Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/Jhqr-naYsjK7cYCtOtP_8fRmNvw.roa
File: Jhqr-naYsjK7cYCtOtP_8fRmNvw.roa (raw, json)
Hash identifier: 8Xq78WZrIpqvvVCq1uiWVs8s7VGCPbSGhyi9hvHJM8U=
Subject key identifier: 26:1A:AB:FA:76:98:B2:32:BB:71:80:AD:3A:D3:FF:F1:F4:66:36:FC
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 01850D83B3E0833386BA994017AA70A9BFA9
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/Jhqr-naYsjK7cYCtOtP_8fRmNvw.roa
Signing time: Tue 13 Dec 2022 22:03:33 +0000
ROA not before: Tue 13 Dec 2022 22:03:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.64.0/18 maxlen: 18
217.142.0.0/18 maxlen: 18
217.142.128.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:0d:83:b3:e0:83:33:86:ba:99:40:17:aa:70:a9:bf:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Dec 13 22:03:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=261aabfa7698b232bb7180ad3ad3fff1f46636fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:88:4c:e9:56:f9:37:58:9e:0a:db:f2:0e:46:
63:c2:f5:af:1f:d0:b6:22:88:ec:51:7e:4e:9c:41:
d4:0d:ee:eb:94:9e:00:9d:a4:27:d1:4b:e1:ab:ea:
0e:76:0b:d1:4e:40:9d:9b:59:21:02:ac:34:e4:73:
55:1d:60:14:16:eb:f8:0c:83:90:1d:ad:b0:b4:b8:
8b:12:1a:44:d0:c2:7f:58:52:50:df:50:0d:ae:6f:
a2:bc:f0:9e:c6:00:64:41:9d:d0:dd:f9:4d:2f:bf:
9c:8c:8d:a0:96:64:48:e2:e6:63:82:26:c3:3d:58:
65:ad:f4:43:18:1c:57:68:36:3b:c6:41:a6:a6:87:
3b:32:0f:b6:b2:ff:df:ca:c5:5d:c4:66:0d:e3:bb:
3f:c8:e6:7b:9c:b5:c8:af:aa:a9:b6:da:08:9c:b2:
aa:62:b2:78:0a:b2:2c:ec:9c:12:35:8e:bb:6e:ac:
78:bf:17:2c:a3:0d:ee:ba:c9:79:23:10:54:d8:1e:
c4:b9:9f:7b:36:86:f2:e4:9f:3f:f1:f2:f1:6d:6a:
9b:d7:f9:c9:f0:17:d8:39:de:42:35:25:7d:74:9a:
a2:30:14:e4:eb:a8:7a:cb:46:ed:ee:70:a8:48:ea:
f1:c6:17:84:fa:ad:80:d0:30:22:eb:06:5a:79:e1:
41:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:1A:AB:FA:76:98:B2:32:BB:71:80:AD:3A:D3:FF:F1:F4:66:36:FC
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/Jhqr-naYsjK7cYCtOtP_8fRmNvw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0-217.142.191.255
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
7f:50:c8:7e:6d:88:f1:94:78:24:6c:13:7a:89:cb:33:62:a6:
5d:c0:c9:34:d6:dc:88:19:db:50:e8:c7:f1:46:b3:de:2d:d8:
86:06:85:cd:1e:6f:49:c4:99:30:cb:bd:c3:f8:3f:0f:b3:27:
75:56:a9:bb:33:d4:fa:73:de:22:e0:18:ae:0e:d9:2f:d5:3c:
08:0c:fd:97:16:96:6d:66:20:c3:58:89:46:0a:a7:f0:b0:f6:
dc:61:5b:96:9b:c0:43:b9:7f:6b:5c:4c:8c:dc:8f:0d:c3:af:
4d:35:fe:bb:7a:43:d5:2c:72:f7:34:49:9c:5b:80:ea:42:14:
1e:89:5d:37:25:19:52:82:26:05:b1:b7:cb:04:0e:4d:ed:13:
5b:10:2e:f2:a1:9f:f2:52:c0:e8:cf:1f:c9:3d:59:8e:dc:89:
5e:d4:2b:2f:94:c7:84:45:11:bf:c7:b7:fa:64:fd:48:14:ea:
8f:82:69:c4:38:fc:93:6a:a6:42:20:f0:6c:ff:a8:56:a1:41:
8b:51:53:b6:1a:5f:a8:c8:90:b1:27:cd:9d:4c:95:11:40:cd:
71:9d:0e:a3:70:50:0c:50:d3:02:ab:54:4d:fb:5d:6a:b5:89:
4e:9e:d9:48:9b:8b:25:56:1e:91:ff:c0:ea:49:49:f4:08:58:
5c:77:65:4f
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYUNg7PggzOGuplAF6pwqb+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjIxMjEzMjIwMzMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjFhYWJmYTc2OThiMjMyYmI3MTgwYWQzYWQzZmZmMWY0NjYzNmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIhM6Vb5N1ieCtvyDkZjwvWvH9C2
IojsUX5OnEHUDe7rlJ4AnaQn0Uvhq+oOdgvRTkCdm1khAqw05HNVHWAUFuv4DIOQ
Ha2wtLiLEhpE0MJ/WFJQ31ANrm+ivPCexgBkQZ3Q3flNL7+cjI2glmRI4uZjgibD
PVhlrfRDGBxXaDY7xkGmpoc7Mg+2sv/fysVdxGYN47s/yOZ7nLXIr6qpttoInLKq
YrJ4CrIs7JwSNY67bqx4vxcsow3uusl5IxBU2B7EuZ97Noby5J8/8fLxbWqb1/nJ
8BfYOd5CNSV9dJqiMBTk66h6y0bt7nCoSOrxxheE+q2A0DAi6wZaeeFBdQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCYaq/p2mLIyu3GArTrT//H0Zjb8MB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvSmhxci1uYVlzaks3Y1lDdE90UF84ZlJtTnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDATBAIAATANMAsDAwHZjgME
BtmOgDANBAIAAjAHAwUAKgPwwDANBgkqhkiG9w0BAQsFAAOCAQEAf1DIfm2I8ZR4
JGwTeonLM2KmXcDJNNbciBnbUOjH8Uaz3i3YhgaFzR5vScSZMMu9w/g/D7MndVap
uzPU+nPeIuAYrg7ZL9U8CAz9lxaWbWYgw1iJRgqn8LD23GFblpvAQ7l/a1xMjNyP
DcOvTTX+u3pD1Sxy9zRJnFuA6kIUHoldNyUZUoImBbG3ywQOTe0TWxAu8qGf8lLA
6M8fyT1ZjtyJXtQrL5THhEURv8e3+mT9SBTqj4JpxDj8k2qmQiDwbP+oVqFBi1FT
thpfqMiQsSfNnUyVEUDNcZ0Oo3BQDFDTAqtUTftdarWJTp7ZSJuLJVYekf/A6klJ
9AhYXHdlTw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:59 2024 by rpki-client on console-ams.rpki-client.org