Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/PMDV6-hBHdqXyh7r2mq54wDzFfE.roa
File: PMDV6-hBHdqXyh7r2mq54wDzFfE.roa (raw, json)
Hash identifier: 5K5DU9irYLx8OLuYC5MLvMZotDxSXndVBXeEsXX4lLY=
Subject key identifier: 3C:C0:D5:EB:E8:41:1D:DA:97:CA:1E:EB:DA:6A:B9:E3:00:F3:15:F1
Certificate issuer: /CN=4777da157768423fcba9217392ec7f483b3b9442
Certificate serial: 018B24A6D8334C1D379835D1BB92101EBC42
Authority key identifier: 47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/PMDV6-hBHdqXyh7r2mq54wDzFfE.roa
Signing time: Thu 12 Oct 2023 16:09:55 +0000
ROA not before: Thu 12 Oct 2023 16:09:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8832
IP address blocks: 185.123.176.0/22 maxlen: 22
109.69.168.0/21 maxlen: 21
2a00:1498::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:24:a6:d8:33:4c:1d:37:98:35:d1:bb:92:10:1e:bc:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4777da157768423fcba9217392ec7f483b3b9442
Validity
Not Before: Oct 12 16:09:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3cc0d5ebe8411dda97ca1eebda6ab9e300f315f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:70:36:f4:14:7f:c3:1a:78:c5:07:44:17:5e:
ab:b7:b2:4e:55:e2:0f:c8:05:82:88:d8:cf:dc:6d:
c2:21:52:b7:fa:2f:3f:34:92:30:d2:dd:b6:39:86:
71:b3:20:3a:78:d6:ef:f9:27:5e:38:8e:c0:13:ae:
36:bf:55:62:cb:15:22:82:53:e0:97:9b:39:31:93:
69:61:22:4a:22:c5:2f:d8:ef:52:a9:a5:d0:ce:62:
90:4b:0a:9b:d0:92:82:6a:9d:d2:14:b5:dc:aa:38:
1c:11:a9:ec:d0:15:9e:1a:64:7e:6a:56:c3:07:da:
a6:5f:ff:8b:7c:c8:3f:c1:87:08:cf:18:1c:1f:77:
5e:a7:00:be:f4:06:9a:5e:e2:46:1a:5a:a7:a9:a5:
56:f8:ec:5a:50:f0:e9:8c:05:1b:e7:35:90:6b:05:
2b:eb:2b:56:98:bc:b9:f2:60:de:21:a0:ae:b6:86:
84:4a:6c:f4:24:aa:3c:98:3c:67:64:28:12:c1:26:
89:74:f5:ae:bc:cc:d6:b2:56:c0:78:80:78:53:6c:
de:ad:cb:e3:a1:61:8a:90:fd:40:aa:0f:15:51:cc:
67:f2:66:2c:69:7b:ee:93:9c:9e:ea:e3:e8:be:b3:
37:8d:1f:ed:65:31:a2:9a:4a:2c:ac:c3:f8:a2:fc:
d6:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:C0:D5:EB:E8:41:1D:DA:97:CA:1E:EB:DA:6A:B9:E3:00:F3:15:F1
X509v3 Authority Key Identifier:
keyid:47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/PMDV6-hBHdqXyh7r2mq54wDzFfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.69.168.0/21
185.123.176.0/22
IPv6:
2a00:1498::/32
Signature Algorithm: sha256WithRSAEncryption
38:99:61:36:87:a6:40:00:b6:72:9f:e6:34:0d:4e:ed:d9:b8:
