Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/soYEauUOZbrULZWlug2KCvvHVmI.roa
File: soYEauUOZbrULZWlug2KCvvHVmI.roa (raw, json)
Hash identifier: 42eBjvhXUqUq+IDw+tlcVqrYoH0ZWYjoXzK+Sd7xFEc=
Subject key identifier: B2:86:04:6A:E5:0E:65:BA:D4:2D:95:A5:BA:0D:8A:0A:FB:C7:56:62
Certificate issuer: /CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Certificate serial: 018CC6B90C4A8F9B8E302A7E63008C7A2524
Authority key identifier: B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/soYEauUOZbrULZWlug2KCvvHVmI.roa
Signing time: Mon 01 Jan 2024 20:31:05 +0000
ROA not before: Mon 01 Jan 2024 20:31:05 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29404
IP address blocks: 217.73.144.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b9:0c:4a:8f:9b:8e:30:2a:7e:63:00:8c:7a:25:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Validity
Not Before: Jan 1 20:31:05 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b286046ae50e65bad42d95a5ba0d8a0afbc75662
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:d8:3d:40:f1:ad:f1:9c:06:5e:63:97:a5:dd:
31:d1:6c:f1:87:f6:f3:0d:0d:6f:11:51:fe:b3:14:
1c:92:ba:37:e8:83:52:ed:b3:d2:bb:4b:db:90:4c:
f4:22:46:8e:22:66:30:27:0b:8a:28:f5:3f:5d:48:
3b:26:83:e1:19:90:64:43:f1:03:ef:44:78:8d:c1:
30:76:2b:7c:1e:e4:8f:22:4f:cd:76:5a:c9:d4:ed:
d4:43:d3:ad:5d:5b:27:b3:38:7e:a7:da:b0:22:64:
6e:b7:bd:3c:8d:31:5b:63:89:a9:be:4c:8a:15:52:
34:28:4f:ab:7d:dd:c7:ef:4e:3a:5c:30:6a:6c:a7:
b2:5c:ba:cf:a2:ec:2a:6b:c8:46:fd:27:2a:2e:5c:
75:cb:0e:45:fd:d2:d6:48:7c:ba:53:d3:49:f5:e2:
02:cd:31:06:3e:02:b9:ad:9e:f7:cf:1c:f5:a4:92:
ec:35:14:98:58:04:38:bb:b2:99:8e:d7:18:12:d7:
cc:e4:6c:72:1e:a9:dd:80:9a:66:c6:36:55:4c:ef:
af:2d:5c:3a:26:31:28:a5:98:de:fc:bf:f6:49:b5:
42:9b:e4:bd:29:84:90:86:5b:2a:f8:c0:57:45:c5:
c3:13:b1:4c:29:8b:7d:ad:5b:cb:ef:7d:a4:dc:53:
dd:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:86:04:6A:E5:0E:65:BA:D4:2D:95:A5:BA:0D:8A:0A:FB:C7:56:62
X509v3 Authority Key Identifier:
keyid:B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/soYEauUOZbrULZWlug2KCvvHVmI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.73.144.0/21
Signature Algorithm: sha256WithRSAEncryption
19:5f:a6:df:33:ef:63:1f:55:5c:29:1c:03:61:8c:40:0f:09:
98:80:1e:58:78:fc:da:65:14:5c:ca:1d:f4:2f:4f:5a:6a:5f:
db:e2:0e:43:89:86:38:a5:64:f0:18:87:70:84:a9:c9:2a:83:
b0:60:8d:c7:97:9b:75:6f:98:db:52:18:12:f2:b5:8b:36:8c:
1c:43:1d:49:2c:fc:7b:f0:fd:fd:3a:22:81:f4:25:7a:29:16:
51:37:86:35:a1:8b:fa:91:13:44:f0:c7:fb:39:3c:9b:40:49:
7b:8a:67:4b:61:ce:16:64:f3:b0:a6:42:ea:09:21:11:48:7a:
73:2b:01:d5:54:c6:91:fd:f1:f4:2a:98:6a:cb:38:17:97:bf:
05:d4:4e:de:73:ea:49:3c:7b:14:61:c6:0c:27:cd:b6:c5:2b:
46:fb:11:e7:d5:07:a3:7a:c4:17:60:63:8d:f7:46:a7:fe:87:
27:b3:8c:59:a9:82:16:88:88:00:ef:ef:43:a9:e8:e0:27:21:
74:e3:60:25:0f:f3:2a:a8:87:4c:ae:13:8a:c6:3f:27:86:86:
91:ac:db:26:62:dd:63:0d:e8:fb:bd:6e:3d:1e:20:14:36:a2:
34:29:21:40:90:55:0a:86:f0:af:84:0d:45:ba:65:0c:24:f3:
43:b5:59:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQxKj5uOMCp+YwCMeiUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjJiODVhMWQyYzUxZDk5MDY5Y2EzYTVhZmY1MmVjYzZh
OWFhYjQwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjg2MDQ2YWU1MGU2NWJhZDQyZDk1YTViYTBkOGEwYWZiYzc1NjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdg9QPGt8ZwGXmOXpd0x0Wzxh/bz
DQ1vEVH+sxQckro36INS7bPSu0vbkEz0IkaOImYwJwuKKPU/XUg7JoPhGZBkQ/ED
70R4jcEwdit8HuSPIk/NdlrJ1O3UQ9OtXVsnszh+p9qwImRut708jTFbY4mpvkyK
FVI0KE+rfd3H7046XDBqbKeyXLrPouwqa8hG/ScqLlx1yw5F/dLWSHy6U9NJ9eIC
zTEGPgK5rZ73zxz1pJLsNRSYWAQ4u7KZjtcYEtfM5GxyHqndgJpmxjZVTO+vLVw6
JjEopZje/L/2SbVCm+S9KYSQhlsq+MBXRcXDE7FMKYt9rVvL732k3FPdMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKGBGrlDmW61C2VpboNigr7x1ZiMB8GA1UdIwQY
MBaAFLhiuFodLFHZkGnKOlr/UuzGqaq0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2Yt
Mjc4ZmQ0NzVmM2ZiLzEvc29ZRWF1VU9aYnJVTFpXbHVnMktDdnZIVm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2YtMjc4ZmQ0NzVmM2Zi
LzEvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2UmQMA0G
CSqGSIb3DQEBCwUAA4IBAQAZX6bfM+9jH1VcKRwDYYxADwmYgB5YePzaZRRcyh30
L09aal/b4g5DiYY4pWTwGIdwhKnJKoOwYI3Hl5t1b5jbUhgS8rWLNowcQx1JLPx7
8P39OiKB9CV6KRZRN4Y1oYv6kRNE8Mf7OTybQEl7imdLYc4WZPOwpkLqCSERSHpz
KwHVVMaR/fH0KphqyzgXl78F1E7ec+pJPHsUYcYMJ822xStG+xHn1QejesQXYGON
90an/ocns4xZqYIWiIgA7+9DqejgJyF042AlD/MqqIdMrhOKxj8nhoaRrNsmYt1j
Dej7vW49HiAUNqI0KSFAkFUKhvCvhA1FumUMJPNDtVnD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:20 2024 by rpki-client on console-fra.rpki-client.org