Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/X7c6n6r6_Lk2OwwdLqXeXVZE3pg.roa
File: X7c6n6r6_Lk2OwwdLqXeXVZE3pg.roa (raw, json)
Hash identifier: FY0JV64PkCKOJx0ZRuKliIM6W14u4grfWNXrO3dq8hk=
Subject key identifier: 5F:B7:3A:9F:AA:FA:FC:B9:36:3B:0C:1D:2E:A5:DE:5D:56:44:DE:98
Certificate issuer: /CN=860d9f01a98b514ebd3c2723d7f7eb448326f5e2
Certificate serial: 018C115D12EE27BD786F55732BA97800C368
Authority key identifier: 86:0D:9F:01:A9:8B:51:4E:BD:3C:27:23:D7:F7:EB:44:83:26:F5:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hg2fAamLUU69PCcj1_frRIMm9eI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/X7c6n6r6_Lk2OwwdLqXeXVZE3pg.roa
Signing time: Mon 27 Nov 2023 15:19:21 +0000
ROA not before: Mon 27 Nov 2023 15:19:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 13020
IP address blocks: 151.217.0.0/17 maxlen: 17
2001:67c:20a1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:11:5d:12:ee:27:bd:78:6f:55:73:2b:a9:78:00:c3:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=860d9f01a98b514ebd3c2723d7f7eb448326f5e2
Validity
Not Before: Nov 27 15:19:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5fb73a9faafafcb9363b0c1d2ea5de5d5644de98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:1c:ef:59:f0:84:38:1c:87:64:d3:51:89:82:
d6:28:e3:09:f5:e0:3e:83:84:f7:79:7d:5c:fd:fa:
12:41:9f:1f:93:a5:86:59:bf:b8:83:9c:d3:dc:2a:
01:76:21:a0:a5:e4:e2:2d:4e:72:86:ab:c0:32:13:
09:73:a3:18:49:d2:77:6d:21:b2:78:27:7e:53:80:
65:60:40:62:4c:fd:d3:44:8d:27:e4:2c:48:3a:20:
a6:16:c4:53:8c:c1:38:bf:03:ce:92:80:7d:78:12:
47:50:eb:05:60:68:be:ec:5b:56:41:52:c5:78:59:
e1:b0:23:7f:05:af:a0:41:24:fc:71:f9:8a:b7:f8:
93:1f:ad:17:d8:58:87:48:2e:fa:19:01:f1:63:05:
2c:52:02:b4:af:b8:d0:db:b0:bf:14:9f:15:92:e5:
79:d0:0c:2c:4f:98:47:cd:9d:bc:d5:89:d3:86:4b:
3c:0e:dd:67:88:d2:55:30:92:e2:1e:f6:cf:64:1a:
e8:57:80:91:50:09:fa:20:67:1a:52:dc:3e:99:2d:
c4:a1:10:91:e6:42:5e:31:a7:e6:3a:95:97:bd:69:
8a:fa:62:2e:b7:cf:cc:ec:f7:ab:d4:aa:50:ed:1a:
57:e1:02:76:25:69:ac:20:4b:50:98:5d:8f:8b:ca:
c1:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:B7:3A:9F:AA:FA:FC:B9:36:3B:0C:1D:2E:A5:DE:5D:56:44:DE:98
X509v3 Authority Key Identifier:
keyid:86:0D:9F:01:A9:8B:51:4E:BD:3C:27:23:D7:F7:EB:44:83:26:F5:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hg2fAamLUU69PCcj1_frRIMm9eI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/X7c6n6r6_Lk2OwwdLqXeXVZE3pg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/hg2fAamLUU69PCcj1_frRIMm9eI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.217.0.0/17
IPv6:
2001:67c:20a1::/48
