Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/3PI5IgD_LNyymR9E4uwI80GXocg.roa
File: 3PI5IgD_LNyymR9E4uwI80GXocg.roa (raw, json)
Hash identifier: NhdSge1E0mCU3ricRK5CTJ1niO383XSd5MXL8w7RPQo=
Subject key identifier: DC:F2:39:22:00:FF:2C:DC:B2:99:1F:44:E2:EC:08:F3:41:97:A1:C8
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 019082F18C46528F97110CE8A341194F21BE
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/3PI5IgD_LNyymR9E4uwI80GXocg.roa
Signing time: Fri 05 Jul 2024 12:49:46 +0000
ROA not before: Fri 05 Jul 2024 12:49:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208913
IP address blocks: 46.247.144.0/20 maxlen: 24
89.200.240.0/23 maxlen: 24
91.238.148.0/23 maxlen: 24
193.169.8.0/23 maxlen: 24
193.192.52.0/23 maxlen: 24
193.239.172.0/23 maxlen: 24
193.239.246.0/23 maxlen: 24
194.24.234.0/23 maxlen: 24
194.42.100.0/23 maxlen: 24
194.88.134.0/23 maxlen: 24
194.106.212.0/23 maxlen: 24
194.246.106.0/23 maxlen: 24
195.2.196.0/23 maxlen: 24
195.13.48.0/23 maxlen: 24
195.34.80.0/23 maxlen: 24
195.93.140.0/23 maxlen: 24
195.128.188.0/23 maxlen: 24
195.135.192.0/23 maxlen: 24
195.189.186.0/23 maxlen: 24
195.189.250.0/23 maxlen: 24
195.210.44.0/23 maxlen: 24
195.254.140.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:82:f1:8c:46:52:8f:97:11:0c:e8:a3:41:19:4f:21:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Jul 5 12:49:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dcf2392200ff2cdcb2991f44e2ec08f34197a1c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:dd:c6:9b:53:c0:d4:6c:aa:b6:d0:47:82:16:
94:29:3a:cd:89:e5:d6:22:72:4d:eb:34:6d:85:72:
8b:e0:6e:36:a7:de:c1:b7:23:42:9a:7e:d6:cb:10:
9b:80:a3:d7:c9:d9:25:ea:92:aa:88:4b:d1:76:bc:
0b:bf:3a:ac:a9:c7:02:27:de:b2:f5:e4:ea:f2:b8:
b9:0b:c2:1c:54:30:df:b5:59:83:d5:b9:d2:89:99:
d7:97:83:52:9a:4d:bc:fc:31:7b:fa:e5:cb:0d:48:
25:88:90:2f:db:f0:01:cb:7d:79:58:6d:82:99:12:
58:3c:fa:ba:53:0b:2c:06:37:38:6b:c8:f7:99:2b:
e6:5e:f4:70:4a:aa:79:c5:d7:84:b2:f3:85:2a:26:
ad:c9:e0:52:e4:f5:6d:ae:52:3b:2c:68:a7:13:6c:
2e:1b:38:36:ad:f0:ac:72:8c:20:bc:70:8f:77:12:
fa:0b:58:9f:6c:26:cd:4e:4d:77:de:0a:75:c4:86:
38:32:a1:db:d1:e4:01:04:fa:4e:d9:58:cc:d8:98:
9a:97:62:d4:ce:3b:fe:a4:ad:ad:fc:e3:a2:d8:00:
c9:38:1a:78:fb:ea:18:f1:eb:7c:08:14:e1:f6:77:
5a:26:65:23:4c:0a:37:6f:48:cc:44:3c:fe:cb:7f:
cf:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:F2:39:22:00:FF:2C:DC:B2:99:1F:44:E2:EC:08:F3:41:97:A1:C8
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/3PI5IgD_LNyymR9E4uwI80GXocg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.144.0/20
89.200.240.0/23
91.238.148.0/23
193.169.8.0/23
193.192.52.0/23
193.239.172.0/23
