Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/3iXvFNK7kKLVXYpRV71zOu4zzfE.roa
File: 3iXvFNK7kKLVXYpRV71zOu4zzfE.roa (raw, json)
Hash identifier: jMzhGz4CgO8bcXwaZA/AGBiQdifsxQWG8Gj60G2ZIg0=
Subject key identifier: DE:25:EF:14:D2:BB:90:A2:D5:5D:8A:51:57:BD:73:3A:EE:33:CD:F1
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 0189EF4F99EF18FA5250643A559E6E8F87CB
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/3iXvFNK7kKLVXYpRV71zOu4zzfE.roa
Signing time: Sun 13 Aug 2023 14:31:58 +0000
ROA not before: Sun 13 Aug 2023 14:31:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20640
IP address blocks: 217.173.128.0/19 maxlen: 22
217.140.72.0/21 maxlen: 21
217.140.80.0/21 maxlen: 21
2001:4b88::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ef:4f:99:ef:18:fa:52:50:64:3a:55:9e:6e:8f:87:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Aug 13 14:31:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=de25ef14d2bb90a2d55d8a5157bd733aee33cdf1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ff:36:6c:fb:bb:c2:be:6d:43:a8:fd:2f:c2:
29:a1:0a:29:33:44:49:f6:b1:db:60:73:8f:41:5a:
0e:73:67:a3:88:77:e3:55:db:68:49:30:8a:50:48:
4a:67:06:c0:2c:43:0f:79:53:d5:2b:1c:73:56:c1:
2c:e8:70:76:fb:96:63:dd:4d:16:f5:bd:62:e9:72:
7b:f6:95:2d:0f:e7:05:ad:3a:7f:f0:94:63:6e:8d:
d7:8b:8e:ae:be:96:dc:87:26:5e:c1:64:5a:1d:4a:
20:f3:00:8d:5e:66:56:70:9f:db:ae:75:bd:60:5c:
1f:24:4e:c3:f3:00:3a:2c:d5:0c:b5:dd:82:33:93:
be:ba:b9:a2:cf:4c:c3:46:79:e8:3b:fb:ec:6e:50:
51:da:04:40:ee:58:ff:02:51:2f:c1:64:58:c5:7a:
34:08:a0:a9:bc:8f:9b:85:78:65:21:c8:98:c1:f1:
35:fb:62:44:e4:ca:8e:a3:95:0a:9d:96:0c:b7:fd:
c6:fa:94:a6:af:31:9d:9a:f3:da:75:9b:48:3c:89:
3b:82:f4:73:1f:6d:62:14:73:d9:8b:77:12:65:5f:
fe:7d:78:26:82:8e:32:0f:bb:72:9c:e8:4d:a3:1f:
cb:7f:02:cd:b6:8e:83:10:b3:02:bf:05:1c:31:d7:
c8:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:25:EF:14:D2:BB:90:A2:D5:5D:8A:51:57:BD:73:3A:EE:33:CD:F1
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/3iXvFNK7kKLVXYpRV71zOu4zzfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.140.72.0-217.140.87.255
217.173.128.0/19
IPv6:
2001:4b88::/32
Signature Algorithm: sha256WithRSAEncryption
2a:eb:03:8c:20:7e:0a:35:26:61:b3:86:b9:e9:ea:89:c4:f2:
f2:e0:02:93:33:62:76:e5:ba:fd:76:bb:1c:a7:c6:7e:a0:32:
10:3d:97:b5:21:db:ea:3d:c8:aa:04:1f:f5:5c:44:53:00:88:
4c:6f:6e:5c:ca:9e:6d:02:c3:27:5e:3d:95:13:78:76:d8:f8:
83:b6:18:86:f6:16:95:dd:79:d8:8e:73:df:e2:0f:e6:f1:cb:
0d:66:df:ba:0f:89:0b:38:e9:e4:79:36:b4:20:08:8a:5b:58:
32:fe:97:ba:bf:26:db:be:9d:b3:b4:2d:3c:19:f1:e2:9d:b6:
3d:c5:59:b4:e0:1e:d3:70:a8:ec:51:ff:b0:5b:b9:80:56:bf:
27:9b:78:d1:ba:ca:f6:c2:6e:df:3a:16:0d:b5:0f:96:73:2a:
14:1b:8b:dd:38:59:5a:af:bb:cd:90:6f:8e:07:77:8f:a8:3b:
29:69:88:10:ad:b7:a7:7a:16:16:d1:b6:dd:66:36:3b:fd:a8:
de:e7:7f:1f:dd:b5:c2:2f:72:e1:36:dd:a4:b2:7f:3b:42:68:
6c:e2:0d:24:49:dd:53:da:bf:37:7d:ce:82:1a:6f:b7:37:0d:
e3:8f:5e:0c:f6:4e:19:c6:ae:a4:85:79:93:78:a6:09:1e:d5:
c2:7f:07:6f
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYnvT5nvGPpSUGQ6VZ5uj4fLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMwODEzMTQzMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTI1ZWYxNGQyYmI5MGEyZDU1ZDhhNTE1N2JkNzMzYWVlMzNjZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP82bPu7wr5tQ6j9L8IpoQopM0RJ
9rHbYHOPQVoOc2ejiHfjVdtoSTCKUEhKZwbALEMPeVPVKxxzVsEs6HB2+5Zj3U0W
9b1i6XJ79pUtD+cFrTp/8JRjbo3Xi46uvpbchyZewWRaHUog8wCNXmZWcJ/brnW9
YFwfJE7D8wA6LNUMtd2CM5O+urmiz0zDRnnoO/vsblBR2gRA7lj/AlEvwWRYxXo0
CKCpvI+bhXhlIciYwfE1+2JE5MqOo5UKnZYMt/3G+pSmrzGdmvPadZtIPIk7gvRz
H21iFHPZi3cSZV/+fXgmgo4yD7tynOhNox/LfwLNto6DELMCvwUcMdfIFQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFN4l7xTSu5Ci1V2KUVe9czruM83xMB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvM2lYdkZOSzdrS0xWWFlwUlY3MXpPdTR6emZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAPZjEgD
BAPZjFADBAXZrYAwDQQCAAIwBwMFACABS4gwDQYJKoZIhvcNAQELBQADggEBACrr
A4wgfgo1JmGzhrnp6onE8vLgApMzYnbluv12uxynxn6gMhA9l7Uh2+o9yKoEH/Vc
RFMAiExvblzKnm0CwydePZUTeHbY+IO2GIb2FpXdediOc9/iD+bxyw1m37oPiQs4
6eR5NrQgCIpbWDL+l7q/Jtu+nbO0LTwZ8eKdtj3FWbTgHtNwqOxR/7BbuYBWvyeb
eNG6yvbCbt86Fg21D5ZzKhQbi904WVqvu82Qb44Hd4+oOylpiBCtt6d6FhbRtt1m
Njv9qN7nfx/dtcIvcuE23aSyfztCaGziDSRJ3VPavzd9zoIab7c3DeOPXgz2ThnG
rqSFeZN4pgke1cJ/B28=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:21 2024 by rpki-client on console-fra.rpki-client.org