Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/8oPRLuHPeb8_BEDsbD09j2zOIp8.roa
File: 8oPRLuHPeb8_BEDsbD09j2zOIp8.roa (raw, json)
Hash identifier: Jg+u2Ue9yTW1N5xQDtclz7/Y+7bHAzlerPCXjiYCMf4=
Subject key identifier: F2:83:D1:2E:E1:CF:79:BF:3F:04:40:EC:6C:3D:3D:8F:6C:CE:22:9F
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 01860A140F1F33CD249DE81D19A70CDCF3BC
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/8oPRLuHPeb8_BEDsbD09j2zOIp8.roa
Signing time: Tue 31 Jan 2023 23:05:32 +0000
ROA not before: Tue 31 Jan 2023 23:05:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 176.52.128.0/20 maxlen: 24
176.52.144.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:0a:14:0f:1f:33:cd:24:9d:e8:1d:19:a7:0c:dc:f3:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Jan 31 23:05:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f283d12ee1cf79bf3f0440ec6c3d3d8f6cce229f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:50:43:6f:0f:d0:3a:5c:60:03:06:c1:aa:32:
34:b2:d8:65:f3:8f:23:38:54:c6:8f:37:d7:c6:7c:
4c:c4:75:aa:3d:32:4d:fa:62:14:33:22:2a:c3:7c:
8f:60:40:47:58:9d:24:aa:17:e7:ac:fb:72:73:a3:
34:e3:23:b1:d2:a7:ff:6f:07:7a:cf:fd:a7:eb:3c:
43:a3:22:43:53:c3:86:f7:2a:bd:90:ed:e1:b7:ad:
31:7c:8c:7f:07:20:83:1d:73:5f:f6:59:b3:63:5e:
fb:02:b1:a0:88:38:9a:b5:ee:e4:78:ce:4c:2f:76:
07:cb:f9:bf:39:20:e2:63:6b:3c:a7:57:12:09:ab:
66:70:d1:ca:a1:11:99:4c:4a:84:e8:54:2d:9a:f6:
27:f0:97:9c:84:79:77:71:d1:17:11:05:82:4d:16:
3b:9c:75:4e:55:7c:f4:b3:49:d1:32:5c:5e:41:f2:
50:02:02:23:c5:9c:dd:c3:a1:52:bb:4c:db:1e:0e:
bc:07:2c:fd:ec:fb:69:a1:1a:35:75:2a:9a:6a:c9:
30:7c:8f:2a:c0:7b:41:b3:0f:e4:92:56:ee:7a:de:
62:87:b4:6f:22:e3:a6:e8:bf:8f:b5:de:a6:a3:cd:
6f:ba:1d:9a:a9:1b:bc:ac:d5:29:e0:09:98:dc:8c:
b7:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:83:D1:2E:E1:CF:79:BF:3F:04:40:EC:6C:3D:3D:8F:6C:CE:22:9F
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/8oPRLuHPeb8_BEDsbD09j2zOIp8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.52.128.0/19
Signature Algorithm: sha256WithRSAEncryption
37:b7:d9:0c:11:29:60:7b:fc:b1:f6:d5:43:11:e5:a1:de:eb:
e1:d5:f7:85:df:66:81:f0:f0:70:4b:50:9b:80:99:f4:a9:ff:
18:39:52:91:9b:c5:ba:33:e0:ac:7d:6f:02:13:fb:4d:d5:0a:
80:86:ad:af:f0:54:60:22:71:dd:de:40:fb:54:e6:cf:52:da:
31:29:41:4c:ed:6b:cf:05:d1:94:df:77:fc:27:b9:89:45:cb:
b3:b0:00:d6:38:8a:7e:e7:eb:50:5d:4e:72:76:3e:59:2d:57:
f3:b0:80:8c:af:31:0d:38:61:92:5c:90:cf:6d:66:ce:1d:04:
04:1f:0c:d5:18:24:98:8a:6a:4c:38:b4:6b:a7:98:be:07:4e:
cf:63:87:2f:ef:06:ad:68:42:0c:63:4a:fa:9f:80:b3:01:69:
3c:8b:57:8d:48:58:d7:9d:4b:25:7b:0c:3c:2b:82:2e:bc:70:
2f:16:28:fa:fc:3e:45:0f:67:a6:8f:19:9f:3d:c3:32:51:d7:
e5:15:fb:28:69:24:ee:bc:8a:c8:90:3c:33:0d:73:e2:48:92:
fa:f9:18:0a:26:f0:7c:85:90:2c:f5:6e:bc:16:4f:87:74:ff:
12:0e:a4:ad:f1:95:a0:46:b9:b6:f6:48:11:ff:8c:7a:77:86:
72:bd:ac:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYKFA8fM80knegdGacM3PO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjMwMTMxMjMwNTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgzZDEyZWUxY2Y3OWJmM2YwNDQwZWM2YzNkM2Q4ZjZjY2UyMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFBDbw/QOlxgAwbBqjI0sthl848j
OFTGjzfXxnxMxHWqPTJN+mIUMyIqw3yPYEBHWJ0kqhfnrPtyc6M04yOx0qf/bwd6
z/2n6zxDoyJDU8OG9yq9kO3ht60xfIx/ByCDHXNf9lmzY177ArGgiDiate7keM5M
L3YHy/m/OSDiY2s8p1cSCatmcNHKoRGZTEqE6FQtmvYn8JechHl3cdEXEQWCTRY7
nHVOVXz0s0nRMlxeQfJQAgIjxZzdw6FSu0zbHg68Byz97PtpoRo1dSqaaskwfI8q
wHtBsw/kklbuet5ih7RvIuOm6L+Ptd6mo81vuh2aqRu8rNUp4AmY3Iy3uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKD0S7hz3m/PwRA7Gw9PY9sziKfMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvOG9QUkx1SFBlYjhfQkVEc2JEMDlqMnpPSXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsDSAMA0G
CSqGSIb3DQEBCwUAA4IBAQA3t9kMESlge/yx9tVDEeWh3uvh1feF32aB8PBwS1Cb
gJn0qf8YOVKRm8W6M+CsfW8CE/tN1QqAhq2v8FRgInHd3kD7VObPUtoxKUFM7WvP
BdGU33f8J7mJRcuzsADWOIp+5+tQXU5ydj5ZLVfzsICMrzENOGGSXJDPbWbOHQQE
HwzVGCSYimpMOLRrp5i+B07PY4cv7wataEIMY0r6n4CzAWk8i1eNSFjXnUsleww8
K4IuvHAvFij6/D5FD2emjxmfPcMyUdflFfsoaSTuvIrIkDwzDXPiSJL6+RgKJvB8
hZAs9W68Fk+HdP8SDqSt8ZWgRrm29kgR/4x6d4ZyvawD
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:17 2023 by rpki-client on console-ams.rpki-client.org