Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa
File: pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa (raw, json)
Hash identifier: NAn8IdMYRCe3BqpECe0s8Xy/+62ZhoTqA5BuDrtVYRY=
Subject key identifier: A4:A8:85:94:5D:69:01:A0:EA:43:C4:8F:EF:EE:84:C7:FA:0E:FF:D0
Certificate issuer: /CN=f05c6af3d022620f72c53b770e82e5c73ae5506d
Certificate serial: 01856B9C860B7A3D6158790C531DDC56DAD9
Authority key identifier: F0:5C:6A:F3:D0:22:62:0F:72:C5:3B:77:0E:82:E5:C7:3A:E5:50:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Fxq89AiYg9yxTt3DoLlxzrlUG0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa
Signing time: Sun 01 Jan 2023 04:34:58 +0000
ROA not before: Sun 01 Jan 2023 04:34:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207355
IP address blocks: 193.187.160.0/22 maxlen: 22
83.143.120.0/21 maxlen: 21
85.202.16.0/20 maxlen: 20
91.196.172.0/22 maxlen: 22
193.239.48.0/22 maxlen: 22
66.97.192.0/19 maxlen: 19
193.239.168.0/23 maxlen: 23
2a06:f240::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:9c:86:0b:7a:3d:61:58:79:0c:53:1d:dc:56:da:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f05c6af3d022620f72c53b770e82e5c73ae5506d
Validity
Not Before: Jan 1 04:34:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a4a885945d6901a0ea43c48fefee84c7fa0effd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:f0:dc:4a:3a:65:a5:f6:f8:fb:e1:34:a5:ba:
e7:cc:90:eb:2c:87:5b:32:f6:85:94:f7:76:91:fb:
1c:97:c9:b5:d9:e7:6b:49:e7:c2:c6:c8:2e:7c:fd:
7f:96:72:57:02:08:be:c4:03:d2:07:a0:3b:27:64:
21:02:b3:0c:8d:9a:0d:c3:04:5e:58:7d:a2:c9:3c:
53:0f:e7:a9:a4:cb:fb:d3:5c:ed:6e:06:52:db:2f:
14:8f:ad:c6:7d:79:32:29:f4:aa:e6:23:a5:b3:8f:
73:ad:9e:05:3c:2c:35:ca:23:f7:24:6e:34:a9:b7:
46:5e:0a:d6:68:72:3e:5a:c4:fb:0b:3f:0f:8e:7d:
b3:7d:05:70:00:f0:d1:ae:3d:b2:d7:60:8d:a6:48:
08:c0:e3:99:fd:52:ca:2b:85:68:c9:89:f3:ad:ee:
ea:13:b0:58:39:d7:c2:0e:f9:50:88:a5:6d:6e:d0:
ed:75:4a:15:71:35:e5:df:90:dc:d8:70:44:ba:8a:
52:9b:9d:59:65:49:39:01:0a:bb:75:84:24:4e:fa:
b2:07:5c:b1:42:c9:43:63:9b:9d:93:12:87:28:55:
f0:a7:0a:fa:36:1c:94:1c:8e:8b:16:a6:a0:91:54:
83:6f:44:5b:62:2c:c2:c8:67:2a:44:39:1d:dc:d2:
bd:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:A8:85:94:5D:69:01:A0:EA:43:C4:8F:EF:EE:84:C7:FA:0E:FF:D0
X509v3 Authority Key Identifier:
keyid:F0:5C:6A:F3:D0:22:62:0F:72:C5:3B:77:0E:82:E5:C7:3A:E5:50:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Fxq89AiYg9yxTt3DoLlxzrlUG0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/8Fxq89AiYg9yxTt3DoLlxzrlUG0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
66.97.192.0/19
83.143.120.0/21
85.202.16.0/20
91.196.172.0/22
193.187.160.0/22
193.239.48.0/22
193.239.168.0/23
