Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/pscGJTt4unEUlfOAcD3UGTuEtPE.roa
File: pscGJTt4unEUlfOAcD3UGTuEtPE.roa (raw, json)
Hash identifier: sixPB0+YWBmrH8KfOVmDlYTxiiSZlqD+pWXdAqsMRxk=
Subject key identifier: A6:C7:06:25:3B:78:BA:71:14:95:F3:80:70:3D:D4:19:3B:84:B4:F1
Certificate issuer: /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial: 0186A403126A7C5D7BD45DD4D0A6C318CC1F
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/pscGJTt4unEUlfOAcD3UGTuEtPE.roa
Signing time: Thu 02 Mar 2023 20:28:30 +0000
ROA not before: Thu 02 Mar 2023 20:28:30 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49289
IP address blocks: 185.63.132.0/23 maxlen: 23
159.255.136.0/22 maxlen: 22
185.63.135.0/24 maxlen: 24
185.63.134.0/24 maxlen: 24
159.255.144.0/24 maxlen: 24
159.255.145.0/24 maxlen: 24
159.255.144.0/22 maxlen: 22
188.94.120.0/21 maxlen: 21
171.22.233.0/24 maxlen: 24
171.22.232.0/24 maxlen: 24
171.22.235.0/24 maxlen: 24
171.22.234.0/24 maxlen: 24
93.185.112.0/20 maxlen: 20
178.239.32.0/20 maxlen: 20
159.255.147.0/24 maxlen: 24
159.255.146.0/24 maxlen: 24
2a00:c50::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a4:03:12:6a:7c:5d:7b:d4:5d:d4:d0:a6:c3:18:cc:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Validity
Not Before: Mar 2 20:28:30 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a6c706253b78ba711495f380703dd4193b84b4f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:2a:d9:62:35:9b:33:71:3b:af:c6:6d:50:de:
9b:8e:17:54:39:bb:74:92:7d:26:b2:f4:7d:64:a2:
c1:75:07:41:86:c1:73:c3:f0:3b:6d:55:bc:10:ab:
87:22:9f:cd:ff:38:e0:40:ba:62:2f:b1:4f:38:36:
a3:3e:34:c8:e2:cd:da:1a:f4:9a:94:25:0e:25:a0:
7e:55:00:ff:8c:3d:8c:dc:3c:32:92:7b:ad:64:34:
c1:00:10:02:87:d9:67:95:43:e5:02:eb:f1:1c:0f:
78:e0:cf:fa:a0:0e:87:52:4e:b3:5b:b4:ad:51:21:
1e:70:1b:bd:78:ff:6e:c3:ec:49:a8:8d:5b:78:8e:
2f:8f:d7:f8:f9:ca:69:28:b1:f4:68:dc:06:0c:bc:
26:f3:31:8e:2f:40:31:14:0a:64:3e:c6:0e:89:13:
f0:1c:5d:4a:f6:95:9b:3d:d5:e8:9b:6d:47:03:ed:
55:fa:cd:5b:c2:91:c6:78:57:dd:66:fb:1e:82:dc:
87:6d:45:4a:6d:28:1f:8b:03:28:c2:55:f1:da:47:
4b:7f:7b:78:07:30:0c:c3:5a:56:0c:c3:d5:79:47:
50:8b:fd:1e:6d:4d:b8:df:57:e7:d1:5e:84:2a:c9:
87:ff:4c:95:31:23:69:1b:61:c4:0f:e9:40:e3:b5:
b4:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:C7:06:25:3B:78:BA:71:14:95:F3:80:70:3D:D4:19:3B:84:B4:F1
X509v3 Authority Key Identifier:
keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/pscGJTt4unEUlfOAcD3UGTuEtPE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.185.112.0/20
