Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/6G7TCPYc6Vo_YGo2R9KNYFiN35k.roa
File: 6G7TCPYc6Vo_YGo2R9KNYFiN35k.roa (raw, json)
Hash identifier: NCg4Tm1bq87BMoAKJHnP5/DNUj+GRrI394CzASjxr+Q=
Subject key identifier: E8:6E:D3:08:F6:1C:E9:5A:3F:60:6A:36:47:D2:8D:60:58:8D:DF:99
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 01856F7957EEDDFF490E6969725DF28A9489
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/6G7TCPYc6Vo_YGo2R9KNYFiN35k.roa
Signing time: Sun 01 Jan 2023 22:35:01 +0000
ROA not before: Sun 01 Jan 2023 22:35:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.64.0/18 maxlen: 18
217.142.0.0/18 maxlen: 18
217.142.128.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:79:57:ee:dd:ff:49:0e:69:69:72:5d:f2:8a:94:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Jan 1 22:35:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e86ed308f61ce95a3f606a3647d28d60588ddf99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:11:18:91:0d:96:a3:50:40:96:96:8e:57:2c:
26:f4:23:2b:42:e6:35:21:d2:1b:7f:9c:78:cf:94:
0e:25:e5:7f:af:0a:3a:06:e7:d5:87:f6:21:25:b4:
48:42:60:d9:c9:65:73:64:fb:d1:03:62:d9:18:e4:
1e:d1:e3:fb:22:9a:cd:9d:c8:cc:e8:67:69:26:dd:
c1:89:88:e4:a4:b9:2e:6d:76:bd:b8:2e:ff:a4:c6:
3f:f4:c9:33:bc:55:05:51:11:02:01:cd:e3:e1:0e:
36:48:14:54:e9:da:d1:12:38:21:7c:e5:25:dd:f5:
05:b0:cd:5d:3c:d5:bf:12:2f:e4:8e:2b:13:44:e8:
cb:23:c1:55:0d:ea:48:d8:ee:34:c2:a2:da:8c:92:
42:df:85:b9:1c:8a:d7:80:8e:ca:8a:98:ee:1f:8e:
fc:d0:a7:d5:fa:af:9c:cd:74:d5:f9:a1:ac:46:e7:
e8:68:bd:24:e3:03:5e:74:17:ad:25:13:00:29:0c:
2d:d3:c5:ad:2a:db:92:29:21:a4:8d:9f:c7:07:67:
08:02:29:88:e3:46:a0:a3:76:32:1e:f5:f6:e3:ec:
6a:30:d4:1b:b8:63:1c:d1:f9:66:0d:68:de:41:c9:
98:db:38:d0:2a:93:56:48:28:36:df:64:76:7d:c1:
ae:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:6E:D3:08:F6:1C:E9:5A:3F:60:6A:36:47:D2:8D:60:58:8D:DF:99
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/6G7TCPYc6Vo_YGo2R9KNYFiN35k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0-217.142.191.255
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
91:d2:0c:3c:e2:fe:f8:ee:fe:f8:30:01:8c:15:38:9a:38:72:
20:24:25:dc:56:7a:e2:33:8e:bb:4f:94:64:26:20:73:fa:bf:
c3:bf:7f:68:0d:87:aa:8f:8c:a1:c1:f8:32:bc:ab:a0:34:b1:
e0:fe:a1:a3:7e:a0:6b:e7:83:a7:79:51:82:c5:42:99:8a:84:
c4:05:1e:08:b8:6c:e1:37:93:01:80:2d:b6:8f:f2:08:bd:f6:
8f:cb:b2:71:4d:6c:22:d4:ff:3f:a0:75:f9:bf:81:21:f3:8c:
ac:8a:b1:78:36:09:51:88:4c:58:33:8c:c1:70:bb:c8:b0:bf:
33:f6:67:cc:c3:e6:fe:d2:1a:41:75:21:96:a7:74:f3:66:cc:
22:32:4d:0a:f6:cf:39:27:9f:2e:67:39:40:e4:da:ed:46:c4:
6f:1e:0f:a3:3b:54:b4:12:04:31:ed:6a:94:74:e9:eb:0e:6b:
f2:e3:bd:ec:33:a6:c1:0f:9c:2d:3a:0e:53:29:f1:ee:91:44:
33:29:28:e8:6b:55:95:01:57:cc:3a:c1:d0:07:81:66:4e:1f:
4b:97:77:91:30:ed:75:d3:e2:9a:53:e5:00:d6:bd:6a:0e:ab:
ac:5d:cc:9e:39:3f:91:67:e6:21:e4:3a:6c:a8:f7:51:b4:19:
30:0d:85:63
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVveVfu3f9JDmlpcl3yipSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjMwMTAxMjIzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODZlZDMwOGY2MWNlOTVhM2Y2MDZhMzY0N2QyOGQ2MDU4OGRkZjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvREYkQ2Wo1BAlpaOVywm9CMrQuY1
IdIbf5x4z5QOJeV/rwo6BufVh/YhJbRIQmDZyWVzZPvRA2LZGOQe0eP7IprNncjM
6GdpJt3BiYjkpLkubXa9uC7/pMY/9MkzvFUFURECAc3j4Q42SBRU6drREjghfOUl
3fUFsM1dPNW/Ei/kjisTROjLI8FVDepI2O40wqLajJJC34W5HIrXgI7KipjuH478
0KfV+q+czXTV+aGsRufoaL0k4wNedBetJRMAKQwt08WtKtuSKSGkjZ/HB2cIAimI
40ago3YyHvX24+xqMNQbuGMc0flmDWjeQcmY2zjQKpNWSCg232R2fcGubwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFOhu0wj2HOlaP2BqNkfSjWBYjd+ZMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvNkc3VENQWWM2Vm9fWUdvMlI5S05ZRmlOMzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDATBAIAATANMAsDAwHZjgME
BtmOgDANBAIAAjAHAwUAKgPwwDANBgkqhkiG9w0BAQsFAAOCAQEAkdIMPOL++O7+
+DABjBU4mjhyICQl3FZ64jOOu0+UZCYgc/q/w79/aA2Hqo+MocH4MryroDSx4P6h
o36ga+eDp3lRgsVCmYqExAUeCLhs4TeTAYAtto/yCL32j8uycU1sItT/P6B1+b+B
IfOMrIqxeDYJUYhMWDOMwXC7yLC/M/ZnzMPm/tIaQXUhlqd082bMIjJNCvbPOSef
Lmc5QOTa7UbEbx4PoztUtBIEMe1qlHTp6w5r8uO97DOmwQ+cLToOUynx7pFEMyko
6GtVlQFXzDrB0AeBZk4fS5d3kTDtddPimlPlANa9ag6rrF3Mnjk/kWfmIeQ6bKj3
UbQZMA2FYw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:59 2024 by rpki-client on console-ams.rpki-client.org