Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/qcUeAQahjcRwTJSLL6wt-SmXy0U.roa
File: qcUeAQahjcRwTJSLL6wt-SmXy0U.roa (raw, json)
Hash identifier: LNV8H+Nt+2yc92WLOFeBmo1unDArX2VtEeeTgdSprhQ=
Subject key identifier: A9:C5:1E:01:06:A1:8D:C4:70:4C:94:8B:2F:AC:2D:F9:29:97:CB:45
Certificate issuer: /CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Certificate serial: 01856FA6F4E67258CB2100B118120FB67F89
Authority key identifier: B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/qcUeAQahjcRwTJSLL6wt-SmXy0U.roa
Signing time: Sun 01 Jan 2023 23:24:50 +0000
ROA not before: Sun 01 Jan 2023 23:24:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29404
IP address blocks: 217.73.144.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:a6:f4:e6:72:58:cb:21:00:b1:18:12:0f:b6:7f:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Validity
Not Before: Jan 1 23:24:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a9c51e0106a18dc4704c948b2fac2df92997cb45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:e3:11:4c:a3:d4:b1:8a:48:68:9b:9e:dc:ea:
a7:06:20:b7:5e:97:a2:32:0d:94:3c:2d:7c:80:b8:
a6:8c:ce:a9:fb:f2:e7:71:c2:09:48:5b:10:db:1b:
09:5e:05:55:bc:43:f1:da:36:15:2c:d6:46:ca:35:
91:47:f1:e5:ae:a9:0c:4e:ed:85:45:85:79:80:2d:
75:db:d6:07:2e:72:50:ff:6c:36:d9:42:c3:31:88:
a5:f0:15:b2:08:f6:0c:2b:92:07:5b:1a:1a:ba:04:
f6:93:69:be:37:73:ee:74:e2:e3:6c:6f:58:cb:8f:
09:76:ac:63:89:68:4e:41:80:e4:b9:f6:33:82:3e:
6a:0e:36:7d:8e:4d:a8:ab:6a:18:e1:8a:34:ff:c0:
32:a0:0d:18:e8:ce:71:8b:29:51:3f:aa:45:f6:7e:
c5:64:6f:db:98:93:ad:d8:95:68:25:6a:93:6a:db:
c7:83:43:c2:5d:fc:17:a3:d3:d0:ac:dd:d5:bf:1e:
dd:63:16:57:36:cb:c1:82:c1:5b:95:80:0e:a1:7c:
ae:c1:dc:68:d1:73:6a:91:03:bf:9d:92:48:69:7a:
9c:83:b7:ba:e0:c2:c9:02:d1:0c:20:e7:0b:73:af:
73:12:70:6f:57:d7:6b:5a:2d:99:d0:4e:73:c4:a5:
34:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:C5:1E:01:06:A1:8D:C4:70:4C:94:8B:2F:AC:2D:F9:29:97:CB:45
X509v3 Authority Key Identifier:
keyid:B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/qcUeAQahjcRwTJSLL6wt-SmXy0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.73.144.0/20
Signature Algorithm: sha256WithRSAEncryption
60:fb:68:5f:72:c0:98:d5:f0:8f:85:d9:6e:8a:cb:52:63:28:
b3:f1:1d:02:b9:59:66:f6:8e:eb:22:bc:b0:a8:aa:2d:e3:42:
76:ee:28:cc:da:33:18:d3:02:83:66:58:b7:d9:f3:5a:5a:68:
50:d2:e1:6b:d4:18:14:3f:e8:b4:90:ef:d1:e4:7f:ae:4a:77:
25:82:e2:b2:4d:bd:0c:d4:7f:09:97:78:b3:53:50:a7:aa:57:
ee:03:4d:6d:4a:32:bd:48:c1:8f:a9:17:a9:c7:db:89:b7:cc:
a1:c9:37:f6:08:73:cb:a2:52:26:af:e1:8a:3f:5d:76:3f:b5:
7c:40:9d:09:5c:a6:e3:22:b6:c4:2e:69:6e:04:c3:57:4e:d5:
98:d4:db:8f:12:77:2e:d7:14:55:60:79:3c:d6:9d:ca:d8:07:
1e:c0:fb:73:32:8d:83:f7:20:a3:b2:39:82:17:99:a2:7c:38:
45:45:13:5d:9b:19:72:be:91:03:ac:85:51:d2:dd:b6:97:8f:
ef:a8:17:3a:a1:72:ed:9b:6f:02:6c:c0:75:7c:10:c7:e5:b6:
68:e0:13:e9:d9:64:46:82:61:24:86:43:12:66:5d:cd:81:eb:
26:ce:f4:36:2c:e3:08:1b:40:1d:fb:50:0c:a6:5f:6d:74:8d:
1a:99:24:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvpvTmcljLIQCxGBIPtn+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjJiODVhMWQyYzUxZDk5MDY5Y2EzYTVhZmY1MmVjYzZh
OWFhYjQwHhcNMjMwMTAxMjMyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM1MWUwMTA2YTE4ZGM0NzA0Yzk0OGIyZmFjMmRmOTI5OTdjYjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+MRTKPUsYpIaJue3OqnBiC3Xpei
Mg2UPC18gLimjM6p+/LnccIJSFsQ2xsJXgVVvEPx2jYVLNZGyjWRR/HlrqkMTu2F
RYV5gC1129YHLnJQ/2w22ULDMYil8BWyCPYMK5IHWxoaugT2k2m+N3PudOLjbG9Y
y48JdqxjiWhOQYDkufYzgj5qDjZ9jk2oq2oY4Yo0/8AyoA0Y6M5xiylRP6pF9n7F
ZG/bmJOt2JVoJWqTatvHg0PCXfwXo9PQrN3Vvx7dYxZXNsvBgsFblYAOoXyuwdxo
0XNqkQO/nZJIaXqcg7e64MLJAtEMIOcLc69zEnBvV9drWi2Z0E5zxKU0FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnFHgEGoY3EcEyUiy+sLfkpl8tFMB8GA1UdIwQY
MBaAFLhiuFodLFHZkGnKOlr/UuzGqaq0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2Yt
Mjc4ZmQ0NzVmM2ZiLzEvcWNVZUFRYWhqY1J3VEpTTEw2d3QtU21YeTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2YtMjc4ZmQ0NzVmM2Zi
LzEvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2UmQMA0G
CSqGSIb3DQEBCwUAA4IBAQBg+2hfcsCY1fCPhdluistSYyiz8R0CuVlm9o7rIryw
qKot40J27ijM2jMY0wKDZli32fNaWmhQ0uFr1BgUP+i0kO/R5H+uSnclguKyTb0M
1H8Jl3izU1CnqlfuA01tSjK9SMGPqRepx9uJt8yhyTf2CHPLolImr+GKP112P7V8
QJ0JXKbjIrbELmluBMNXTtWY1NuPEncu1xRVYHk81p3K2AcewPtzMo2D9yCjsjmC
F5mifDhFRRNdmxlyvpEDrIVR0t22l4/vqBc6oXLtm28CbMB1fBDH5bZo4BPp2WRG
gmEkhkMSZl3NgesmzvQ2LOMIG0Ad+1AMpl9tdI0amSRy
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:16 2024 by rpki-client on console-ams.rpki-client.org