Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/qscAj-VhZX0OBuEcAbLW_Y9tG-s.roa
File: qscAj-VhZX0OBuEcAbLW_Y9tG-s.roa (raw, json)
Hash identifier: hBOKmR97zVKXvrSgI2FHSmhc+mggR2YwGYugHQ1I/ro=
Subject key identifier: AA:C7:00:8F:E5:61:65:7D:0E:06:E1:1C:01:B2:D6:FD:8F:6D:1B:EB
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 0185CF28D42430243C0985B4D103770C2711
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/qscAj-VhZX0OBuEcAbLW_Y9tG-s.roa
Signing time: Fri 20 Jan 2023 12:30:37 +0000
ROA not before: Fri 20 Jan 2023 12:30:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 92.53.180.0/22 maxlen: 24
176.52.144.0/20 maxlen: 24
92.53.172.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:cf:28:d4:24:30:24:3c:09:85:b4:d1:03:77:0c:27:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Jan 20 12:30:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aac7008fe561657d0e06e11c01b2d6fd8f6d1beb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:e8:f7:fb:6a:eb:42:cc:56:51:97:44:b7:b7:
a1:b4:d7:fb:4b:a7:28:77:76:ad:db:56:41:b8:48:
13:c3:d7:53:99:1a:d7:a4:2e:5d:89:7a:62:73:c9:
40:6f:a0:e4:62:dd:b6:c0:4b:04:17:8c:32:d8:f2:
09:36:8f:dc:2d:63:38:2e:27:af:e1:0e:8c:ec:5f:
19:04:d7:c3:bd:d8:6f:9f:c3:71:77:d2:d4:9f:70:
31:a4:a8:cd:11:15:dd:69:c8:e4:03:75:b3:c4:81:
6e:50:34:48:a0:6b:b0:d3:de:92:cc:1e:19:a3:27:
f9:a6:e3:d4:80:6e:5d:32:46:d0:50:10:1a:26:8d:
bc:6e:c1:e8:71:8f:69:fe:d1:21:c2:8b:83:37:30:
dc:da:d6:a8:d3:89:de:77:8b:8a:a2:72:ff:32:82:
0e:21:f1:ca:52:f2:d1:e4:cc:7a:ea:63:93:d0:85:
98:bb:05:1a:cd:51:23:86:2d:fe:58:0f:e5:73:ee:
e1:18:34:c2:d0:36:ab:af:c8:17:8e:59:e3:6c:06:
cb:41:74:a5:83:06:d5:81:c5:5f:eb:31:90:d8:46:
0a:ef:10:98:93:23:3b:7b:30:8b:3e:53:48:58:ae:
5e:dc:01:ad:08:69:e7:ee:57:33:86:40:3f:fb:6d:
6b:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:C7:00:8F:E5:61:65:7D:0E:06:E1:1C:01:B2:D6:FD:8F:6D:1B:EB
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/qscAj-VhZX0OBuEcAbLW_Y9tG-s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.172.0/22
92.53.180.0/22
176.52.144.0/20
Signature Algorithm: sha256WithRSAEncryption
5b:06:bc:f5:e6:52:fa:a8:d3:4d:18:e2:32:6d:29:35:b7:36:
cc:f5:56:29:e7:61:a3:f7:2e:d2:f8:6b:c7:5f:2a:e4:ee:5e:
8d:8d:8d:1e:9c:93:bf:54:41:ac:7a:7a:16:39:1a:36:ec:46:
10:99:fc:e4:5f:a2:60:bf:6b:dd:70:e0:4e:36:02:09:29:0a:
08:9f:42:b8:b4:6f:17:02:7d:8c:ab:eb:84:76:28:38:4e:52:
f3:fe:0e:06:ef:9b:8f:f5:bf:e6:09:ff:65:4e:71:9e:c0:93:
77:8f:dd:33:81:17:04:9d:5a:00:f6:ae:eb:ff:38:55:2b:43:
81:e2:09:b6:c1:83:3a:58:f8:3a:e5:ad:5e:56:7e:57:05:8d:
4f:b1:6a:53:6d:b3:4d:17:c5:3b:ee:7b:f8:96:d2:7c:03:1f:
5a:6c:fd:5f:e3:17:1b:6f:b0:32:2e:d2:9d:35:56:23:34:1e:
5e:2a:20:74:75:1a:be:7c:8b:b2:9f:38:5b:c4:e6:70:fa:d7:
90:27:f3:2e:c7:bd:7e:2e:35:79:ac:b2:4f:ba:53:9f:13:84:
bb:bc:55:9e:4d:70:51:be:a8:90:9b:65:51:38:67:ed:b1:bf:
44:6b:af:3a:ef:32:ee:38:56:12:e2:7a:2f:1a:11:ce:18:a2:
49:22:f3:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYXPKNQkMCQ8CYW00QN3DCcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjMwMTIwMTIzMDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWM3MDA4ZmU1NjE2NTdkMGUwNmUxMWMwMWIyZDZmZDhmNmQxYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwej3+2rrQsxWUZdEt7ehtNf7S6co
d3at21ZBuEgTw9dTmRrXpC5diXpic8lAb6DkYt22wEsEF4wy2PIJNo/cLWM4Liev
4Q6M7F8ZBNfDvdhvn8Nxd9LUn3AxpKjNERXdacjkA3WzxIFuUDRIoGuw096SzB4Z
oyf5puPUgG5dMkbQUBAaJo28bsHocY9p/tEhwouDNzDc2tao04ned4uKonL/MoIO
IfHKUvLR5Mx66mOT0IWYuwUazVEjhi3+WA/lc+7hGDTC0Darr8gXjlnjbAbLQXSl
gwbVgcVf6zGQ2EYK7xCYkyM7ezCLPlNIWK5e3AGtCGnn7lczhkA/+21rQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKrHAI/lYWV9DgbhHAGy1v2PbRvrMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvcXNjQWotVmhaWDBPQnVFY0FiTFdfWTl0Ry1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCXDWsAwQC
XDW0AwQEsDSQMA0GCSqGSIb3DQEBCwUAA4IBAQBbBrz15lL6qNNNGOIybSk1tzbM
9VYp52Gj9y7S+GvHXyrk7l6NjY0enJO/VEGsenoWORo27EYQmfzkX6Jgv2vdcOBO
NgIJKQoIn0K4tG8XAn2Mq+uEdig4TlLz/g4G75uP9b/mCf9lTnGewJN3j90zgRcE
nVoA9q7r/zhVK0OB4gm2wYM6WPg65a1eVn5XBY1PsWpTbbNNF8U77nv4ltJ8Ax9a
bP1f4xcbb7AyLtKdNVYjNB5eKiB0dRq+fIuynzhbxOZw+teQJ/Mux71+LjV5rLJP
ulOfE4S7vFWeTXBRvqiQm2VROGftsb9Ea6867zLuOFYS4novGhHOGKJJIvPE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:05 2024 by rpki-client on console-ams.rpki-client.org