Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/yPHQo4pqMde9ETEzl4kSoaWQTtY.roa
File: yPHQo4pqMde9ETEzl4kSoaWQTtY.roa (raw, json)
Hash identifier: a9GXIoj6kio60taJ+bBGFuz721WLBVO3WGC2ypOiJiE=
Subject key identifier: C8:F1:D0:A3:8A:6A:31:D7:BD:11:31:33:97:89:12:A1:A5:90:4E:D6
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 34E36027
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/yPHQo4pqMde9ETEzl4kSoaWQTtY.roa
Signing time: Thu 03 Feb 2022 12:29:37 +0000
ROA not before: Thu 03 Feb 2022 12:29:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 5430
IP address blocks: 89.48.0.0/13 maxlen: 24
62.104.164.0/24 maxlen: 24
62.104.178.0/24 maxlen: 24
62.104.182.0/24 maxlen: 24
194.97.192.0/18 maxlen: 18
194.97.0.0/18 maxlen: 18
89.49.0.0/16 maxlen: 16
89.49.127.0/24 maxlen: 24
89.49.126.0/24 maxlen: 24
195.4.0.0/16 maxlen: 16
195.4.16.0/24 maxlen: 24
62.104.75.0/24 maxlen: 24
194.97.160.0/19 maxlen: 19
194.97.167.0/24 maxlen: 24
62.104.0.0/16 maxlen: 16
62.104.20.0/24 maxlen: 24
194.97.96.0/19 maxlen: 19
2001:748::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 887316519 (0x34e36027)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: Feb 3 12:29:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c8f1d0a38a6a31d7bd113133978912a1a5904ed6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:4d:79:92:29:2d:34:85:1e:fd:49:5c:e0:55:
b9:26:b4:43:86:68:66:fb:9c:3e:e3:f4:0d:25:5b:
f9:b5:c4:00:51:37:4e:c9:87:7f:0f:9d:98:29:8a:
62:0c:0b:98:02:ff:0f:2c:6f:7c:a7:bb:da:d8:fa:
2d:51:5b:d9:93:45:66:fc:26:96:8c:13:29:dc:63:
68:b2:7c:b1:a9:7d:30:e4:9a:40:18:c6:c0:3a:ba:
47:02:66:69:a2:3a:b8:9c:02:e5:cb:5a:9f:11:87:
44:09:fb:df:7d:e2:2b:1d:91:98:89:0d:16:67:08:
5c:14:c1:76:6a:b7:bf:57:85:9a:97:42:21:d5:de:
94:cc:32:df:aa:7c:76:c5:1d:90:5e:6b:05:88:af:
ef:78:9f:35:18:ff:cc:72:e0:05:89:02:45:83:4d:
26:bc:31:24:9e:fa:83:a2:4b:df:6a:fb:df:d2:42:
18:73:48:e6:4f:0b:2a:b3:7c:43:98:f9:82:c8:4a:
78:cc:76:45:6b:55:d1:73:ee:d9:b9:4a:7d:3f:0d:
df:03:3a:41:01:31:36:1a:82:72:5f:ab:81:e7:13:
f1:69:de:ba:91:40:8e:e6:83:9a:74:58:9f:cd:57:
eb:aa:23:95:c9:1e:7b:9a:e2:24:d9:76:4f:6e:a4:
89:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F1:D0:A3:8A:6A:31:D7:BD:11:31:33:97:89:12:A1:A5:90:4E:D6
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/yPHQo4pqMde9ETEzl4kSoaWQTtY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.104.0.0/16
89.48.0.0/13
194.97.0.0/18
194.97.96.0/19
194.97.160.0-194.97.255.255
195.4.0.0/16
IPv6:
2001:748::/32
Signature Algorithm: sha256WithRSAEncryption
