Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/sg9lejqgdrJCpT1JMM3C4S49g8g.roa
File: sg9lejqgdrJCpT1JMM3C4S49g8g.roa (raw, json)
Hash identifier: ftGavxW2lpbIynm6WsJDRw9tLn+WdciBupNtk/0L0to=
Subject key identifier: B2:0F:65:7A:3A:A0:76:B2:42:A5:3D:49:30:CD:C2:E1:2E:3D:83:C8
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 0184400D1494A30EF21296DDBB322410A54D
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/sg9lejqgdrJCpT1JMM3C4S49g8g.roa
Signing time: Fri 04 Nov 2022 00:31:49 +0000
ROA not before: Fri 04 Nov 2022 00:31:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.144.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
176.52.148.0/22 maxlen: 24
176.52.156.0/22 maxlen: 22
92.53.160.0/22 maxlen: 24
92.53.172.0/22 maxlen: 22
92.53.168.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:40:0d:14:94:a3:0e:f2:12:96:dd:bb:32:24:10:a5:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Nov 4 00:31:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b20f657a3aa076b242a53d4930cdc2e12e3d83c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:23:ba:19:a4:7f:1c:dc:0a:3b:e8:0b:d7:c5:
1d:ce:68:0c:e1:b7:e8:ac:88:78:8c:b9:d6:79:5b:
db:37:31:9b:ce:95:00:58:ce:8a:58:02:3f:01:20:
97:e7:34:d5:f0:1f:df:57:ef:69:ac:e6:69:a9:bd:
e1:b8:88:d3:a7:ab:f0:ee:70:2d:b3:a3:80:b6:64:
51:43:af:51:e9:c0:a0:b6:5e:52:82:2c:22:8d:c0:
7c:49:0a:89:a4:cd:72:f5:4a:8d:26:db:35:89:b3:
a8:2f:cc:2c:6a:80:1a:da:2b:48:65:20:2e:b6:df:
c3:60:8a:98:d0:5e:98:8f:f4:0e:6e:75:8d:01:dd:
ca:b6:37:6b:44:b2:0b:b3:93:80:58:c6:69:a5:cc:
a1:68:fd:53:42:f9:bc:1c:0d:11:e6:45:68:e4:56:
cd:a4:9f:9f:7a:af:65:63:35:74:cb:92:05:6a:fd:
4f:39:9c:a9:ea:fc:91:23:27:12:3d:da:93:a4:f6:
51:2f:57:33:b0:df:d2:ac:ca:38:e4:95:db:0b:2a:
70:da:1d:d9:e6:16:60:f7:74:30:3a:f2:13:32:50:
7f:72:20:ca:22:eb:d3:06:34:3e:ec:0c:dc:ab:e3:
45:b1:80:74:75:2b:11:12:6e:6b:3b:6e:f1:9e:ac:
31:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:0F:65:7A:3A:A0:76:B2:42:A5:3D:49:30:CD:C2:E1:2E:3D:83:C8
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/sg9lejqgdrJCpT1JMM3C4S49g8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.160.0/22
92.53.168.0/21
176.52.128.0/21
176.52.140.0-176.52.159.255
Signature Algorithm: sha256WithRSAEncryption
17:c3:4f:54:6a:98:60:34:f7:3c:b0:58:0d:85:5b:6a:00:3e:
03:72:6e:d7:3d:ed:4d:3f:d7:e1:9f:f0:db:e5:be:cd:05:3d:
ca:c3:dd:11:33:d2:cd:00:33:f3:59:b8:3f:51:5d:5a:5f:1a:
ea:ba:9c:81:dc:61:07:19:2b:90:a8:38:9c:27:f4:8a:af:dd:
60:e6:ed:f1:bc:ac:56:26:ba:02:48:ce:3b:88:d3:02:2d:86:
b4:3b:65:e9:ef:4d:4d:3a:f2:21:9a:f9:97:5a:d9:3b:fd:c6:
54:f1:c1:a3:55:d4:ed:10:90:6f:a5:3b:a4:2c:3b:5e:83:98:
2e:86:ad:df:45:a3:26:3f:55:f2:55:6c:6e:ad:76:34:ce:20:
30:7e:a8:6b:c4:19:8b:d1:79:45:0b:d7:49:bb:62:f5:4f:e5:
f5:99:35:6f:81:ac:7e:0c:e8:ed:6e:22:d3:3b:f5:4d:dc:b2:
3a:79:99:23:b5:40:c7:fe:36:eb:0b:f4:ba:1b:05:98:77:5b:
24:fc:83:e1:ee:4a:0e:00:de:80:52:06:ac:dd:2b:b0:3e:e4:
2b:a7:8d:3c:1c:90:ec:00:22:53:1f:89:01:ed:c5:26:69:d3:
79:aa:ac:95:ab:41:e0:a8:ca:24:d2:95:15:17:f7:ae:f1:81:
d9:f5:fc:c0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYRADRSUow7yEpbduzIkEKVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMTA0MDAzMTQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBmNjU3YTNhYTA3NmIyNDJhNTNkNDkzMGNkYzJlMTJlM2Q4M2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSO6GaR/HNwKO+gL18UdzmgM4bfo
rIh4jLnWeVvbNzGbzpUAWM6KWAI/ASCX5zTV8B/fV+9prOZpqb3huIjTp6vw7nAt
s6OAtmRRQ69R6cCgtl5SgiwijcB8SQqJpM1y9UqNJts1ibOoL8wsaoAa2itIZSAu
tt/DYIqY0F6Yj/QObnWNAd3KtjdrRLILs5OAWMZppcyhaP1TQvm8HA0R5kVo5FbN
pJ+feq9lYzV0y5IFav1POZyp6vyRIycSPdqTpPZRL1czsN/SrMo45JXbCypw2h3Z
5hZg93QwOvITMlB/ciDKIuvTBjQ+7Azcq+NFsYB0dSsREm5rO27xnqwxBwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLIPZXo6oHayQqU9STDNwuEuPYPIMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvc2c5bGVqcWdkckpDcFQxSk1NM0M0UzQ5ZzhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCXDWgAwQD
XDWoAwQDsDSAMAwDBAKwNIwDBAWwNIAwDQYJKoZIhvcNAQELBQADggEBABfDT1Rq
mGA09zywWA2FW2oAPgNybtc97U0/1+Gf8Nvlvs0FPcrD3REz0s0AM/NZuD9RXVpf
Guq6nIHcYQcZK5CoOJwn9Iqv3WDm7fG8rFYmugJIzjuI0wIthrQ7ZenvTU068iGa
+Zda2Tv9xlTxwaNV1O0QkG+lO6QsO16DmC6Grd9FoyY/VfJVbG6tdjTOIDB+qGvE
GYvReUUL10m7YvVP5fWZNW+BrH4M6O1uItM79U3csjp5mSO1QMf+NusL9LobBZh3
WyT8g+HuSg4A3oBSBqzdK7A+5CunjTwckOwAIlMfiQHtxSZp03mqrJWrQeCoyiTS
lRUX967xgdn1/MA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org