Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/PnwH747p3ttbgnx2wmdn1bYg3BY.roa
File: PnwH747p3ttbgnx2wmdn1bYg3BY.roa (raw, json)
Hash identifier: 0su2H/ALPKb9/rD5qxqEb6tNrDPe+jq/Kdv3PaNjhR8=
Subject key identifier: 3E:7C:07:EF:8E:E9:DE:DB:5B:82:7C:76:C2:67:67:D5:B6:20:DC:16
Certificate issuer: /CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
Certificate serial: 051AB977
Authority key identifier: 0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/PnwH747p3ttbgnx2wmdn1bYg3BY.roa
Signing time: Fri 27 May 2022 11:55:36 +0000
ROA not before: Fri 27 May 2022 11:55:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1299
IP address blocks: 212.172.0.0/16 maxlen: 24
195.247.0.0/16 maxlen: 24
195.78.160.0/19 maxlen: 24
194.162.0.0/16 maxlen: 24
80.83.96.0/20 maxlen: 24
62.144.0.0/16 maxlen: 24
194.112.16.0/20 maxlen: 24
79.140.176.0/20 maxlen: 24
213.54.0.0/16 maxlen: 24
62.246.0.0/16 maxlen: 24
83.129.0.0/16 maxlen: 24
195.52.0.0/16 maxlen: 24
85.212.0.0/15 maxlen: 24
212.255.0.0/16 maxlen: 24
195.63.0.0/16 maxlen: 24
62.26.0.0/15 maxlen: 24
185.210.52.0/22 maxlen: 24
195.254.0.0/17 maxlen: 24
195.185.0.0/16 maxlen: 24
2001:4091::/32 maxlen: 48
2a01:5c8::/32 maxlen: 48
2001:4090::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 85637495 (0x51ab977)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
Validity
Not Before: May 27 11:55:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3e7c07ef8ee9dedb5b827c76c26767d5b620dc16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:cc:20:e8:a5:37:d8:30:d2:5d:e3:10:0a:44:
21:28:79:76:f0:d1:6f:40:e1:a6:68:5d:14:5a:a4:
fb:46:b4:19:05:7d:05:33:60:73:0d:f4:5d:c4:64:
05:2c:cb:dc:8a:8f:56:d3:15:a8:ad:54:ec:d4:45:
5f:4a:c7:e1:0d:07:92:7f:c4:2d:5d:31:2b:49:1a:
79:4f:a2:8e:22:49:c8:22:ba:f7:d7:d9:29:fa:16:
7b:86:c2:6e:94:ec:a7:e1:17:fa:ef:b6:84:b5:ec:
f8:a6:5f:46:46:32:67:86:d1:42:ed:91:e3:e1:dc:
0c:1f:c7:df:3f:2c:98:ff:aa:16:3b:0d:b9:76:7b:
1f:6f:b4:4c:d1:aa:65:46:55:09:dc:7f:46:0a:2a:
e5:70:1e:96:ca:ec:2c:32:6b:1b:7e:e3:9b:57:37:
b7:ae:33:cc:a9:7d:0a:db:fc:4f:ef:1f:fe:c3:1f:
a4:68:ec:9a:e1:7d:98:ef:3e:c8:e9:0f:87:c6:f7:
67:27:39:f1:e7:21:a7:6b:cd:c9:92:f6:5c:85:7f:
8c:59:26:9c:51:ec:7d:da:ca:48:2d:26:37:6a:00:
d6:ad:02:3b:54:75:13:4b:04:b3:f3:45:c2:11:2e:
db:bb:75:28:32:f2:cf:01:66:07:cb:f2:ce:11:27:
22:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:7C:07:EF:8E:E9:DE:DB:5B:82:7C:76:C2:67:67:D5:B6:20:DC:16
X509v3 Authority Key Identifier:
keyid:0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/PnwH747p3ttbgnx2wmdn1bYg3BY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.26.0.0/15
62.144.0.0/16
62.246.0.0/16
79.140.176.0/20
80.83.96.0/20
83.129.0.0/16
85.212.0.0/15
185.210.52.0/22
194.112.16.0/20
194.162.0.0/16
195.52.0.0/16
195.63.0.0/16
195.78.160.0/19
195.185.0.0/16
195.247.0.0/16
