Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/PYKrBl_fMbzTmYUD89p8pHBg38U.roa
File: PYKrBl_fMbzTmYUD89p8pHBg38U.roa (raw, json)
Hash identifier: 2J57VsijY66btrA7S91ghN+3uofX90se3x7DnYpzlWc=
Subject key identifier: 3D:82:AB:06:5F:DF:31:BC:D3:99:85:03:F3:DA:7C:A4:70:60:DF:C5
Certificate issuer: /CN=a16f2a8162a75524ff52783f8132c33007da4d98
Certificate serial: 01914B443D9F863684045616875C0F4481E4
Authority key identifier: A1:6F:2A:81:62:A7:55:24:FF:52:78:3F:81:32:C3:30:07:DA:4D:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oW8qgWKnVST_Ung_gTLDMAfaTZg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/PYKrBl_fMbzTmYUD89p8pHBg38U.roa
Signing time: Tue 13 Aug 2024 10:24:09 +0000
ROA not before: Tue 13 Aug 2024 10:24:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208189
IP address blocks: 31.22.12.0/22 maxlen: 24
193.17.86.0/23 maxlen: 24
193.17.176.0/23 maxlen: 24
212.132.160.0/19 maxlen: 24
2a04:c880::/32 maxlen: 48
2a0f:9d80::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:4b:44:3d:9f:86:36:84:04:56:16:87:5c:0f:44:81:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a16f2a8162a75524ff52783f8132c33007da4d98
Validity
Not Before: Aug 13 10:24:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3d82ab065fdf31bcd3998503f3da7ca47060dfc5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:56:82:ae:0e:86:46:6a:b2:0d:39:41:4a:42:
6a:5c:8a:7d:28:b4:cc:2f:a3:31:e8:10:80:35:35:
73:ee:0d:81:7d:2c:e5:1f:fb:f3:53:5a:df:81:15:
72:2d:3d:4c:da:32:cb:ca:13:98:f6:84:c4:89:4d:
e1:17:8b:8f:51:32:7b:71:22:c0:ac:9a:44:d9:7c:
11:d1:f3:fb:92:64:85:07:33:93:cd:75:40:38:51:
21:a3:ec:30:c5:a3:91:85:5a:d8:b9:1e:9a:0e:f1:
ea:62:42:93:f6:a7:96:56:20:23:92:ec:6c:6a:84:
18:1b:4d:b4:5c:b2:d4:fa:a2:3e:76:33:73:f5:64:
cf:c6:b1:ff:f6:7c:dd:2a:14:ac:e1:2e:67:6e:0b:
8f:e4:ad:98:3b:22:0c:de:66:9f:61:30:25:d0:15:
bd:b6:37:ff:58:b2:fe:b4:ca:1f:6f:f0:0c:ae:ab:
89:36:06:42:22:9e:11:c1:fd:78:7b:35:80:08:68:
92:06:6e:c8:ad:42:6e:7a:14:2b:aa:48:6a:8b:65:
9e:0a:a9:26:17:6e:92:77:8c:21:18:fe:82:33:6a:
40:9a:9a:91:fa:0a:83:67:97:c2:ef:ef:0f:e1:d2:
80:19:75:3b:05:cc:9f:2b:1a:d6:87:3d:c5:32:9b:
f7:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:82:AB:06:5F:DF:31:BC:D3:99:85:03:F3:DA:7C:A4:70:60:DF:C5
X509v3 Authority Key Identifier:
keyid:A1:6F:2A:81:62:A7:55:24:FF:52:78:3F:81:32:C3:30:07:DA:4D:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oW8qgWKnVST_Ung_gTLDMAfaTZg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/PYKrBl_fMbzTmYUD89p8pHBg38U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/oW8qgWKnVST_Ung_gTLDMAfaTZg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.22.12.0/22
193.17.86.0/23
193.17.176.0/23