IPv6:
2a06:f240::/29
Signature Algorithm: sha256WithRSAEncryption
25:dd:79:11:1b:11:03:ae:4a:f7:e2:27:a0:7a:d2:93:14:9b:
b9:e1:f8:8f:19:42:81:4d:5e:d8:a9:3f:39:44:9c:40:8a:74:
5b:d6:ef:be:fc:86:7a:72:56:27:a0:44:4a:d1:8e:6c:17:ec:
e8:17:0a:62:6c:8c:3c:c8:da:5c:75:31:82:a9:d4:43:33:b1:
f5:3e:dd:7a:ae:aa:e7:aa:77:41:03:c8:13:17:2f:7c:29:80:
fc:06:09:cb:c4:ad:7e:41:85:89:fc:04:d8:4b:a6:0b:a5:07:
37:7b:3e:94:50:71:9d:74:e0:f2:c1:8e:7f:f6:d7:98:07:53:
13:a9:b4:7d:84:99:e6:2a:83:d0:64:7c:ac:b3:ac:0b:3d:24:
e6:a4:a2:23:27:cc:dd:2e:9f:6e:d9:77:28:86:55:b5:7b:15:
17:25:83:9e:e8:8c:e0:e4:ac:f4:32:16:15:ca:a0:1e:ba:84:
6b:fa:cc:12:88:83:1b:5e:4a:c0:e3:e2:e4:c0:66:21:76:02:
57:ae:65:6e:2d:90:a8:71:e7:55:31:7b:9a:9f:4e:73:d9:1a:
29:cc:2e:08:f9:4a:31:e5:f9:05:d9:6c:37:ba:94:f4:8b:b8:
06:00:b8:c3:88:be:1f:85:81:23:0a:ac:7e:3d:c4:d5:aa:12:
5d:60:72:d9
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVrnIYLej1hWHkMUx3cVtrZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNWM2YWYzZDAyMjYyMGY3MmM1M2I3NzBlODJlNWM3M2Fl
NTUwNmQwHhcNMjMwMTAxMDQzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGE4ODU5NDVkNjkwMWEwZWE0M2M0OGZlZmVlODRjN2ZhMGVmZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PDcSjplpfb4++E0pbrnzJDrLIdb
MvaFlPd2kfscl8m12edrSefCxsgufP1/lnJXAgi+xAPSB6A7J2QhArMMjZoNwwRe
WH2iyTxTD+eppMv701ztbgZS2y8Uj63GfXkyKfSq5iOls49zrZ4FPCw1yiP3JG40
qbdGXgrWaHI+WsT7Cz8Pjn2zfQVwAPDRrj2y12CNpkgIwOOZ/VLKK4VoyYnzre7q
E7BYOdfCDvlQiKVtbtDtdUoVcTXl35Dc2HBEuopSm51ZZUk5AQq7dYQkTvqyB1yx
QslDY5udkxKHKFXwpwr6NhyUHI6LFqagkVSDb0RbYizCyGcqRDkd3NK9owIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKSohZRdaQGg6kPEj+/uhMf6Dv/QMB8GA1UdIwQY
MBaAFPBcavPQImIPcsU7dw6C5cc65VBtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZ4cTg5QWlZZzl5eFR0M0RvTGx4enJsVUcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9mN2I3YzItNWQ4ZC00ZTg4LTg0NTQt
MGE1MzIxNTZiMmE2LzEvcEtpRmxGMXBBYURxUThTUDctNkV4X29PXzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9mN2I3YzItNWQ4ZC00ZTg4LTg0NTQtMGE1MzIxNTZiMmE2
LzEvOEZ4cTg5QWlZZzl5eFR0M0RvTGx4enJsVUcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQFQmHAAwQD
U494AwQEVcoQAwQCW8SsAwQCwbugAwQCwe8wAwQBwe+oMA0EAgACMAcDBQMqBvJA
MA0GCSqGSIb3DQEBCwUAA4IBAQAl3XkRGxEDrkr34iegetKTFJu54fiPGUKBTV7Y
qT85RJxAinRb1u++/IZ6clYnoERK0Y5sF+zoFwpibIw8yNpcdTGCqdRDM7H1Pt16
rqrnqndBA8gTFy98KYD8BgnLxK1+QYWJ/ATYS6YLpQc3ez6UUHGddODywY5/9teY
B1MTqbR9hJnmKoPQZHyss6wLPSTmpKIjJ8zdLp9u2XcohlW1exUXJYOe6Izg5Kz0
MhYVyqAeuoRr+swSiIMbXkrA4+LkwGYhdgJXrmVuLZCocedVMXuan05z2RopzC4I
+Uox5fkF2Ww3upT0i7gGALjDiL4fhYEjCqx+PcTVqhJdYHLZ
-----END CERTIFICATE-----
Generated at Thu Oct 5 09:21:35 2023 by rpki-client on console-ams.rpki-client.org