Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/byOjS-GNgi9Yk-MQFm3q33r9KDU.roa
File: byOjS-GNgi9Yk-MQFm3q33r9KDU.roa (raw, json)
Hash identifier: pjGwoBK87mcCRquTPZdxB8MvIqW6SPjUikRs/3q41pQ=
Subject key identifier: 6F:23:A3:4B:E1:8D:82:2F:58:93:E3:10:16:6D:EA:DF:7A:FD:28:35
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 0183C0F0FABD1E703451BC806D470C6F300D
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/byOjS-GNgi9Yk-MQFm3q33r9KDU.roa
Signing time: Mon 10 Oct 2022 08:09:21 +0000
ROA not before: Mon 10 Oct 2022 08:09:21 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 92.53.176.0/22 maxlen: 22
92.53.180.0/22 maxlen: 22
92.53.184.0/22 maxlen: 22
176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
92.53.160.0/22 maxlen: 24
92.53.172.0/22 maxlen: 22
92.53.168.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:c0:f0:fa:bd:1e:70:34:51:bc:80:6d:47:0c:6f:30:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Oct 10 08:09:21 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6f23a34be18d822f5893e310166deadf7afd2835
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:a0:e8:02:8d:23:7f:e0:23:4b:0e:b0:a6:53:
68:25:42:f6:44:ec:61:59:68:8a:b6:7a:c7:ea:3e:
2a:ac:d0:b9:20:84:d1:74:b8:37:cc:77:cd:7c:c9:
ab:55:58:15:62:cf:9d:52:4d:4f:0e:69:eb:5b:be:
6a:44:2b:19:17:46:d3:9c:7f:15:30:16:f1:b4:24:
40:3d:29:0c:2f:fe:a8:a3:ad:0f:3a:d1:cd:4f:c1:
08:b1:86:cc:22:17:b6:ce:47:f0:9e:6b:02:da:9b:
5b:f8:c3:61:6b:f0:c3:dc:f6:18:8f:5e:08:5a:0a:
2c:72:4c:69:78:f3:2b:f3:ff:01:99:10:2a:3d:77:
c1:3c:8d:ff:15:39:1e:e2:ee:6c:3b:f0:b7:df:46:
4b:9b:ea:05:ca:d4:91:b9:8a:8c:22:16:b5:12:4d:
59:71:1b:00:f6:20:a0:5e:07:a5:13:45:d3:bd:a0:
f5:17:cf:ee:91:c6:8b:19:43:4a:a4:42:89:f6:94:
43:7b:f4:bd:f5:eb:c7:71:aa:2d:fe:5a:63:c8:17:
53:d7:2f:be:26:81:d3:21:d6:a7:b5:ab:7a:52:3d:
02:38:69:f0:b6:86:ac:9c:22:29:3f:e6:25:81:31:
5f:45:97:bc:fe:e9:08:8c:14:30:33:c4:d7:29:dd:
58:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:23:A3:4B:E1:8D:82:2F:58:93:E3:10:16:6D:EA:DF:7A:FD:28:35
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/byOjS-GNgi9Yk-MQFm3q33r9KDU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.160.0/22
92.53.168.0-92.53.187.255
176.52.128.0/21
176.52.140.0/22
176.52.152.0/22
Signature Algorithm: sha256WithRSAEncryption
7a:6f:1b:00:c8:40:71:3a:28:1c:fd:bc:81:1c:3b:58:6a:d3:
0f:af:3e:b9:cc:5d:9c:37:99:90:83:31:97:83:de:dd:3a:5f:
50:62:5c:be:fe:de:49:7b:d9:3d:df:84:71:93:79:d2:ca:e4:
ad:04:b2:62:dc:a8:10:23:d4:bf:85:e4:16:99:ca:9e:96:be:
7d:34:3d:54:be:18:f7:6d:38:de:c6:57:e1:11:11:66:9d:5f:
f2:65:4c:ae:d3:be:07:26:6e:20:7a:06:12:75:0e:68:79:1a:
a7:e5:eb:0d:af:b9:83:c1:0a:5a:f1:2f:8f:9a:f1:98:76:cc:
97:d7:06:d5:87:04:ca:b6:ff:aa:12:a7:88:73:44:7e:95:6d:
44:4c:03:e2:dc:4a:7f:7b:0b:30:53:f8:e0:c6:23:d5:63:26:
df:56:66:c6:dd:cd:3d:66:22:8f:03:d2:d1:dd:32:f7:59:70:
53:60:3c:25:7f:61:6f:59:8a:52:ab:f3:bc:ec:bd:85:0f:c8:
45:ea:eb:69:13:95:bf:2e:7b:1b:cb:d6:93:ed:77:19:a0:12:
39:0b:3e:16:ca:67:81:6e:1c:59:69:2f:dd:c7:c3:a4:4f:31:
8a:88:18:bc:71:8c:e7:8c:9e:b2:59:fb:f8:6e:82:dc:a6:5c:
0f:9a:3c:a0
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYPA8Pq9HnA0UbyAbUcMbzANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMDEwMDgwOTIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjIzYTM0YmUxOGQ4MjJmNTg5M2UzMTAxNjZkZWFkZjdhZmQyODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKDoAo0jf+AjSw6wplNoJUL2ROxh
WWiKtnrH6j4qrNC5IITRdLg3zHfNfMmrVVgVYs+dUk1PDmnrW75qRCsZF0bTnH8V
MBbxtCRAPSkML/6oo60POtHNT8EIsYbMIhe2zkfwnmsC2ptb+MNha/DD3PYYj14I
WgosckxpePMr8/8BmRAqPXfBPI3/FTke4u5sO/C330ZLm+oFytSRuYqMIha1Ek1Z
cRsA9iCgXgelE0XTvaD1F8/ukcaLGUNKpEKJ9pRDe/S99evHcaot/lpjyBdT1y++
JoHTIdantat6Uj0COGnwtoasnCIpP+YlgTFfRZe8/ukIjBQwM8TXKd1YHQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFG8jo0vhjYIvWJPjEBZt6t96/Sg1MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvYnlPalMtR05naTlZay1NUUZtM3EzM3I5S0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCXDWgMAwD
BANcNagDBAJcNbgDBAOwNIADBAKwNIwDBAKwNJgwDQYJKoZIhvcNAQELBQADggEB
AHpvGwDIQHE6KBz9vIEcO1hq0w+vPrnMXZw3mZCDMZeD3t06X1BiXL7+3kl72T3f
hHGTedLK5K0EsmLcqBAj1L+F5BaZyp6Wvn00PVS+GPdtON7GV+EREWadX/JlTK7T
vgcmbiB6BhJ1Dmh5Gqfl6w2vuYPBClrxL4+a8Zh2zJfXBtWHBMq2/6oSp4hzRH6V
bURMA+LcSn97CzBT+ODGI9VjJt9WZsbdzT1mIo8D0tHdMvdZcFNgPCV/YW9ZilKr
87zsvYUPyEXq62kTlb8uexvL1pPtdxmgEjkLPhbKZ4FuHFlpL93Hw6RPMYqIGLxx
jOeMnrJZ+/hugtymXA+aPKA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:05 2024 by rpki-client on console-ams.rpki-client.org