Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/ykTQ2kQxGFOjr24ESdKmxdVktMQ.roa
File: ykTQ2kQxGFOjr24ESdKmxdVktMQ.roa (raw, json)
Hash identifier: vwjjhyRSVBtaaKVxQzBzQiaYFpJW7CSQns4zxdVC6D0=
Subject key identifier: CA:44:D0:DA:44:31:18:53:A3:AF:6E:04:49:D2:A6:C5:D5:64:B4:C4
Certificate issuer: /CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Certificate serial: 018DA31AD750170777B81EA7DC3B84B4C52C
Authority key identifier: 25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/ykTQ2kQxGFOjr24ESdKmxdVktMQ.roa
Signing time: Tue 13 Feb 2024 15:34:21 +0000
ROA not before: Tue 13 Feb 2024 15:34:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208118
IP address blocks: 152.89.64.0/22 maxlen: 32
152.89.65.0/24 maxlen: 24
152.89.66.0/24 maxlen: 24
152.89.67.0/24 maxlen: 24
2a09:2e40::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:a3:1a:d7:50:17:07:77:b8:1e:a7:dc:3b:84:b4:c5:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Validity
Not Before: Feb 13 15:34:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ca44d0da44311853a3af6e0449d2a6c5d564b4c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:3b:ff:43:13:ce:df:9a:e5:90:19:29:4c:89:
f3:32:2f:8b:4e:96:85:29:65:cf:14:24:fd:26:63:
4d:ad:10:fd:74:02:23:6c:a3:5b:50:6d:8b:e7:e0:
72:43:e4:7a:bd:f3:44:89:0e:56:85:ed:81:f1:a1:
17:e0:d5:c9:05:30:51:5c:1c:81:13:78:21:8e:0b:
5a:6b:40:01:22:46:25:91:a3:65:70:76:53:4c:32:
3b:0a:0a:fd:b3:ae:7f:db:12:97:42:4d:4a:1a:a7:
46:98:88:24:43:4c:4e:92:96:23:a7:3e:0e:76:e2:
51:ad:53:e7:c9:5a:59:af:72:e7:5c:dd:79:16:ad:
a1:46:12:a4:88:ba:78:39:1d:05:22:76:e0:39:28:
0f:a3:08:4a:50:b7:cf:18:29:c1:11:d0:79:78:2c:
89:85:07:a5:47:dc:87:7f:ef:c7:ab:5d:50:e6:96:
80:de:5b:74:93:27:d0:97:09:54:4c:4d:5a:82:4a:
cf:46:28:90:20:14:70:36:bf:11:36:e4:12:4d:3d:
f3:a8:16:1e:c8:cb:a6:99:ad:d7:e9:1c:1a:93:2b:
02:33:19:34:6e:ea:0d:d4:2a:e4:04:b6:00:68:c1:
73:cb:91:e3:12:36:fd:0f:11:fd:02:30:1b:1d:e5:
c9:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:44:D0:DA:44:31:18:53:A3:AF:6E:04:49:D2:A6:C5:D5:64:B4:C4
X509v3 Authority Key Identifier:
keyid:25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/ykTQ2kQxGFOjr24ESdKmxdVktMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/JVf6lW8PU5gNecMs4ebpPv1Ij9c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.64.0/22
IPv6:
2a09:2e40::/29
Signature Algorithm: sha256WithRSAEncryption
6b:4f:66:ca:e4:a5:b3:70:ff:ea:a0:40:f9:76:a9:f0:fc:0e:
24:0d:ff:bb:42:c7:a5:0c:c0:84:36:58:d6:b8:3d:3c:67:71:
04:e4:e1:03:55:0e:b5:1f:10:a2:b8:a9:2d:42:55:c5:c0:97:
ee:80:5e:c1:8d:4c:a4:05:92:86:97:c8:0b:0e:f8:6b:d5:e5:
17:71:63:fd:d7:e9:11:64:bd:2b:0e:94:00:f4:9a:b9:1f:59:
ea:14:2e:d8:e7:63:01:91:dd:57:a9:c0:60:2d:50:21:6b:43:
c6:b0:a0:7e:bc:ec:78:d5:12:29:f0:74:3c:74:26:91:8d:8b:
76:7d:6e:aa:cc:0b:8f:bb:15:45:95:c7:5a:7a:04:69:4c:d6:
18:5b:f9:09:43:e7:51:1f:39:8e:2a:94:e1:c6:24:b6:23:89:
95:33:d1:7c:d8:34:bc:d9:6e:8f:35:6b:9b:5a:ea:ea:51:43:
34:51:98:23:a8:ae:32:56:3f:07:36:20:d5:c2:92:ef:1e:7c:
9d:e2:d2:c5:00:c5:a0:1d:0f:f5:79:d9:c7:3f:60:0c:20:79:
ae:ec:70:a5:f0:16:ba:14:f7:ee:ae:c4:39:6f:36:1d:a8:59:
2d:51:58:50:6c:d9:2b:b0:f1:d5:37:20:8b:42:b1:c4:dd:54:
75:aa:bd:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2jGtdQFwd3uB6n3DuEtMUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTdmYTk1NmYwZjUzOTgwZDc5YzMyY2UxZTZlOTNlZmQ0
ODhmZDcwHhcNMjQwMjEzMTUzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQ0ZDBkYTQ0MzExODUzYTNhZjZlMDQ0OWQyYTZjNWQ1NjRiNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Tv/QxPO35rlkBkpTInzMi+LTpaF
KWXPFCT9JmNNrRD9dAIjbKNbUG2L5+ByQ+R6vfNEiQ5Whe2B8aEX4NXJBTBRXByB
E3ghjgtaa0ABIkYlkaNlcHZTTDI7Cgr9s65/2xKXQk1KGqdGmIgkQ0xOkpYjpz4O
duJRrVPnyVpZr3LnXN15Fq2hRhKkiLp4OR0FInbgOSgPowhKULfPGCnBEdB5eCyJ
hQelR9yHf+/Hq11Q5paA3lt0kyfQlwlUTE1agkrPRiiQIBRwNr8RNuQSTT3zqBYe
yMumma3X6RwakysCMxk0buoN1CrkBLYAaMFzy5HjEjb9DxH9AjAbHeXJGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMpE0NpEMRhTo69uBEnSpsXVZLTEMB8GA1UdIwQY
MBaAFCVX+pVvD1OYDXnDLOHm6T79SI/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAt
NmQ3MTYzNDQyMjQ0LzEveWtUUTJrUXhHRk9qcjI0RVNkS214ZFZrdE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAtNmQ3MTYzNDQyMjQ0
LzEvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFlAMA0E
AgACMAcDBQMqCS5AMA0GCSqGSIb3DQEBCwUAA4IBAQBrT2bK5KWzcP/qoED5dqnw
/A4kDf+7QselDMCENljWuD08Z3EE5OEDVQ61HxCiuKktQlXFwJfugF7BjUykBZKG
l8gLDvhr1eUXcWP91+kRZL0rDpQA9Jq5H1nqFC7Y52MBkd1XqcBgLVAha0PGsKB+
vOx41RIp8HQ8dCaRjYt2fW6qzAuPuxVFlcdaegRpTNYYW/kJQ+dRHzmOKpThxiS2
I4mVM9F82DS82W6PNWubWurqUUM0UZgjqK4yVj8HNiDVwpLvHnyd4tLFAMWgHQ/1
ednHP2AMIHmu7HCl8Ba6FPfursQ5bzYdqFktUVhQbNkrsPHVNyCLQrHE3VR1qr24
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:51 2024 by rpki-client on console-ams.rpki-client.org