Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/KmMXd5z03M-akoqQ78-o2YdkxVE.roa
File: KmMXd5z03M-akoqQ78-o2YdkxVE.roa (raw, json)
Hash identifier: klmJnYUbaqUyficYnD+OTVGYms3jmvvd1QrK2o5DV/g=
Subject key identifier: 2A:63:17:77:9C:F4:DC:CF:9A:92:8A:90:EF:CF:A8:D9:87:64:C5:51
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 01852AC05759187E3A6F2C0176251438E7AE
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/KmMXd5z03M-akoqQ78-o2YdkxVE.roa
Signing time: Mon 19 Dec 2022 14:18:46 +0000
ROA not before: Mon 19 Dec 2022 14:18:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 92.53.188.0/22 maxlen: 24
176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.136.0/22 maxlen: 22
176.52.144.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
176.52.148.0/22 maxlen: 24
176.52.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2a:c0:57:59:18:7e:3a:6f:2c:01:76:25:14:38:e7:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Dec 19 14:18:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2a6317779cf4dccf9a928a90efcfa8d98764c551
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:0e:9e:5f:27:24:95:0b:ad:b3:55:bf:3d:12:
b7:0d:9b:b6:af:a6:4e:4f:d2:74:a8:e3:14:dd:84:
3d:a9:38:bd:6b:ac:dc:83:45:7b:1c:51:de:ac:23:
d0:e0:16:97:5f:59:0d:0c:8b:0f:37:f3:4a:0f:2b:
0c:eb:d2:77:fd:6a:29:88:d1:1d:48:f1:5a:4e:6a:
7a:d9:62:f5:25:6a:29:4a:23:a9:bd:97:ec:9c:42:
e6:14:8b:43:a3:94:cd:5f:08:5d:af:f7:82:19:0e:
2d:05:e3:2d:59:8c:ce:31:44:1f:85:6d:76:cd:2f:
48:af:2d:06:5e:bf:4d:a5:f2:54:2b:bc:94:c1:7e:
29:3e:89:64:0d:42:1d:cc:61:33:ea:98:d9:47:dd:
07:42:5f:a3:14:33:4f:aa:cd:2c:86:12:b9:2d:3b:
08:c5:79:90:df:f9:46:b6:49:c6:c8:fc:c6:aa:d5:
3c:f7:36:dd:d9:ec:fb:ed:6f:67:ab:d5:87:50:92:
b9:fe:40:56:91:ad:76:85:be:49:7e:68:07:aa:42:
13:82:dd:8c:c7:33:c3:81:d2:2a:a7:84:cb:4d:8c:
c9:e2:85:20:3a:37:79:bc:4b:f5:84:16:ef:2d:d1:
97:b5:34:10:71:b7:bb:38:2a:02:b6:c8:33:58:f6:
17:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:63:17:77:9C:F4:DC:CF:9A:92:8A:90:EF:CF:A8:D9:87:64:C5:51
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/KmMXd5z03M-akoqQ78-o2YdkxVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.188.0/22
176.52.128.0/19
Signature Algorithm: sha256WithRSAEncryption
44:e9:2c:9c:21:ba:d5:59:c3:d1:2f:f8:ff:0f:ff:75:18:ce:
48:e3:00:51:a1:c6:eb:4c:54:35:cd:c5:cd:4a:4c:87:e8:5d:
e2:7a:18:9b:42:70:d6:77:e6:ee:d8:f4:42:b6:c6:3b:62:fe:
94:10:3b:3d:23:61:0b:2b:b7:05:e4:0c:b3:43:90:69:73:13:
de:fe:7d:09:30:a5:4a:ec:aa:f6:f7:b5:7f:06:80:05:3a:97:
af:bb:12:65:78:b8:81:21:7b:d8:a7:98:ce:81:2e:2a:f1:5c:
54:b5:9f:49:6e:e5:8b:7d:a3:e7:b0:dd:2c:46:67:17:21:c1:
0d:af:1c:30:e6:25:e5:7d:d5:31:f3:8d:75:d1:2a:20:1c:cf:
ea:a3:44:d4:7a:35:17:ff:34:51:87:d5:6b:f4:6e:6d:30:7d:
3e:ad:8e:5d:e8:44:72:46:0e:19:68:b7:a0:7e:97:d4:f9:72:
53:ac:11:c3:78:e3:37:9d:12:be:63:c7:2d:2e:00:fa:20:80:
64:b0:69:09:a2:b3:10:96:0b:d1:ca:d3:d8:df:7b:dd:d3:9b:
ef:ea:8d:a7:11:22:be:a4:9d:70:61:b6:90:9f:70:6c:0f:56:
30:b9:8b:d9:a4:fa:b3:5c:7f:c7:61:84:7a:44:60:1e:6d:e5:
a1:f8:e1:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYUqwFdZGH46bywBdiUUOOeuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMjE5MTQxODQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTYzMTc3NzljZjRkY2NmOWE5MjhhOTBlZmNmYThkOTg3NjRjNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw6eXycklQuts1W/PRK3DZu2r6ZO
T9J0qOMU3YQ9qTi9a6zcg0V7HFHerCPQ4BaXX1kNDIsPN/NKDysM69J3/WopiNEd
SPFaTmp62WL1JWopSiOpvZfsnELmFItDo5TNXwhdr/eCGQ4tBeMtWYzOMUQfhW12
zS9Iry0GXr9NpfJUK7yUwX4pPolkDUIdzGEz6pjZR90HQl+jFDNPqs0shhK5LTsI
xXmQ3/lGtknGyPzGqtU89zbd2ez77W9nq9WHUJK5/kBWka12hb5JfmgHqkITgt2M
xzPDgdIqp4TLTYzJ4oUgOjd5vEv1hBbvLdGXtTQQcbe7OCoCtsgzWPYXIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCpjF3ec9NzPmpKKkO/PqNmHZMVRMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvS21NWGQ1ejAzTS1ha29xUTc4LW8yWWRreFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXDW8AwQF
sDSAMA0GCSqGSIb3DQEBCwUAA4IBAQBE6SycIbrVWcPRL/j/D/91GM5I4wBRocbr
TFQ1zcXNSkyH6F3iehibQnDWd+bu2PRCtsY7Yv6UEDs9I2ELK7cF5AyzQ5BpcxPe
/n0JMKVK7Kr297V/BoAFOpevuxJleLiBIXvYp5jOgS4q8VxUtZ9JbuWLfaPnsN0s
RmcXIcENrxww5iXlfdUx84110SogHM/qo0TUejUX/zRRh9Vr9G5tMH0+rY5d6ERy
Rg4ZaLegfpfU+XJTrBHDeOM3nRK+Y8ctLgD6IIBksGkJorMQlgvRytPY33vd05vv
6o2nESK+pJ1wYbaQn3BsD1YwuYvZpPqzXH/HYYR6RGAebeWh+OEB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org