Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/8tKsvoWMdI767eOOxbBhmKX1aLw.roa
File: 8tKsvoWMdI767eOOxbBhmKX1aLw.roa (raw, json)
Hash identifier: e5S+WbA+oOrGxIeLYIAgZSYprXjNE4hJetsZ7Eh1NtQ=
Subject key identifier: F2:D2:AC:BE:85:8C:74:8E:FA:ED:E3:8E:C5:B0:61:98:A5:F5:68:BC
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 0184BD99E98EB41415630E88FEDB29A7B64B
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/8tKsvoWMdI767eOOxbBhmKX1aLw.roa
Signing time: Mon 28 Nov 2022 09:38:11 +0000
ROA not before: Mon 28 Nov 2022 09:38:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.64.0/18 maxlen: 18
217.142.0.0/18 maxlen: 18
217.142.128.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:bd:99:e9:8e:b4:14:15:63:0e:88:fe:db:29:a7:b6:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Nov 28 09:38:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f2d2acbe858c748efaede38ec5b06198a5f568bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:1d:aa:94:5f:54:5f:2b:e4:39:f6:b8:e4:98:
39:da:a6:73:28:c3:12:ef:c5:9e:f7:ac:32:3a:cf:
05:d0:6a:aa:38:fb:6b:65:b8:11:f7:3d:1b:a6:e3:
35:03:72:de:e6:44:fe:25:92:dc:a9:1e:73:be:05:
fa:15:6f:b9:c4:33:96:d5:d1:7f:36:03:dd:b6:9c:
1b:b7:05:e3:e7:68:5d:88:cc:71:51:45:b6:5f:f6:
1b:42:1b:b1:f7:cf:b0:a3:a6:76:d2:8b:16:60:36:
2b:56:57:3e:31:93:04:3e:9a:16:4e:7d:4c:13:72:
7a:00:00:07:b4:f9:38:bf:c9:81:59:f0:33:50:ba:
1d:93:10:0b:f8:5b:c9:42:8c:9f:7a:77:3f:5e:74:
65:02:2b:69:c5:10:d9:e5:f8:32:18:f3:3e:45:7b:
3c:56:53:81:96:10:dc:ca:7b:5c:03:47:8b:62:35:
eb:a9:a2:99:50:f1:62:a3:bd:c5:e9:e0:f1:21:b8:
12:d6:64:90:8c:fe:27:2f:3a:30:b6:b8:10:b2:6d:
66:e0:bb:2e:b3:3a:bb:b1:64:af:7e:9b:c8:51:44:
00:f8:c8:cc:44:e4:a3:bd:4a:78:db:4e:8e:0e:97:
d5:dd:f2:b5:90:10:66:8c:c8:83:49:a8:30:22:ec:
1a:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:D2:AC:BE:85:8C:74:8E:FA:ED:E3:8E:C5:B0:61:98:A5:F5:68:BC
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/8tKsvoWMdI767eOOxbBhmKX1aLw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0-217.142.191.255
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
0e:5a:8d:0f:df:df:78:c5:c6:c6:38:d9:62:9c:58:21:01:17:
fc:ee:d8:7d:cb:46:77:f6:22:aa:70:01:88:a3:78:3b:31:73:
3f:95:52:2e:31:9a:95:fe:4a:e8:83:ab:ca:9b:8b:ef:24:8f:
ee:3b:65:61:1d:9f:ee:af:c3:58:05:36:1a:79:ff:15:55:38:
fe:79:5b:98:1d:b0:ab:aa:af:1b:50:6c:da:c4:1d:bd:44:95:
7a:70:ed:54:c0:f0:69:e8:f9:90:69:1d:8b:f7:5a:12:20:a3:
1c:76:45:13:56:1b:70:2f:be:cd:8d:b4:e5:ac:34:e3:15:de:
9a:29:74:60:b9:6a:6f:cb:9d:d2:b3:3b:af:a5:05:3c:44:5f:
06:d1:2e:6d:44:f3:2e:5f:5f:33:4d:48:55:bb:13:42:d0:28:
19:32:67:75:39:55:60:11:da:69:92:0d:4d:cc:49:77:b2:c9:
6e:cc:e5:d7:9a:db:0b:80:38:97:6e:66:e5:be:81:aa:81:38:
07:ae:10:81:4f:0e:0d:74:c2:6b:74:15:78:ca:6b:bb:aa:2a:
ac:c7:67:72:17:0e:97:96:f3:22:96:59:a5:14:ad:23:5e:7a:
7a:d9:d6:75:21:e0:53:52:67:80:43:91:86:19:ed:cb:27:f7:
04:1b:94:31
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYS9memOtBQVYw6I/tspp7ZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjIxMTI4MDkzODExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQyYWNiZTg1OGM3NDhlZmFlZGUzOGVjNWIwNjE5OGE1ZjU2OGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlh2qlF9UXyvkOfa45Jg52qZzKMMS
78We96wyOs8F0GqqOPtrZbgR9z0bpuM1A3Le5kT+JZLcqR5zvgX6FW+5xDOW1dF/
NgPdtpwbtwXj52hdiMxxUUW2X/YbQhux98+wo6Z20osWYDYrVlc+MZMEPpoWTn1M
E3J6AAAHtPk4v8mBWfAzULodkxAL+FvJQoyfenc/XnRlAitpxRDZ5fgyGPM+RXs8
VlOBlhDcyntcA0eLYjXrqaKZUPFio73F6eDxIbgS1mSQjP4nLzowtrgQsm1m4Lsu
szq7sWSvfpvIUUQA+MjMROSjvUp4206ODpfV3fK1kBBmjMiDSagwIuwaFQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPLSrL6FjHSO+u3jjsWwYZil9Wi8MB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvOHRLc3ZvV01kSTc2N2VPT3hiQmhtS1gxYUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDATBAIAATANMAsDAwHZjgME
BtmOgDANBAIAAjAHAwUAKgPwwDANBgkqhkiG9w0BAQsFAAOCAQEADlqND9/feMXG
xjjZYpxYIQEX/O7YfctGd/YiqnABiKN4OzFzP5VSLjGalf5K6IOrypuL7ySP7jtl
YR2f7q/DWAU2Gnn/FVU4/nlbmB2wq6qvG1Bs2sQdvUSVenDtVMDwaej5kGkdi/da
EiCjHHZFE1YbcC++zY205aw04xXemil0YLlqb8ud0rM7r6UFPERfBtEubUTzLl9f
M01IVbsTQtAoGTJndTlVYBHaaZINTcxJd7LJbszl15rbC4A4l25m5b6BqoE4B64Q
gU8ODXTCa3QVeMpru6oqrMdnchcOl5bzIpZZpRStI156etnWdSHgU1JngEORhhnt
yyf3BBuUMQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:17 2024 by rpki-client on console-fra.rpki-client.org