Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/S-7vkozjoZT_TR7CeFYB9HTJWG4.roa
File: S-7vkozjoZT_TR7CeFYB9HTJWG4.roa (raw, json)
Hash identifier: 6/RPk0veP4ikcCltoI3jrzqq7VtVlgU3verpgl/fpfU=
Subject key identifier: 4B:EE:EF:92:8C:E3:A1:94:FF:4D:1E:C2:78:56:01:F4:74:C9:58:6E
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 018CC94DF6EEF3FF965DDD2D89B9EA395022
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/S-7vkozjoZT_TR7CeFYB9HTJWG4.roa
Signing time: Tue 02 Jan 2024 08:32:58 +0000
ROA not before: Tue 02 Jan 2024 08:32:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.0.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4d:f6:ee:f3:ff:96:5d:dd:2d:89:b9:ea:39:50:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Jan 2 08:32:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4beeef928ce3a194ff4d1ec2785601f474c9586e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c6:2d:64:9a:67:e0:7c:57:5c:76:75:97:74:
ba:30:2e:91:63:80:25:82:2c:7e:b3:8a:ac:8f:ca:
16:73:02:f8:d8:2e:c2:e8:22:52:55:25:48:f5:38:
c4:de:b6:0e:d6:a6:c7:e1:50:14:72:f2:41:8f:53:
d8:12:f9:26:31:f3:6b:14:6e:e9:87:6b:f7:4c:5e:
92:e5:a5:1d:30:a9:04:25:8e:37:fd:2a:32:06:5b:
09:6e:5f:c2:4f:1c:6f:8e:63:12:60:31:64:e3:b4:
38:87:6a:0f:2f:24:bd:99:95:75:7a:38:73:0f:82:
21:f5:43:fa:cf:b3:68:a6:cd:bf:56:00:38:7c:c1:
d5:48:47:e5:46:26:fa:2b:58:89:d1:70:a5:f3:d8:
51:69:b6:8b:59:1f:73:f7:9f:0f:70:0f:5e:6b:e8:
09:fc:51:58:e9:2c:57:6b:67:a1:e1:0d:f6:5b:7b:
2b:96:b7:82:e6:2d:c0:ff:fe:5e:ca:e1:0c:5f:b6:
31:1e:24:1a:45:ad:1b:87:56:01:20:86:c8:6c:83:
22:dc:76:f5:ee:ba:42:32:ea:b2:0a:0b:41:17:7b:
e3:2b:ba:b4:ee:3f:a0:81:7b:fc:5b:21:99:03:00:
4c:0e:55:37:7c:cf:67:7c:5e:74:40:81:56:45:14:
6e:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:EE:EF:92:8C:E3:A1:94:FF:4D:1E:C2:78:56:01:F4:74:C9:58:6E
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/S-7vkozjoZT_TR7CeFYB9HTJWG4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0/18
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
94:38:6b:7d:8f:a5:26:fd:83:dc:d0:db:fc:29:12:28:97:a5:
5c:e5:c1:73:ac:8f:af:74:f0:61:f7:2b:96:c9:44:b7:7f:a6:
23:13:16:0d:cf:ae:91:2e:cd:43:32:0f:ce:31:57:5b:33:02:
ea:f6:8a:24:f8:f2:bf:ee:58:84:c2:64:eb:6f:7f:56:e1:1e:
8d:03:3e:41:fe:5f:df:15:ba:80:d0:7b:bf:82:6e:17:51:46:
f5:c1:47:4d:41:d6:d6:b6:d5:54:74:11:78:7b:5a:79:76:7e:
c6:20:aa:e6:52:dc:fe:d3:5e:f6:ed:18:f4:01:49:06:24:c0:
85:83:61:3c:67:4f:bc:92:0d:1a:73:b5:b1:58:c6:d1:2a:7b:
1e:eb:2c:33:1b:86:ba:b9:c8:b5:18:25:0e:ca:2a:34:56:05:
86:b9:aa:18:77:68:d8:1d:2e:d4:96:90:b7:55:d4:8d:c8:bd:
73:8d:e8:c6:c0:f8:c5:0f:2c:cb:26:17:24:68:93:c4:cb:ee:
79:75:46:17:31:2b:2b:d0:cd:2a:9c:82:25:05:2c:44:c4:ee:
18:76:f3:75:f0:91:a5:77:5d:0d:34:81:93:96:a0:f0:05:82:
2c:e8:57:7f:00:2f:f7:2d:8b:c0:13:50:5b:78:48:69:21:22:
36:30:58:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTfbu8/+WXd0tibnqOVAiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjQwMTAyMDgzMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmVlZWY5MjhjZTNhMTk0ZmY0ZDFlYzI3ODU2MDFmNDc0Yzk1ODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcYtZJpn4HxXXHZ1l3S6MC6RY4Al
gix+s4qsj8oWcwL42C7C6CJSVSVI9TjE3rYO1qbH4VAUcvJBj1PYEvkmMfNrFG7p
h2v3TF6S5aUdMKkEJY43/SoyBlsJbl/CTxxvjmMSYDFk47Q4h2oPLyS9mZV1ejhz
D4Ih9UP6z7Nops2/VgA4fMHVSEflRib6K1iJ0XCl89hRabaLWR9z958PcA9ea+gJ
/FFY6SxXa2eh4Q32W3srlreC5i3A//5eyuEMX7YxHiQaRa0bh1YBIIbIbIMi3Hb1
7rpCMuqyCgtBF3vjK7q07j+ggXv8WyGZAwBMDlU3fM9nfF50QIFWRRRuOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEvu75KM46GU/00ewnhWAfR0yVhuMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvUy03dmtvempvWlRfVFI3Q2VGWUI5SFRKV0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQG2Y4AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQCUOGt9j6Um/YPc0Nv8KRIo
l6Vc5cFzrI+vdPBh9yuWyUS3f6YjExYNz66RLs1DMg/OMVdbMwLq9ook+PK/7liE
wmTrb39W4R6NAz5B/l/fFbqA0Hu/gm4XUUb1wUdNQdbWttVUdBF4e1p5dn7GIKrm
Utz+01727Rj0AUkGJMCFg2E8Z0+8kg0ac7WxWMbRKnse6ywzG4a6uci1GCUOyio0
VgWGuaoYd2jYHS7UlpC3VdSNyL1zjejGwPjFDyzLJhckaJPEy+55dUYXMSsr0M0q
nIIlBSxExO4YdvN18JGld10NNIGTlqDwBYIs6Fd/AC/3LYvAE1BbeEhpISI2MFhT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:17 2024 by rpki-client on console-fra.rpki-client.org