Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/pfnp_u9wtxoNYhCLxy7lvF_-ZSE.roa
File: pfnp_u9wtxoNYhCLxy7lvF_-ZSE.roa (raw, json)
Hash identifier: 2g+kDBsXFaO7X1TMdCxc7cQlG0w5OuHDrBd1pPWX7K4=
Subject key identifier: A5:F9:E9:FE:EF:70:B7:1A:0D:62:10:8B:C7:2E:E5:BC:5F:FE:65:21
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 018A60E3ECF6D47990A1D7F34D48436E6144
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/pfnp_u9wtxoNYhCLxy7lvF_-ZSE.roa
Signing time: Mon 04 Sep 2023 15:51:04 +0000
ROA not before: Mon 04 Sep 2023 15:51:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 64249
IP address blocks: 198.151.96.0/20 maxlen: 20
198.151.112.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:60:e3:ec:f6:d4:79:90:a1:d7:f3:4d:48:43:6e:61:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Sep 4 15:51:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a5f9e9feef70b71a0d62108bc72ee5bc5ffe6521
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:1d:af:c5:fc:e1:10:c0:73:32:70:2c:90:c5:
5c:03:e3:ff:22:51:c6:52:a3:c3:42:c8:27:ab:e4:
2a:d8:4b:58:23:fd:89:60:ff:35:8d:de:9a:3e:8c:
7b:06:1f:36:9c:76:61:b0:ac:b5:a7:a0:bb:47:3f:
cd:c0:b7:98:ec:11:4a:6f:e6:aa:d6:fd:a1:df:a3:
8b:01:3d:39:3b:1d:1c:18:a9:c7:ff:f2:d4:10:91:
c8:94:c6:16:90:c5:96:fd:d2:ae:f5:ca:ee:15:f6:
bb:ad:ae:5b:72:e8:f7:6d:c4:f9:f7:b3:c5:fc:eb:
8f:41:ab:33:67:fa:aa:5e:78:75:ed:b7:b2:e6:48:
d2:da:9d:cc:d4:8c:d6:23:a7:fd:7b:dd:2a:ff:f7:
d3:95:dd:15:8c:59:71:ab:17:8b:5f:d8:23:d3:56:
52:6d:3a:6d:55:17:c9:ce:3b:5c:d6:0a:01:82:ec:
75:dc:fe:d2:61:67:b6:57:01:9d:78:5c:99:d8:f7:
2d:f5:6e:d5:4c:e4:9f:ec:8f:8a:8c:79:2c:82:6d:
2a:ca:aa:a2:ed:e1:90:5f:9e:d1:99:64:57:6f:ac:
dc:99:ba:12:02:d7:c0:10:27:87:8d:89:ba:97:92:
44:95:22:3c:e6:ea:9a:dd:95:f9:f8:d9:09:de:c5:
e3:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:F9:E9:FE:EF:70:B7:1A:0D:62:10:8B:C7:2E:E5:BC:5F:FE:65:21
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/pfnp_u9wtxoNYhCLxy7lvF_-ZSE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
198.151.96.0/19
Signature Algorithm: sha256WithRSAEncryption
58:35:4f:5f:ec:cf:7a:54:ff:ef:f4:07:bb:91:19:8e:1c:a0:
9e:29:92:8a:11:91:5b:16:41:54:e7:aa:2a:58:99:cc:1a:ae:
21:5c:e4:8e:ec:8d:90:7a:5d:2d:ac:2b:e1:13:91:86:7c:34:
88:16:cc:2e:e6:5f:a8:3d:22:d5:6e:b6:f5:66:b2:c3:63:12:
94:3a:1c:8a:1c:25:df:3c:21:31:c6:d8:72:78:1d:db:27:48:
5d:c0:ed:f0:97:d9:3d:c8:3e:b5:4d:55:8f:9a:c3:79:b1:8c:
3d:2b:5a:2b:3d:89:dc:45:91:7c:b3:cd:f0:d6:63:47:e3:75:
66:a9:a2:8b:c5:b5:f7:d7:22:e1:18:9c:2c:74:46:09:8d:7d:
50:25:b9:89:9e:0a:1a:09:c2:65:b1:38:55:97:bd:ba:06:4d:
c1:af:68:13:70:5d:79:c9:dc:c9:e6:88:ab:69:ce:5f:2c:82:
43:d3:ce:54:73:33:c5:7b:9a:07:fb:91:49:9a:ec:7d:11:1d:
1b:78:8e:e4:38:da:33:13:8e:5a:55:3b:9f:43:d9:7e:17:3b:
35:0e:42:48:45:af:cc:ec:72:30:df:a8:04:7f:7e:c5:2f:d2:
f4:3d:cd:b9:98:f9:e4:7e:b9:30:6a:d5:57:c8:1b:b9:09:64:
d3:16:e1:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYpg4+z21HmQodfzTUhDbmFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwOTA0MTU1MTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWY5ZTlmZWVmNzBiNzFhMGQ2MjEwOGJjNzJlZTViYzVmZmU2NTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjR2vxfzhEMBzMnAskMVcA+P/IlHG
UqPDQsgnq+Qq2EtYI/2JYP81jd6aPox7Bh82nHZhsKy1p6C7Rz/NwLeY7BFKb+aq
1v2h36OLAT05Ox0cGKnH//LUEJHIlMYWkMWW/dKu9cruFfa7ra5bcuj3bcT597PF
/OuPQaszZ/qqXnh17bey5kjS2p3M1IzWI6f9e90q//fTld0VjFlxqxeLX9gj01ZS
bTptVRfJzjtc1goBgux13P7SYWe2VwGdeFyZ2Pct9W7VTOSf7I+KjHksgm0qyqqi
7eGQX57RmWRXb6zcmboSAtfAECeHjYm6l5JElSI85uqa3ZX5+NkJ3sXjSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKX56f7vcLcaDWIQi8cu5bxf/mUhMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvcGZucF91OXd0eG9OWWhDTHh5N2x2Rl8tWlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFxpdgMA0G
CSqGSIb3DQEBCwUAA4IBAQBYNU9f7M96VP/v9Ae7kRmOHKCeKZKKEZFbFkFU56oq
WJnMGq4hXOSO7I2Qel0trCvhE5GGfDSIFswu5l+oPSLVbrb1ZrLDYxKUOhyKHCXf
PCExxthyeB3bJ0hdwO3wl9k9yD61TVWPmsN5sYw9K1orPYncRZF8s83w1mNH43Vm
qaKLxbX31yLhGJwsdEYJjX1QJbmJngoaCcJlsThVl726Bk3Br2gTcF15ydzJ5oir
ac5fLIJD085UczPFe5oH+5FJmux9ER0beI7kONozE45aVTufQ9l+Fzs1DkJIRa/M
7HIw36gEf37FL9L0Pc25mPnkfrkwatVXyBu5CWTTFuFk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org