Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Rt-Pk_QTlHbQLRONTFH9JwmQhmE.roa
File: Rt-Pk_QTlHbQLRONTFH9JwmQhmE.roa (raw, json)
Hash identifier: dPqdhwZqZ846frG1suDJrGoegPb1JVoWcCnc8NtxH8k=
Subject key identifier: 46:DF:8F:93:F4:13:94:76:D0:2D:13:8D:4C:51:FD:27:09:90:86:61
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 01840037DE0A5A2799413F0A869019BAFABD
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Rt-Pk_QTlHbQLRONTFH9JwmQhmE.roa
Signing time: Sat 22 Oct 2022 15:02:52 +0000
ROA not before: Sat 22 Oct 2022 15:02:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 92.53.184.0/22 maxlen: 22
176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.144.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
176.52.148.0/22 maxlen: 24
92.53.160.0/22 maxlen: 24
92.53.172.0/22 maxlen: 22
92.53.168.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:00:37:de:0a:5a:27:99:41:3f:0a:86:90:19:ba:fa:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Oct 22 15:02:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=46df8f93f4139476d02d138d4c51fd2709908661
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:d0:33:69:46:c5:8b:ca:7b:5a:fe:22:04:c2:
45:39:9f:9d:41:70:6c:a4:5e:81:fe:d6:e1:9c:b1:
2a:f3:24:80:e4:bc:cf:71:cb:ae:8e:65:69:b5:a4:
2b:dd:6a:bb:6f:2a:95:d5:bc:0e:51:64:fb:ce:85:
56:49:11:4a:c5:c7:d5:23:7d:82:8d:fd:55:84:ca:
4d:7c:6d:40:2b:33:af:ff:a6:5b:b3:cf:f1:d3:f1:
91:36:20:8e:e0:f1:6a:f3:dd:05:50:e7:e1:8a:11:
25:2a:8c:5e:0f:75:be:3b:49:f1:a2:cd:8a:d7:f8:
89:1f:1d:ff:08:46:4c:39:4d:ff:53:3f:c1:75:8f:
03:bd:f1:9d:3a:18:23:cd:57:c0:91:4c:6d:a8:f3:
2a:c0:1d:86:67:48:ca:03:c2:6b:16:6e:c8:56:a3:
50:ca:8a:7c:2d:9b:9d:04:6a:68:95:52:86:af:ee:
c2:65:0c:6e:cb:44:3e:a1:0c:51:87:c3:35:68:0e:
f1:5c:65:f4:d0:23:bf:c9:76:21:6f:7c:4a:f9:9a:
6a:6c:0c:3a:61:4b:ba:9e:f4:1a:9e:b3:15:1c:73:
dd:c1:84:89:82:6e:78:97:fe:6c:fa:a3:34:d4:34:
9b:d9:96:34:62:ff:9b:b7:17:5a:39:ae:0e:55:79:
47:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:DF:8F:93:F4:13:94:76:D0:2D:13:8D:4C:51:FD:27:09:90:86:61
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Rt-Pk_QTlHbQLRONTFH9JwmQhmE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.160.0/22
92.53.168.0/21
92.53.184.0/22
176.52.128.0/21
176.52.140.0-176.52.155.255
Signature Algorithm: sha256WithRSAEncryption
3b:c4:c8:98:5b:a1:72:83:48:bb:6d:c9:c0:aa:da:8f:2a:48:
0d:53:46:d6:be:23:88:2c:4d:46:4d:4b:ca:61:5d:12:4f:f7:
46:bd:19:51:64:5d:55:4e:19:fc:aa:dd:a1:b4:df:b9:3e:09:
25:c2:82:5c:06:96:71:3a:58:83:30:fe:61:54:1d:13:7e:cd:
69:68:94:28:8f:54:fe:32:fa:af:c8:f7:4b:a4:cb:03:b3:d8:
90:68:5e:44:32:b9:08:c2:06:8d:60:2d:ad:21:57:96:38:0a:
9f:f0:84:5d:f8:f2:e1:62:6e:19:92:5e:7c:ed:8b:53:82:53:
55:41:89:9b:de:13:58:f9:db:62:9d:cd:0e:6e:13:92:f9:36:
37:2b:f3:37:db:9b:28:e5:90:dc:d4:bc:e7:3e:ce:bb:d5:b8:
7d:9c:99:56:95:56:93:4c:53:61:11:3c:68:0b:cb:74:cd:50:
22:ca:30:c5:b7:20:19:a0:f2:09:f1:32:c3:51:56:ed:3b:9d:
87:a4:a9:44:23:27:5b:96:a1:19:8c:09:09:11:12:0d:a3:35:
da:83:50:f8:f7:e0:9c:42:96:fe:e8:9f:3c:2f:f9:e4:38:4e:
5e:77:09:9e:e4:9e:88:5f:f5:ba:19:24:28:c9:13:ed:75:f6:
dc:c5:1f:00
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYQAN94KWieZQT8KhpAZuvq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMDIyMTUwMjUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmRmOGY5M2Y0MTM5NDc2ZDAyZDEzOGQ0YzUxZmQyNzA5OTA4NjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9AzaUbFi8p7Wv4iBMJFOZ+dQXBs
pF6B/tbhnLEq8ySA5LzPccuujmVptaQr3Wq7byqV1bwOUWT7zoVWSRFKxcfVI32C
jf1VhMpNfG1AKzOv/6Zbs8/x0/GRNiCO4PFq890FUOfhihElKoxeD3W+O0nxos2K
1/iJHx3/CEZMOU3/Uz/BdY8DvfGdOhgjzVfAkUxtqPMqwB2GZ0jKA8JrFm7IVqNQ
yop8LZudBGpolVKGr+7CZQxuy0Q+oQxRh8M1aA7xXGX00CO/yXYhb3xK+ZpqbAw6
YUu6nvQanrMVHHPdwYSJgm54l/5s+qM01DSb2ZY0Yv+btxdaOa4OVXlH8wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFEbfj5P0E5R20C0TjUxR/ScJkIZhMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvUnQtUGtfUVRsSGJRTFJPTlRGSDlKd21RaG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCXDWgAwQD
XDWoAwQCXDW4AwQDsDSAMAwDBAKwNIwDBAKwNJgwDQYJKoZIhvcNAQELBQADggEB
ADvEyJhboXKDSLttycCq2o8qSA1TRta+I4gsTUZNS8phXRJP90a9GVFkXVVOGfyq
3aG037k+CSXCglwGlnE6WIMw/mFUHRN+zWlolCiPVP4y+q/I90ukywOz2JBoXkQy
uQjCBo1gLa0hV5Y4Cp/whF348uFibhmSXnzti1OCU1VBiZveE1j522KdzQ5uE5L5
Njcr8zfbmyjlkNzUvOc+zrvVuH2cmVaVVpNMU2ERPGgLy3TNUCLKMMW3IBmg8gnx
MsNRVu07nYekqUQjJ1uWoRmMCQkREg2jNdqDUPj34JxClv7onzwv+eQ4Tl53CZ7k
nohf9boZJCjJE+119tzFHwA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:05 2024 by rpki-client on console-ams.rpki-client.org