Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rsUXw8AfyKievSlx4fQ_iM_Trv8.roa
File: rsUXw8AfyKievSlx4fQ_iM_Trv8.roa (raw, json)
Hash identifier: l4HyaUVJ2BEHpD0V7iVj3veXBg6L4bUUdwYGYNh0QiY=
Subject key identifier: AE:C5:17:C3:C0:1F:C8:A8:9E:BD:29:71:E1:F4:3F:88:CF:D3:AE:FF
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 01838A0B1FC96520CE70C614E9D34E71EDBC
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rsUXw8AfyKievSlx4fQ_iM_Trv8.roa
Signing time: Thu 29 Sep 2022 16:18:48 +0000
ROA not before: Thu 29 Sep 2022 16:18:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 92.53.176.0/22 maxlen: 22
92.53.184.0/22 maxlen: 22
176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
92.53.160.0/22 maxlen: 24
92.53.172.0/22 maxlen: 22
92.53.168.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:8a:0b:1f:c9:65:20:ce:70:c6:14:e9:d3:4e:71:ed:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Sep 29 16:18:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=aec517c3c01fc8a89ebd2971e1f43f88cfd3aeff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d2:00:04:7e:8c:94:da:10:4f:89:0f:6f:2f:
68:f1:8a:10:59:a9:7d:b5:80:70:ca:16:f1:35:31:
3b:45:76:c7:9b:95:13:48:f1:c5:51:ed:57:54:a7:
81:26:2f:5d:15:28:b2:e7:2a:2d:67:c3:5d:ed:03:
7d:7a:0d:de:dd:0b:a9:90:bb:fe:f2:0f:6d:35:e6:
d5:38:b4:75:84:ff:74:17:8e:4b:9a:a4:ef:d5:a4:
55:bb:76:8d:51:88:e1:00:57:26:78:3f:a2:15:67:
dd:e5:1f:d8:15:81:f7:9c:10:da:dc:cc:4c:03:6a:
fa:13:1a:64:72:0b:c7:9a:81:28:37:21:fd:86:fa:
a9:63:d7:72:98:43:9d:65:44:25:55:2b:13:1e:05:
9a:30:3f:41:9b:d6:3d:82:18:fe:5d:2d:d9:44:f1:
5d:6d:29:1c:cf:93:aa:23:13:f7:30:7b:b2:f4:3d:
5e:64:c3:4d:b7:19:f1:a7:b6:87:e0:fe:61:06:d3:
9d:61:f0:e6:59:d6:56:c1:95:75:7c:84:d8:07:2a:
14:9a:41:7e:13:58:63:6c:b2:6f:7a:b7:c4:0d:a3:
00:35:89:7b:c1:19:45:e1:fc:cd:3e:4e:1c:bb:f4:
8f:95:23:66:a9:55:6b:cd:9c:ac:04:ae:63:63:9e:
72:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:C5:17:C3:C0:1F:C8:A8:9E:BD:29:71:E1:F4:3F:88:CF:D3:AE:FF
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rsUXw8AfyKievSlx4fQ_iM_Trv8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.160.0/22
92.53.168.0-92.53.179.255
92.53.184.0/22
176.52.128.0/21
176.52.140.0/22
176.52.152.0/22
Signature Algorithm: sha256WithRSAEncryption
21:7e:ac:19:08:ac:5d:4a:57:51:48:0f:45:0f:d5:3a:ad:99:
38:92:93:4c:fd:07:58:a9:c5:1b:68:80:b6:db:2c:b5:28:fc:
0b:62:00:be:2d:fa:7b:e4:04:8b:64:73:08:4e:11:7e:b8:89:
39:e9:0a:c8:cf:21:d5:cd:ca:f7:76:8e:ad:b1:d9:a7:cd:36:
92:0d:be:83:f6:e5:73:43:85:3e:b9:fa:4a:c7:f0:15:87:30:
67:ab:ce:e5:37:65:9b:ce:f1:22:65:10:1f:87:b9:a9:0e:87:
f4:56:6f:93:41:af:ab:04:2e:cf:53:af:88:c5:3c:93:98:04:
a8:52:8f:20:82:6f:b7:07:75:9f:7c:35:2d:bb:8a:12:da:ac:
e3:e3:02:6e:b8:9d:61:9c:ce:3f:55:60:4d:c9:e0:ff:11:dd:
2c:c1:26:b3:15:55:95:de:72:84:80:f6:87:50:b5:07:ea:8b:
07:b4:ad:b1:d1:8b:0e:51:f0:13:ae:7e:89:14:aa:01:63:18:
88:be:98:56:1e:38:8e:05:b0:76:b4:b4:c1:23:8b:bc:93:f1:
2d:1e:72:55:d3:a9:2c:68:7a:c1:fe:5c:8b:d4:38:63:16:81:
1d:ff:07:bb:07:f3:a2:06:10:fc:7e:19:0a:7f:da:19:8f:92:
aa:8d:c9:b6
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYOKCx/JZSDOcMYU6dNOce28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIwOTI5MTYxODQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWM1MTdjM2MwMWZjOGE4OWViZDI5NzFlMWY0M2Y4OGNmZDNhZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtIABH6MlNoQT4kPby9o8YoQWal9
tYBwyhbxNTE7RXbHm5UTSPHFUe1XVKeBJi9dFSiy5yotZ8Nd7QN9eg3e3QupkLv+
8g9tNebVOLR1hP90F45LmqTv1aRVu3aNUYjhAFcmeD+iFWfd5R/YFYH3nBDa3MxM
A2r6ExpkcgvHmoEoNyH9hvqpY9dymEOdZUQlVSsTHgWaMD9Bm9Y9ghj+XS3ZRPFd
bSkcz5OqIxP3MHuy9D1eZMNNtxnxp7aH4P5hBtOdYfDmWdZWwZV1fITYByoUmkF+
E1hjbLJverfEDaMANYl7wRlF4fzNPk4cu/SPlSNmqVVrzZysBK5jY55y/wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFK7FF8PAH8ionr0pceH0P4jP067/MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvcnNVWHc4QWZ5S2lldlNseDRmUV9pTV9UcnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCXDWgMAwD
BANcNagDBAJcNbADBAJcNbgDBAOwNIADBAKwNIwDBAKwNJgwDQYJKoZIhvcNAQEL
BQADggEBACF+rBkIrF1KV1FID0UP1TqtmTiSk0z9B1ipxRtogLbbLLUo/AtiAL4t
+nvkBItkcwhOEX64iTnpCsjPIdXNyvd2jq2x2afNNpINvoP25XNDhT65+krH8BWH
MGerzuU3ZZvO8SJlEB+HuakOh/RWb5NBr6sELs9Tr4jFPJOYBKhSjyCCb7cHdZ98
NS27ihLarOPjAm64nWGczj9VYE3J4P8R3SzBJrMVVZXecoSA9odQtQfqiwe0rbHR
iw5R8BOufokUqgFjGIi+mFYeOI4FsHa0tMEji7yT8S0eclXTqSxoesH+XIvUOGMW
gR3/B7sH86IGEPx+GQp/2hmPkqqNybY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org