Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/RWPrKcjGo36nkoFW8lzHSXXkErk.roa
File: RWPrKcjGo36nkoFW8lzHSXXkErk.roa (raw, json)
Hash identifier: F3cxxdbOXgAR/QOSkV14bMTL0aWm/bHHYDuPsOfpaCM=
Subject key identifier: 45:63:EB:29:C8:C6:A3:7E:A7:92:81:56:F2:5C:C7:49:75:E4:12:B9
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018FB46E5C5FCEAF748FE9308DFE0377C2E8
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/RWPrKcjGo36nkoFW8lzHSXXkErk.roa
Signing time: Sun 26 May 2024 10:24:42 +0000
ROA not before: Sun 26 May 2024 10:24:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204203
IP address blocks: 217.60.239.0/24 maxlen: 24
217.60.241.0/24 maxlen: 24
217.60.254.0/23 maxlen: 23
217.60.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:b4:6e:5c:5f:ce:af:74:8f:e9:30:8d:fe:03:77:c2:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: May 26 10:24:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4563eb29c8c6a37ea7928156f25cc74975e412b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:57:75:e6:f6:bd:7c:c3:b4:99:5f:9d:f8:72:
fc:74:7a:e5:dd:ea:4a:f9:34:b8:5b:73:bf:ee:6c:
03:bd:12:a4:d7:b1:3a:96:c7:da:be:51:81:b2:98:
09:41:86:eb:57:ef:f9:af:5f:f4:dd:20:c0:4a:88:
3c:20:84:c2:e9:00:76:b5:88:02:13:6b:38:1c:dd:
ec:be:8d:9b:dd:7c:b2:e9:98:fd:54:9d:93:d3:aa:
1c:3d:14:08:9f:a5:9b:15:6c:5e:06:a6:b3:46:6e:
67:11:3d:5d:2a:7e:52:a2:99:0f:83:b5:90:40:4c:
92:e9:f6:af:4d:1d:1c:18:75:90:ca:27:0e:72:46:
82:9a:7b:eb:c6:25:fc:c1:40:62:1d:f8:06:0a:1d:
f4:e8:78:6b:15:00:b0:89:04:75:95:85:78:f0:cc:
d8:66:4d:0d:55:75:13:0b:9b:94:2e:d1:e2:f9:cc:
32:f2:4f:bb:83:14:ae:47:a3:d6:6b:91:24:3b:53:
31:6a:cc:85:43:da:7e:29:6c:5f:09:28:2d:3b:4f:
f1:79:11:13:23:18:45:3f:fa:eb:7f:ad:1a:ce:7d:
7f:12:03:b6:cb:88:3b:11:d8:d0:af:b1:cc:cc:67:
f0:21:a2:54:e8:e4:4c:62:d5:8a:55:72:a1:49:78:
1f:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:63:EB:29:C8:C6:A3:7E:A7:92:81:56:F2:5C:C7:49:75:E4:12:B9
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/RWPrKcjGo36nkoFW8lzHSXXkErk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.60.239.0/24
217.60.241.0/24
217.60.254.0/23
Signature Algorithm: sha256WithRSAEncryption
4c:c6:a0:b9:ad:85:4d:d8:f9:e8:5d:4b:14:1c:66:ca:4e:c7:
49:f9:82:9a:b2:06:f1:42:bc:c9:d0:fb:17:80:21:34:80:6b:
2e:a3:b3:d2:85:b3:f7:3c:1a:9c:5d:2b:a1:63:52:9b:a0:5b:
56:b7:8e:d3:14:42:b7:d7:fd:0f:41:57:c2:7a:28:6a:c6:1d:
93:52:37:46:3c:e5:c3:37:87:03:d0:45:51:2a:f3:2d:94:c4:
0b:50:c3:ff:e3:80:2b:f8:7c:e1:a3:6d:c4:df:64:d8:84:16:
39:ca:57:c8:d8:f2:63:51:47:cb:4b:cb:1e:c9:27:b1:bd:43:
c6:21:2a:c2:b7:40:d6:7e:e1:e7:14:15:f5:0f:9b:b9:70:52:
05:ea:7f:86:f4:97:bb:9b:90:82:86:bc:c3:a4:ca:96:2c:c1:
0c:1c:28:ec:7b:1a:6c:68:cd:69:96:6f:d1:7d:ca:a3:04:e1:
d0:7c:df:25:36:8a:01:c7:38:a0:42:ea:77:ac:9f:eb:56:e9:
dd:a5:8f:65:d3:36:a7:6d:78:f5:01:a8:e5:d5:f4:73:a2:0e:
17:84:19:7e:bc:69:6b:80:28:79:8d:bd:15:e2:28:4d:43:1e:
a1:24:ed:9b:99:32:22:f9:86:e9:7c:0b:2c:ed:29:03:89:d9:
44:99:ae:db
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+0blxfzq90j+kwjf4Dd8LoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwNTI2MTAyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTYzZWIyOWM4YzZhMzdlYTc5MjgxNTZmMjVjYzc0OTc1ZTQxMmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqld15va9fMO0mV+d+HL8dHrl3epK
+TS4W3O/7mwDvRKk17E6lsfavlGBspgJQYbrV+/5r1/03SDASog8IITC6QB2tYgC
E2s4HN3svo2b3Xyy6Zj9VJ2T06ocPRQIn6WbFWxeBqazRm5nET1dKn5SopkPg7WQ
QEyS6favTR0cGHWQyicOckaCmnvrxiX8wUBiHfgGCh306HhrFQCwiQR1lYV48MzY
Zk0NVXUTC5uULtHi+cwy8k+7gxSuR6PWa5EkO1MxasyFQ9p+KWxfCSgtO0/xeRET
IxhFP/rrf60azn1/EgO2y4g7EdjQr7HMzGfwIaJU6ORMYtWKVXKhSXgfrQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEVj6ynIxqN+p5KBVvJcx0l15BK5MB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvUldQcktjakdvMzZua29GVzhsekhTWFhrRXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA2TzvAwQA
2TzxAwQB2Tz+MA0GCSqGSIb3DQEBCwUAA4IBAQBMxqC5rYVN2PnoXUsUHGbKTsdJ
+YKasgbxQrzJ0PsXgCE0gGsuo7PShbP3PBqcXSuhY1KboFtWt47TFEK31/0PQVfC
eihqxh2TUjdGPOXDN4cD0EVRKvMtlMQLUMP/44Ar+Hzho23E32TYhBY5ylfI2PJj
UUfLS8seySexvUPGISrCt0DWfuHnFBX1D5u5cFIF6n+G9Je7m5CChrzDpMqWLMEM
HCjsexpsaM1plm/RfcqjBOHQfN8lNooBxzigQup3rJ/rVundpY9l0zanbXj1Aajl
1fRzog4XhBl+vGlrgCh5jb0V4ihNQx6hJO2bmTIi+YbpfAss7SkDidlEma7b
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:08:27 2025 by rpki-client