Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/E5CFp2svpM3mA2LdJOkJ8AGg5XU.roa
File: E5CFp2svpM3mA2LdJOkJ8AGg5XU.roa (raw, json)
Hash identifier: KC+Be6P0Iu5joh8bpT8gHYP3zFqBBdt5+jL49OQhUhM=
Subject key identifier: 13:90:85:A7:6B:2F:A4:CD:E6:03:62:DD:24:E9:09:F0:01:A0:E5:75
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 018CC94DF7A43056944951C43F87618881A3
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/E5CFp2svpM3mA2LdJOkJ8AGg5XU.roa
Signing time: Tue 02 Jan 2024 08:32:59 +0000
ROA not before: Tue 02 Jan 2024 08:32:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21507
IP address blocks: 217.142.32.0/19 maxlen: 19
217.142.16.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4d:f7:a4:30:56:94:49:51:c4:3f:87:61:88:81:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Jan 2 08:32:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=139085a76b2fa4cde60362dd24e909f001a0e575
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:05:48:56:b3:13:66:71:0a:c5:ab:e1:ed:13:
ca:d2:0d:20:e5:7b:2e:12:a2:01:9b:c6:22:c4:5f:
bb:14:cc:82:2a:e2:17:36:5f:52:8a:21:7b:35:56:
f5:59:c8:6b:02:1d:db:ae:79:8b:ca:44:d9:76:64:
1c:51:99:a2:9e:58:24:60:36:e9:1b:c8:60:11:76:
34:fd:87:cd:59:fb:68:a3:79:79:9d:f8:a6:e5:3f:
75:a9:4b:b3:5b:3b:a0:35:0f:d0:c1:63:c8:40:c0:
26:64:3e:eb:e3:10:b5:dc:cd:4a:5f:d3:f3:0d:a0:
b0:e9:98:a4:93:e3:5d:f2:0a:21:d9:42:fc:36:e3:
72:7b:66:71:44:03:9d:fa:10:f7:f1:42:95:39:f0:
ca:30:28:b5:f5:43:e8:58:4c:fc:e2:03:0c:c1:30:
b9:4d:c2:2c:e8:8f:92:7b:7e:ec:3e:b3:1c:dc:18:
48:de:0f:d5:80:3d:d7:55:a2:a7:3c:48:ba:8a:77:
ce:44:86:f5:62:1c:43:52:4e:bc:d9:89:96:6b:36:
5a:e7:7f:ae:a4:bf:45:14:f4:ab:5c:2e:c4:40:81:
64:46:3d:8e:16:39:14:56:fc:89:a8:3a:62:96:5f:
e6:52:cd:aa:fb:45:e9:8c:69:de:e3:11:d3:7b:6d:
46:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:90:85:A7:6B:2F:A4:CD:E6:03:62:DD:24:E9:09:F0:01:A0:E5:75
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/E5CFp2svpM3mA2LdJOkJ8AGg5XU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.16.0-217.142.63.255
Signature Algorithm: sha256WithRSAEncryption
9a:42:b4:f3:d1:33:91:59:87:36:eb:de:4d:3b:e2:6c:33:97:
8d:94:9a:e4:35:95:33:b6:b6:47:56:62:8f:6b:61:ea:c5:dd:
a1:bc:80:c9:e7:92:3e:f8:95:85:8c:44:68:0a:85:2a:74:c3:
94:cf:a5:ee:ee:b9:24:0f:93:9b:c6:df:1c:d4:d6:2f:e3:ef:
b7:68:05:c5:0f:13:0c:54:7e:19:73:b0:b8:8a:d7:52:3f:86:
25:bf:3e:8d:45:b5:38:4c:cc:0f:73:e0:5d:ed:ca:fc:8f:c1:
86:f7:ed:f0:77:23:70:6f:b3:d5:fe:5b:4a:70:4f:2d:56:07:
57:30:c5:a2:ac:b5:b9:62:81:6f:cc:0e:44:73:e5:d2:9b:eb:
8b:79:27:c7:59:e1:df:3d:1b:3f:22:3f:a3:4f:0c:a3:5f:b1:
3e:5b:da:5c:de:93:78:2b:8e:6c:9e:e7:ad:cd:a5:61:bf:cb:
b7:42:44:db:11:34:dd:f4:f6:15:60:8c:e6:c9:45:23:f5:7c:
c3:11:41:7a:86:64:bb:c8:1f:39:4b:a8:b2:a5:82:e3:cf:b5:
4a:7e:ed:74:c9:7b:d2:a9:85:f0:dd:5c:5a:3f:40:0f:00:6c:
5e:40:b6:d3:da:ca:71:4b:5a:a7:f3:2f:fe:78:7c:b8:15:93:
64:6e:fc:10
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTfekMFaUSVHEP4dhiIGjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjQwMTAyMDgzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzkwODVhNzZiMmZhNGNkZTYwMzYyZGQyNGU5MDlmMDAxYTBlNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQVIVrMTZnEKxavh7RPK0g0g5Xsu
EqIBm8YixF+7FMyCKuIXNl9SiiF7NVb1WchrAh3brnmLykTZdmQcUZminlgkYDbp
G8hgEXY0/YfNWftoo3l5nfim5T91qUuzWzugNQ/QwWPIQMAmZD7r4xC13M1KX9Pz
DaCw6Zikk+Nd8goh2UL8NuNye2ZxRAOd+hD38UKVOfDKMCi19UPoWEz84gMMwTC5
TcIs6I+Se37sPrMc3BhI3g/VgD3XVaKnPEi6infORIb1YhxDUk682YmWazZa53+u
pL9FFPSrXC7EQIFkRj2OFjkUVvyJqDpill/mUs2q+0XpjGne4xHTe21G7wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBOQhadrL6TN5gNi3STpCfABoOV1MB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvRTVDRnAyc3ZwTTNtQTJMZEpPa0o4QUdnNVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATZjhAD
BAbZjgAwDQYJKoZIhvcNAQELBQADggEBAJpCtPPRM5FZhzbr3k074mwzl42UmuQ1
lTO2tkdWYo9rYerF3aG8gMnnkj74lYWMRGgKhSp0w5TPpe7uuSQPk5vG3xzU1i/j
77doBcUPEwxUfhlzsLiK11I/hiW/Po1FtThMzA9z4F3tyvyPwYb37fB3I3Bvs9X+
W0pwTy1WB1cwxaKstbligW/MDkRz5dKb64t5J8dZ4d89Gz8iP6NPDKNfsT5b2lze
k3grjmye563NpWG/y7dCRNsRNN309hVgjObJRSP1fMMRQXqGZLvIHzlLqLKlguPP
tUp+7XTJe9KphfDdXFo/QA8AbF5AttPaynFLWqfzL/54fLgVk2Ru/BA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:17 2024 by rpki-client on console-fra.rpki-client.org