Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yptHIqko6ki9zrGWcKPD7ViNe9Y.roa
File: yptHIqko6ki9zrGWcKPD7ViNe9Y.roa (raw, json)
Hash identifier: hECmKdDzts9+DNYIEtbCDeJKqR7l7Bzsajymu/DpQZU=
Subject key identifier: CA:9B:47:22:A9:28:EA:48:BD:CE:B1:96:70:A3:C3:ED:58:8D:7B:D6
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018EA4D682072FF9E2047CB4F84BE5887E6A
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yptHIqko6ki9zrGWcKPD7ViNe9Y.roa
Signing time: Wed 03 Apr 2024 16:41:45 +0000
ROA not before: Wed 03 Apr 2024 16:41:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211192
IP address blocks: 94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a4:d6:82:07:2f:f9:e2:04:7c:b4:f8:4b:e5:88:7e:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Apr 3 16:41:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ca9b4722a928ea48bdceb19670a3c3ed588d7bd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:26:56:77:41:0a:0d:b0:45:e4:ba:a1:7d:70:
a8:f9:e4:14:8a:d7:12:a3:64:65:cc:f2:dd:de:cf:
38:ee:82:3f:8c:48:3b:9f:f5:3e:23:6b:8a:1b:27:
36:b9:da:19:97:7a:65:e5:33:c5:cf:66:0f:b8:8e:
d2:19:97:35:2f:65:b5:b6:e4:35:2f:ed:6e:d1:38:
af:27:ae:1b:1f:6f:97:63:62:96:e2:8d:2d:44:c3:
30:ce:57:4d:02:9e:5a:e2:26:48:84:91:dd:43:03:
49:09:58:41:35:1d:41:bc:a3:b3:ee:92:48:32:0d:
9a:ae:9d:ed:93:36:c3:c3:e5:c9:c8:66:03:69:d3:
39:2e:b9:2c:6a:cb:39:16:7f:1c:ba:20:60:46:55:
7d:d4:e5:c2:e5:68:5f:00:01:aa:ce:08:50:4c:17:
58:3c:89:f8:df:9b:e9:ab:b8:72:93:13:ef:5a:95:
9d:2b:03:34:32:01:b5:92:5f:13:20:17:6f:25:67:
60:45:b9:8b:82:7c:4b:d6:ba:6c:53:fa:da:6f:30:
58:32:86:5d:56:04:41:89:c7:a6:a2:84:b4:95:ab:
ed:55:dd:b1:c9:3a:cd:17:02:89:91:48:7d:f5:aa:
85:1f:b5:d9:19:9d:68:3e:93:b3:20:8f:42:41:1e:
7c:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:9B:47:22:A9:28:EA:48:BD:CE:B1:96:70:A3:C3:ED:58:8D:7B:D6
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yptHIqko6ki9zrGWcKPD7ViNe9Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.177.113.0/24
94.177.118.0/24
Signature Algorithm: sha256WithRSAEncryption
39:7d:4d:e3:8c:af:b3:a6:42:a9:3d:5d:45:2c:29:5d:9c:ee:
b1:9c:25:82:29:6e:3c:55:7b:80:9d:07:6a:f5:63:c7:41:a2:
af:97:58:38:e4:2b:04:e6:ff:d8:e3:85:75:44:2d:51:50:b6:
66:d9:38:a2:ef:6e:c4:f2:d6:9d:78:93:b6:23:ed:23:f4:a0:
92:0d:dd:9f:21:94:80:e5:d4:7d:02:76:9a:3b:d7:de:7e:c3:
22:98:db:ee:ed:79:72:1a:66:a2:76:45:e1:f3:eb:c4:68:dc:
19:35:77:73:45:dd:b7:4f:9d:a5:7f:29:d7:66:bb:22:04:98:
b0:07:bd:20:ad:0e:39:54:30:84:21:48:63:23:08:8e:05:b3:
9b:d8:8e:11:e8:61:26:a5:9e:e9:bc:2d:c7:23:21:63:01:9c:
0e:9f:96:d7:fc:78:2b:97:74:5a:66:af:04:5c:7a:f1:5d:56:
b0:a3:93:4d:dc:1c:e8:29:ac:63:ad:07:5a:e5:62:16:6b:09:
68:d2:45:9e:a0:c0:3c:e3:1a:71:ab:e2:ca:98:ba:0e:7b:bb:
fa:41:ea:e1:cb:62:9b:37:5b:71:27:7d:92:df:96:1f:14:81:
9a:2e:d2:fb:64:db:2a:cb:34:dc:0f:bf:3b:06:fa:44:2a:bc:
4a:78:3b:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6k1oIHL/niBHy0+EvliH5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwNDAzMTY0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTliNDcyMmE5MjhlYTQ4YmRjZWIxOTY3MGEzYzNlZDU4OGQ3YmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCZWd0EKDbBF5LqhfXCo+eQUitcS
o2RlzPLd3s847oI/jEg7n/U+I2uKGyc2udoZl3pl5TPFz2YPuI7SGZc1L2W1tuQ1
L+1u0TivJ64bH2+XY2KW4o0tRMMwzldNAp5a4iZIhJHdQwNJCVhBNR1BvKOz7pJI
Mg2arp3tkzbDw+XJyGYDadM5Lrksass5Fn8cuiBgRlV91OXC5WhfAAGqzghQTBdY
PIn435vpq7hykxPvWpWdKwM0MgG1kl8TIBdvJWdgRbmLgnxL1rpsU/rabzBYMoZd
VgRBicemooS0lavtVd2xyTrNFwKJkUh99aqFH7XZGZ1oPpOzII9CQR58FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMqbRyKpKOpIvc6xlnCjw+1YjXvWMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEveXB0SElxa282a2k5enJHV2NLUEQ3VmlOZTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrFxAwQA
XrF2MA0GCSqGSIb3DQEBCwUAA4IBAQA5fU3jjK+zpkKpPV1FLCldnO6xnCWCKW48
VXuAnQdq9WPHQaKvl1g45CsE5v/Y44V1RC1RULZm2Tii727E8tadeJO2I+0j9KCS
Dd2fIZSA5dR9AnaaO9fefsMimNvu7XlyGmaidkXh8+vEaNwZNXdzRd23T52lfynX
ZrsiBJiwB70grQ45VDCEIUhjIwiOBbOb2I4R6GEmpZ7pvC3HIyFjAZwOn5bX/Hgr
l3RaZq8EXHrxXVawo5NN3BzoKaxjrQda5WIWawlo0kWeoMA84xpxq+LKmLoOe7v6
Qerhy2KbN1txJ32S35YfFIGaLtL7ZNsqyzTcD787BvpEKrxKeDuT
-----END CERTIFICATE-----
Generated at Fri Aug 2 12:40:41 2024 by rpki-client on console-ams.rpki-client.org