159.255.136.0/22
159.255.144.0/22
171.22.232.0/22
178.239.32.0/20
185.63.132.0/22
188.94.120.0/21
IPv6:
2a00:c50::/29
Signature Algorithm: sha256WithRSAEncryption
11:d7:de:ff:53:9e:08:fa:4b:09:dc:83:0a:e1:2b:90:2c:b8:
6e:d5:6e:be:3c:db:e2:dc:15:71:99:57:d9:bf:a6:9b:a1:2c:
69:c7:0e:6d:3c:d9:bd:0b:34:86:2a:9e:e9:07:8e:80:2e:6a:
15:7c:8e:6d:be:2d:0c:9a:29:2e:4a:ca:1e:0f:4b:41:e5:e4:
9c:1c:e1:0a:66:1b:7d:1b:94:26:8e:fe:3c:ef:cf:3c:59:dc:
05:b5:40:56:31:8f:53:7d:0f:6f:a6:99:70:a3:68:d9:f6:37:
58:a0:3a:2a:c7:9d:4d:5f:8c:f8:4e:42:85:dc:49:46:a4:75:
03:be:af:07:74:06:b8:f7:e3:cd:a2:27:16:2d:0b:8a:49:ba:
63:15:08:a6:46:67:c9:25:1b:08:bc:94:2a:dd:9e:39:02:c1:
15:28:c3:f3:9f:45:e8:4e:0f:17:a0:db:bb:d4:44:a1:30:21:
b4:b8:17:f7:25:fa:a0:2a:f7:c3:46:3a:e3:ec:1d:7b:36:9e:
50:4a:24:9b:91:35:9c:18:fd:cc:e6:3e:b8:56:2a:01:67:e8:
55:ad:6d:e2:16:d5:de:e4:58:f6:13:24:9f:ab:4c:3f:d8:2e:
fb:5f:60:e3:92:9a:25:a9:96:9f:71:65:b5:f5:91:79:7e:6e:
fb:93:62:b5
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYakAxJqfF171F3U0KbDGMwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjMwMzAyMjAyODMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM3MDYyNTNiNzhiYTcxMTQ5NWYzODA3MDNkZDQxOTNiODRiNGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCrZYjWbM3E7r8ZtUN6bjhdUObt0
kn0msvR9ZKLBdQdBhsFzw/A7bVW8EKuHIp/N/zjgQLpiL7FPODajPjTI4s3aGvSa
lCUOJaB+VQD/jD2M3DwyknutZDTBABACh9lnlUPlAuvxHA944M/6oA6HUk6zW7St
USEecBu9eP9uw+xJqI1beI4vj9f4+cppKLH0aNwGDLwm8zGOL0AxFApkPsYOiRPw
HF1K9pWbPdXom21HA+1V+s1bwpHGeFfdZvsegtyHbUVKbSgfiwMowlXx2kdLf3t4
BzAMw1pWDMPVeUdQi/0ebU2431fn0V6EKsmH/0yVMSNpG2HED+lA47W03wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKbHBiU7eLpxFJXzgHA91Bk7hLTxMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvcHNjR0pUdDR1bkVVbGZPQWNEM1VHVHVFdFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEXblwAwQC
n/+IAwQCn/+QAwQCqxboAwQEsu8gAwQCuT+EAwQDvF54MA0EAgACMAcDBQMqAAxQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAR197/U54I+ksJ3IMK4SuQLLhu1W6+PNvi3BVx
mVfZv6aboSxpxw5tPNm9CzSGKp7pB46ALmoVfI5tvi0MmikuSsoeD0tB5eScHOEK
Zht9G5Qmjv487888WdwFtUBWMY9TfQ9vpplwo2jZ9jdYoDoqx51NX4z4TkKF3ElG
pHUDvq8HdAa49+PNoicWLQuKSbpjFQimRmfJJRsIvJQq3Z45AsEVKMPzn0XoTg8X
oNu71EShMCG0uBf3JfqgKvfDRjrj7B17Np5QSiSbkTWcGP3M5j64VioBZ+hVrW3i
FtXe5Fj2EySfq0w/2C77X2DjkpolqZafcWW19ZF5fm77k2K1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:51 2024 by rpki-client on console-fra.rpki-client.org