Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/lZmPZHAIBCtbKoVZFwRJid51lMU.roa
File: lZmPZHAIBCtbKoVZFwRJid51lMU.roa (raw, json)
Hash identifier: 1kLdkGooNN4wlX24MrDyRRHEdy/8iN5mXs4WmoJe3os=
Subject key identifier: 95:99:8F:64:70:08:04:2B:5B:2A:85:59:17:04:49:89:DE:75:94:C5
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 018A50A01AF8F2DAEAB94F5EEEECDED38115
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/lZmPZHAIBCtbKoVZFwRJid51lMU.roa
Signing time: Fri 01 Sep 2023 12:03:04 +0000
ROA not before: Fri 01 Sep 2023 12:03:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.64.0/18 maxlen: 18
217.142.0.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:50:a0:1a:f8:f2:da:ea:b9:4f:5e:ee:ec:de:d3:81:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Sep 1 12:03:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=95998f647008042b5b2a855917044989de7594c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:76:44:49:06:01:63:65:ff:19:90:00:d1:f9:
e0:16:c2:cb:71:95:39:45:a8:86:0d:4c:9f:d1:30:
1c:44:62:97:53:45:06:92:47:b6:c9:04:4a:99:c6:
12:43:08:bc:90:cc:b8:c5:07:49:3f:c5:d3:8d:f2:
de:89:a5:73:b0:08:da:c5:fa:45:5e:3a:0d:3a:f8:
80:e7:50:15:56:f1:84:93:73:f3:cb:70:66:df:77:
2a:41:27:86:d8:83:dc:d0:e6:6f:b7:81:30:1d:f7:
96:b2:44:69:ff:49:23:5e:a4:5b:97:94:75:a6:12:
12:7b:88:69:f2:29:a4:f6:ff:d7:ad:8e:89:b5:f4:
ca:a6:c2:b5:3d:a7:d4:49:4b:42:b8:6e:e2:ee:f0:
da:b3:22:b2:7a:d5:ea:3e:ff:38:ce:60:9b:f3:c9:
34:7a:58:7c:e6:a2:e7:c2:65:0c:03:05:1a:c0:15:
05:69:99:6c:23:53:af:44:f1:a5:4f:bc:d1:16:04:
b5:a3:0d:16:d8:cb:fd:e8:a3:ff:77:78:58:f8:6c:
bb:bb:a3:69:65:2e:ff:5c:58:c2:a4:7a:ac:9e:c7:
fa:11:ae:95:51:92:05:47:40:9a:db:4e:97:c1:78:
4b:8e:26:d5:f1:df:13:37:08:53:ff:22:c1:20:c8:
ea:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:99:8F:64:70:08:04:2B:5B:2A:85:59:17:04:49:89:DE:75:94:C5
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/lZmPZHAIBCtbKoVZFwRJid51lMU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0/17
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
00:86:e9:56:79:7e:7c:98:6b:48:3d:f0:bb:93:46:de:26:30:
9b:16:96:c3:1f:67:02:2c:ac:c6:2a:9a:08:23:66:95:cf:50:
42:95:e4:f2:f1:3e:c5:b6:67:73:04:6a:0e:d9:09:e0:9b:21:
89:34:a9:78:68:ce:fa:d8:68:0a:f3:4a:4c:e4:15:f4:82:f2:
52:e5:28:f5:3b:ff:a2:b4:fb:6a:9e:11:fa:e1:e4:7b:06:df:
0f:89:87:0f:96:93:8f:19:d7:7a:e3:cd:b6:e8:74:bd:b6:a4:
a1:6f:fd:6b:d1:92:b0:3a:ab:d9:9f:32:67:b8:86:aa:1e:c8:
0f:46:5e:b5:82:01:8f:de:bf:2c:1f:76:ed:60:b7:d1:05:86:
e6:f3:6f:1f:5c:44:58:5b:a7:5c:47:7d:08:a2:0a:9a:17:a5:
25:62:73:3d:52:b1:1f:db:5e:d9:d8:e9:01:fa:78:1b:b8:c9:
cc:8c:1a:f6:ec:d1:bb:ca:c9:34:00:55:05:27:7c:04:d5:f4:
92:06:33:6d:1f:20:a0:a3:6a:10:28:6e:92:7c:23:13:13:04:
bf:9b:03:d6:1a:43:bd:f9:0a:f6:74:5d:b4:57:c0:b9:87:3c:
d8:4d:58:99:93:7f:17:07:09:ab:9c:a8:ee:ed:c8:59:8a:c5:
f1:46:f5:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYpQoBr48trquU9e7uze04EVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjMwOTAxMTIwMzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTk5OGY2NDcwMDgwNDJiNWIyYTg1NTkxNzA0NDk4OWRlNzU5NGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXZESQYBY2X/GZAA0fngFsLLcZU5
RaiGDUyf0TAcRGKXU0UGkke2yQRKmcYSQwi8kMy4xQdJP8XTjfLeiaVzsAjaxfpF
XjoNOviA51AVVvGEk3Pzy3Bm33cqQSeG2IPc0OZvt4EwHfeWskRp/0kjXqRbl5R1
phISe4hp8imk9v/XrY6JtfTKpsK1PafUSUtCuG7i7vDasyKyetXqPv84zmCb88k0
elh85qLnwmUMAwUawBUFaZlsI1OvRPGlT7zRFgS1ow0W2Mv96KP/d3hY+Gy7u6Np
ZS7/XFjCpHqsnsf6Ea6VUZIFR0Ca206XwXhLjibV8d8TNwhT/yLBIMjqvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJWZj2RwCAQrWyqFWRcESYnedZTFMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvbFptUFpIQUlCQ3RiS29WWkZ3UkppZDUxbE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQH2Y4AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQAAhulWeX58mGtIPfC7k0be
JjCbFpbDH2cCLKzGKpoII2aVz1BCleTy8T7FtmdzBGoO2QngmyGJNKl4aM762GgK
80pM5BX0gvJS5Sj1O/+itPtqnhH64eR7Bt8PiYcPlpOPGdd648226HS9tqShb/1r
0ZKwOqvZnzJnuIaqHsgPRl61ggGP3r8sH3btYLfRBYbm828fXERYW6dcR30Iogqa
F6UlYnM9UrEf217Z2OkB+ngbuMnMjBr27NG7ysk0AFUFJ3wE1fSSBjNtHyCgo2oQ
KG6SfCMTEwS/mwPWGkO9+Qr2dF20V8C5hzzYTViZk38XBwmrnKju7chZisXxRvXW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:17 2024 by rpki-client on console-fra.rpki-client.org