Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/y9lyYsGX_xAgcKMW-HSeBGLQHms.roa
File: y9lyYsGX_xAgcKMW-HSeBGLQHms.roa (raw, json)
Hash identifier: uJr4MXxJUiLp93e7xDPc5gjMnHltItsvL/YGtrj0Ib4=
Subject key identifier: CB:D9:72:62:C1:97:FF:10:20:70:A3:16:F8:74:9E:04:62:D0:1E:6B
Certificate issuer: /CN=64a7156b8aa89f76e4d38af2c109fbc14917b086
Certificate serial: 5DDDE6
Authority key identifier: 64:A7:15:6B:8A:A8:9F:76:E4:D3:8A:F2:C1:09:FB:C1:49:17:B0:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/y9lyYsGX_xAgcKMW-HSeBGLQHms.roa
Signing time: Sat 01 Jan 2022 03:52:01 +0000
ROA not before: Sat 01 Jan 2022 03:52:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34062
IP address blocks: 185.99.17.0/24 maxlen: 24
185.99.16.0/24 maxlen: 24
185.99.18.0/24 maxlen: 24
185.99.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6151654 (0x5ddde6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64a7156b8aa89f76e4d38af2c109fbc14917b086
Validity
Not Before: Jan 1 03:52:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cbd97262c197ff102070a316f8749e0462d01e6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:de:06:18:a1:5e:db:c3:3e:77:81:6b:a7:e3:
30:36:e2:2c:c7:bc:f3:a9:cd:9b:0d:21:b7:30:a6:
bc:09:34:c4:98:e4:25:8c:59:0c:bd:cf:0d:8b:48:
9b:cb:1a:b5:6c:9c:ca:f3:e0:2e:3c:98:2e:2a:49:
a6:99:48:bb:4a:c8:f8:7b:2a:bc:c7:0a:89:b0:a9:
9f:b2:d3:03:00:ba:2f:43:fb:a0:49:2f:8b:58:6f:
4f:d8:09:c5:a5:5b:a6:6d:49:d6:09:a6:bd:2f:4d:
ad:d5:d7:98:f3:a3:a7:a0:44:cd:18:dd:82:54:3e:
5d:27:de:47:41:7f:3e:81:7f:7e:25:69:d1:29:6d:
43:a0:38:55:d4:cc:54:74:69:ba:28:3f:5c:eb:85:
b7:92:03:49:cc:da:95:6a:37:17:59:82:f4:8b:c1:
ba:78:07:a3:a8:8c:86:09:95:e5:ca:e0:3b:1e:af:
ee:cf:55:06:52:94:d8:12:15:52:c8:3b:0e:3d:b1:
96:84:bc:40:9d:f6:35:bf:22:a0:2b:2c:9c:d0:bc:
2b:8a:bf:e8:35:bd:a7:c6:43:6b:c1:0b:06:5f:c6:
11:d3:97:26:2f:1d:89:e7:70:86:35:b4:4f:1b:04:
20:f9:03:53:0e:6b:09:11:ef:ea:32:41:e2:eb:9e:
df:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:D9:72:62:C1:97:FF:10:20:70:A3:16:F8:74:9E:04:62:D0:1E:6B
X509v3 Authority Key Identifier:
keyid:64:A7:15:6B:8A:A8:9F:76:E4:D3:8A:F2:C1:09:FB:C1:49:17:B0:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/y9lyYsGX_xAgcKMW-HSeBGLQHms.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/ZKcVa4qon3bk04rywQn7wUkXsIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.99.16.0/22
Signature Algorithm: sha256WithRSAEncryption
16:99:58:6c:4b:54:3c:48:77:7a:45:f7:9e:8c:ac:91:a6:f9:
b3:f8:e7:aa:47:18:8e:e1:98:dc:c2:68:af:1f:c3:b7:e9:cd:
38:93:d6:69:bf:e7:2c:3d:ce:32:ae:c9:95:ed:28:8d:53:fc:
e2:96:fc:f4:e4:06:6a:09:72:3a:06:69:45:58:dd:db:e1:bc:
3d:a6:bb:0e:f6:3a:73:ab:82:52:45:ae:73:85:05:22:ed:f5:
e6:c6:e5:a8:59:65:c4:ba:45:01:f1:77:a4:ec:3c:80:db:03:
68:b1:8c:44:cb:46:09:3c:2e:96:ed:96:ef:53:8a:4d:bb:b2:
aa:aa:76:d1:bc:8e:50:ea:ff:e3:29:74:d6:48:e1:d1:88:f8:
b9:c4:da:36:3c:b9:4d:d6:f5:e1:d7:52:11:8a:3d:1c:c3:31:
21:1f:6c:97:94:bc:6b:53:01:63:82:3f:4b:26:ab:eb:7b:61:
d9:84:40:e1:8e:c8:ce:05:f4:27:45:6d:29:d8:c6:80:eb:4e:
01:24:e3:2c:19:6b:74:69:3f:c4:c8:1d:7f:ba:28:76:ce:e1:
a4:ca:be:08:2d:81:cb:2c:3a:d4:46:00:2f:26:b7:6f:e5:46:
0d:e1:bc:55:8c:ae:6a:96:66:72:e7:22:bd:e4:40:18:e5:a8:
52:1c:ed:90
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDXd3mMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDY0
YTcxNTZiOGFhODlmNzZlNGQzOGFmMmMxMDlmYmMxNDkxN2IwODYwHhcNMjIwMTAx
MDM1MjAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjYmQ5NzI2MmMxOTdm
ZjEwMjA3MGEzMTZmODc0OWUwNDYyZDAxZTZiMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvN4GGKFe28M+d4Frp+MwNuIsx7zzqc2bDSG3MKa8CTTEmOQl
jFkMvc8Ni0ibyxq1bJzK8+AuPJguKkmmmUi7Ssj4eyq8xwqJsKmfstMDALovQ/ug
SS+LWG9P2AnFpVumbUnWCaa9L02t1deY86OnoETNGN2CVD5dJ95HQX8+gX9+JWnR
KW1DoDhV1MxUdGm6KD9c64W3kgNJzNqVajcXWYL0i8G6eAejqIyGCZXlyuA7Hq/u
z1UGUpTYEhVSyDsOPbGWhLxAnfY1vyKgKyyc0Lwrir/oNb2nxkNrwQsGX8YR05cm
Lx2J53CGNbRPGwQg+QNTDmsJEe/qMkHi657fFQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFMvZcmLBl/8QIHCjFvh0ngRi0B5rMB8GA1UdIwQYMBaAFGSnFWuKqJ925NOK
8sEJ+8FJF7CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
WktjVmE0cW9uM2JrMDRyeXdRbjd3VWtYc0lZLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jYy8zZGY2MmQtNWQ1Ny00ZDdlLTk0NDQtNTM1MWYxYmRlNzJmLzEv
eTlseVlzR1hfeEFnY0tNVy1IU2VCR0xRSG1zLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8z
ZGY2MmQtNWQ1Ny00ZDdlLTk0NDQtNTM1MWYxYmRlNzJmLzEvWktjVmE0cW9uM2Jr
MDRyeXdRbjd3VWtYc0lZLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWMQMA0GCSqGSIb3DQEBCwUAA4IB
AQAWmVhsS1Q8SHd6RfeejKyRpvmz+OeqRxiO4ZjcwmivH8O36c04k9Zpv+csPc4y
rsmV7SiNU/zilvz05AZqCXI6BmlFWN3b4bw9prsO9jpzq4JSRa5zhQUi7fXmxuWo
WWXEukUB8Xek7DyA2wNosYxEy0YJPC6W7ZbvU4pNu7KqqnbRvI5Q6v/jKXTWSOHR
iPi5xNo2PLlN1vXh11IRij0cwzEhH2yXlLxrUwFjgj9LJqvre2HZhEDhjsjOBfQn
RW0p2MaA604BJOMsGWt0aT/EyB1/uih2zuGkyr4ILYHLLDrURgAvJrdv5UYN4bxV
jK5qlmZy5yK95EAY5ahSHO2Q
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:34 2023 by rpki-client on console.sobornost.net