Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Pox-3NCJYn5aueHDuYWSP8vrxyE.roa
File: Pox-3NCJYn5aueHDuYWSP8vrxyE.roa (raw, json)
Hash identifier: /gKPWuANOpJYGfZMYKY7btgNck7yvNUEJtjWc9eq5zo=
Subject key identifier: 3E:8C:7E:DC:D0:89:62:7E:5A:B9:E1:C3:B9:85:92:3F:CB:EB:C7:21
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 04DB1482
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Pox-3NCJYn5aueHDuYWSP8vrxyE.roa
Signing time: Sat 01 Jan 2022 01:00:40 +0000
ROA not before: Sat 01 Jan 2022 01:00:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47869
IP address blocks: 109.235.48.0/21 maxlen: 21
178.239.48.0/20 maxlen: 20
94.185.80.0/21 maxlen: 21
185.149.56.0/22 maxlen: 22
91.208.164.0/24 maxlen: 24
194.110.67.0/24 maxlen: 24
37.46.192.0/22 maxlen: 22
91.205.232.0/22 maxlen: 22
37.46.199.0/24 maxlen: 24
91.199.50.0/24 maxlen: 24
37.46.196.0/23 maxlen: 23
185.24.248.0/22 maxlen: 22
31.171.132.0/22 maxlen: 22
31.171.128.0/24 maxlen: 24
31.171.128.0/22 maxlen: 22
94.228.208.0/20 maxlen: 20
2a00:dd0::/32 maxlen: 48
2a00:dd0:bbbb::/48 maxlen: 48
2a00:dd0:aaaa::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 81466498 (0x4db1482)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Jan 1 01:00:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3e8c7edcd089627e5ab9e1c3b985923fcbebc721
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:b6:bb:bd:17:6a:e6:c6:0b:bd:6f:58:50:98:
f6:ac:60:2a:8e:56:d1:3f:d6:05:75:63:06:03:25:
28:8c:d5:04:ff:d4:4e:46:0f:84:56:09:d2:18:92:
68:86:98:47:9c:5d:67:bc:15:b2:91:d0:5e:4f:aa:
fa:c4:91:99:a6:df:fd:e3:ce:60:55:be:32:c4:43:
34:20:5d:5b:2c:5d:ff:62:6c:c0:aa:38:bb:e6:8e:
48:14:1a:96:b8:0d:80:e8:5f:71:d3:15:5e:f0:15:
8f:99:97:cd:39:44:39:25:36:ad:1d:8f:a2:d2:c1:
ed:c1:4d:56:fc:ff:f0:f2:4c:c4:19:bf:8b:85:43:
40:7e:7d:90:f1:99:7a:09:dd:4f:b2:e7:f7:8e:95:
da:0f:a0:fa:0c:ad:d7:2a:7a:34:4d:62:e2:2a:c8:
0e:45:9a:d1:a9:54:b4:8b:56:4e:c8:ce:6e:9e:15:
20:42:64:f4:f1:54:1b:68:30:7f:09:38:e8:22:16:
01:84:6a:74:6b:39:53:01:03:65:d6:e5:03:b5:95:
18:b8:99:d6:f2:6a:cc:05:9d:ea:61:a9:b7:67:24:
30:3d:5c:c2:5d:4e:cd:3d:e5:4c:d3:00:ba:f6:c6:
c3:02:a3:30:85:41:8c:11:e7:a3:bf:24:f0:f0:96:
f9:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:8C:7E:DC:D0:89:62:7E:5A:B9:E1:C3:B9:85:92:3F:CB:EB:C7:21
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Pox-3NCJYn5aueHDuYWSP8vrxyE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.128.0/21
37.46.192.0-37.46.197.255
37.46.199.0/24
91.199.50.0/24
91.205.232.0/22
91.208.164.0/24
94.185.80.0/21
94.228.208.0/20
109.235.48.0/21
178.239.48.0/20
185.24.248.0/22
185.149.56.0/22
194.110.67.0/24
IPv6:
2a00:dd0::/32
Signature Algorithm: sha256WithRSAEncryption