193.239.246.0/23
194.24.234.0/23
194.42.100.0/23
194.88.134.0/23
194.106.212.0/23
194.246.106.0/23
195.2.196.0/23
195.13.48.0/23
195.34.80.0/23
195.93.140.0/23
195.128.188.0/23
195.135.192.0/23
195.189.186.0/23
195.189.250.0/23
195.210.44.0/23
195.254.140.0/23
Signature Algorithm: sha256WithRSAEncryption
99:63:a7:0a:32:98:a8:36:e7:8f:1a:bb:0a:42:dc:ef:d5:77:
42:e9:5f:cc:d8:10:c9:6f:50:bf:60:87:7d:8c:fb:9c:b2:93:
39:2d:71:1c:ef:3c:67:be:73:d6:6f:52:cf:15:75:b4:db:48:
13:bb:e7:fd:55:f5:88:92:ae:af:9c:50:a1:ca:8f:de:20:f5:
1e:75:5a:0c:b0:a5:19:18:1f:5a:ff:1f:66:fa:eb:de:27:20:
10:25:e3:77:fd:27:12:4d:f9:3e:b7:ee:0d:5a:e1:ba:af:7d:
30:d0:57:ab:1c:00:80:80:86:f4:cc:68:10:e0:da:70:0d:8d:
0b:bc:20:0e:1b:3c:6a:c7:33:f8:4f:21:39:e5:76:6c:56:15:
7c:e5:4c:34:5b:7c:95:c9:f5:3a:a6:2e:12:1b:28:89:ab:5b:
6b:bc:66:96:fd:6c:aa:bb:26:49:d9:50:8f:dc:4f:0c:dc:58:
2a:53:a5:d4:8e:cc:6c:0f:a6:8c:2a:1c:20:59:77:45:d9:4c:
9d:cd:26:64:03:3a:74:50:52:f7:6d:28:91:71:9e:bf:3e:34:
25:8d:32:b4:bc:44:a0:64:14:56:ce:71:a4:82:1e:6b:3b:c7:
5e:fd:2f:17:25:fa:c8:ec:85:82:f7:f9:c7:68:8f:e9:4a:9a:
06:f1:d3:87
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAZCC8YxGUo+XEQzoo0EZTyG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwNzA1MTI0OTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2YyMzkyMjAwZmYyY2RjYjI5OTFmNDRlMmVjMDhmMzQxOTdhMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr93Gm1PA1GyqttBHghaUKTrNieXW
InJN6zRthXKL4G42p97BtyNCmn7WyxCbgKPXydkl6pKqiEvRdrwLvzqsqccCJ96y
9eTq8ri5C8IcVDDftVmD1bnSiZnXl4NSmk28/DF7+uXLDUgliJAv2/ABy315WG2C
mRJYPPq6UwssBjc4a8j3mSvmXvRwSqp5xdeEsvOFKiatyeBS5PVtrlI7LGinE2wu
Gzg2rfCscowgvHCPdxL6C1ifbCbNTk133gp1xIY4MqHb0eQBBPpO2VjM2Jial2LU
zjv+pK2t/OOi2ADJOBp4++oY8et8CBTh9ndaJmUjTAo3b0jMRDz+y3/PfQIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFNzyOSIA/yzcspkfROLsCPNBl6HIMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvM1BJNUlnRF9MTnl5bVI5RTR1d0k4MEdYb2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBAQu
95ADBAFZyPADBAFb7pQDBAHBqQgDBAHBwDQDBAHB76wDBAHB7/YDBAHCGOoDBAHC
KmQDBAHCWIYDBAHCatQDBAHC9moDBAHDAsQDBAHDDTADBAHDIlADBAHDXYwDBAHD
gLwDBAHDh8ADBAHDvboDBAHDvfoDBAHD0iwDBAHD/owwDQYJKoZIhvcNAQELBQAD
ggEBAJljpwoymKg2548auwpC3O/Vd0LpX8zYEMlvUL9gh32M+5yykzktcRzvPGe+
c9ZvUs8VdbTbSBO75/1V9YiSrq+cUKHKj94g9R51WgywpRkYH1r/H2b6694nIBAl
43f9JxJN+T637g1a4bqvfTDQV6scAICAhvTMaBDg2nANjQu8IA4bPGrHM/hPITnl
dmxWFXzlTDRbfJXJ9TqmLhIbKImrW2u8Zpb9bKq7JknZUI/cTwzcWCpTpdSOzGwP
powqHCBZd0XZTJ3NJmQDOnRQUvdtKJFxnr8+NCWNMrS8RKBkFFbOcaSCHms7x179
Lxcl+sjshYL3+cdoj+lKmgbx04c=
-----END CERTIFICATE-----
Generated at Wed Jul 10 14:24:16 2024 by rpki-client on console-ams.rpki-client.org