Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/_q_ulsNErBSMOLpAi1td-nfio2c.roa
File: _q_ulsNErBSMOLpAi1td-nfio2c.roa (raw, json)
Hash identifier: kkoH0j4fK85rSb9PWAZBSJpeVtXv9sGjFFfB0ViKPrE=
Subject key identifier: FE:AF:EE:96:C3:44:AC:14:8C:38:BA:40:8B:5B:5D:FA:77:E2:A3:67
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 0184BF2E1D946DCD6C605E891E5DF4DFB667
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/_q_ulsNErBSMOLpAi1td-nfio2c.roa
Signing time: Mon 28 Nov 2022 16:59:41 +0000
ROA not before: Mon 28 Nov 2022 16:59:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.64.0/18 maxlen: 18
217.142.0.0/18 maxlen: 18
217.142.128.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:bf:2e:1d:94:6d:cd:6c:60:5e:89:1e:5d:f4:df:b6:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Nov 28 16:59:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=feafee96c344ac148c38ba408b5b5dfa77e2a367
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:9f:60:88:0a:07:69:bb:f4:d5:69:77:1d:50:
e0:03:89:b4:f0:91:80:ad:21:45:3a:8a:f3:c5:17:
d6:b7:6d:c6:28:07:55:f2:c4:a6:99:03:89:4b:9a:
c2:f3:20:36:1e:83:7f:7a:f9:64:b1:05:1f:b0:e8:
38:7b:94:83:b6:c6:5c:c3:8a:5d:21:fb:81:7b:7c:
54:e2:36:f6:1a:94:1e:58:4d:28:2b:24:a4:aa:b7:
43:ac:ba:33:b6:63:9e:e7:48:f6:59:5d:a3:8b:96:
26:25:3f:d4:09:14:46:f3:6b:c0:04:d2:67:96:ba:
91:ef:61:b5:25:40:68:31:31:c8:46:03:84:6c:cd:
35:63:47:4e:3d:15:c2:e6:28:6f:ba:e5:76:fe:44:
4a:b4:f0:e1:b9:c2:fa:ec:81:d5:38:ae:70:60:c0:
18:2c:9b:70:fa:3a:59:14:6e:c0:69:89:55:2c:c6:
b9:57:a9:68:26:54:98:41:60:6e:4b:2c:60:5c:51:
98:d4:48:7f:31:8d:25:1e:36:c7:5c:16:e7:4a:b0:
42:53:f0:90:ff:a6:8c:19:f5:2c:28:df:c1:0e:15:
00:85:f2:da:2c:4b:1e:fe:35:ed:a2:6f:97:f2:db:
a1:28:6b:ed:45:7d:3e:ef:f2:f4:79:29:19:20:b5:
08:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:AF:EE:96:C3:44:AC:14:8C:38:BA:40:8B:5B:5D:FA:77:E2:A3:67
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/_q_ulsNErBSMOLpAi1td-nfio2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0-217.142.191.255
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
a2:8b:73:e2:a7:f8:02:04:2c:7f:68:0c:35:96:1d:fa:b8:91:
cb:83:b5:5b:38:ed:08:90:c3:09:2b:51:39:d6:24:4b:a3:cc:
6a:e0:02:87:4b:01:55:91:3f:67:c3:d6:f1:80:17:cd:1f:80:
81:ae:33:65:9b:ce:0f:48:a3:5b:01:fe:93:58:31:58:a9:39:
d7:c6:c5:39:fe:4a:58:98:77:97:7f:87:e8:b1:49:fa:16:f3:
73:45:3b:f5:1d:a2:74:37:2d:96:e0:dc:3e:f8:4d:93:56:18:
38:1f:65:06:1d:01:7a:26:ed:23:15:cf:2e:c5:38:0e:54:18:
8a:9c:28:dc:fd:f2:bf:89:83:09:31:2b:5b:52:42:a4:a2:82:
b8:ab:bb:c9:81:66:24:66:90:c5:f3:72:d0:d1:0d:c7:21:1b:
7b:f5:6b:d4:e3:cc:7f:66:6c:ee:ae:dd:f1:c1:37:74:cc:a6:
bc:a8:e9:bf:89:d8:2e:b1:1e:c0:53:3c:4e:58:b9:10:be:d2:
54:20:c3:21:b3:11:66:59:ef:92:69:cb:ae:1e:cd:db:48:89:
23:bb:09:50:ff:53:57:7f:b0:51:92:e6:84:27:e9:79:18:99:
34:14:95:8a:b0:60:93:c0:e8:a3:9b:f8:2c:8a:07:ed:b5:84:
67:68:77:7d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYS/Lh2Ubc1sYF6JHl3037ZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjIxMTI4MTY1OTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWFmZWU5NmMzNDRhYzE0OGMzOGJhNDA4YjViNWRmYTc3ZTJhMzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ9giAoHabv01Wl3HVDgA4m08JGA
rSFFOorzxRfWt23GKAdV8sSmmQOJS5rC8yA2HoN/evlksQUfsOg4e5SDtsZcw4pd
IfuBe3xU4jb2GpQeWE0oKySkqrdDrLoztmOe50j2WV2ji5YmJT/UCRRG82vABNJn
lrqR72G1JUBoMTHIRgOEbM01Y0dOPRXC5ihvuuV2/kRKtPDhucL67IHVOK5wYMAY
LJtw+jpZFG7AaYlVLMa5V6loJlSYQWBuSyxgXFGY1Eh/MY0lHjbHXBbnSrBCU/CQ
/6aMGfUsKN/BDhUAhfLaLEse/jXtom+X8tuhKGvtRX0+7/L0eSkZILUI9wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFP6v7pbDRKwUjDi6QItbXfp34qNnMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvX3FfdWxzTkVyQlNNT0xwQWkxdGQtbmZpbzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDATBAIAATANMAsDAwHZjgME
BtmOgDANBAIAAjAHAwUAKgPwwDANBgkqhkiG9w0BAQsFAAOCAQEAootz4qf4AgQs
f2gMNZYd+riRy4O1WzjtCJDDCStROdYkS6PMauACh0sBVZE/Z8PW8YAXzR+Aga4z
ZZvOD0ijWwH+k1gxWKk518bFOf5KWJh3l3+H6LFJ+hbzc0U79R2idDctluDcPvhN
k1YYOB9lBh0BeibtIxXPLsU4DlQYipwo3P3yv4mDCTErW1JCpKKCuKu7yYFmJGaQ
xfNy0NENxyEbe/Vr1OPMf2Zs7q7d8cE3dMymvKjpv4nYLrEewFM8Tli5EL7SVCDD
IbMRZlnvkmnLrh7N20iJI7sJUP9TV3+wUZLmhCfpeRiZNBSVirBgk8Doo5v4LIoH
7bWEZ2h3fQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:59 2024 by rpki-client on console-ams.rpki-client.org