84:5b:54:5d:99:75:97:bd:5d:20:17:d6:a2:1e:15:57:ed:d0:
22:37:c0:41:c1:c9:91:0d:73:ed:71:55:6c:5b:ea:65:24:36:
f3:38:a3:ff:8e:e5:5e:2d:cb:a5:29:b4:91:0b:c3:52:b6:73:
c5:68:fc:b2:32:bd:1a:8e:94:8a:e5:3a:8d:2e:f1:e7:ee:16:
60:80:3f:3b:2d:24:23:c8:30:9b:c9:81:ab:47:6c:72:96:78:
17:f5:6d:9c:c8:3b:a3:83:6b:02:b9:30:9d:c7:41:c2:5e:12:
68:5b:f0:0e:3c:5a:58:38:cd:86:1a:dc:88:05:c6:b5:76:49:
46:c9:fd:6f:0f:20:79:2b:11:ed:19:63:27:2c:5e:f3:de:58:
0d:db:c4:84:3b:24:76:a3:29:91:90:ff:67:d5:a3:ee:97:e3:
82:14:e6:dd:b5:a0:3f:ae:f9:cb:88:50:60:18:ba:dc:54:e2:
3d:9b:51:f6:21:8d:22:74:d7:2a:2d:11:57:e3:d9:94:41:7b:
00:e3:9a:12:43:99:a3:49:ef:21:13:bd:f2:fb:fc:6b:f0:c2:
f4:5c:99:5e:13:a2:aa:f1:ba:61:0f:24:f0:b2:68:8f:e6:38:
ec:18:0a:af:fe:5e:ad:d5:d2:38:7b:67:68:ab:db:d9:de:a1:
80:92:5a:63
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgIEBNsUgjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
MmRjOWMyMThiNTEwYzA3YmM2NjU5YjA5ZmJkMzJhZmU2OGFiZmQyMB4XDTIyMDEw
MTAxMDA0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2U4YzdlZGNkMDg5
NjI3ZTVhYjllMWMzYjk4NTkyM2ZjYmViYzcyMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ+2u70XaubGC71vWFCY9qxgKo5W0T/WBXVjBgMlKIzVBP/U
TkYPhFYJ0hiSaIaYR5xdZ7wVspHQXk+q+sSRmabf/ePOYFW+MsRDNCBdWyxd/2Js
wKo4u+aOSBQalrgNgOhfcdMVXvAVj5mXzTlEOSU2rR2PotLB7cFNVvz/8PJMxBm/
i4VDQH59kPGZegndT7Ln946V2g+g+gyt1yp6NE1i4irIDkWa0alUtItWTsjObp4V
IEJk9PFUG2gwfwk46CIWAYRqdGs5UwEDZdblA7WVGLiZ1vJqzAWd6mGpt2ckMD1c
wl1OzT3lTNMAuvbGwwKjMIVBjBHno78k8PCW+UcCAwEAAaOCAmgwggJkMB0GA1Ud
DgQWBBQ+jH7c0Iliflq54cO5hZI/y+vHITAfBgNVHSMEGDAWgBRS3Jwhi1EMB7xm
WbCfvTKv5oq/0jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1V0eWNJWXRSREFlOFpsbXduNzB5ci1hS3Y5SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWQvNDA5YjdlLTEyNzUtNDNlZC1hZjBmLTUyZjk3YjI3N2QxZi8x
L1BveC0zTkNKWW41YXVlSER1WVdTUDh2cnh5RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWQv
NDA5YjdlLTEyNzUtNDNlZC1hZjBmLTUyZjk3YjI3N2QxZi8xL1V0eWNJWXRSREFl
OFpsbXduNzB5ci1hS3Y5SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB+
BggrBgEFBQcBBwEB/wRvMG0wXAQCAAEwVgMEAx+rgDAMAwQGJS7AAwQBJS7EAwQA
JS7HAwQAW8cyAwQCW83oAwQAW9CkAwQDXrlQAwQEXuTQAwQDbeswAwQEsu8wAwQC
uRj4AwQCuZU4AwQAwm5DMA0EAgACMAcDBQAqAA3QMA0GCSqGSIb3DQEBCwUAA4IB
AQCEW1RdmXWXvV0gF9aiHhVX7dAiN8BBwcmRDXPtcVVsW+plJDbzOKP/juVeLcul
KbSRC8NStnPFaPyyMr0ajpSK5TqNLvHn7hZggD87LSQjyDCbyYGrR2xylngX9W2c
yDujg2sCuTCdx0HCXhJoW/AOPFpYOM2GGtyIBca1dklGyf1vDyB5KxHtGWMnLF7z
3lgN28SEOyR2oymRkP9n1aPul+OCFObdtaA/rvnLiFBgGLrcVOI9m1H2IY0idNcq
LRFX49mUQXsA45oSQ5mjSe8hE73y+/xr8ML0XJleE6Kq8bphDyTwsmiP5jjsGAqv
/l6t1dI4e2doq9vZ3qGAklpj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:40 2024 by rpki-client on console-fra.rpki-client.org