Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/7qHo6SwHZWAJN1c5R-7NsnKU1tU.roa
File: 7qHo6SwHZWAJN1c5R-7NsnKU1tU.roa (raw, json)
Hash identifier: jaX3Q5Stk0fYoA5+E2VEYq95Z6tBYPRUhU/74Q2e0zU=
Subject key identifier: EE:A1:E8:E9:2C:07:65:60:09:37:57:39:47:EE:CD:B2:72:94:D6:D5
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 0184AFDC74750E6B2A49A23D60C355DF4D1D
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/7qHo6SwHZWAJN1c5R-7NsnKU1tU.roa
Signing time: Fri 25 Nov 2022 17:36:11 +0000
ROA not before: Fri 25 Nov 2022 17:36:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.0.0/18 maxlen: 18
217.142.0.0/16 maxlen: 16
217.142.128.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:af:dc:74:75:0e:6b:2a:49:a2:3d:60:c3:55:df:4d:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Nov 25 17:36:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=eea1e8e92c0765600937573947eecdb27294d6d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:ed:bc:6b:95:0a:12:d0:12:fd:96:a9:16:a2:
22:ba:99:cd:0d:03:87:8d:2e:75:8f:27:59:0f:9a:
39:c5:5e:c9:73:b3:06:25:a5:12:92:73:50:4a:0d:
d1:a3:8f:d0:5d:82:4e:e6:dc:7e:a9:37:40:58:59:
38:aa:35:a5:fd:89:08:1f:85:ad:ec:45:0a:43:91:
69:9a:26:ae:93:0d:ec:05:06:e8:cd:39:9f:55:77:
70:50:f2:be:83:8e:c5:16:59:f5:ba:a5:70:56:5f:
94:11:1e:9d:aa:1c:0c:66:12:fd:a6:9f:a5:fd:45:
4c:a1:e2:09:12:9a:af:72:0b:99:25:94:9d:1f:45:
41:77:34:83:a4:c4:c0:8d:fe:76:1a:c9:d6:1b:50:
02:4e:83:91:68:0d:30:0a:b6:9a:17:91:61:ca:b2:
24:a7:8f:21:3c:ca:68:c1:e6:aa:ba:1e:71:63:26:
aa:06:a5:45:b2:fd:cc:40:ed:a6:d5:d0:f8:04:75:
e0:6f:90:50:83:de:54:f2:8f:d7:f0:4c:e7:0c:f2:
42:29:6e:f3:03:c0:fc:96:d9:8f:51:81:69:16:d9:
c3:04:58:34:51:0a:c2:bf:68:98:f4:1e:5d:4c:0c:
1f:56:f8:fd:48:76:8b:8e:a8:d1:a4:11:5d:45:5e:
89:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:A1:E8:E9:2C:07:65:60:09:37:57:39:47:EE:CD:B2:72:94:D6:D5
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/7qHo6SwHZWAJN1c5R-7NsnKU1tU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0/16
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
85:ef:a2:e8:5b:8f:9c:bf:ba:be:cd:64:25:7c:92:7c:a0:0f:
5d:60:c6:04:fa:c6:2b:b6:2e:aa:75:0e:be:53:8b:7e:cd:b0:
72:bf:89:ca:0f:0a:5d:03:a7:a7:e2:72:33:ce:38:bb:23:2d:
ad:aa:14:b8:7a:b9:f0:d7:4d:14:6b:43:ac:3c:ed:3a:0a:a2:
ec:7e:c2:f1:61:ec:b2:d6:12:e1:4c:02:28:37:5b:00:7a:f0:
03:93:3c:cf:ca:87:c5:5c:0c:2f:0b:1e:19:86:48:ee:2f:24:
79:79:6d:eb:01:b1:3d:0a:4d:6d:c5:09:5f:2f:ba:79:43:87:
b2:4e:6b:2e:94:33:91:c8:36:81:b8:07:d8:a9:92:57:d3:2e:
f4:fc:ee:0a:5a:90:9c:68:01:84:8e:de:6a:29:6d:3e:3d:40:
15:69:d9:9f:5c:5a:44:a1:e3:17:7f:47:1e:f1:25:e2:5b:08:
95:a0:e2:df:db:0f:26:77:d8:61:66:2b:6b:f4:22:40:30:e8:
26:1f:d9:3a:c2:4b:33:aa:b4:8e:55:ac:ec:aa:2d:69:92:05:
64:28:cb:d6:74:b8:3d:f2:cf:23:22:f4:04:1b:48:c3:36:28:
72:d8:c8:92:4d:18:48:e2:85:83:b2:c8:9a:84:cd:20:01:34:
ca:e8:ab:69
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYSv3HR1DmsqSaI9YMNV300dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjIxMTI1MTczNjExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWExZThlOTJjMDc2NTYwMDkzNzU3Mzk0N2VlY2RiMjcyOTRkNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+28a5UKEtAS/ZapFqIiupnNDQOH
jS51jydZD5o5xV7Jc7MGJaUSknNQSg3Ro4/QXYJO5tx+qTdAWFk4qjWl/YkIH4Wt
7EUKQ5Fpmiaukw3sBQbozTmfVXdwUPK+g47FFln1uqVwVl+UER6dqhwMZhL9pp+l
/UVMoeIJEpqvcguZJZSdH0VBdzSDpMTAjf52GsnWG1ACToORaA0wCraaF5FhyrIk
p48hPMpoweaquh5xYyaqBqVFsv3MQO2m1dD4BHXgb5BQg95U8o/X8EznDPJCKW7z
A8D8ltmPUYFpFtnDBFg0UQrCv2iY9B5dTAwfVvj9SHaLjqjRpBFdRV6JEQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFO6h6OksB2VgCTdXOUfuzbJylNbVMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvN3FIbzZTd0haV0FKTjFjNVItN05zbktVMXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMA2Y4wDQQC
AAIwBwMFACoD8MAwDQYJKoZIhvcNAQELBQADggEBAIXvouhbj5y/ur7NZCV8knyg
D11gxgT6xiu2Lqp1Dr5Ti37NsHK/icoPCl0Dp6ficjPOOLsjLa2qFLh6ufDXTRRr
Q6w87ToKoux+wvFh7LLWEuFMAig3WwB68AOTPM/Kh8VcDC8LHhmGSO4vJHl5besB
sT0KTW3FCV8vunlDh7JOay6UM5HINoG4B9ipklfTLvT87gpakJxoAYSO3mopbT49
QBVp2Z9cWkSh4xd/Rx7xJeJbCJWg4t/bDyZ32GFmK2v0IkAw6CYf2TrCSzOqtI5V
rOyqLWmSBWQoy9Z0uD3yzyMi9AQbSMM2KHLYyJJNGEjihYOyyJqEzSABNMroq2k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:17 2024 by rpki-client on console-fra.rpki-client.org