Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/8c9aa8-c10a-4e2d-9b64-227302d59572/1/Y-T7pGZ9k2uvPmes4DeXZ0B7NhM.roa
File: Y-T7pGZ9k2uvPmes4DeXZ0B7NhM.roa (raw, json)
Hash identifier: BK6ixMmpd0EkM+SDWRpVM9JGs5v+EFEGZC+0E0RN69Y=
Subject key identifier: 63:E4:FB:A4:66:7D:93:6B:AF:3E:67:AC:E0:37:97:67:40:7B:36:13
Certificate issuer: /CN=0462e00564a9340ff4739d3951216c46a8efc64f
Certificate serial: 018570B98858411AA29C36F963F620CDC290
Authority key identifier: 04:62:E0:05:64:A9:34:0F:F4:73:9D:39:51:21:6C:46:A8:EF:C6:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BGLgBWSpNA_0c505USFsRqjvxk8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/8c9aa8-c10a-4e2d-9b64-227302d59572/1/Y-T7pGZ9k2uvPmes4DeXZ0B7NhM.roa
Signing time: Mon 02 Jan 2023 04:24:45 +0000
ROA not before: Mon 02 Jan 2023 04:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60398
IP address blocks: 217.150.80.0/24 maxlen: 24
217.150.84.0/24 maxlen: 24
217.150.80.0/21 maxlen: 21
217.150.83.0/24 maxlen: 24
217.150.85.0/24 maxlen: 24
217.150.82.0/24 maxlen: 24
217.150.81.0/24 maxlen: 24
217.150.87.0/24 maxlen: 24
217.150.86.0/24 maxlen: 24
2a02:65c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:b9:88:58:41:1a:a2:9c:36:f9:63:f6:20:cd:c2:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0462e00564a9340ff4739d3951216c46a8efc64f
Validity
Not Before: Jan 2 04:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=63e4fba4667d936baf3e67ace0379767407b3613
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:f1:7b:2b:85:b4:58:84:c1:cf:fe:c8:f7:95:
72:7a:20:a8:81:b1:07:ab:d1:19:90:06:8f:aa:8f:
74:31:42:d6:df:b2:cf:73:60:d8:e6:aa:61:aa:96:
79:19:97:11:03:da:90:2e:8b:07:39:42:11:37:78:
c8:86:ca:3e:68:79:1b:ed:4d:25:ef:c5:50:67:26:
0f:18:fd:52:43:66:ed:1e:00:96:46:01:5b:2c:33:
32:28:5e:4f:e5:18:15:8d:51:1b:24:85:14:07:e0:
79:64:14:56:d0:f9:ad:a6:2d:27:a1:c1:33:ee:90:
b9:54:ce:34:f4:28:ea:70:d1:b7:cb:5f:36:72:a4:
4b:ca:e0:e9:d5:93:92:1a:ec:89:bf:25:39:20:ad:
36:50:0f:2a:4f:91:82:9d:a3:44:54:98:a9:c7:8b:
bd:9b:58:3d:1e:eb:b4:46:c1:1f:f5:4c:d3:b7:df:
a6:29:a4:fc:05:a9:fe:01:12:7f:e3:f4:5b:03:8a:
c2:cd:da:ad:ca:eb:d5:77:f9:61:50:0e:fa:80:0f:
fe:9d:ca:72:4c:82:2f:c5:98:7f:4b:3d:e3:0e:8a:
cf:28:cb:0a:85:66:db:d2:0b:56:93:5f:80:dd:3d:
af:1c:40:b5:70:43:12:74:c2:42:fd:00:3c:ca:5a:
82:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:E4:FB:A4:66:7D:93:6B:AF:3E:67:AC:E0:37:97:67:40:7B:36:13
X509v3 Authority Key Identifier:
keyid:04:62:E0:05:64:A9:34:0F:F4:73:9D:39:51:21:6C:46:A8:EF:C6:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BGLgBWSpNA_0c505USFsRqjvxk8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/8c9aa8-c10a-4e2d-9b64-227302d59572/1/Y-T7pGZ9k2uvPmes4DeXZ0B7NhM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/8c9aa8-c10a-4e2d-9b64-227302d59572/1/BGLgBWSpNA_0c505USFsRqjvxk8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.150.80.0/21
