQzNwYk1ES3pTT0ZraVRXOURuSXppSzh6NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
ZTAwNWMyLWFmZmEtNDU4Zi1hYWY4LThhZjU2ZTczMzYwMC8xL1MxZHlXd3BnWFUz
Y3hHUzNEY3M2RmlwZkJWcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
gQYIKwYBBQUHAQcBAf8EcjBwMG4EAgABMGgwDAMEAQUiogMEAwUioAMEAx8NoAME
Ax8ZSAMEAyU8kAMEAS4cigMEAS4cjjAMAwQGLiDAAwQALiDIMAwDBAEuIMoDBAAu
INAwDAMEAS4g0gMEAS4g3AMEAF/XgwMEArkHeAMEA7zj6DANBgkqhkiG9w0BAQsF
AAOCAQEAYSlAgXDiSf/pBB04aAcISGyzy7fMqOW7lwxJ385O3p0GITIPebEa7ZHy
kNz2ljr3QC91btFaoxWnyqePPDU1NSBR2dkK1Fo+DWBDjruvHhZlSIoCMXRDO1qf
HHcTQhLi0Rbl7TVk51YCPzpUTtoXTqUTx8g0ztcKbJSQH19Y84w+QGzD8UKhn8kp
hLT/r/tgqgIQftP2x5c+POaXKY91JTxw9DzUANw3eUIxK/agPFjwERb3TABmBtuq
hKRpDKOyThJrwjQIvdWmtVCnnX4KeQ18hDD+7ORjH4oq9Dl5KHA6kQtGfK4m+aRW
wuDE6V+OC39mwZxTc9ljzaTZzp2SFA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:31:41 2025 by rpki-client