9e:ac:bc:6b:a5:35:d6:fd:53:45:59:cc:3a:94:2b:af:2e:c9:
60:38:8e:dc:6f:b2:6f:1a:ae:f0:c7:af:e4:83:4e:79:92:dc:
a1:f7:37:44:54:ba:bd:c8:37:cb:d3:23:91:6c:57:bd:76:7d:
03:fa:38:25:89:72:65:c4:45:64:4e:16:ba:1d:b3:9c:59:14:
41:68:ea:cc:ae:52:36:63:4c:d0:99:65:19:70:83:61:a3:7c:
08:a2:e1:b2:46:6c:b9:2f:24:e0:ef:cd:e2:3e:a3:24:55:b3:
02:fe:80:99:05:74:42:2b:1d:05:16:ef:b5:32:8d:f8:0b:ef:
10:2a:83:33:0d:6b:02:95:66:35:40:0c:42:b0:4e:88:28:5c:
0a:4b:2c:b9:fe:62:48:50:e4:31:13:ed:07:e9:ca:9e:59:28:
88:bf:ea:12:46:d8:14:f2:df:34:c6:68:69:9c:48:04:48:06:
75:f2:31:1b:84:19:34:c1:1d:be:69:4d:ed:99:5a:e9:e2:d6:
a9:79:77:5a:db:8c:13:2f:74:5c:6a:2a:42:75:93:64:17:d0:
cd:58:4f:8c:45:a0:75:15:f5:0b:05:bb:a5:aa:2c:37:35:ce:
ee:f1:7f:67:44:03:20:c4:5c:31:ec:38:d3:2d:13:47:73:f8:
ac:f6:31:ab
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIENONgJzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZjgwMTk4NGNjMzhmMGE0ZmM1YWZlMWFkZWFiNjgwYzFiODllOTViMB4XDTIyMDIw
MzEyMjkzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzhmMWQwYTM4YTZh
MzFkN2JkMTEzMTMzOTc4OTEyYTFhNTkwNGVkNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI9NeZIpLTSFHv1JXOBVuSa0Q4ZoZvucPuP0DSVb+bXEAFE3
TsmHfw+dmCmKYgwLmAL/DyxvfKe72tj6LVFb2ZNFZvwmlowTKdxjaLJ8sal9MOSa
QBjGwDq6RwJmaaI6uJwC5ctanxGHRAn7333iKx2RmIkNFmcIXBTBdmq3v1eFmpdC
IdXelMwy36p8dsUdkF5rBYiv73ifNRj/zHLgBYkCRYNNJrwxJJ76g6JL32r739JC
GHNI5k8LKrN8Q5j5gshKeMx2RWtV0XPu2blKfT8N3wM6QQExNhqCcl+rgecT8Wne
upFAjuaDmnRYn81X66ojlckee5riJNl2T26kicUCAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBTI8dCjimox170RMTOXiRKhpZBO1jAfBgNVHSMEGDAWgBSvgBmEzDjwpPxa
/hreq2gMG4npWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3I0QVpoTXc0OEtUOFd2NGEzcXRvREJ1SjZWcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTYvYmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8x
L3lQSFFvNHBxTWRlOUVURXpsNGtTb2FXUVR0WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYv
YmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8xL3I0QVpoTXc0OEtU
OFd2NGEzcXRvREJ1SjZWcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wLgQCAAEwKAMDAD5oAwMDWTADBAbCYQADBAXCYWAw
CwMEBcJhoAMDAcJgAwMAwwQwDQQCAAIwBwMFACABB0gwDQYJKoZIhvcNAQELBQAD
ggEBAJ6svGulNdb9U0VZzDqUK68uyWA4jtxvsm8arvDHr+SDTnmS3KH3N0RUur3I
N8vTI5FsV712fQP6OCWJcmXERWROFrods5xZFEFo6syuUjZjTNCZZRlwg2GjfAii
4bJGbLkvJODvzeI+oyRVswL+gJkFdEIrHQUW77UyjfgL7xAqgzMNawKVZjVADEKw
TogoXApLLLn+YkhQ5DET7Qfpyp5ZKIi/6hJG2BTy3zTGaGmcSARIBnXyMRuEGTTB
Hb5pTe2ZWuni1ql5d1rbjBMvdFxqKkJ1k2QX0M1YT4xFoHUV9QsFu6WqLDc1zu7x
f2dEAyDEXDHsONMtE0dz+Kz2Mas=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org