Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/zSjcZrfXE3bIdEg2L40e2rOT5JA.roa
File: zSjcZrfXE3bIdEg2L40e2rOT5JA.roa (raw, json)
Hash identifier: /VcZTy8J1HaHXmV5a/9XEIaEZoEB7kVMal3/RKk2J40=
Subject key identifier: CD:28:DC:66:B7:D7:13:76:C8:74:48:36:2F:8D:1E:DA:B3:93:E4:90
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 018C67335388CDD15D6B6A0873DA4B1614F5
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/zSjcZrfXE3bIdEg2L40e2rOT5JA.roa
Signing time: Thu 14 Dec 2023 07:21:06 +0000
ROA not before: Thu 14 Dec 2023 07:21:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.0.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:67:33:53:88:cd:d1:5d:6b:6a:08:73:da:4b:16:14:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Dec 14 07:21:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cd28dc66b7d71376c87448362f8d1edab393e490
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:2f:9d:51:78:f1:2f:59:b9:1a:37:ba:7b:52:
5b:b7:46:5e:91:aa:26:3e:12:d4:6b:09:55:9a:0b:
ba:c1:1e:49:2d:81:f9:4b:d8:d1:73:db:88:b8:4b:
ce:e3:03:8b:37:da:1c:91:46:4d:d8:90:02:75:4e:
45:e2:c1:b6:c7:ed:78:48:9a:cd:f5:4c:37:46:c7:
f3:51:7c:0d:62:0e:d4:79:ab:d6:46:73:ae:fa:21:
9d:51:56:a7:5a:85:2b:5b:fb:b9:72:49:11:01:cd:
30:1f:ac:8a:cd:e6:93:4a:49:a8:33:d7:40:d1:39:
c2:0a:ce:33:70:d3:e7:c8:72:79:0f:c3:67:03:0e:
91:f9:3f:20:4b:8a:d8:aa:6c:0d:ce:81:77:bc:ec:
19:e4:a8:76:bb:42:b2:a4:7c:ca:4f:e3:b5:4e:05:
af:fd:86:51:a9:86:46:c8:14:17:33:dc:f5:53:cd:
49:e8:3f:c0:d7:5d:c9:0d:6d:85:d7:d9:8e:1b:20:
b1:48:87:bc:47:b9:49:ca:e0:82:8d:2e:04:dc:2a:
47:5a:ca:a9:99:bd:1d:f9:2a:25:6d:8f:6b:b4:0d:
e9:79:0d:1d:bc:89:d2:4d:ec:b0:29:56:3a:e3:8c:
c0:0e:ad:bf:f7:f9:50:93:b6:9d:48:2c:28:81:fd:
8b:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:28:DC:66:B7:D7:13:76:C8:74:48:36:2F:8D:1E:DA:B3:93:E4:90
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/zSjcZrfXE3bIdEg2L40e2rOT5JA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0/18
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
08:77:b5:26:25:6d:60:8a:22:76:f1:a3:88:01:98:83:b5:50:
9e:d8:74:37:2b:b9:91:f3:16:13:2c:ba:03:ff:46:30:68:41:
8f:ef:6f:71:aa:6c:f7:2f:23:10:be:e7:22:1b:08:89:01:c1:
f7:c8:ea:9a:27:77:49:13:fb:50:e4:f2:04:be:c4:31:37:5c:
64:b6:a7:ae:0f:dd:d7:02:b4:bb:3b:ba:e7:4b:16:e7:c8:f3:
8b:03:6a:cc:99:de:3d:ae:cb:50:9b:89:6e:c7:f4:8b:24:e2:
b5:51:0e:2a:96:0c:77:10:18:7c:8f:df:71:9c:d7:64:76:08:
f1:02:08:18:bc:c1:1c:fe:6a:c4:1f:40:7f:0e:e1:4d:34:6c:
9f:5c:1a:0a:ec:01:ba:3d:3a:04:be:8d:6a:4e:98:71:07:e5:
43:31:97:1c:ab:5d:5e:6a:51:9e:3f:ca:16:14:5a:3f:22:0e:
50:18:db:ae:38:da:10:f4:42:fe:0c:49:40:ce:60:6b:9a:93:
51:3d:ca:3d:ce:f0:0c:d9:12:c9:33:b8:53:6d:99:ec:d3:d0:
20:5c:65:ac:49:a4:e6:ef:3e:2d:fc:67:52:e1:ac:4f:8f:67:
34:7a:e0:2f:ca:04:aa:37:e0:fa:e2:1f:bd:55:83:05:24:76:
8f:88:c4:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYxnM1OIzdFda2oIc9pLFhT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjMxMjE0MDcyMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDI4ZGM2NmI3ZDcxMzc2Yzg3NDQ4MzYyZjhkMWVkYWIzOTNlNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhy+dUXjxL1m5Gje6e1Jbt0Zekaom
PhLUawlVmgu6wR5JLYH5S9jRc9uIuEvO4wOLN9ockUZN2JACdU5F4sG2x+14SJrN
9Uw3RsfzUXwNYg7UeavWRnOu+iGdUVanWoUrW/u5ckkRAc0wH6yKzeaTSkmoM9dA
0TnCCs4zcNPnyHJ5D8NnAw6R+T8gS4rYqmwNzoF3vOwZ5Kh2u0KypHzKT+O1TgWv
/YZRqYZGyBQXM9z1U81J6D/A113JDW2F19mOGyCxSIe8R7lJyuCCjS4E3CpHWsqp
mb0d+SolbY9rtA3peQ0dvInSTeywKVY644zADq2/9/lQk7adSCwogf2L1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM0o3Ga31xN2yHRINi+NHtqzk+SQMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvelNqY1pyZlhFM2JJZEVnMkw0MGUyck9UNUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQG2Y4AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQAId7UmJW1giiJ28aOIAZiD
tVCe2HQ3K7mR8xYTLLoD/0YwaEGP729xqmz3LyMQvuciGwiJAcH3yOqaJ3dJE/tQ
5PIEvsQxN1xktqeuD93XArS7O7rnSxbnyPOLA2rMmd49rstQm4lux/SLJOK1UQ4q
lgx3EBh8j99xnNdkdgjxAggYvMEc/mrEH0B/DuFNNGyfXBoK7AG6PToEvo1qTphx
B+VDMZccq11ealGeP8oWFFo/Ig5QGNuuONoQ9EL+DElAzmBrmpNRPco9zvAM2RLJ
M7hTbZns09AgXGWsSaTm7z4t/GdS4axPj2c0euAvygSqN+D64h+9VYMFJHaPiMS8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:17 2024 by rpki-client on console-fra.rpki-client.org