Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/jDMAElbJz9NCTEuDQYIlb5o-sgg.roa
File: jDMAElbJz9NCTEuDQYIlb5o-sgg.roa (raw, json)
Hash identifier: w9iJpbfXUr+kkVwovF00KwdRWlmfySBNbW4YV3MlSWs=
Subject key identifier: 8C:33:00:12:56:C9:CF:D3:42:4C:4B:83:41:82:25:6F:9A:3E:B2:08
Certificate issuer: /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial: 019146DEEAC4AEAD5B1D7BD38877FAEBE7CA
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/jDMAElbJz9NCTEuDQYIlb5o-sgg.roa
Signing time: Mon 12 Aug 2024 13:54:59 +0000
ROA not before: Mon 12 Aug 2024 13:54:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48383
IP address blocks: 217.12.32.0/20 maxlen: 20
217.12.32.0/22 maxlen: 22
217.12.36.0/24 maxlen: 24
217.12.37.0/24 maxlen: 24
217.12.38.0/24 maxlen: 24
217.12.39.0/24 maxlen: 24
217.12.42.0/23 maxlen: 23
217.12.46.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:46:de:ea:c4:ae:ad:5b:1d:7b:d3:88:77:fa:eb:e7:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
Validity
Not Before: Aug 12 13:54:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8c33001256c9cfd3424c4b834182256f9a3eb208
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:14:d9:dc:1c:82:fa:27:29:b9:f7:3a:bf:4f:
b0:f2:43:22:ef:94:fa:c4:de:f8:2e:5d:09:95:ca:
5b:52:bb:d1:63:b0:ac:bd:5e:97:1a:5a:07:ca:d4:
69:d8:4b:33:df:2e:b4:c3:40:e7:11:58:f3:37:7f:
39:79:79:85:a8:a7:fb:cc:52:12:6c:9b:7b:6b:3a:
19:83:85:0d:b0:92:08:ed:d0:97:43:29:94:00:4e:
10:82:9b:28:6a:6e:a0:0c:60:fc:e5:e1:c4:51:7f:
8c:9f:a5:0c:fc:50:e7:21:95:15:6a:97:08:77:16:
95:cb:c8:25:80:ff:10:be:8c:18:9a:bc:97:89:fe:
5b:56:14:5c:b4:83:4f:0a:ca:e5:e4:51:12:e1:da:
4c:b3:5f:d8:b6:0d:20:69:c5:62:8b:77:f2:b7:64:
aa:e6:b5:a7:af:de:eb:e7:91:d9:69:30:ab:08:62:
24:33:0c:45:b7:bf:94:24:c4:01:c5:9a:38:cb:5c:
8d:a3:4f:a1:7c:75:25:18:0e:99:24:e5:ce:97:e5:
1c:6e:33:5c:4a:a0:32:43:2a:a8:40:d6:98:d5:8c:
bc:f9:06:03:67:b5:62:a3:22:d2:de:0b:f3:7c:72:
f8:2a:af:d6:ab:09:e4:36:bd:0a:47:e5:c9:af:17:
b9:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:33:00:12:56:C9:CF:D3:42:4C:4B:83:41:82:25:6F:9A:3E:B2:08
X509v3 Authority Key Identifier:
keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/jDMAElbJz9NCTEuDQYIlb5o-sgg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.12.32.0/20
Signature Algorithm: sha256WithRSAEncryption
98:70:c1:6a:70:b7:3e:4f:1c:5d:ea:12:07:4f:ad:e7:b9:5d:
aa:57:36:fc:5b:3e:fb:ad:0f:c2:f9:e5:17:76:c1:83:4c:35:
85:39:9a:0b:ae:b4:f6:00:78:d0:64:8e:57:99:03:68:9e:eb:
26:e4:d3:13:89:70:52:0c:fd:84:94:9e:c9:82:b7:8a:cb:8c:
e6:ed:de:70:05:91:19:2b:bb:f2:49:5a:b1:de:d0:33:9b:8e:
7f:b9:6f:eb:4b:7c:e0:1f:00:9d:19:99:b2:00:dc:6f:80:1a:
16:27:62:10:25:80:f2:1f:91:fc:da:b4:ff:de:ba:f7:a5:67:
cc:18:de:ca:cd:96:2d:af:09:83:1a:ac:7c:76:2e:35:a7:23:
df:0c:de:f7:d3:cd:df:58:1c:29:c1:35:79:07:3f:e9:15:18:
5f:3a:6e:43:10:9e:2f:6a:b9:8e:2c:2c:08:fc:13:fc:83:21:
f4:65:39:f2:a4:87:c1:63:68:31:0f:14:cf:b7:ec:6b:23:0e:
f5:1c:56:02:e3:1c:30:b8:63:bf:b0:87:f8:c3:88:85:ee:41:
e4:39:ef:3b:3f:24:7d:28:75:66:a8:72:45:e4:ab:e0:26:2c:
1c:d4:d0:a1:11:3f:aa:a7:26:50:c2:a0:ea:6c:1d:e5:24:a2:
18:12:3c:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFG3urErq1bHXvTiHf66+fKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjQwODEyMTM1NDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzMzMDAxMjU2YzljZmQzNDI0YzRiODM0MTgyMjU2ZjlhM2ViMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxTZ3ByC+icpufc6v0+w8kMi75T6
xN74Ll0JlcpbUrvRY7CsvV6XGloHytRp2Esz3y60w0DnEVjzN385eXmFqKf7zFIS
bJt7azoZg4UNsJII7dCXQymUAE4Qgpsoam6gDGD85eHEUX+Mn6UM/FDnIZUVapcI
dxaVy8glgP8QvowYmryXif5bVhRctINPCsrl5FES4dpMs1/Ytg0gacVii3fyt2Sq
5rWnr97r55HZaTCrCGIkMwxFt7+UJMQBxZo4y1yNo0+hfHUlGA6ZJOXOl+UcbjNc
SqAyQyqoQNaY1Yy8+QYDZ7VioyLS3gvzfHL4Kq/WqwnkNr0KR+XJrxe55wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwzABJWyc/TQkxLg0GCJW+aPrIIMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvakRNQUVsYkp6OU5DVEV1RFFZSWxiNW8tc2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2QwgMA0G
CSqGSIb3DQEBCwUAA4IBAQCYcMFqcLc+Txxd6hIHT63nuV2qVzb8Wz77rQ/C+eUX
dsGDTDWFOZoLrrT2AHjQZI5XmQNonusm5NMTiXBSDP2ElJ7JgreKy4zm7d5wBZEZ
K7vySVqx3tAzm45/uW/rS3zgHwCdGZmyANxvgBoWJ2IQJYDyH5H82rT/3rr3pWfM
GN7KzZYtrwmDGqx8di41pyPfDN73083fWBwpwTV5Bz/pFRhfOm5DEJ4varmOLCwI
/BP8gyH0ZTnypIfBY2gxDxTPt+xrIw71HFYC4xwwuGO/sIf4w4iF7kHkOe87PyR9
KHVmqHJF5KvgJiwc1NChET+qpyZQwqDqbB3lJKIYEjxA
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:33:30 2025 by rpki-client