Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/WL-ykTzlof7R4oXSqwzVHLamW1E.roa
File: WL-ykTzlof7R4oXSqwzVHLamW1E.roa (raw, json)
Hash identifier: ZlyT78aWgO7kz+koAgt0IebG6auYn7RhC+R4PcZ7i5s=
Subject key identifier: 58:BF:B2:91:3C:E5:A1:FE:D1:E2:85:D2:AB:0C:D5:1C:B6:A6:5B:51
Certificate issuer: /CN=b4bdc376a159d05e2af97176a3eba8360e60d176
Certificate serial: 018755FF3945AC167557AE1E8F5D78490DC1
Authority key identifier: B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/WL-ykTzlof7R4oXSqwzVHLamW1E.roa
Signing time: Thu 06 Apr 2023 09:56:42 +0000
ROA not before: Thu 06 Apr 2023 09:56:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50247
IP address blocks: 91.218.240.0/24 maxlen: 24
185.178.236.0/22 maxlen: 22
109.197.36.0/23 maxlen: 23
109.196.80.0/20 maxlen: 20
91.224.143.0/24 maxlen: 24
91.224.142.0/23 maxlen: 23
91.224.142.0/24 maxlen: 24
45.131.34.0/24 maxlen: 24
45.131.33.0/24 maxlen: 24
109.95.88.0/21 maxlen: 21
2a0a:7080::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:55:ff:39:45:ac:16:75:57:ae:1e:8f:5d:78:49:0d:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4bdc376a159d05e2af97176a3eba8360e60d176
Validity
Not Before: Apr 6 09:56:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=58bfb2913ce5a1fed1e285d2ab0cd51cb6a65b51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:6c:50:cd:cf:e2:bc:a8:b0:83:6d:f9:78:4f:
1f:f0:98:f2:50:99:05:10:93:51:e6:ba:71:32:a6:
df:d3:f1:e1:f1:0e:95:58:07:e2:f2:f1:18:86:90:
db:d6:42:35:9f:5a:60:5e:c4:bf:da:59:89:29:c9:
22:92:d0:30:12:64:b2:21:71:db:65:34:6a:73:9d:
46:4c:9d:c3:24:b8:f0:5e:89:66:f6:5e:c2:71:bb:
1f:1b:fb:16:c2:bd:8c:e3:81:5e:88:06:3f:a1:a0:
0d:67:85:e8:05:65:85:0f:e3:59:47:c9:66:27:9d:
3a:c1:77:d0:c5:6c:88:dc:d4:f0:11:c4:4b:41:be:
0d:a8:33:08:21:0f:75:61:dc:7b:85:a3:40:44:cf:
54:e8:01:95:75:c3:b8:31:68:5f:7f:63:96:d5:ca:
bc:fa:cd:3e:86:af:a9:0c:b5:0e:5f:de:fc:61:ba:
20:00:cc:1a:9e:f9:11:81:40:e7:34:e3:91:0b:fe:
61:6c:7f:8c:ac:f5:20:85:03:97:40:c3:af:87:dc:
bc:41:0e:ee:7c:ee:7c:75:82:d6:4d:b1:dc:df:d9:
a8:5e:41:0a:9a:4c:3a:7e:05:49:89:45:f9:f8:44:
e0:11:95:49:57:ac:57:05:00:f9:00:22:1c:a3:cc:
44:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:BF:B2:91:3C:E5:A1:FE:D1:E2:85:D2:AB:0C:D5:1C:B6:A6:5B:51
X509v3 Authority Key Identifier:
keyid:B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/WL-ykTzlof7R4oXSqwzVHLamW1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.131.33.0-45.131.34.255
91.218.240.0/24
91.224.142.0/23
109.95.88.0/21
109.196.80.0/20
109.197.36.0/23