IPv6:
2a02:65c0::/32
Signature Algorithm: sha256WithRSAEncryption
8a:9d:ce:ca:09:ac:44:4f:94:9f:92:2f:ea:1c:e5:c6:f9:d2:
56:17:83:3c:b9:96:80:ba:50:f3:0f:ce:2e:74:d9:db:8b:63:
ae:ea:01:fb:b6:39:5a:ab:a5:b1:db:8a:66:75:77:92:0a:6d:
4b:8f:aa:10:0c:9a:6d:dc:3d:e7:8c:a8:1c:e7:c1:5b:77:c1:
ed:02:10:3a:4a:15:d8:7f:43:ab:67:ce:3e:fe:a6:5b:f6:d3:
99:bb:1a:e7:1e:71:3b:c7:31:49:23:8d:ea:dd:5a:5c:78:51:
1b:96:18:61:a4:9b:0d:6d:05:04:11:81:41:8c:44:79:b7:df:
6d:01:c9:be:77:52:32:b7:08:1b:22:ee:e1:d3:c5:cd:7f:d4:
32:0b:30:4d:0b:7c:56:d9:28:50:3b:7d:94:50:61:c8:ac:88:
d4:9a:92:74:93:f2:01:93:3c:1d:1f:a3:dc:90:b9:9c:fb:67:
60:c7:c9:28:42:15:29:d7:80:a0:24:d7:5b:6d:77:7c:b3:0a:
63:e6:3d:48:35:c3:27:c3:46:2c:46:11:a2:6c:5f:d0:08:56:
f5:e4:a3:71:88:b1:ef:fe:35:ef:d0:cb:fc:31:56:b1:c1:85:
27:9a:8d:c9:a6:3a:75:4e:8c:03:e5:67:59:98:57:df:23:2e:
22:31:9d:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVwuYhYQRqinDb5Y/YgzcKQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NjJlMDA1NjRhOTM0MGZmNDczOWQzOTUxMjE2YzQ2YThl
ZmM2NGYwHhcNMjMwMTAyMDQyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2U0ZmJhNDY2N2Q5MzZiYWYzZTY3YWNlMDM3OTc2NzQwN2IzNjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PF7K4W0WITBz/7I95VyeiCogbEH
q9EZkAaPqo90MULW37LPc2DY5qphqpZ5GZcRA9qQLosHOUIRN3jIhso+aHkb7U0l
78VQZyYPGP1SQ2btHgCWRgFbLDMyKF5P5RgVjVEbJIUUB+B5ZBRW0Pmtpi0nocEz
7pC5VM409CjqcNG3y182cqRLyuDp1ZOSGuyJvyU5IK02UA8qT5GCnaNEVJipx4u9
m1g9Huu0RsEf9UzTt9+mKaT8Ban+ARJ/4/RbA4rCzdqtyuvVd/lhUA76gA/+ncpy
TIIvxZh/Sz3jDorPKMsKhWbb0gtWk1+A3T2vHEC1cEMSdMJC/QA8ylqCjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGPk+6RmfZNrrz5nrOA3l2dAezYTMB8GA1UdIwQY
MBaAFARi4AVkqTQP9HOdOVEhbEao78ZPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkdMZ0JXU3BOQV8wYzUwNVVTRnNScWp2eGs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC84YzlhYTgtYzEwYS00ZTJkLTliNjQt
MjI3MzAyZDU5NTcyLzEvWS1UN3BHWjlrMnV2UG1lczREZVhaMEI3TmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC84YzlhYTgtYzEwYS00ZTJkLTliNjQtMjI3MzAyZDU5NTcy
LzEvQkdMZ0JXU3BOQV8wYzUwNVVTRnNScWp2eGs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQD2ZZQMA0E
AgACMAcDBQAqAmXAMA0GCSqGSIb3DQEBCwUAA4IBAQCKnc7KCaxET5Sfki/qHOXG
+dJWF4M8uZaAulDzD84udNnbi2Ou6gH7tjlaq6Wx24pmdXeSCm1Lj6oQDJpt3D3n
jKgc58Fbd8HtAhA6ShXYf0OrZ84+/qZb9tOZuxrnHnE7xzFJI43q3VpceFEblhhh
pJsNbQUEEYFBjER5t99tAcm+d1IytwgbIu7h08XNf9QyCzBNC3xW2ShQO32UUGHI
rIjUmpJ0k/IBkzwdH6PckLmc+2dgx8koQhUp14CgJNdbbXd8swpj5j1INcMnw0Ys
RhGibF/QCFb15KNxiLHv/jXv0Mv8MVaxwYUnmo3Jpjp1TowD5WdZmFffIy4iMZ1S
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:56:03 2025 by rpki-client