0d:6d:a7:53:60:b2:7b:73:8b:f5:d1:0d:22:17:35:48:ce:0c:
a8:69:90:3c:54:a0:01:14:77:13:65:70:7e:21:49:34:ce:4c:
a8:17:89:47:6c:47:73:92:c5:ed:dd:78:69:48:5b:2a:9e:59:
34:bb:ac:94:0a:53:22:36:2d:a7:f6:d2:34:0e:1d:81:27:a4:
ab:47:00:2f:7b:cf:e4:8f:f8:65:bd:5f:d9:8b:54:ad:29:39:
6e:1e:b8:35:c4:07:d2:45:5a:8c:34:a2:b1:a4:20:88:ee:9f:
d5:c2:6e:85:a5:6c:21:f3:a9:e4:4b:b2:09:13:59:3b:97:ba:
a7:36:73:93:c4:d4:f8:a1:97:79:21:68:5a:3a:89:00:09:9d:
03:50:8b:e2:87:23:9c:6b:0b:46:20:85:b1:df:37:b9:e6:1e:
6f:c8:5e:c7:4e:d4:e5:44:ce:0f:42:5a:83:1d:8e:62:55:7c:
c8:70:e5:ca:25:ad:e6:16:23:77:e3:06:ca:27:f2:9f:c2:f4:
ef:44:90:1e:15:45:20:2f:3e:16:4a:d3:7e:bd:d7:f5:2d:22:
66:96:0e:33:e6:02:14:46:a4:53:87:90:7d:37:db:dc:d4:2b:
1e:63:ec:bf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYskptgzTB03mDXRu5IQHrxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzdkYTE1Nzc2ODQyM2ZjYmE5MjE3MzkyZWM3ZjQ4M2Iz
Yjk0NDIwHhcNMjMxMDEyMTYwOTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2MwZDVlYmU4NDExZGRhOTdjYTFlZWJkYTZhYjllMzAwZjMxNWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XA29BR/wxp4xQdEF16rt7JOVeIP
yAWCiNjP3G3CIVK3+i8/NJIw0t22OYZxsyA6eNbv+SdeOI7AE642v1ViyxUiglPg
l5s5MZNpYSJKIsUv2O9SqaXQzmKQSwqb0JKCap3SFLXcqjgcEans0BWeGmR+albD
B9qmX/+LfMg/wYcIzxgcH3depwC+9AaaXuJGGlqnqaVW+OxaUPDpjAUb5zWQawUr
6ytWmLy58mDeIaCutoaESmz0JKo8mDxnZCgSwSaJdPWuvMzWslbAeIB4U2zercvj
oWGKkP1Aqg8VUcxn8mYsaXvuk5ye6uPovrM3jR/tZTGimkosrMP4ovzW5QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDzA1evoQR3al8oe69pqueMA8xXxMB8GA1UdIwQY
MBaAFEd32hV3aEI/y6khc5Lsf0g7O5RCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMt
ZjU3Zjg2ZGY0ZjE2LzEvUE1EVjYtaEJIZHFYeWg3cjJtcTU0d0R6RmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMtZjU3Zjg2ZGY0ZjE2
LzEvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbUWoAwQC
uXuwMA0EAgACMAcDBQAqABSYMA0GCSqGSIb3DQEBCwUAA4IBAQA4mWE2h6ZAALZy
n+Y0DU7t2bgNbadTYLJ7c4v10Q0iFzVIzgyoaZA8VKABFHcTZXB+IUk0zkyoF4lH
bEdzksXt3XhpSFsqnlk0u6yUClMiNi2n9tI0Dh2BJ6SrRwAve8/kj/hlvV/Zi1St
KTluHrg1xAfSRVqMNKKxpCCI7p/Vwm6FpWwh86nkS7IJE1k7l7qnNnOTxNT4oZd5
IWhaOokACZ0DUIvihyOcawtGIIWx3ze55h5vyF7HTtTlRM4PQlqDHY5iVXzIcOXK
Ja3mFiN34wbKJ/KfwvTvRJAeFUUgLz4WStN+vdf1LSJmlg4z5gIURqRTh5B9N9vc
1CseY+y/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:34 2024 by rpki-client on console-fra.rpki-client.org