Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/ZDFdKWw1JApGITFSZ3evGXWHlaY.roa
File: ZDFdKWw1JApGITFSZ3evGXWHlaY.roa (raw, json)
Hash identifier: llC+C8l96LmABtuN0xUuL06s/RnbYJdmkm4mxSn8ylI=
Subject key identifier: 64:31:5D:29:6C:35:24:0A:46:21:31:52:67:77:AF:19:75:87:95:A6
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 039867B5
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/ZDFdKWw1JApGITFSZ3evGXWHlaY.roa
Signing time: Sat 01 Jan 2022 11:01:28 +0000
ROA not before: Sat 01 Jan 2022 11:01:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 210441
IP address blocks: 176.52.132.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 60319669 (0x39867b5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Jan 1 11:01:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=64315d296c35240a462131526777af19758795a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:39:30:61:fd:21:93:83:8e:56:36:d7:b2:88:
aa:6e:f9:05:fa:d8:7b:a9:4f:0a:13:f3:32:d7:52:
8e:1e:9a:21:24:91:18:ab:04:fc:5a:91:e3:7d:62:
6e:55:ea:7b:9c:75:4d:12:a7:ef:99:bc:a7:5d:d8:
e3:09:e1:17:f5:9c:ee:61:02:9b:de:e2:24:b4:74:
27:60:61:43:6a:a6:5d:a7:d5:8d:1b:5a:60:f5:32:
d8:20:a3:35:ce:c7:54:2c:c7:bb:4f:6b:7b:b7:8d:
68:5c:6e:6f:e4:41:2a:cb:6b:8e:94:eb:c3:72:1f:
ac:6f:ad:ac:5f:e8:78:0c:c3:44:c3:67:ed:fb:42:
81:c3:6c:6f:55:e5:0d:6e:30:94:1b:60:29:dd:c6:
d4:ed:bb:d2:c1:73:d9:51:cf:c6:5f:4d:fb:18:62:
90:13:75:35:36:d6:b7:7c:b7:38:b0:d2:05:65:7c:
9f:b5:39:eb:11:46:2f:44:f7:d6:c9:21:5b:2c:ee:
76:70:35:9c:9a:31:7c:95:90:38:2e:41:73:8b:af:
45:4f:60:2a:bc:76:4d:a8:8f:2c:2e:1d:d7:ca:d2:
23:91:29:fd:0b:c4:e8:06:5a:e0:60:3e:76:90:f8:
8f:48:d5:de:c2:dd:4e:8b:bf:01:f4:d3:f3:a6:ac:
2b:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:31:5D:29:6C:35:24:0A:46:21:31:52:67:77:AF:19:75:87:95:A6
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/ZDFdKWw1JApGITFSZ3evGXWHlaY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.52.132.0/22
Signature Algorithm: sha256WithRSAEncryption
9d:9c:2b:c7:e4:b6:ff:67:82:f1:56:c2:f5:0d:7b:f1:d0:f2:
df:fb:88:9f:48:e4:cd:87:b6:ea:a0:1b:0e:c5:ca:b6:67:96:
f0:20:a8:91:b2:11:cd:8d:d0:f0:93:95:7a:23:97:97:57:bb:
30:22:38:5c:c8:f4:8d:ff:26:67:37:42:ed:7f:19:50:53:c5:
f8:57:63:56:81:85:3c:60:14:d4:a2:bf:df:f2:6e:30:48:96:
ed:5c:27:b4:75:6f:b2:59:bb:11:33:39:1a:b0:f8:b4:a0:3f:
ee:ef:7c:11:f9:e2:ba:e3:25:ce:3a:ce:f0:0c:e8:f1:53:8b:
10:c0:82:c3:1f:30:fb:a0:c6:08:41:76:10:b3:07:ce:1e:a2:
e3:a7:f9:b7:40:38:6a:44:13:83:08:0b:20:ad:d0:69:52:b6:
c7:4a:0d:b3:59:bd:4d:1c:f1:4f:35:b5:0c:5c:84:69:1c:3f:
1e:af:0a:f3:ee:fa:e0:22:d1:c0:d8:a6:fe:29:cc:5f:57:ce:
d1:51:48:a4:f4:db:52:f3:fc:e8:ba:f1:b5:02:d4:fc:80:51:
d1:57:c3:1e:af:06:39:f3:b6:ca:2e:26:69:ab:00:a5:50:29:
a1:d3:95:19:30:d5:92:b4:ef:44:23:9a:49:7d:f0:ba:b2:78:
37:b0:a1:2c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA5hntTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTc3OWU1NjIzOGI2ZjJlYTA2OGVkZTRlMjBhZWYwMGM5MDQxMzJiMB4XDTIyMDEw
MTExMDEyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjQzMTVkMjk2YzM1
MjQwYTQ2MjEzMTUyNjc3N2FmMTk3NTg3OTVhNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALY5MGH9IZODjlY217KIqm75BfrYe6lPChPzMtdSjh6aISSR
GKsE/FqR431iblXqe5x1TRKn75m8p13Y4wnhF/Wc7mECm97iJLR0J2BhQ2qmXafV
jRtaYPUy2CCjNc7HVCzHu09re7eNaFxub+RBKstrjpTrw3IfrG+trF/oeAzDRMNn
7ftCgcNsb1XlDW4wlBtgKd3G1O270sFz2VHPxl9N+xhikBN1NTbWt3y3OLDSBWV8
n7U56xFGL0T31skhWyzudnA1nJoxfJWQOC5Bc4uvRU9gKrx2TaiPLC4d18rSI5Ep
/QvE6AZa4GA+dpD4j0jV3sLdTou/AfTT86asK3UCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRkMV0pbDUkCkYhMVJnd68ZdYeVpjAfBgNVHSMEGDAWgBT+d55WI4tvLqBo
7eTiCu8AyQQTKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19uZWVWaU9MYnk2Z2FPM2s0Z3J2QU1rRUV5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8x
L1pERmRLV3cxSkFwR0lURlNaM2V2R1hXSGxhWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8xL19uZWVWaU9MYnk2
Z2FPM2s0Z3J2QU1rRUV5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArA0hDANBgkqhkiG9w0BAQsFAAOC
AQEAnZwrx+S2/2eC8VbC9Q178dDy3/uIn0jkzYe26qAbDsXKtmeW8CCokbIRzY3Q
8JOVeiOXl1e7MCI4XMj0jf8mZzdC7X8ZUFPF+FdjVoGFPGAU1KK/3/JuMEiW7Vwn
tHVvslm7ETM5GrD4tKA/7u98EfniuuMlzjrO8Azo8VOLEMCCwx8w+6DGCEF2ELMH
zh6i46f5t0A4akQTgwgLIK3QaVK2x0oNs1m9TRzxTzW1DFyEaRw/Hq8K8+764CLR
wNim/inMX1fO0VFIpPTbUvP86LrxtQLU/IBR0VfDHq8GOfO2yi4maasApVApodOV
GTDVkrTvRCOaSX3wurJ4N7ChLA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org