Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/djgW4exelX5QPF4nl8_WDtaBtZI.roa
File: djgW4exelX5QPF4nl8_WDtaBtZI.roa (raw, json)
Hash identifier: th8/x8jc58LW7llBENw2wMKnFxBF7sssTQBU2F6kmYM=
Subject key identifier: 76:38:16:E1:EC:5E:95:7E:50:3C:5E:27:97:CF:D6:0E:D6:81:B5:92
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 0189BB4798459B47DE7A3B46D9652D2F0913
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/djgW4exelX5QPF4nl8_WDtaBtZI.roa
Signing time: Thu 03 Aug 2023 12:02:58 +0000
ROA not before: Thu 03 Aug 2023 12:02:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44667
IP address blocks: 185.93.104.0/22 maxlen: 22
45.157.252.0/22 maxlen: 24
158.41.0.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:bb:47:98:45:9b:47:de:7a:3b:46:d9:65:2d:2f:09:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Aug 3 12:02:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=763816e1ec5e957e503c5e2797cfd60ed681b592
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:1f:9d:e1:0e:e0:cd:f7:df:13:a4:3f:26:81:
8e:ba:af:17:80:6a:80:74:2f:0e:18:a1:b1:0d:b6:
01:33:f5:05:93:b6:e3:d3:62:77:fe:a1:eb:b4:05:
5c:a8:65:20:7f:f9:1e:c3:02:df:a9:0d:2e:22:59:
a7:6e:4f:e3:93:9a:53:1b:01:77:46:31:8e:d1:c5:
8e:40:d1:b7:cf:fa:45:09:ef:ee:35:6c:a8:e2:67:
af:ed:b2:bd:61:64:90:df:ce:7d:0d:6b:73:3a:16:
20:c9:65:b0:ff:71:f0:1a:79:31:6d:81:a6:54:21:
37:85:e0:5f:b8:f7:20:30:9d:71:da:60:22:ad:2d:
7c:4a:d5:23:1c:a0:c8:22:d5:ae:d3:fb:a9:ed:02:
50:52:a7:d7:72:54:89:36:1c:72:9b:dc:d3:61:3b:
43:ad:c9:91:e3:9f:c5:2b:35:42:42:3e:71:40:e5:
d2:37:94:43:31:56:bf:a5:9d:d0:e9:67:da:30:09:
cb:8a:86:b8:8a:4e:12:13:2e:80:ef:89:9a:5e:1a:
35:9f:a1:2b:0c:5f:d6:bf:f1:b2:c4:00:2f:14:35:
33:9e:4c:41:d4:bd:6f:39:de:05:28:d9:3b:89:ad:
f0:f4:8c:4e:f1:26:c1:31:e9:82:80:22:00:76:24:
0c:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:38:16:E1:EC:5E:95:7E:50:3C:5E:27:97:CF:D6:0E:D6:81:B5:92
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/djgW4exelX5QPF4nl8_WDtaBtZI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.157.252.0/22
158.41.0.0/20
185.93.104.0/22
Signature Algorithm: sha256WithRSAEncryption
83:92:85:3d:af:37:ad:95:5f:96:a1:b7:6f:62:ac:3e:29:c6:
7a:e6:b4:49:a1:db:5a:6e:78:ca:61:b6:6d:23:c0:17:e7:23:
d3:50:f5:65:dd:f0:e8:e5:fe:fc:30:6b:d0:b2:80:62:c4:42:
25:e1:36:92:1e:7b:4c:79:cf:41:0e:04:a5:91:02:67:6d:11:
4d:e4:c6:67:8c:74:a7:46:6e:57:c9:3d:00:55:4e:e1:d2:d2:
a0:10:8d:58:44:4b:bd:9b:25:37:81:23:67:c9:19:29:fc:41:
53:7b:c5:b1:27:86:19:46:9e:c4:a0:d4:4e:b4:c0:48:51:c4:
a4:7f:27:b0:6f:2e:8d:21:aa:3f:16:d9:7c:f1:83:6b:4d:b3:
f3:1b:27:1a:14:05:eb:e5:0d:cc:80:06:4e:f2:39:bd:64:21:
9d:80:0d:54:79:40:b7:d0:cb:d5:37:68:aa:ee:01:94:e8:f0:
97:b8:b6:a7:e4:1b:35:19:f4:6c:2f:26:b9:ea:76:0c:db:79:
4e:c0:f1:01:33:72:cb:0e:9a:3f:f2:f1:b9:0b:3e:98:bf:e3:
2a:a3:27:6a:6e:ba:56:01:01:01:57:bc:24:b3:fe:81:06:ef:
53:c7:1c:83:b6:53:9c:31:7e:2e:67:a0:9b:14:4e:82:d3:14:
5b:d2:07:d4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYm7R5hFm0feejtG2WUtLwkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjMwODAzMTIwMjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjM4MTZlMWVjNWU5NTdlNTAzYzVlMjc5N2NmZDYwZWQ2ODFiNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxx+d4Q7gzfffE6Q/JoGOuq8XgGqA
dC8OGKGxDbYBM/UFk7bj02J3/qHrtAVcqGUgf/kewwLfqQ0uIlmnbk/jk5pTGwF3
RjGO0cWOQNG3z/pFCe/uNWyo4mev7bK9YWSQ3859DWtzOhYgyWWw/3HwGnkxbYGm
VCE3heBfuPcgMJ1x2mAirS18StUjHKDIItWu0/up7QJQUqfXclSJNhxym9zTYTtD
rcmR45/FKzVCQj5xQOXSN5RDMVa/pZ3Q6WfaMAnLioa4ik4SEy6A74maXho1n6Er
DF/Wv/GyxAAvFDUznkxB1L1vOd4FKNk7ia3w9IxO8SbBMemCgCIAdiQMBQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHY4FuHsXpV+UDxeJ5fP1g7WgbWSMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvZGpnVzRleGVsWDVRUEY0bmw4X1dEdGFCdFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZ38AwQE
nikAAwQCuV1oMA0GCSqGSIb3DQEBCwUAA4IBAQCDkoU9rzetlV+WobdvYqw+KcZ6
5rRJodtabnjKYbZtI8AX5yPTUPVl3fDo5f78MGvQsoBixEIl4TaSHntMec9BDgSl
kQJnbRFN5MZnjHSnRm5XyT0AVU7h0tKgEI1YREu9myU3gSNnyRkp/EFTe8WxJ4YZ
Rp7EoNROtMBIUcSkfyewby6NIao/Ftl88YNrTbPzGycaFAXr5Q3MgAZO8jm9ZCGd
gA1UeUC30MvVN2iq7gGU6PCXuLan5Bs1GfRsLya56nYM23lOwPEBM3LLDpo/8vG5
Cz6Yv+MqoydqbrpWAQEBV7wks/6BBu9TxxyDtlOcMX4uZ6CbFE6C0xRb0gfU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org