Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/At_kR9KDfhhj76PL7kJbrenAscI.roa
File: At_kR9KDfhhj76PL7kJbrenAscI.roa (raw, json)
Hash identifier: Pj1gRR+Ub+9zEFIuQakGBSrRFzJxbOxZC8AxCBIiAa0=
Subject key identifier: 02:DF:E4:47:D2:83:7E:18:63:EF:A3:CB:EE:42:5B:AD:E9:C0:B1:C2
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 0183D1FD85E3C4909C5D15B499A27AEF8487
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/At_kR9KDfhhj76PL7kJbrenAscI.roa
Signing time: Thu 13 Oct 2022 15:36:36 +0000
ROA not before: Thu 13 Oct 2022 15:36:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 92.53.176.0/22 maxlen: 22
92.53.180.0/22 maxlen: 22
92.53.184.0/22 maxlen: 22
176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
176.52.148.0/22 maxlen: 24
92.53.160.0/22 maxlen: 24
92.53.172.0/22 maxlen: 22
92.53.168.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:d1:fd:85:e3:c4:90:9c:5d:15:b4:99:a2:7a:ef:84:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Oct 13 15:36:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=02dfe447d2837e1863efa3cbee425bade9c0b1c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:fa:0c:80:e8:09:88:72:c6:fa:64:92:cc:d6:
3c:57:5c:33:24:61:6c:61:78:e1:b3:6e:3c:98:74:
a7:df:dc:4b:14:29:85:a1:40:b4:dc:47:ef:6b:f5:
76:cb:e5:ed:7a:60:ae:a4:15:9f:df:d7:c6:00:a2:
88:c7:e9:2b:73:e2:dc:01:1a:e3:1d:2f:e7:c8:fb:
f0:ec:32:ac:63:08:49:4a:39:83:5a:c9:81:00:a3:
7e:b2:94:90:e3:7c:52:36:20:d9:84:e3:b1:7e:72:
48:15:af:6c:c2:da:3e:de:65:ec:58:de:50:ff:f3:
63:07:ca:c4:dc:3b:29:14:7c:c7:02:38:f0:19:f2:
4c:22:e9:53:cd:2e:b9:70:32:ac:a0:8d:08:1b:a3:
57:12:20:bd:92:0d:27:7d:ab:7e:fa:46:54:61:f3:
2c:bf:79:ad:25:0e:82:29:03:0c:3d:2f:d7:10:c7:
84:3e:89:1b:09:d9:90:7e:11:19:52:80:e4:28:15:
cf:3d:5b:6f:ef:7b:70:be:28:ea:cc:91:d8:ab:6f:
54:d9:e0:d6:ae:97:7b:d4:60:d9:3c:7b:ee:35:cb:
6e:59:09:e6:ae:56:cb:a4:95:7b:87:1c:b6:c1:b0:
bd:84:cd:87:6a:00:68:c5:07:f9:7b:63:ea:ce:08:
56:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:DF:E4:47:D2:83:7E:18:63:EF:A3:CB:EE:42:5B:AD:E9:C0:B1:C2
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/At_kR9KDfhhj76PL7kJbrenAscI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.160.0/22
92.53.168.0-92.53.187.255
176.52.128.0/21
176.52.140.0/22
176.52.148.0-176.52.155.255
Signature Algorithm: sha256WithRSAEncryption
4e:a0:ce:c0:c3:3b:75:94:c3:91:65:80:e6:6c:3b:0f:4a:20:
47:3d:f7:8c:11:8a:c0:fb:96:6d:ee:15:a3:81:bb:96:ad:73:
62:b8:6c:ef:b5:32:a7:e3:5a:40:db:23:09:8c:e3:c6:f3:28:
31:09:a7:58:22:67:52:60:56:d6:9b:8d:3c:cf:c5:78:74:b7:
7d:89:b8:6c:db:e2:4d:a9:e4:07:e6:fc:aa:97:03:f8:b7:33:
96:68:47:86:69:91:06:07:b0:6b:92:d4:f7:49:f7:44:a1:cd:
92:b3:f6:b3:0c:e4:46:83:fb:8a:3c:b7:f1:20:dc:ea:b5:df:
e1:c8:32:af:9d:3d:19:63:88:78:2b:29:e5:88:51:93:e1:c7:
51:f5:25:ac:52:06:22:67:0f:78:48:c8:ce:eb:9c:c7:f7:8e:
7d:85:22:a1:e7:c9:46:30:9c:d0:4f:75:1a:3b:0f:13:9e:1f:
d3:e3:7a:da:dc:e5:0b:11:13:f6:94:86:e9:55:bc:d1:3b:37:
cf:02:a7:99:8d:fe:93:38:03:2d:cf:8b:8f:83:66:ef:63:c4:
b1:f9:82:6c:3f:17:7a:80:27:1e:22:8f:6c:11:82:b9:7a:f4:
a5:27:f3:46:4c:79:ac:54:c4:58:f5:e4:bb:03:04:15:cf:fd:
bb:74:b7:1f
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYPR/YXjxJCcXRW0maJ674SHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMDEzMTUzNjM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmRmZTQ0N2QyODM3ZTE4NjNlZmEzY2JlZTQyNWJhZGU5YzBiMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/oMgOgJiHLG+mSSzNY8V1wzJGFs
YXjhs248mHSn39xLFCmFoUC03Efva/V2y+XtemCupBWf39fGAKKIx+krc+LcARrj
HS/nyPvw7DKsYwhJSjmDWsmBAKN+spSQ43xSNiDZhOOxfnJIFa9swto+3mXsWN5Q
//NjB8rE3DspFHzHAjjwGfJMIulTzS65cDKsoI0IG6NXEiC9kg0nfat++kZUYfMs
v3mtJQ6CKQMMPS/XEMeEPokbCdmQfhEZUoDkKBXPPVtv73twvijqzJHYq29U2eDW
rpd71GDZPHvuNctuWQnmrlbLpJV7hxy2wbC9hM2HagBoxQf5e2PqzghWqwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFALf5EfSg34YY++jy+5CW63pwLHCMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvQXRfa1I5S0RmaGhqNzZQTDdrSmJyZW5Bc2NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCXDWgMAwD
BANcNagDBAJcNbgDBAOwNIADBAKwNIwwDAMEArA0lAMEArA0mDANBgkqhkiG9w0B
AQsFAAOCAQEATqDOwMM7dZTDkWWA5mw7D0ogRz33jBGKwPuWbe4Vo4G7lq1zYrhs
77Uyp+NaQNsjCYzjxvMoMQmnWCJnUmBW1puNPM/FeHS3fYm4bNviTankB+b8qpcD
+LczlmhHhmmRBgewa5LU90n3RKHNkrP2swzkRoP7ijy38SDc6rXf4cgyr509GWOI
eCsp5YhRk+HHUfUlrFIGImcPeEjIzuucx/eOfYUioefJRjCc0E91GjsPE54f0+N6
2tzlCxET9pSG6VW80Ts3zwKnmY3+kzgDLc+Lj4Nm72PEsfmCbD8XeoAnHiKPbBGC
uXr0pSfzRkx5rFTEWPXkuwMEFc/9u3S3Hw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org