Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/yl-FIUF6sleQultLMb4E8eLLrAY.roa
File: yl-FIUF6sleQultLMb4E8eLLrAY.roa (raw, json)
Hash identifier: Rot3QA3BBb1LF3CCRv1bsv9c8XyVJ0fNaEaA6b17F+c=
Subject key identifier: CA:5F:85:21:41:7A:B2:57:90:BA:5B:4B:31:BE:04:F1:E2:CB:AC:06
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 019635E60A73B0BB48D2D2403ABB1C2A85B0
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/yl-FIUF6sleQultLMb4E8eLLrAY.roa
Signing time: Mon 14 Apr 2025 20:03:10 +0000
ROA not before: Mon 14 Apr 2025 20:03:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57724
IP address blocks: 94.131.20.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:35:e6:0a:73:b0:bb:48:d2:d2:40:3a:bb:1c:2a:85:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Apr 14 20:03:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ca5f8521417ab25790ba5b4b31be04f1e2cbac06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:fb:64:9b:14:5a:87:8a:57:4c:0b:a5:c6:2d:
52:ea:46:c2:eb:32:9a:6c:63:b4:e7:b6:9e:9a:20:
e5:b1:c9:1a:36:5e:64:69:61:14:ab:8b:e7:19:2f:
c6:6c:c0:ff:09:cd:d9:c9:48:b0:d2:69:46:19:23:
f3:e4:25:a1:76:fc:4b:8e:fa:5a:71:9c:a9:c1:1e:
ec:8a:2d:eb:49:45:3b:e2:b7:d7:dd:43:ce:25:9b:
32:a1:ab:e0:5a:d7:5c:f2:6f:96:4f:b7:fd:f8:74:
cc:ab:ed:0e:ab:4a:49:17:44:f3:fe:55:25:b0:58:
30:de:2d:e7:59:4c:3c:c5:e3:70:01:2b:2a:da:a1:
49:c4:09:40:59:00:0a:f4:4f:96:ec:66:d9:47:81:
42:b7:3a:d4:7f:32:a9:95:42:45:86:e5:24:08:8a:
62:d6:fb:a3:5a:cf:07:f1:55:0a:5e:13:a1:18:91:
1f:90:8d:85:76:e2:7c:f8:46:2a:b9:7d:fc:cc:45:
f3:e8:46:18:87:15:ec:19:21:df:03:08:70:b6:c6:
3d:eb:f8:b5:bc:72:9c:4b:f3:f4:0e:b4:89:e3:74:
91:f9:88:1d:68:e0:71:f4:d4:07:50:4a:21:af:ec:
37:5e:cc:67:a5:b3:ba:64:e4:6a:f8:34:42:10:fa:
a6:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:5F:85:21:41:7A:B2:57:90:BA:5B:4B:31:BE:04:F1:E2:CB:AC:06
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/yl-FIUF6sleQultLMb4E8eLLrAY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.20.0/24
Signature Algorithm: sha256WithRSAEncryption
97:65:1a:0d:96:91:be:80:54:22:1e:6c:e0:8b:e0:9d:ec:86:
c6:de:1f:12:9e:7b:97:71:8f:af:1b:10:63:e6:40:c4:1a:2a:
0d:06:fc:8c:c5:e9:41:f0:62:84:20:8f:12:86:79:b4:98:09:
99:29:a0:f1:eb:e4:d1:5e:0a:4b:ab:fc:b0:5c:0e:e2:46:28:
9b:6d:50:f4:96:45:39:0e:05:e3:82:17:da:8d:c6:49:b8:3f:
2f:4c:9e:27:88:99:7a:33:f7:15:03:7c:ba:c4:52:fe:88:66:
41:26:1c:e5:c0:03:55:1d:cf:66:5d:4e:62:aa:cf:fe:20:3e:
4d:49:ba:3e:b6:dc:81:2d:03:3e:aa:e4:1d:12:17:8c:67:4d:
4d:41:d4:ae:09:e6:0b:d2:ed:99:4d:8f:7d:5f:91:d6:d6:47:
3f:3d:0c:24:5d:99:93:d0:9f:85:e9:aa:2c:29:84:b6:b3:89:
70:8e:15:1e:71:55:0e:e6:47:ef:d1:4b:da:eb:61:6e:f8:a8:
64:61:44:35:5b:b6:b0:22:84:31:f3:1d:90:8d:79:2d:8f:fb:
90:d6:ed:93:96:29:f2:8d:6d:fa:9e:58:65:1b:b6:e2:b9:16:
6d:78:b1:c1:a6:4d:02:7a:1e:c5:a1:e3:dc:15:0c:20:ff:19:
34:62:6a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY15gpzsLtI0tJAOrscKoWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNDE0MjAwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTVmODUyMTQxN2FiMjU3OTBiYTViNGIzMWJlMDRmMWUyY2JhYzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vtkmxRah4pXTAulxi1S6kbC6zKa
bGO057aemiDlsckaNl5kaWEUq4vnGS/GbMD/Cc3ZyUiw0mlGGSPz5CWhdvxLjvpa
cZypwR7sii3rSUU74rfX3UPOJZsyoavgWtdc8m+WT7f9+HTMq+0Oq0pJF0Tz/lUl
sFgw3i3nWUw8xeNwASsq2qFJxAlAWQAK9E+W7GbZR4FCtzrUfzKplUJFhuUkCIpi
1vujWs8H8VUKXhOhGJEfkI2FduJ8+EYquX38zEXz6EYYhxXsGSHfAwhwtsY96/i1
vHKcS/P0DrSJ43SR+YgdaOBx9NQHUEohr+w3XsxnpbO6ZORq+DRCEPqmKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpfhSFBerJXkLpbSzG+BPHiy6wGMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEveWwtRklVRjZzbGVRdWx0TE1iNEU4ZUxMckFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoMUMA0G
CSqGSIb3DQEBCwUAA4IBAQCXZRoNlpG+gFQiHmzgi+Cd7IbG3h8SnnuXcY+vGxBj
5kDEGioNBvyMxelB8GKEII8Shnm0mAmZKaDx6+TRXgpLq/ywXA7iRiibbVD0lkU5
DgXjghfajcZJuD8vTJ4niJl6M/cVA3y6xFL+iGZBJhzlwANVHc9mXU5iqs/+ID5N
Sbo+ttyBLQM+quQdEheMZ01NQdSuCeYL0u2ZTY99X5HW1kc/PQwkXZmT0J+F6aos
KYS2s4lwjhUecVUO5kfv0Uva62Fu+KhkYUQ1W7awIoQx8x2QjXktj/uQ1u2Tliny
jW36nlhlG7biuRZteLHBpk0Ceh7FoePcFQwg/xk0YmqF
-----END CERTIFICATE-----
Generated at Sun May 11 11:42:10 2025 by rpki-client