Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/7VMLFBirWUuZ0OwzusGx-vtZvBo.roa
File: 7VMLFBirWUuZ0OwzusGx-vtZvBo.roa (raw, json)
Hash identifier: Y4S1g0vlBVx62D1sj7k6dIDZuH6cU/5v25kygBMd7xU=
Subject key identifier: ED:53:0B:14:18:AB:59:4B:99:D0:EC:33:BA:C1:B1:FA:FB:59:BC:1A
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 018B664DFAE1E16BBDC1293EBBED7CCDE9D5
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/7VMLFBirWUuZ0OwzusGx-vtZvBo.roa
Signing time: Wed 25 Oct 2023 10:07:48 +0000
ROA not before: Wed 25 Oct 2023 10:07:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20640
IP address blocks: 217.173.128.0/19 maxlen: 23
217.140.72.0/21 maxlen: 21
217.140.80.0/21 maxlen: 21
217.140.88.0/21 maxlen: 21
2001:4b88::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:66:4d:fa:e1:e1:6b:bd:c1:29:3e:bb:ed:7c:cd:e9:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Oct 25 10:07:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ed530b1418ab594b99d0ec33bac1b1fafb59bc1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d8:20:e8:7d:ec:f3:f4:af:8f:58:0b:fe:06:
2a:d9:00:63:9f:09:3f:76:29:17:cd:61:ff:33:a0:
09:9f:7c:e4:be:22:c3:e2:91:c4:51:88:24:b6:ce:
74:77:dd:a6:a4:7f:f4:a5:46:c4:de:b1:20:be:56:
52:ea:c2:d4:d9:c7:3b:1c:16:a8:04:fc:6c:ba:92:
4e:b6:72:ae:6e:e7:0e:5b:6f:f9:d2:65:b8:18:5e:
ab:0c:f4:bf:41:33:0d:43:9e:44:fa:a9:2d:77:a8:
a5:05:a4:32:c4:2a:da:21:cc:59:c2:03:59:cd:cd:
97:99:7f:30:9b:9a:4d:fa:7c:ef:de:a0:92:55:f1:
48:e9:d5:b7:18:bc:fd:03:a2:c8:d3:c2:8f:65:db:
24:07:de:e2:ae:f3:98:24:e1:b7:1e:b8:84:c6:59:
50:0d:19:6d:ed:02:e1:a2:4a:3e:75:f9:e6:6e:a6:
4e:b7:d6:dc:87:c8:71:8d:9a:06:0e:21:e2:65:9c:
10:d3:ed:6c:9b:52:e5:a9:91:b2:d7:1f:2f:27:f3:
51:7d:85:c9:12:bb:64:65:31:49:d6:4e:1f:51:8d:
9c:72:da:87:19:05:77:60:10:a1:ec:68:b4:fd:ec:
55:d5:a7:a3:4c:05:3d:af:66:6d:e4:8c:bb:52:63:
07:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:53:0B:14:18:AB:59:4B:99:D0:EC:33:BA:C1:B1:FA:FB:59:BC:1A
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/7VMLFBirWUuZ0OwzusGx-vtZvBo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.140.72.0-217.140.95.255
217.173.128.0/19
IPv6:
2001:4b88::/32
Signature Algorithm: sha256WithRSAEncryption
0b:a8:7a:ec:93:52:5b:61:40:e1:a7:3d:f3:18:53:40:95:b4:
30:58:a2:c1:2c:92:8a:6a:29:a1:a7:b6:f0:bc:e6:4f:2d:f7:
07:af:b3:d2:45:19:27:b6:88:71:43:98:f9:d9:79:ba:1a:32:
99:2e:d9:4d:4e:f7:40:f7:3a:48:bb:9b:72:2d:6d:cf:a6:b7:
45:6d:43:2e:86:0b:8d:9a:cb:53:c4:c1:13:bc:64:b1:8f:be:
f6:52:f0:93:b2:c8:98:1d:b5:44:52:1c:0e:4f:90:34:9f:ce:
fd:1b:02:8a:05:b7:8d:60:9d:ff:9f:9d:0b:d3:e4:cc:f9:48:
6c:7f:de:f6:8b:a4:e1:af:2d:3b:0b:09:d3:11:7d:e3:c4:a9:
43:31:44:98:8b:17:32:78:2b:5b:2a:13:18:58:c3:bf:be:62:
2f:22:02:10:24:66:3a:8b:24:d7:66:3f:74:0d:5b:3c:a5:3a:
ba:34:af:34:80:b0:a4:17:74:38:d0:af:0a:76:38:e4:af:c9:
d3:88:0f:78:5f:53:a0:4f:60:95:ba:f5:e3:75:58:e1:3a:9b:
6c:d7:21:e3:30:f0:e7:7e:88:27:c6:76:35:78:ae:15:10:82:
7a:2b:05:2c:89:79:62:52:cf:cc:95:65:df:cd:6d:63:14:70:
d2:d0:43:75
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYtmTfrh4Wu9wSk+u+18zenVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMxMDI1MTAwNzQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDUzMGIxNDE4YWI1OTRiOTlkMGVjMzNiYWMxYjFmYWZiNTliYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdgg6H3s8/Svj1gL/gYq2QBjnwk/
dikXzWH/M6AJn3zkviLD4pHEUYgkts50d92mpH/0pUbE3rEgvlZS6sLU2cc7HBao
BPxsupJOtnKubucOW2/50mW4GF6rDPS/QTMNQ55E+qktd6ilBaQyxCraIcxZwgNZ
zc2XmX8wm5pN+nzv3qCSVfFI6dW3GLz9A6LI08KPZdskB97irvOYJOG3HriExllQ
DRlt7QLhoko+dfnmbqZOt9bch8hxjZoGDiHiZZwQ0+1sm1LlqZGy1x8vJ/NRfYXJ
ErtkZTFJ1k4fUY2cctqHGQV3YBCh7Gi0/exV1aejTAU9r2Zt5Iy7UmMHKwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFO1TCxQYq1lLmdDsM7rBsfr7WbwaMB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvN1ZNTEZCaXJXVXVaME93enVzR3gtdnRadkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAPZjEgD
BAXZjEADBAXZrYAwDQQCAAIwBwMFACABS4gwDQYJKoZIhvcNAQELBQADggEBAAuo
euyTUlthQOGnPfMYU0CVtDBYosEskopqKaGntvC85k8t9wevs9JFGSe2iHFDmPnZ
eboaMpku2U1O90D3Oki7m3Itbc+mt0VtQy6GC42ay1PEwRO8ZLGPvvZS8JOyyJgd
tURSHA5PkDSfzv0bAooFt41gnf+fnQvT5Mz5SGx/3vaLpOGvLTsLCdMRfePEqUMx
RJiLFzJ4K1sqExhYw7++Yi8iAhAkZjqLJNdmP3QNWzylOro0rzSAsKQXdDjQrwp2
OOSvydOID3hfU6BPYJW69eN1WOE6m2zXIeMw8Od+iCfGdjV4rhUQgnorBSyJeWJS
z8yVZd/NbWMUcNLQQ3U=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:29:33 2025 by rpki-client