Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/uoc75sE03u9yACJwy3M1tTXHDK8.roa
File: uoc75sE03u9yACJwy3M1tTXHDK8.roa (raw, json)
Hash identifier: u+Fk8U9TFe9xOPlLhXqu2u7TXL4oLSWk4cCTXO+AGiI=
Subject key identifier: BA:87:3B:E6:C1:34:DE:EF:72:00:22:70:CB:73:35:B5:35:C7:0C:AF
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 018C6DB68202E16C8F07AA190A65D02593FD
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/uoc75sE03u9yACJwy3M1tTXHDK8.roa
Signing time: Fri 15 Dec 2023 13:42:06 +0000
ROA not before: Fri 15 Dec 2023 13:42:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21507
IP address blocks: 217.142.32.0/19 maxlen: 19
217.142.16.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6d:b6:82:02:e1:6c:8f:07:aa:19:0a:65:d0:25:93:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Dec 15 13:42:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ba873be6c134deef72002270cb7335b535c70caf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:38:89:1f:d2:f7:04:14:4f:d0:b8:81:d3:d4:
fc:84:7c:51:09:99:5e:91:48:6b:a4:65:0b:0c:5f:
40:f2:f3:ae:4d:09:a6:92:d2:92:14:8a:95:5e:47:
cd:4a:a6:d9:ab:4d:71:48:22:48:73:45:4a:86:2c:
e0:b5:16:c9:d9:17:43:fb:bd:b9:e7:6a:41:d0:85:
73:3f:b4:74:43:f8:25:22:c8:d9:59:2f:5e:55:5b:
85:d7:a4:66:ff:82:c5:75:33:e0:96:30:e8:b3:92:
b1:14:79:5a:2e:92:ba:13:9d:d8:20:11:59:a6:d6:
cd:0a:3e:81:a3:ab:c4:17:6c:59:f4:87:2f:ce:ff:
f6:d1:ed:71:7a:ec:f9:f7:ff:6a:8b:28:99:2e:77:
99:a3:a6:59:42:98:45:d5:99:07:4b:a6:2d:a5:ce:
1d:f5:ac:fc:83:62:46:5e:62:dd:ee:fc:00:3f:67:
73:5a:4a:98:74:d7:ce:e4:8c:b1:da:9d:cd:53:b2:
02:06:f3:39:f5:7e:39:29:f3:8c:e2:cb:76:d1:63:
92:aa:1e:6f:73:ef:a8:dd:21:72:e9:db:5d:ab:6a:
c5:68:a0:1d:64:ac:1d:bc:44:5e:d9:32:4c:f8:bf:
03:71:02:2d:26:87:4c:63:20:b7:74:d2:93:51:9b:
95:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:87:3B:E6:C1:34:DE:EF:72:00:22:70:CB:73:35:B5:35:C7:0C:AF
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/uoc75sE03u9yACJwy3M1tTXHDK8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.16.0-217.142.63.255
Signature Algorithm: sha256WithRSAEncryption
19:90:2c:2a:8b:0f:88:e4:d8:f9:25:f3:b7:f4:15:15:f5:c6:
d1:14:d1:3a:72:2d:10:62:84:76:33:ae:93:59:8c:ce:84:47:
0e:bb:dc:33:46:95:e0:90:45:30:36:cd:c1:34:23:2e:1e:10:
6a:71:f2:d9:98:0c:8e:18:04:62:c7:38:a7:d7:22:d3:5a:8e:
f2:60:47:a0:ba:bf:7e:88:6e:0f:a6:68:7d:25:42:33:8e:bb:
8d:8b:9a:ce:73:73:86:2c:87:57:cb:e2:1e:ad:b2:9b:da:ba:
62:dc:1f:d8:3d:fd:73:9b:fb:f7:ab:8e:a8:09:c4:6a:f5:f1:
a9:73:02:42:2a:51:b7:bb:28:24:09:b2:1c:44:78:09:09:00:
77:43:cc:f1:fa:2c:ff:1b:8f:cf:dd:8c:fc:6e:e6:bc:45:0c:
01:42:64:59:13:20:13:46:1a:91:4e:17:dc:9a:3f:86:ea:f0:
e1:29:5b:49:eb:f4:60:97:27:32:fc:9f:ae:d0:67:46:82:4c:
7b:28:89:44:5d:53:be:74:d1:12:6c:d5:99:7b:3b:09:2b:2f:
00:04:96:ec:2e:21:b6:67:d6:73:07:47:b2:2f:34:2d:d7:75:
a4:dc:52:d9:47:e3:0e:e8:c3:4b:5e:25:99:a3:b1:aa:3c:fc:
9d:2b:55:20
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYxttoIC4WyPB6oZCmXQJZP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjMxMjE1MTM0MjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTg3M2JlNmMxMzRkZWVmNzIwMDIyNzBjYjczMzViNTM1YzcwY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjiJH9L3BBRP0LiB09T8hHxRCZle
kUhrpGULDF9A8vOuTQmmktKSFIqVXkfNSqbZq01xSCJIc0VKhizgtRbJ2RdD+725
52pB0IVzP7R0Q/glIsjZWS9eVVuF16Rm/4LFdTPgljDos5KxFHlaLpK6E53YIBFZ
ptbNCj6Bo6vEF2xZ9Icvzv/20e1xeuz59/9qiyiZLneZo6ZZQphF1ZkHS6Ytpc4d
9az8g2JGXmLd7vwAP2dzWkqYdNfO5Iyx2p3NU7ICBvM59X45KfOM4st20WOSqh5v
c++o3SFy6dtdq2rFaKAdZKwdvERe2TJM+L8DcQItJodMYyC3dNKTUZuVhwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLqHO+bBNN7vcgAicMtzNbU1xwyvMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvdW9jNzVzRTAzdTl5QUNKd3kzTTF0VFhIREs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATZjhAD
BAbZjgAwDQYJKoZIhvcNAQELBQADggEBABmQLCqLD4jk2Pkl87f0FRX1xtEU0Tpy
LRBihHYzrpNZjM6ERw673DNGleCQRTA2zcE0Iy4eEGpx8tmYDI4YBGLHOKfXItNa
jvJgR6C6v36Ibg+maH0lQjOOu42Lms5zc4Ysh1fL4h6tspvaumLcH9g9/XOb+/er
jqgJxGr18alzAkIqUbe7KCQJshxEeAkJAHdDzPH6LP8bj8/djPxu5rxFDAFCZFkT
IBNGGpFOF9yaP4bq8OEpW0nr9GCXJzL8n67QZ0aCTHsoiURdU7500RJs1Zl7Owkr
LwAEluwuIbZn1nMHR7IvNC3XdaTcUtlH4w7ow0teJZmjsao8/J0rVSA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:17 2024 by rpki-client on console-fra.rpki-client.org