Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rW7UVnna4ElrRo79Lkf5NkWQzSs.roa
File: rW7UVnna4ElrRo79Lkf5NkWQzSs.roa (raw, json)
Hash identifier: OYf5FVKYxd/KGWsKyTUWoDEvvWe0YhKEXroIawhCtwI=
Subject key identifier: AD:6E:D4:56:79:DA:E0:49:6B:46:8E:FD:2E:47:F9:36:45:90:CD:2B
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 04D7043E
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rW7UVnna4ElrRo79Lkf5NkWQzSs.roa
Signing time: Tue 03 May 2022 08:21:52 +0000
ROA not before: Tue 03 May 2022 08:21:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 176.52.136.0/22 maxlen: 24
176.52.140.0/22 maxlen: 24
176.52.152.0/22 maxlen: 24
176.52.156.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 81200190 (0x4d7043e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: May 3 08:21:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ad6ed45679dae0496b468efd2e47f9364590cd2b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:13:b9:7f:e8:9e:de:c2:e5:72:75:bb:f8:5f:
5e:b3:53:f4:ee:db:39:66:f1:22:4b:e0:3a:b7:a2:
9d:d9:7c:3e:c8:3e:97:38:4d:13:e5:2e:53:16:ec:
34:0a:d0:72:82:13:8e:e0:28:73:1a:a1:17:86:51:
b0:7f:37:ca:0c:93:42:e5:3e:63:17:bf:03:44:1d:
3b:a3:26:24:8f:7d:65:a1:99:70:a0:58:a9:ff:b3:
10:ee:4b:80:d4:f5:ce:fb:89:89:3f:47:75:02:ef:
db:20:44:57:a1:15:1d:cc:85:a7:53:c1:af:a4:28:
bd:20:86:1c:ea:c8:46:87:07:14:77:7d:f2:0e:91:
d4:76:5e:14:a1:ec:73:48:ee:2d:b6:05:36:c4:ae:
bb:e5:03:3c:3d:0a:78:c9:cc:25:c1:63:25:35:fe:
f6:80:71:d8:cc:21:4c:e7:f1:e5:2c:31:14:f5:af:
ff:e9:0c:83:60:3a:7d:ea:ed:e9:08:ff:af:a7:b7:
90:07:fb:72:7c:dc:42:8d:96:bc:ec:a5:77:1b:ac:
10:8f:ed:bf:7b:c2:39:37:0c:36:6e:16:ff:7d:cc:
cf:5d:e9:0b:56:b7:53:09:85:bf:53:00:b1:71:5d:
90:ae:cc:09:d5:70:b4:c0:2e:c6:ad:08:5d:31:90:
04:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:6E:D4:56:79:DA:E0:49:6B:46:8E:FD:2E:47:F9:36:45:90:CD:2B
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rW7UVnna4ElrRo79Lkf5NkWQzSs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.52.136.0/21
176.52.152.0/21
Signature Algorithm: sha256WithRSAEncryption
2a:f2:ca:40:4a:cf:c2:26:29:f4:34:87:cb:29:35:c0:09:1e:
a1:2f:73:f9:a8:0a:c1:54:71:47:76:dd:c8:6b:7c:5b:9e:1b:
0a:c7:e9:67:4c:47:c1:15:f3:69:1f:e6:37:01:bd:fe:5d:ad:
bb:55:44:86:ec:5e:48:2d:1e:c5:7a:99:31:0e:29:5a:91:13:
27:f7:2a:3c:35:72:2e:f1:ce:e6:c2:5a:3f:6e:d9:0d:7d:83:
5b:59:8a:77:2b:c1:2f:06:dc:2f:27:48:2f:90:b3:50:14:98:
55:76:ea:d2:49:b0:1f:69:e8:5c:60:66:3b:78:d7:41:c5:86:
23:43:8b:98:c0:d8:90:3b:40:b4:16:43:68:ea:2f:6d:a9:37:
00:0b:44:96:88:d3:1a:d5:d7:de:50:fe:ec:a1:8b:dc:7c:3a:
e9:8c:a7:40:34:c8:bf:b1:ed:00:e8:d3:93:68:0f:9b:03:3b:
5f:7d:9f:11:67:98:27:fd:eb:42:52:e4:e0:bf:5f:a5:58:23:
41:ac:b1:47:ea:64:de:e0:44:c4:30:7d:b5:7f:88:6d:36:33:
7d:74:98:53:32:82:63:57:cf:3c:91:b1:11:e8:3c:46:1d:cd:
18:40:50:60:8a:d6:fe:6c:03:c2:1f:df:42:ca:bd:06:d2:16:
c5:28:58:32
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBNcEPjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTc3OWU1NjIzOGI2ZjJlYTA2OGVkZTRlMjBhZWYwMGM5MDQxMzJiMB4XDTIyMDUw
MzA4MjE1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWQ2ZWQ0NTY3OWRh
ZTA0OTZiNDY4ZWZkMmU0N2Y5MzY0NTkwY2QyYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJwTuX/ont7C5XJ1u/hfXrNT9O7bOWbxIkvgOreindl8Psg+
lzhNE+UuUxbsNArQcoITjuAocxqhF4ZRsH83ygyTQuU+Yxe/A0QdO6MmJI99ZaGZ
cKBYqf+zEO5LgNT1zvuJiT9HdQLv2yBEV6EVHcyFp1PBr6QovSCGHOrIRocHFHd9
8g6R1HZeFKHsc0juLbYFNsSuu+UDPD0KeMnMJcFjJTX+9oBx2MwhTOfx5SwxFPWv
/+kMg2A6fert6Qj/r6e3kAf7cnzcQo2WvOyldxusEI/tv3vCOTcMNm4W/33Mz13p
C1a3UwmFv1MAsXFdkK7MCdVwtMAuxq0IXTGQBMUCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBStbtRWedrgSWtGjv0uR/k2RZDNKzAfBgNVHSMEGDAWgBT+d55WI4tvLqBo
7eTiCu8AyQQTKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19uZWVWaU9MYnk2Z2FPM2s0Z3J2QU1rRUV5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8x
L3JXN1VWbm5hNEVsclJvNzlMa2Y1TmtXUXpTcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8xL19uZWVWaU9MYnk2
Z2FPM2s0Z3J2QU1rRUV5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEA7A0iAMEA7A0mDANBgkqhkiG9w0B
AQsFAAOCAQEAKvLKQErPwiYp9DSHyyk1wAkeoS9z+agKwVRxR3bdyGt8W54bCsfp
Z0xHwRXzaR/mNwG9/l2tu1VEhuxeSC0exXqZMQ4pWpETJ/cqPDVyLvHO5sJaP27Z
DX2DW1mKdyvBLwbcLydIL5CzUBSYVXbq0kmwH2noXGBmO3jXQcWGI0OLmMDYkDtA
tBZDaOovbak3AAtElojTGtXX3lD+7KGL3Hw66YynQDTIv7HtAOjTk2gPmwM7X32f
EWeYJ/3rQlLk4L9fpVgjQayxR+pk3uBExDB9tX+IbTYzfXSYUzKCY1fPPJGxEeg8
Rh3NGEBQYIrW/mwDwh/fQsq9BtIWxShYMg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org