Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/e7lnu5GV1Ws2ufGuKLe2G2hbaAQ.roa
File: e7lnu5GV1Ws2ufGuKLe2G2hbaAQ.roa (raw, json)
Hash identifier: 9reX/wNRXqrJ8s1sbWgrOzoqclcI9kJ52DrqfGqy/44=
Subject key identifier: 7B:B9:67:BB:91:95:D5:6B:36:B9:F1:AE:28:B7:B6:1B:68:5B:68:04
Certificate issuer: /CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Certificate serial: 0187002A555448BAF1E871035A3603366432
Authority key identifier: B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/e7lnu5GV1Ws2ufGuKLe2G2hbaAQ.roa
Signing time: Mon 20 Mar 2023 17:56:27 +0000
ROA not before: Mon 20 Mar 2023 17:56:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29404
IP address blocks: 217.73.144.0/21 maxlen: 21
217.73.144.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:00:2a:55:54:48:ba:f1:e8:71:03:5a:36:03:36:64:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Validity
Not Before: Mar 20 17:56:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7bb967bb9195d56b36b9f1ae28b7b61b685b6804
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b3:1a:0c:78:10:da:72:3f:a2:13:3e:78:39:
e6:a6:7e:cb:ad:03:e7:04:60:2a:cf:2a:5a:ce:a1:
62:8a:bb:65:bf:cf:61:41:0f:ad:2a:f8:c3:ef:cd:
f4:db:53:06:16:90:7f:b3:f9:90:e8:61:f2:57:94:
bc:d0:45:59:1f:f5:94:1d:0b:bb:c4:ae:8c:d4:3e:
95:6e:4f:23:aa:d7:11:da:3f:46:9d:9d:7b:43:0f:
48:c1:cd:67:39:90:f8:d2:31:56:82:f7:84:9e:4f:
9a:c1:c3:8c:4a:50:2f:18:a5:82:6e:db:c9:c4:f1:
cf:0a:14:80:55:63:37:f5:7a:3c:ce:c2:b7:9c:4a:
72:7d:51:4e:b2:ac:57:1b:89:39:74:57:e5:6a:18:
36:aa:b4:8d:2e:97:9e:e4:01:76:2e:de:4c:4a:81:
00:c9:ce:76:0f:d4:c4:74:84:05:a9:6c:d6:b6:ca:
a1:9d:b3:5c:6d:be:20:6a:32:45:ce:67:62:53:d2:
9b:62:fc:d7:80:06:fe:88:c5:2d:7b:bf:44:d2:f2:
56:57:b5:d0:90:aa:76:d5:63:d5:51:74:bf:7a:47:
b1:f7:0e:2e:5e:31:d7:70:52:b2:bb:fc:a1:59:c7:
18:81:37:d9:c6:a8:69:bc:0a:4d:4d:3a:e1:46:f5:
ad:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:B9:67:BB:91:95:D5:6B:36:B9:F1:AE:28:B7:B6:1B:68:5B:68:04
X509v3 Authority Key Identifier:
keyid:B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/e7lnu5GV1Ws2ufGuKLe2G2hbaAQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.73.144.0/20
Signature Algorithm: sha256WithRSAEncryption
db:a4:a1:11:58:de:0c:0f:02:94:67:da:a8:47:8b:91:b0:b7:
14:b4:8a:4b:5a:13:3d:b6:c1:77:ff:5d:7e:67:d5:44:e0:99:
2c:90:98:1e:93:99:d2:b9:dd:59:2d:97:dd:79:40:9a:f7:ea:
a0:ca:b5:7f:58:44:41:49:62:6b:a5:0f:dd:72:90:97:3a:6e:
29:c0:37:54:16:a9:61:d0:28:1f:b8:aa:f5:c3:47:06:fe:40:
60:cc:4c:a1:dc:30:0b:35:47:f6:10:9a:4b:86:23:07:f8:7e:
cf:0d:88:82:00:33:83:a5:af:a3:39:ed:e9:f4:be:97:d8:d8:
4a:10:7a:09:10:b5:37:00:a6:6c:8b:d1:a4:29:99:e4:fb:19:
ec:39:15:91:9c:ae:bf:8a:2b:b2:25:ab:c0:34:54:b1:d6:f9:
05:57:44:8a:71:82:fb:4d:4d:ab:d1:50:94:25:b4:3b:7a:35:
3e:94:6b:91:af:db:87:44:25:e5:5b:25:fa:3c:61:9e:03:3e:
37:99:df:f9:cb:cf:76:d2:dd:2a:de:2b:f1:ed:8b:44:ad:bb:
50:65:2b:c5:49:3b:80:5f:93:50:86:d9:05:16:d4:95:0c:c5:
5a:1e:e0:cc:18:f8:d8:77:6e:85:04:4a:35:a0:31:2f:c0:b7:
10:3a:df:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYcAKlVUSLrx6HEDWjYDNmQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjJiODVhMWQyYzUxZDk5MDY5Y2EzYTVhZmY1MmVjYzZh
OWFhYjQwHhcNMjMwMzIwMTc1NjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmI5NjdiYjkxOTVkNTZiMzZiOWYxYWUyOGI3YjYxYjY4NWI2ODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbMaDHgQ2nI/ohM+eDnmpn7LrQPn
BGAqzypazqFiirtlv89hQQ+tKvjD783021MGFpB/s/mQ6GHyV5S80EVZH/WUHQu7
xK6M1D6Vbk8jqtcR2j9GnZ17Qw9Iwc1nOZD40jFWgveEnk+awcOMSlAvGKWCbtvJ
xPHPChSAVWM39Xo8zsK3nEpyfVFOsqxXG4k5dFflahg2qrSNLpee5AF2Lt5MSoEA
yc52D9TEdIQFqWzWtsqhnbNcbb4gajJFzmdiU9KbYvzXgAb+iMUte79E0vJWV7XQ
kKp21WPVUXS/ekex9w4uXjHXcFKyu/yhWccYgTfZxqhpvApNTTrhRvWtHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHu5Z7uRldVrNrnxrii3thtoW2gEMB8GA1UdIwQY
MBaAFLhiuFodLFHZkGnKOlr/UuzGqaq0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2Yt
Mjc4ZmQ0NzVmM2ZiLzEvZTdsbnU1R1YxV3MydWZHdUtMZTJHMmhiYUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2YtMjc4ZmQ0NzVmM2Zi
LzEvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2UmQMA0G
CSqGSIb3DQEBCwUAA4IBAQDbpKERWN4MDwKUZ9qoR4uRsLcUtIpLWhM9tsF3/11+
Z9VE4JkskJgek5nSud1ZLZfdeUCa9+qgyrV/WERBSWJrpQ/dcpCXOm4pwDdUFqlh
0CgfuKr1w0cG/kBgzEyh3DALNUf2EJpLhiMH+H7PDYiCADODpa+jOe3p9L6X2NhK
EHoJELU3AKZsi9GkKZnk+xnsORWRnK6/iiuyJavANFSx1vkFV0SKcYL7TU2r0VCU
JbQ7ejU+lGuRr9uHRCXlWyX6PGGeAz43md/5y8920t0q3ivx7YtErbtQZSvFSTuA
X5NQhtkFFtSVDMVaHuDMGPjYd26FBEo1oDEvwLcQOt8C
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:20 2024 by rpki-client on console-fra.rpki-client.org