Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/xxBxK8ZQlaO8qMN1kWBrW-C0fxc.roa
File: xxBxK8ZQlaO8qMN1kWBrW-C0fxc.roa (raw, json)
Hash identifier: Ntrvnk2MGbfe6JZzu27FciHn3uZOQH/WwefxLDLTMRY=
Subject key identifier: C7:10:71:2B:C6:50:95:A3:BC:A8:C3:75:91:60:6B:5B:E0:B4:7F:17
Certificate issuer: /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial: 018DDDF43FB31D6382DCE9DDC2D085301861
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/xxBxK8ZQlaO8qMN1kWBrW-C0fxc.roa
Signing time: Sun 25 Feb 2024 01:49:48 +0000
ROA not before: Sun 25 Feb 2024 01:49:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16253
IP address blocks: 217.142.0.0/18 maxlen: 18
217.142.0.0/20 maxlen: 20
2a03:f0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:dd:f4:3f:b3:1d:63:82:dc:e9:dd:c2:d0:85:30:18:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
Validity
Not Before: Feb 25 01:49:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c710712bc65095a3bca8c37591606b5be0b47f17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:93:b9:3a:98:88:e9:71:ab:ba:d7:cd:13:10:
71:e1:da:1b:4c:df:79:88:07:d4:2a:4b:03:9c:aa:
3a:62:fa:f8:39:30:5e:e5:27:3e:90:1e:de:85:88:
9e:dc:61:d3:38:9c:d5:6d:cb:f2:ea:ad:b9:c9:b4:
c3:dc:eb:fe:f8:2f:e7:bc:44:f3:b1:fe:16:1d:21:
e2:45:bd:da:e2:9e:11:57:ba:f9:00:1e:b8:e8:a8:
d2:1c:4f:da:69:7b:5d:9e:05:63:41:d9:dc:27:df:
1e:05:96:8e:29:04:93:eb:b9:5a:65:f2:bd:09:d2:
13:91:90:bb:d6:aa:9d:05:18:f2:64:4b:f1:c9:58:
ea:41:07:57:34:48:d7:6b:d6:32:eb:b7:f3:87:5a:
4b:d2:60:23:0d:13:29:41:1f:48:64:8a:7f:3f:27:
eb:f1:04:b1:bd:c9:40:6b:d6:65:ac:ad:04:93:83:
20:0b:55:9b:ce:dc:36:1c:fd:e5:97:26:37:23:26:
a9:d0:86:dc:d1:c2:e6:54:d0:a9:bc:85:4e:d7:91:
61:76:7e:04:8f:39:d8:2f:30:71:d2:c9:da:23:06:
07:cf:28:e1:72:8a:4c:0a:d3:36:75:2a:d8:4d:b7:
90:8c:3d:a2:35:f2:56:45:02:00:66:a7:2a:4c:94:
bd:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:10:71:2B:C6:50:95:A3:BC:A8:C3:75:91:60:6B:5B:E0:B4:7F:17
X509v3 Authority Key Identifier:
keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/xxBxK8ZQlaO8qMN1kWBrW-C0fxc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.142.0.0/18
IPv6:
2a03:f0c0::/32
Signature Algorithm: sha256WithRSAEncryption
9f:76:57:02:04:44:a5:ae:1e:9f:21:81:33:ed:a0:92:49:16:
05:15:24:9d:93:06:3d:f3:6f:93:e3:08:cb:8d:5f:c9:c2:1b:
38:ff:a5:4f:02:1f:dd:5e:c6:e4:fa:45:1e:1f:bd:a6:0a:4e:
28:1a:9b:6f:58:f4:bd:30:fb:07:82:08:b3:77:85:e7:fa:b5:
b6:9d:85:be:ef:22:d9:00:97:74:f0:bf:2a:04:34:3e:30:ca:
a3:dd:91:0f:94:0c:20:43:e3:d2:c9:71:c4:78:d3:c5:54:30:
ad:24:78:19:87:e8:0f:75:cd:f4:05:2f:98:bd:4e:e0:ee:45:
d4:7d:e9:e4:8d:77:03:e8:05:c2:f4:c3:02:87:54:26:9a:e0:
d1:6b:8a:1a:a2:79:2c:2e:07:38:5c:3c:ae:6f:7d:c6:e5:98:
d0:cb:4a:f3:df:8b:d7:5d:98:d3:65:6d:4b:4f:93:b8:24:4a:
b8:18:eb:8e:fc:1e:75:85:3c:7c:5f:c5:64:3d:5a:d0:66:4b:
d6:41:95:ed:2c:6c:12:9d:4c:5d:f7:32:27:d4:5b:be:6a:93:
a0:13:c0:03:77:c0:db:dc:0d:d4:26:b3:bd:74:ca:2c:30:0b:
72:ee:93:e9:c9:18:3e:3c:90:bd:49:36:2f:3b:f3:99:4e:b0:
c2:83:14:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3d9D+zHWOC3OndwtCFMBhhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjQwMjI1MDE0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzEwNzEyYmM2NTA5NWEzYmNhOGMzNzU5MTYwNmI1YmUwYjQ3ZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpO5OpiI6XGrutfNExBx4dobTN95
iAfUKksDnKo6Yvr4OTBe5Sc+kB7ehYie3GHTOJzVbcvy6q25ybTD3Ov++C/nvETz
sf4WHSHiRb3a4p4RV7r5AB646KjSHE/aaXtdngVjQdncJ98eBZaOKQST67laZfK9
CdITkZC71qqdBRjyZEvxyVjqQQdXNEjXa9Yy67fzh1pL0mAjDRMpQR9IZIp/Pyfr
8QSxvclAa9ZlrK0Ek4MgC1Wbztw2HP3llyY3Iyap0Ibc0cLmVNCpvIVO15Fhdn4E
jznYLzBx0snaIwYHzyjhcopMCtM2dSrYTbeQjD2iNfJWRQIAZqcqTJS9twIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMcQcSvGUJWjvKjDdZFga1vgtH8XMB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEveHhCeEs4WlFsYU84cU1OMWtXQnJXLUMwZnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQG2Y4AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQCfdlcCBESlrh6fIYEz7aCS
SRYFFSSdkwY982+T4wjLjV/Jwhs4/6VPAh/dXsbk+kUeH72mCk4oGptvWPS9MPsH
ggizd4Xn+rW2nYW+7yLZAJd08L8qBDQ+MMqj3ZEPlAwgQ+PSyXHEeNPFVDCtJHgZ
h+gPdc30BS+YvU7g7kXUfenkjXcD6AXC9MMCh1QmmuDRa4oaonksLgc4XDyub33G
5ZjQy0rz34vXXZjTZW1LT5O4JEq4GOuO/B51hTx8X8VkPVrQZkvWQZXtLGwSnUxd
9zIn1Fu+apOgE8ADd8Db3A3UJrO9dMosMAty7pPpyRg+PJC9STYvO/OZTrDCgxSw
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:59 2024 by rpki-client on console-ams.rpki-client.org