Signature Algorithm: sha256WithRSAEncryption
49:ba:82:4d:6f:37:85:28:7b:e6:eb:2b:48:24:36:09:fa:75:
18:fa:60:ff:09:13:2d:df:38:d5:4e:00:b3:c5:e8:3c:b3:07:
c8:ce:95:e6:ef:d1:ef:43:d5:6d:6e:f4:34:6b:f4:a2:73:6d:
fc:71:51:26:ae:e2:c0:fc:38:3e:09:72:9d:90:98:f6:aa:e9:
2b:12:f5:ed:b1:11:21:24:dc:28:8a:f1:34:35:d1:59:a9:fe:
61:58:fd:90:72:66:cc:3f:19:ab:5d:bb:f4:44:ed:eb:12:c2:
f3:09:51:4f:37:da:d6:ad:ff:3d:b9:2c:19:91:71:94:fc:cc:
02:d1:50:34:24:8e:e0:3f:e4:a2:82:bc:9f:14:be:4f:15:7f:
eb:e9:82:f0:57:70:ae:f3:be:d7:e3:a7:9a:a3:df:85:5d:27:
62:84:ed:03:f0:f6:34:4c:bd:37:ba:a5:74:54:47:23:dd:d5:
a3:8a:48:fc:cd:b3:dd:d6:9c:a5:8d:74:f4:b8:9f:71:c0:ad:
dd:72:d0:94:cf:87:b1:d9:4f:ae:2c:0c:7a:79:9e:14:4f:ac:
07:51:1c:d9:51:74:cb:54:26:1d:a1:42:49:0e:5d:68:16:e3:
b1:6d:3b:aa:df:e1:fe:0d:e4:1c:fc:6f:24:de:f4:c6:9b:87:
5c:8d:45:4c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwRXRLuJ714b1VzK6l4AMNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MGQ5ZjAxYTk4YjUxNGViZDNjMjcyM2Q3ZjdlYjQ0ODMy
NmY1ZTIwHhcNMjMxMTI3MTUxOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI3M2E5ZmFhZmFmY2I5MzYzYjBjMWQyZWE1ZGU1ZDU2NDRkZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxzvWfCEOByHZNNRiYLWKOMJ9eA+
g4T3eX1c/foSQZ8fk6WGWb+4g5zT3CoBdiGgpeTiLU5yhqvAMhMJc6MYSdJ3bSGy
eCd+U4BlYEBiTP3TRI0n5CxIOiCmFsRTjME4vwPOkoB9eBJHUOsFYGi+7FtWQVLF
eFnhsCN/Ba+gQST8cfmKt/iTH60X2FiHSC76GQHxYwUsUgK0r7jQ27C/FJ8VkuV5
0AwsT5hHzZ281YnThks8Dt1niNJVMJLiHvbPZBroV4CRUAn6IGcaUtw+mS3EoRCR
5kJeMafmOpWXvWmK+mIut8/M7Per1KpQ7RpX4QJ2JWmsIEtQmF2Pi8rBMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF+3Op+q+vy5NjsMHS6l3l1WRN6YMB8GA1UdIwQY
MBaAFIYNnwGpi1FOvTwnI9f360SDJvXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGcyZkFhbUxVVTY5UENjajFfZnJSSU1tOWVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8yM2JlYTYtOTAwMS00NDFkLTgzNjQt
NjFjYjQzYzJkYjg1LzEvWDdjNm42cjZfTGsyT3d3ZExxWGVYVlpFM3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8yM2JlYTYtOTAwMS00NDFkLTgzNjQtNjFjYjQzYzJkYjg1
LzEvaGcyZkFhbUxVVTY5UENjajFfZnJSSU1tOWVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQHl9kAMA8E
AgACMAkDBwAgAQZ8IKEwDQYJKoZIhvcNAQELBQADggEBAEm6gk1vN4Uoe+brK0gk
Ngn6dRj6YP8JEy3fONVOALPF6DyzB8jOlebv0e9D1W1u9DRr9KJzbfxxUSau4sD8
OD4Jcp2QmPaq6SsS9e2xESEk3CiK8TQ10Vmp/mFY/ZByZsw/Gatdu/RE7esSwvMJ
UU832tat/z25LBmRcZT8zALRUDQkjuA/5KKCvJ8Uvk8Vf+vpgvBXcK7zvtfjp5qj
34VdJ2KE7QPw9jRMvTe6pXRURyPd1aOKSPzNs93WnKWNdPS4n3HArd1y0JTPh7HZ
T64sDHp5nhRPrAdRHNlRdMtUJh2hQkkOXWgW47FtO6rf4f4N5Bz8byTe9Mabh1yN
RUw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:36 2024 by rpki-client on console-ams.rpki-client.org