Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/ypsvXTPRbLjUQgvNG_jwUzLifE8.roa
File: ypsvXTPRbLjUQgvNG_jwUzLifE8.roa (raw, json)
Hash identifier: Youk71MP8BaqHFdmgbyRr0OV7GDPGNpmjLmMumxTddM=
Subject key identifier: CA:9B:2F:5D:33:D1:6C:B8:D4:42:0B:CD:1B:F8:F0:53:32:E2:7C:4F
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 0188B91AD547489B715319F5C477FA62A7EA
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/ypsvXTPRbLjUQgvNG_jwUzLifE8.roa
Signing time: Wed 14 Jun 2023 08:52:03 +0000
ROA not before: Wed 14 Jun 2023 08:52:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.64.0/22 maxlen: 22
109.230.69.0/24 maxlen: 24
109.230.68.0/22 maxlen: 22
109.230.73.0/24 maxlen: 24
109.230.72.0/24 maxlen: 24
109.230.76.0/22 maxlen: 22
109.230.75.0/24 maxlen: 24
109.230.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b9:1a:d5:47:48:9b:71:53:19:f5:c4:77:fa:62:a7:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jun 14 08:52:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca9b2f5d33d16cb8d4420bcd1bf8f05332e27c4f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:11:ec:55:d8:39:b7:80:bc:01:8f:14:a7:0c:
43:31:1a:96:0f:15:7e:fb:02:fe:93:e9:09:50:85:
fd:ba:50:10:a3:8a:5e:09:a4:bb:4f:09:4d:fa:17:
05:33:ca:6f:d2:39:1e:85:17:68:bf:03:4a:19:7e:
c9:ca:56:39:dd:88:a1:a6:0c:d6:b4:5d:38:88:fd:
7b:89:77:9f:57:c8:91:c5:cd:94:41:2e:08:f4:1c:
1b:d1:ca:d3:96:06:07:31:e7:dd:e4:e4:f6:b6:bb:
3c:99:17:e1:91:27:cc:9e:43:a6:38:20:ca:24:fa:
0c:2c:55:bf:49:3b:0a:6c:4d:89:bb:e8:e5:41:64:
84:49:8b:86:13:5e:d8:38:07:db:ca:c2:f2:19:03:
b2:7d:97:f9:1a:91:17:d0:c8:34:f3:b3:ad:de:f3:
ce:65:9a:dc:7e:fd:8f:08:0f:06:ab:72:a5:69:51:
48:0d:ee:8c:bb:c1:f5:72:7a:34:a2:ff:ff:20:01:
74:5b:c6:90:6c:5b:84:fe:3a:9a:4f:ac:02:70:f4:
93:be:a1:61:da:e1:48:35:c0:9a:cd:2f:33:10:2e:
69:49:64:91:df:a0:da:a3:c2:d9:2d:7d:65:e3:6e:
07:e0:35:67:c5:90:28:d2:14:6c:b1:8b:a7:f7:3f:
d5:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:9B:2F:5D:33:D1:6C:B8:D4:42:0B:CD:1B:F8:F0:53:32:E2:7C:4F
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/ypsvXTPRbLjUQgvNG_jwUzLifE8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.64.0/20
Signature Algorithm: sha256WithRSAEncryption
32:44:90:af:c9:be:55:91:75:72:98:be:1f:76:16:7f:fd:56:
3b:34:f0:63:d0:ce:74:90:9f:3b:80:89:70:e3:18:d6:ef:1c:
80:4f:5c:6c:ab:7b:81:1d:93:7c:bd:d1:46:83:96:bd:6c:7c:
2c:25:ee:92:d7:65:c8:7f:12:fb:e2:77:de:6e:10:a2:47:91:
1c:a9:f6:f8:42:88:ca:17:af:fa:89:7a:03:0f:0d:fc:07:a4:
d4:38:fb:3d:28:68:71:3e:37:54:d7:d1:68:73:12:d0:77:28:
40:5c:2a:86:92:c2:17:31:74:26:74:3c:64:a1:4c:3f:34:13:
81:bb:d9:17:d6:3c:4c:4d:5b:bc:ca:2a:82:de:9a:a9:72:3e:
ea:a7:8c:68:e8:86:5a:7d:0f:ae:19:42:d5:ec:af:c8:52:7c:
61:45:6b:f3:91:ee:eb:53:00:f5:f7:a1:fc:07:c6:43:ea:65:
f8:3b:a9:bc:de:8f:e8:4b:c9:8c:f5:9c:aa:20:ed:42:e6:b2:
8a:c3:55:c4:17:69:7c:8e:89:3f:74:45:c8:c8:af:8a:9a:39:
a7:d7:5a:fc:e8:a4:a8:9a:0b:30:00:28:6e:67:7c:cb:63:bb:
29:99:7a:7c:52:a3:a7:de:ab:d4:49:2a:af:14:03:0b:7d:42:
d5:35:e9:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYi5GtVHSJtxUxn1xHf6YqfqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwNjE0MDg1MjAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTliMmY1ZDMzZDE2Y2I4ZDQ0MjBiY2QxYmY4ZjA1MzMyZTI3YzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRHsVdg5t4C8AY8UpwxDMRqWDxV+
+wL+k+kJUIX9ulAQo4peCaS7TwlN+hcFM8pv0jkehRdovwNKGX7JylY53YihpgzW
tF04iP17iXefV8iRxc2UQS4I9Bwb0crTlgYHMefd5OT2trs8mRfhkSfMnkOmOCDK
JPoMLFW/STsKbE2Ju+jlQWSESYuGE17YOAfbysLyGQOyfZf5GpEX0Mg087Ot3vPO
ZZrcfv2PCA8Gq3KlaVFIDe6Mu8H1cno0ov//IAF0W8aQbFuE/jqaT6wCcPSTvqFh
2uFINcCazS8zEC5pSWSR36Dao8LZLX1l424H4DVnxZAo0hRssYun9z/VmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqbL10z0Wy41EILzRv48FMy4nxPMB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEveXBzdlhUUFJiTGpVUWd2TkdfandVekxpZkU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbeZAMA0G
CSqGSIb3DQEBCwUAA4IBAQAyRJCvyb5VkXVymL4fdhZ//VY7NPBj0M50kJ87gIlw
4xjW7xyAT1xsq3uBHZN8vdFGg5a9bHwsJe6S12XIfxL74nfebhCiR5Ecqfb4QojK
F6/6iXoDDw38B6TUOPs9KGhxPjdU19FocxLQdyhAXCqGksIXMXQmdDxkoUw/NBOB
u9kX1jxMTVu8yiqC3pqpcj7qp4xo6IZafQ+uGULV7K/IUnxhRWvzke7rUwD196H8
B8ZD6mX4O6m83o/oS8mM9ZyqIO1C5rKKw1XEF2l8jok/dEXIyK+Kmjmn11r86KSo
mgswAChuZ3zLY7spmXp8UqOn3qvUSSqvFAMLfULVNen2
-----END CERTIFICATE-----
Generated at Thu May 8 15:15:16 2025 by rpki-client