Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/0wjWADUsfQeVxh7XmKOCrcycgDU.roa
File: 0wjWADUsfQeVxh7XmKOCrcycgDU.roa (raw, json)
Hash identifier: JoR4OZfwZmdaQijU3i/lioKmj/HcIvEYFRdvm4I5G2Q=
Subject key identifier: D3:08:D6:00:35:2C:7D:07:95:C6:1E:D7:98:A3:82:AD:CC:9C:80:35
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 018A3CB304B8ABE6259F987915646204CC2D
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/0wjWADUsfQeVxh7XmKOCrcycgDU.roa
Signing time: Mon 28 Aug 2023 15:11:19 +0000
ROA not before: Mon 28 Aug 2023 15:11:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.0.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:3c:b3:04:b8:ab:e6:25:9f:98:79:15:64:62:04:cc:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Aug 28 15:11:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d308d600352c7d0795c61ed798a382adcc9c8035
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:ba:dc:3d:66:e3:63:f1:8e:17:6a:b8:14:dd:
a6:2c:58:95:01:0b:4a:a0:e1:10:7d:3c:be:d1:a9:
3a:a6:dc:26:7e:c0:65:17:62:b2:1a:15:f4:be:34:
fd:0e:d4:05:46:e9:93:ba:67:2d:32:56:2a:16:ce:
55:15:a4:e5:09:2a:e3:34:2f:5b:46:40:2e:59:e8:
04:db:99:68:a9:d4:0c:ec:e0:32:4b:e4:81:4d:43:
00:32:e4:cf:e5:6c:23:48:71:46:be:9b:8a:d1:92:
0d:25:c1:42:4c:3b:68:80:f8:15:14:47:f5:55:8a:
8b:1c:82:cc:b1:ae:7b:95:19:bd:38:38:0a:b9:3d:
93:b6:f2:8a:de:2b:21:4f:e8:bf:14:b2:55:ee:40:
2a:83:42:b7:39:15:23:f1:ce:23:c9:3e:ae:f2:82:
f1:b3:1e:e2:5e:90:90:02:70:68:21:3d:c5:3f:37:
49:49:26:ea:a1:7e:77:1c:f0:48:d0:cc:3a:7d:3f:
58:0c:4f:c4:99:8b:e9:1d:bd:f2:17:fe:2e:92:2d:
4d:f0:8c:e9:d8:e1:c8:ad:ad:93:c1:6d:18:a6:80:
d5:f4:52:44:06:32:55:68:f4:4c:92:71:bd:4c:31:
5b:5d:b5:82:e1:e4:6f:e9:e1:1d:32:0e:56:5b:15:
8b:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:08:D6:00:35:2C:7D:07:95:C6:1E:D7:98:A3:82:AD:CC:9C:80:35
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/0wjWADUsfQeVxh7XmKOCrcycgDU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0/18
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
a5:52:3c:3e:e8:5e:ee:1a:19:7b:84:7d:4d:43:6d:6e:99:70:
03:a9:40:16:81:ad:dc:83:74:36:ba:33:03:41:68:7e:81:52:
61:cd:8e:5e:41:dc:65:c4:f8:95:6d:5f:ff:2c:dc:db:29:69:
59:0d:c7:72:41:c4:af:ef:72:17:54:33:f7:5e:01:0c:ac:6b:
58:42:5a:b2:90:19:89:80:a1:4b:5c:3f:12:7f:b6:22:93:1c:
8c:66:bd:29:ce:7c:dc:31:4b:79:3c:96:84:59:71:b5:74:7e:
5e:69:d8:e6:4b:2c:01:5b:2c:fe:80:73:3e:bb:83:02:62:c2:
2a:2e:61:d6:1e:ee:69:bb:48:86:49:65:40:0c:7a:df:96:86:
9a:b9:3d:6a:43:90:0f:0a:48:7d:8b:a8:b4:54:db:e5:40:a1:
e6:1b:07:3f:fd:e2:30:e0:4e:d1:37:79:ba:27:cc:e7:17:04:
3c:30:d5:ca:4e:42:7f:e3:b9:9a:76:f7:41:92:9b:70:f2:04:
42:42:44:d0:3c:76:cd:de:1e:43:36:8c:f5:31:b7:2f:b0:4f:
f1:b9:ea:4d:8e:87:da:17:16:24:a1:6d:39:c0:89:47:ce:7e:
4b:ed:40:d7:69:24:63:29:d0:78:9c:23:6c:de:ba:7a:a3:03:
2e:81:f7:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYo8swS4q+Yln5h5FWRiBMwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjMwODI4MTUxMTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzA4ZDYwMDM1MmM3ZDA3OTVjNjFlZDc5OGEzODJhZGNjOWM4MDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbrcPWbjY/GOF2q4FN2mLFiVAQtK
oOEQfTy+0ak6ptwmfsBlF2KyGhX0vjT9DtQFRumTumctMlYqFs5VFaTlCSrjNC9b
RkAuWegE25loqdQM7OAyS+SBTUMAMuTP5WwjSHFGvpuK0ZINJcFCTDtogPgVFEf1
VYqLHILMsa57lRm9ODgKuT2TtvKK3ishT+i/FLJV7kAqg0K3ORUj8c4jyT6u8oLx
sx7iXpCQAnBoIT3FPzdJSSbqoX53HPBI0Mw6fT9YDE/EmYvpHb3yF/4uki1N8Izp
2OHIra2TwW0YpoDV9FJEBjJVaPRMknG9TDFbXbWC4eRv6eEdMg5WWxWLJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNMI1gA1LH0HlcYe15ijgq3MnIA1MB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvMHdqV0FEVXNmUWVWeGg3WG1LT0NyY3ljZ0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQG2Y4AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQClUjw+6F7uGhl7hH1NQ21u
mXADqUAWga3cg3Q2ujMDQWh+gVJhzY5eQdxlxPiVbV//LNzbKWlZDcdyQcSv73IX
VDP3XgEMrGtYQlqykBmJgKFLXD8Sf7YikxyMZr0pznzcMUt5PJaEWXG1dH5eadjm
SywBWyz+gHM+u4MCYsIqLmHWHu5pu0iGSWVADHrfloaauT1qQ5APCkh9i6i0VNvl
QKHmGwc//eIw4E7RN3m6J8znFwQ8MNXKTkJ/47madvdBkptw8gRCQkTQPHbN3h5D
Noz1MbcvsE/xuepNjofaFxYkoW05wIlHzn5L7UDXaSRjKdB4nCNs3rp6owMugff3
-----END CERTIFICATE-----
Generated at Tue Apr 22 12:13:37 2025 by rpki-client