185.178.236.0/22
IPv6:
2a0a:7080::/29
Signature Algorithm: sha256WithRSAEncryption
4c:4a:d1:91:08:d9:9f:7b:25:5a:f5:02:ef:cc:77:7b:31:0d:
30:8f:e5:84:77:8e:75:58:d7:9c:ae:b6:26:34:7b:c7:98:62:
a3:d5:40:74:11:64:50:2c:b5:cf:6f:77:3b:f2:99:e9:94:35:
8a:39:ca:f6:63:89:4a:b8:ad:ff:e9:8e:2b:1b:dc:a7:16:82:
17:53:db:6a:a8:69:ab:1b:a7:87:dc:d5:38:f8:e1:09:ab:a5:
70:f3:e4:44:bb:77:9c:d3:7d:65:55:9e:03:ba:67:ea:63:3b:
35:ab:2e:e7:85:d0:bc:f2:5c:f8:b5:79:39:65:35:e3:ce:75:
0d:c0:36:2c:fb:8f:7e:b5:df:b6:a2:d9:57:48:16:ae:19:8f:
0b:cb:8b:67:48:4e:e8:73:5b:b8:75:04:75:c6:91:9e:65:ee:
f7:02:82:d3:29:29:ac:19:64:4b:8a:80:36:e1:71:1d:8c:a8:
a8:50:65:52:ee:1f:a4:89:6c:bd:24:61:da:8a:fc:96:96:8e:
48:92:e0:6f:11:eb:9e:a2:e5:b1:5a:c6:27:5e:0d:d4:c5:4c:
70:d6:e2:d9:73:45:85:ee:b3:b2:13:14:e4:14:e8:74:aa:89:
8b:7f:fa:77:e1:9e:ea:28:aa:be:34:fc:4b:0f:86:08:c9:e7:
96:b4:c6:83
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYdV/zlFrBZ1V64ej114SQ3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YmRjMzc2YTE1OWQwNWUyYWY5NzE3NmEzZWJhODM2MGU2
MGQxNzYwHhcNMjMwNDA2MDk1NjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGJmYjI5MTNjZTVhMWZlZDFlMjg1ZDJhYjBjZDUxY2I2YTY1YjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGxQzc/ivKiwg235eE8f8JjyUJkF
EJNR5rpxMqbf0/Hh8Q6VWAfi8vEYhpDb1kI1n1pgXsS/2lmJKckiktAwEmSyIXHb
ZTRqc51GTJ3DJLjwXolm9l7CcbsfG/sWwr2M44FeiAY/oaANZ4XoBWWFD+NZR8lm
J506wXfQxWyI3NTwEcRLQb4NqDMIIQ91Ydx7haNARM9U6AGVdcO4MWhff2OW1cq8
+s0+hq+pDLUOX978YbogAMwanvkRgUDnNOORC/5hbH+MrPUghQOXQMOvh9y8QQ7u
fO58dYLWTbHc39moXkEKmkw6fgVJiUX5+ETgEZVJV6xXBQD5ACIco8xEFwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFFi/spE85aH+0eKF0qsM1Ry2pltRMB8GA1UdIwQY
MBaAFLS9w3ahWdBeKvlxdqPrqDYOYNF2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUt
MjhkMDEwNjAzNTI5LzEvV0wteWtUemxvZjdSNG9YU3F3elZITGFtVzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUtMjhkMDEwNjAzNTI5
LzEvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyMAwDBAAtgyED
BAAtgyIDBABb2vADBAFb4I4DBANtX1gDBARtxFADBAFtxSQDBAK5suwwDQQCAAIw
BwMFAyoKcIAwDQYJKoZIhvcNAQELBQADggEBAExK0ZEI2Z97JVr1Au/Md3sxDTCP
5YR3jnVY15yutiY0e8eYYqPVQHQRZFAstc9vdzvymemUNYo5yvZjiUq4rf/pjisb
3KcWghdT22qoaasbp4fc1Tj44QmrpXDz5ES7d5zTfWVVngO6Z+pjOzWrLueF0Lzy
XPi1eTllNePOdQ3ANiz7j36137ai2VdIFq4ZjwvLi2dITuhzW7h1BHXGkZ5l7vcC
gtMpKawZZEuKgDbhcR2MqKhQZVLuH6SJbL0kYdqK/JaWjkiS4G8R656i5bFaxide
DdTFTHDW4tlzRYXus7ITFOQU6HSqiYt/+nfhnuooqr40/EsPhgjJ55a0xoM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:16 2024 by rpki-client on console-fra.rpki-client.org