195.254.0.0/17
212.172.0.0/16
212.255.0.0/16
213.54.0.0/16
IPv6:
2001:4090::/31
2a01:5c8::/32
Signature Algorithm: sha256WithRSAEncryption
27:34:fe:76:49:1f:3e:fe:ba:42:81:e9:4a:da:a6:cd:97:c4:
6b:f2:b4:93:9e:ea:fc:01:a9:db:e1:a7:3a:07:75:92:1f:33:
c2:8a:e6:0f:97:50:39:18:59:d4:be:f3:25:f1:7d:eb:2e:73:
f7:3d:cf:75:78:84:62:45:09:6d:6e:ca:e5:ae:ba:04:03:e6:
c4:70:f5:2b:d4:c8:ff:1f:d3:f2:b0:6d:a5:ae:d4:ce:08:35:
d6:a9:4f:ee:8f:0b:c1:ad:30:05:91:aa:0c:2c:9b:1e:37:bc:
ed:69:8c:8b:2b:a4:e7:9b:a3:eb:e8:d9:b7:f4:f2:e8:05:de:
fa:66:e2:a8:17:48:d2:33:41:bd:2b:1c:93:09:e0:ff:28:09:
b8:b0:3a:73:11:20:d1:99:3e:96:13:4a:da:33:d6:8a:b5:c2:
88:6e:57:3c:0a:b3:fa:92:1a:3b:e6:ec:a3:f7:27:97:0d:85:
fc:4c:4b:ea:90:cb:11:c2:fc:cf:ef:7a:64:bf:a6:ce:8f:4e:
dd:4b:ac:9b:af:19:d4:11:0f:0d:0e:65:12:06:f7:41:ff:32:
01:88:17:20:b6:a0:aa:93:27:33:b1:82:74:5e:3e:fc:9b:7c:
57:8b:18:14:14:96:1e:74:84:ac:bf:24:e3:d9:f6:30:aa:6e:
1e:a4:b8:71
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgIEBRq5dzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YTFkNzJhYzA4MjZlMDliYzBkMTdkZGVlOGJhODdkOTczMWRkNDEzMB4XDTIyMDUy
NzExNTUzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2U3YzA3ZWY4ZWU5
ZGVkYjViODI3Yzc2YzI2NzY3ZDViNjIwZGMxNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKHMIOilN9gw0l3jEApEISh5dvDRb0DhpmhdFFqk+0a0GQV9
BTNgcw30XcRkBSzL3IqPVtMVqK1U7NRFX0rH4Q0Hkn/ELV0xK0kaeU+ijiJJyCK6
99fZKfoWe4bCbpTsp+EX+u+2hLXs+KZfRkYyZ4bRQu2R4+HcDB/H3z8smP+qFjsN
uXZ7H2+0TNGqZUZVCdx/Rgoq5XAelsrsLDJrG37jm1c3t64zzKl9Ctv8T+8f/sMf
pGjsmuF9mO8+yOkPh8b3Zyc58echp2vNyZL2XIV/jFkmnFHsfdrKSC0mN2oA1q0C
O1R1E0sEs/NFwhEu27t1KDLyzwFmB8vyzhEnIi8CAwEAAaOCAoEwggJ9MB0GA1Ud
DgQWBBQ+fAfvjune21uCfHbCZ2fVtiDcFjAfBgNVHSMEGDAWgBQKHXKsCCbgm8DR
fd7ouofZcx3UEzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NoMXlyQWdtNEp2QTBYM2U2THFIMlhNZDFCTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjQvNjM0MWRhLTJiMzQtNGQ0NS05YzE3LTk1ODExMmE0ODlhNC8x
L1Bud0g3NDdwM3R0YmdueDJ3bWRuMWJZZzNCWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQv
NjM0MWRhLTJiMzQtNGQ0NS05YzE3LTk1ODExMmE0ODlhNC8xL0NoMXlyQWdtNEp2
QTBYM2U2THFIMlhNZDFCTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
lgYIKwYBBQUHAQcBAf8EgYYwgYMwawQCAAEwZQMDAT4aAwMAPpADAwA+9gMEBE+M
sAMEBFBTYAMDAFOBAwMBVdQDBAK50jQDBATCcBADAwDCogMDAMM0AwMAwz8DBAXD
TqADAwDDuQMDAMP3AwQHw/4AAwMA1KwDAwDU/wMDANU2MBQEAgACMA4DBQEgAUCQ
AwUAKgEFyDANBgkqhkiG9w0BAQsFAAOCAQEAJzT+dkkfPv66QoHpStqmzZfEa/K0
k57q/AGp2+GnOgd1kh8zwormD5dQORhZ1L7zJfF96y5z9z3PdXiEYkUJbW7K5a66
BAPmxHD1K9TI/x/T8rBtpa7Uzgg11qlP7o8Lwa0wBZGqDCybHje87WmMiyuk55uj
6+jZt/Ty6AXe+mbiqBdI0jNBvSsckwng/ygJuLA6cxEg0Zk+lhNK2jPWirXCiG5X
PAqz+pIaO+bso/cnlw2F/ExL6pDLEcL8z+96ZL+mzo9O3Uusm68Z1BEPDQ5lEgb3
Qf8yAYgXILagqpMnM7GCdF4+/Jt8V4sYFBSWHnSErL8k49n2MKpuHqS4cQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:02:46 2025 by rpki-client