Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/2qqfKXDcDRdQhkJZTnXv223b9nk.roa
File: 2qqfKXDcDRdQhkJZTnXv223b9nk.roa (raw, json)
Hash identifier: uOsePAmGWg/mN+xlHtQljt71Rx5xyTVu9PTMQwaYreY=
Subject key identifier: DA:AA:9F:29:70:DC:0D:17:50:86:42:59:4E:75:EF:DB:6D:DB:F6:79
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 018527B50D45875135995656B3F46DF18348
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/2qqfKXDcDRdQhkJZTnXv223b9nk.roa
Signing time: Mon 19 Dec 2022 00:07:34 +0000
ROA not before: Mon 19 Dec 2022 00:07:34 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 92.53.180.0/22 maxlen: 24
92.53.188.0/22 maxlen: 24
176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.136.0/22 maxlen: 22
176.52.144.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
176.52.148.0/22 maxlen: 24
176.52.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:27:b5:0d:45:87:51:35:99:56:56:b3:f4:6d:f1:83:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Dec 19 00:07:34 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=daaa9f2970dc0d17508642594e75efdb6ddbf679
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:2a:dc:8e:3b:40:6b:b8:f3:53:68:b9:d9:42:
3e:ce:20:78:0d:57:ef:30:17:a0:6b:8e:b0:e4:7b:
33:d3:eb:d2:51:50:a8:3b:f1:19:a9:68:b2:65:1d:
19:8c:85:43:69:c6:70:60:cd:4e:54:98:f4:8f:94:
a9:39:c2:a4:dd:1d:18:e0:8f:63:91:83:84:47:5a:
d8:37:ff:2d:8b:d6:15:ef:9e:44:35:fe:99:cf:27:
ce:90:1b:a1:d2:7e:35:e2:2b:52:bb:85:a0:38:64:
72:63:6f:f9:72:93:d1:56:13:8f:f4:f5:96:19:16:
89:28:a1:eb:01:b4:86:25:60:b2:22:65:7b:a3:80:
3d:35:b3:76:a7:76:22:ad:86:ba:76:34:96:94:f4:
0f:e2:52:5c:bb:35:bd:3f:1d:fe:56:02:8e:08:1c:
95:50:7a:5f:55:d5:ff:7e:64:0d:88:0f:b9:f7:6f:
28:4f:0d:80:55:cb:0c:3f:96:5a:09:65:d2:55:46:
9b:bb:a0:10:10:8f:d0:af:ac:8c:16:38:31:30:6d:
a6:d8:08:44:26:ac:04:5b:4a:32:1f:0d:1a:ad:38:
ce:ad:b5:7b:a5:5d:78:54:4c:54:00:3e:21:50:50:
98:e7:3f:e6:3f:5a:84:1f:4d:5c:0a:63:d3:ca:41:
1e:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:AA:9F:29:70:DC:0D:17:50:86:42:59:4E:75:EF:DB:6D:DB:F6:79
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/2qqfKXDcDRdQhkJZTnXv223b9nk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.180.0/22
92.53.188.0/22
176.52.128.0/19
Signature Algorithm: sha256WithRSAEncryption
7b:9c:5b:71:7c:a3:cd:d6:60:bc:d2:a0:69:1d:76:2e:86:14:
bd:f1:d3:e3:83:b9:0d:60:ed:db:5e:0b:4f:12:35:21:66:fc:
b9:6f:b7:db:10:20:99:cf:89:2c:ac:4d:8d:e5:4a:97:ed:9c:
e3:43:34:6a:ca:c3:39:de:ff:da:f2:f1:13:07:bf:f6:37:3e:
87:61:21:61:56:57:d4:c6:32:b5:54:47:ef:c8:da:36:34:de:
c0:e0:1c:11:b5:7a:ac:7f:32:11:f1:5a:75:e0:d5:64:11:83:
6b:e9:59:25:c0:0e:03:1a:9f:ff:fa:9c:1b:00:fe:d3:b9:5a:
d4:4c:83:97:27:8c:61:38:63:32:b6:71:56:5a:73:bf:db:35:
cc:b5:d9:14:1b:e3:21:ee:06:a3:3f:08:53:e4:25:bf:46:46:
76:27:55:f9:15:db:98:2c:c3:2c:db:c0:69:13:e5:d2:52:c0:
74:ef:56:dc:2c:1e:cf:a5:45:c4:4c:34:e9:ff:36:ed:09:6e:
87:bd:1d:a4:8a:c2:dc:4e:8c:54:51:67:a5:04:3e:4f:69:65:
5d:63:9d:58:08:ac:1d:0c:9d:c7:35:2c:e7:9d:c6:52:67:a2:
4d:ad:a7:56:2a:10:03:7a:3f:cb:8f:88:1b:92:e9:56:e5:40:
9d:de:0d:68
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYUntQ1Fh1E1mVZWs/Rt8YNIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMjE5MDAwNzM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFhOWYyOTcwZGMwZDE3NTA4NjQyNTk0ZTc1ZWZkYjZkZGJmNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyrcjjtAa7jzU2i52UI+ziB4DVfv
MBega46w5Hsz0+vSUVCoO/EZqWiyZR0ZjIVDacZwYM1OVJj0j5SpOcKk3R0Y4I9j
kYOER1rYN/8ti9YV755ENf6ZzyfOkBuh0n414itSu4WgOGRyY2/5cpPRVhOP9PWW
GRaJKKHrAbSGJWCyImV7o4A9NbN2p3YirYa6djSWlPQP4lJcuzW9Px3+VgKOCByV
UHpfVdX/fmQNiA+5928oTw2AVcsMP5ZaCWXSVUabu6AQEI/Qr6yMFjgxMG2m2AhE
JqwEW0oyHw0arTjOrbV7pV14VExUAD4hUFCY5z/mP1qEH01cCmPTykEeTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNqqnylw3A0XUIZCWU5179tt2/Z5MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvMnFxZktYRGNEUmRRaGtKWlRuWHYyMjNiOW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCXDW0AwQC
XDW8AwQFsDSAMA0GCSqGSIb3DQEBCwUAA4IBAQB7nFtxfKPN1mC80qBpHXYuhhS9
8dPjg7kNYO3bXgtPEjUhZvy5b7fbECCZz4ksrE2N5UqX7ZzjQzRqysM53v/a8vET
B7/2Nz6HYSFhVlfUxjK1VEfvyNo2NN7A4BwRtXqsfzIR8Vp14NVkEYNr6VklwA4D
Gp//+pwbAP7TuVrUTIOXJ4xhOGMytnFWWnO/2zXMtdkUG+Mh7gajPwhT5CW/RkZ2
J1X5FduYLMMs28BpE+XSUsB071bcLB7PpUXETDTp/zbtCW6HvR2kisLcToxUUWel
BD5PaWVdY51YCKwdDJ3HNSznncZSZ6JNradWKhADej/Lj4gbkulW5UCd3g1o
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:04 2024 by rpki-client on console-ams.rpki-client.org