212.132.160.0/19
IPv6:
2a04:c880::/32
2a0f:9d80::/32
Signature Algorithm: sha256WithRSAEncryption
32:8d:85:3d:77:bf:a2:76:d8:c3:36:c0:f6:5c:59:08:a9:31:
80:8a:91:b3:c4:18:0d:32:14:2f:25:7c:6a:3d:c6:f5:c3:84:
b0:83:db:2f:f3:68:e0:e5:ce:c1:1f:0c:a0:13:35:b4:d5:a3:
68:b8:d0:21:c1:d5:a7:43:8f:67:74:c7:90:ee:4a:03:b9:0a:
cb:02:bd:22:26:a2:c7:d2:56:17:b6:2c:a2:16:66:65:db:87:
ae:20:86:c3:c2:51:9f:28:84:3d:72:e2:51:4c:54:d5:a2:a9:
d0:1e:5c:d4:ad:a5:fa:77:a0:0d:18:6b:cf:67:9e:cd:ee:43:
4c:71:70:f0:97:ac:e8:c6:69:bf:3b:c2:3b:76:4a:c8:5b:13:
48:26:c8:4d:3c:e6:b3:46:11:9e:36:4c:7b:f1:5b:b6:17:7e:
4a:65:84:2c:17:08:30:65:7d:ca:d5:99:5a:52:4e:74:69:47:
93:0e:6c:32:35:94:e5:73:e4:05:23:ce:ba:49:b6:5b:70:5f:
97:9c:19:0a:1e:6e:86:ae:db:49:42:50:51:4c:dc:3f:8c:fd:
63:fe:21:9d:bc:41:d2:6c:7a:18:e6:f6:a0:26:96:f2:1a:8e:
85:2b:26:31:8a:be:a5:63:cc:53:21:91:d1:dc:ce:1e:e7:b6:
b9:d4:70:51
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZFLRD2fhjaEBFYWh1wPRIHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNmYyYTgxNjJhNzU1MjRmZjUyNzgzZjgxMzJjMzMwMDdk
YTRkOTgwHhcNMjQwODEzMTAyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDgyYWIwNjVmZGYzMWJjZDM5OTg1MDNmM2RhN2NhNDcwNjBkZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlaCrg6GRmqyDTlBSkJqXIp9KLTM
L6Mx6BCANTVz7g2BfSzlH/vzU1rfgRVyLT1M2jLLyhOY9oTEiU3hF4uPUTJ7cSLA
rJpE2XwR0fP7kmSFBzOTzXVAOFEho+wwxaORhVrYuR6aDvHqYkKT9qeWViAjkuxs
aoQYG020XLLU+qI+djNz9WTPxrH/9nzdKhSs4S5nbguP5K2YOyIM3mafYTAl0BW9
tjf/WLL+tMofb/AMrquJNgZCIp4Rwf14ezWACGiSBm7IrUJuehQrqkhqi2WeCqkm
F26Sd4whGP6CM2pAmpqR+gqDZ5fC7+8P4dKAGXU7BcyfKxrWhz3FMpv3qQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFD2CqwZf3zG805mFA/PafKRwYN/FMB8GA1UdIwQY
MBaAFKFvKoFip1Uk/1J4P4EywzAH2k2YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1c4cWdXS25WU1RfVW5nX2dUTERNQWZhVFpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy80YWM3ZTAtN2I1Mi00MWNlLWEzYzIt
NGFmZTNjYTVmMWE1LzEvUFlLckJsX2ZNYnpUbVlVRDg5cDhwSEJnMzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy80YWM3ZTAtN2I1Mi00MWNlLWEzYzItNGFmZTNjYTVmMWE1
LzEvb1c4cWdXS25WU1RfVW5nX2dUTERNQWZhVFpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCHxYMAwQB
wRFWAwQBwRGwAwQF1ISgMBQEAgACMA4DBQAqBMiAAwUAKg+dgDANBgkqhkiG9w0B
AQsFAAOCAQEAMo2FPXe/onbYwzbA9lxZCKkxgIqRs8QYDTIULyV8aj3G9cOEsIPb
L/No4OXOwR8MoBM1tNWjaLjQIcHVp0OPZ3THkO5KA7kKywK9Iiaix9JWF7YsohZm
ZduHriCGw8JRnyiEPXLiUUxU1aKp0B5c1K2l+negDRhrz2eeze5DTHFw8Jes6MZp
vzvCO3ZKyFsTSCbITTzms0YRnjZMe/Fbthd+SmWELBcIMGV9ytWZWlJOdGlHkw5s
MjWU5XPkBSPOukm2W3Bfl5wZCh5uhq7bSUJQUUzcP4z9Y/4hnbxB0mx6GOb2oCaW
8hqOhSsmMYq+pWPMUyGR0dzOHue2udRwUQ==
-----END CERTIFICATE-----
Generated at Thu Aug 29 14:50:21 2024 by rpki-client on console-fra.rpki-client.org