Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/fH6XYlEJSOfwIuhAcGet2NjtKD8.roa
File: fH6XYlEJSOfwIuhAcGet2NjtKD8.roa (raw, json)
Hash identifier: c7yISC9OwrbC/aMrP0rDBApojdiHAWJZ6AR417riR/k=
Subject key identifier: 7C:7E:97:62:51:09:48:E7:F0:22:E8:40:70:67:AD:D8:D8:ED:28:3F
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 0184BCA7514C827F7E0D2A2EC0688C9C1F8E
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/fH6XYlEJSOfwIuhAcGet2NjtKD8.roa
Signing time: Mon 28 Nov 2022 05:13:12 +0000
ROA not before: Mon 28 Nov 2022 05:13:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.128.0/18 maxlen: 18
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:bc:a7:51:4c:82:7f:7e:0d:2a:2e:c0:68:8c:9c:1f:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Nov 28 05:13:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7c7e9762510948e7f022e8407067add8d8ed283f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:3c:89:c2:72:83:b9:1e:5b:55:2a:60:bf:c3:
85:5a:8b:1e:67:a9:52:52:f3:b0:49:52:03:9d:93:
44:40:ed:c2:62:8e:39:fc:fd:72:52:5a:e9:18:aa:
7a:46:2d:ad:c0:95:99:6e:8f:cd:0a:bf:ea:ba:56:
c5:8f:7a:43:e7:c7:bf:9c:66:21:8c:eb:61:8e:36:
e5:66:af:c9:cc:57:d1:bf:6c:e7:94:96:5a:34:d1:
14:fb:ba:48:ba:d5:40:53:c6:d6:9c:76:ba:02:c2:
c6:65:2c:6f:f5:11:ca:ba:2c:82:54:bd:17:42:d1:
8d:77:ed:ba:18:d7:93:87:7e:f5:ce:c1:5b:3f:af:
5e:45:8c:cc:f6:70:fe:31:a9:d9:98:33:b3:17:7a:
cc:36:db:68:3d:9c:b8:1e:85:27:61:b1:43:b4:7d:
f9:f9:23:d1:6b:64:c2:95:f7:df:5e:f2:5a:4f:ee:
75:21:4d:ba:f9:19:31:90:35:03:2f:8a:79:4b:b8:
5d:66:8d:4e:40:20:6e:45:8d:78:8f:d0:d7:c8:00:
c6:ab:68:ed:b6:33:9e:c5:2c:3b:8d:11:a3:81:54:
84:92:64:bb:d3:e9:a9:97:65:92:d9:bb:9e:aa:c7:
e3:e4:d2:82:49:b3:c3:83:76:48:a2:75:35:1e:61:
a0:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:7E:97:62:51:09:48:E7:F0:22:E8:40:70:67:AD:D8:D8:ED:28:3F
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/fH6XYlEJSOfwIuhAcGet2NjtKD8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.128.0/18
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
8e:0e:60:ce:1f:41:d5:4f:0d:54:05:98:ed:14:72:ad:a9:6b:
96:61:23:e8:61:a0:e3:db:c3:16:6b:a6:04:6c:a1:8a:d5:85:
f1:f5:4d:a0:05:e3:3b:a7:de:f4:89:3f:51:4a:d1:7c:f8:47:
e8:85:3f:a2:2e:7f:3b:9b:1b:1e:2e:ba:52:03:69:ca:99:5d:
fd:3b:93:e3:40:eb:ef:1c:39:e5:fe:fb:1e:a2:31:c2:4f:03:
26:ee:69:3b:b8:a6:e0:b2:e2:09:f8:49:49:43:67:27:8a:71:
62:d6:50:b3:e9:8e:f4:1d:29:c3:c0:5a:66:4b:2d:46:6b:e0:
46:aa:c4:55:45:fb:a5:d0:50:c2:9a:82:fe:8e:7a:96:05:b8:
c1:f5:10:fe:bb:09:1c:94:7c:0e:12:50:32:8b:e2:98:cf:38:
82:5f:6d:4a:57:62:3a:de:eb:dd:93:dd:97:f1:c4:51:08:11:
ff:66:ac:94:28:c9:e8:4a:fb:8b:f5:ec:06:a9:0c:64:71:f3:
25:fb:db:5f:ed:51:05:3c:cc:d0:15:49:4a:e4:57:12:de:8c:
1f:d0:d1:eb:d3:aa:d9:02:31:42:3f:c3:5c:da:d1:10:c2:89:
26:b3:b1:14:a6:37:c2:70:11:5e:6f:6d:45:fc:b7:33:1e:a1:
c3:82:03:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYS8p1FMgn9+DSouwGiMnB+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjIxMTI4MDUxMzEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdlOTc2MjUxMDk0OGU3ZjAyMmU4NDA3MDY3YWRkOGQ4ZWQyODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTyJwnKDuR5bVSpgv8OFWoseZ6lS
UvOwSVIDnZNEQO3CYo45/P1yUlrpGKp6Ri2twJWZbo/NCr/qulbFj3pD58e/nGYh
jOthjjblZq/JzFfRv2znlJZaNNEU+7pIutVAU8bWnHa6AsLGZSxv9RHKuiyCVL0X
QtGNd+26GNeTh371zsFbP69eRYzM9nD+ManZmDOzF3rMNttoPZy4HoUnYbFDtH35
+SPRa2TClfffXvJaT+51IU26+RkxkDUDL4p5S7hdZo1OQCBuRY14j9DXyADGq2jt
tjOexSw7jRGjgVSEkmS70+mpl2WS2bueqsfj5NKCSbPDg3ZIonU1HmGgLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHx+l2JRCUjn8CLoQHBnrdjY7Sg/MB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEvZkg2WFlsRUpTT2Z3SXVoQWNHZXQyTmp0S0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQG2Y6AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQCODmDOH0HVTw1UBZjtFHKt
qWuWYSPoYaDj28MWa6YEbKGK1YXx9U2gBeM7p970iT9RStF8+EfohT+iLn87mxse
LrpSA2nKmV39O5PjQOvvHDnl/vseojHCTwMm7mk7uKbgsuIJ+ElJQ2cninFi1lCz
6Y70HSnDwFpmSy1Ga+BGqsRVRful0FDCmoL+jnqWBbjB9RD+uwkclHwOElAyi+KY
zziCX21KV2I63uvdk92X8cRRCBH/ZqyUKMnoSvuL9ewGqQxkcfMl+9tf7VEFPMzQ
FUlK5FcS3owf0NHr06rZAjFCP8Nc2tEQwokms7EUpjfCcBFeb21F/LczHqHDggNF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:59 2024 by rpki-client on console-ams.rpki-client.org