Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/ubi-9s906_gKYF0ghe3QG4GWnOk.roa
File: ubi-9s906_gKYF0ghe3QG4GWnOk.roa (raw, json)
Hash identifier: aIBXITlX9wym3BIeSUYvRWasGDrJtOE4+yPu0/2i0hI=
Subject key identifier: B9:B8:BE:F6:CF:74:EB:F8:0A:60:5D:20:85:ED:D0:1B:81:96:9C:E9
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 0184540AE1002181AA446AF7E12FA62CDA68
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/ubi-9s906_gKYF0ghe3QG4GWnOk.roa
Signing time: Mon 07 Nov 2022 21:41:49 +0000
ROA not before: Mon 07 Nov 2022 21:41:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 176.52.128.0/22 maxlen: 24
176.52.132.0/22 maxlen: 24
176.52.136.0/22 maxlen: 22
176.52.144.0/22 maxlen: 24
176.52.140.0/22 maxlen: 22
176.52.152.0/22 maxlen: 22
176.52.148.0/22 maxlen: 24
176.52.156.0/22 maxlen: 22
92.53.160.0/22 maxlen: 24
92.53.172.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:54:0a:e1:00:21:81:aa:44:6a:f7:e1:2f:a6:2c:da:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Nov 7 21:41:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b9b8bef6cf74ebf80a605d2085edd01b81969ce9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:7c:27:d3:0a:f8:d9:e4:85:f0:de:1e:b8:a4:
34:44:3f:0e:85:58:a5:f1:53:b6:98:1a:ad:8d:77:
dc:ff:94:12:c7:88:e5:f0:19:0f:aa:76:ca:59:bf:
cb:0f:1d:f2:fa:cb:8d:01:26:4a:cb:89:57:be:52:
3f:aa:98:69:0c:09:f8:50:f3:79:2b:e0:54:56:d1:
fd:34:7c:6e:bd:59:a2:72:8a:bf:20:21:dd:32:04:
5f:e5:74:26:ab:34:f0:84:72:c8:08:e5:4d:b3:24:
04:72:32:c4:18:48:58:4b:34:32:63:7a:de:68:87:
81:20:a2:41:66:eb:a9:59:de:fb:e4:14:6f:8f:7f:
f9:25:8a:63:e3:6a:5d:c8:70:de:9c:7d:4f:53:e5:
37:38:f4:0b:1c:46:94:6b:24:9b:e2:32:f5:6d:5d:
7f:61:d8:14:31:32:ff:dd:57:9b:69:68:e1:c3:66:
e5:9f:ad:1d:d4:6f:09:04:6f:3a:cc:e0:71:d6:71:
cb:32:ec:85:5e:b2:ac:d1:1a:3d:68:f8:ee:ad:75:
5a:6f:43:06:ac:4d:2c:28:ee:25:5e:61:23:2b:16:
27:5f:47:63:2a:e2:63:57:05:e6:c2:e2:fa:3c:a6:
a2:75:e8:32:c1:04:32:59:92:a9:7f:53:89:42:74:
4e:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:B8:BE:F6:CF:74:EB:F8:0A:60:5D:20:85:ED:D0:1B:81:96:9C:E9
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/ubi-9s906_gKYF0ghe3QG4GWnOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.53.160.0/22
92.53.172.0/22
176.52.128.0/19
Signature Algorithm: sha256WithRSAEncryption
40:09:10:0d:cb:c1:4a:0c:2e:0f:87:85:3a:5d:99:b0:9d:d5:
7d:05:78:fe:ca:32:0c:2a:e0:f1:c4:17:79:8d:e6:19:3c:36:
85:d4:2c:ff:53:da:fa:3e:2b:da:ac:73:ea:09:26:f1:d2:52:
0d:ea:1e:a5:2d:23:5d:45:e6:ae:4b:79:0b:75:cb:df:24:0e:
bc:d9:be:38:43:08:5a:15:2d:43:ed:a4:4a:52:43:14:81:84:
bb:b4:b5:cb:2b:3c:06:76:3b:38:33:d8:7f:bb:ce:1b:8e:92:
83:24:20:5b:06:15:d5:6e:00:04:9b:73:db:bf:8a:36:bc:a6:
dd:83:40:47:62:68:1b:9c:09:5b:64:1c:5f:d8:e8:8b:7b:d9:
bb:33:16:04:2a:94:47:fe:85:0f:57:20:67:95:f4:1e:3a:8a:
3f:ea:f4:84:71:46:eb:6b:0c:78:26:0f:75:38:e7:08:e9:00:
1a:4a:11:c1:3a:be:7b:7a:e1:a4:de:7c:e8:06:c7:5a:94:4f:
da:ec:3b:b3:8b:23:3c:12:e5:91:89:9d:93:ce:3c:ae:c8:f4:
5e:4b:eb:d9:19:31:c2:bc:dd:c2:a0:8d:e2:9d:14:84:a5:b6:
4f:04:34:00:db:90:5c:e2:87:01:bb:cf:46:d3:c4:49:9c:19:
6f:94:2a:66
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYRUCuEAIYGqRGr34S+mLNpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMTA3MjE0MTQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWI4YmVmNmNmNzRlYmY4MGE2MDVkMjA4NWVkZDAxYjgxOTY5Y2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXwn0wr42eSF8N4euKQ0RD8OhVil
8VO2mBqtjXfc/5QSx4jl8BkPqnbKWb/LDx3y+suNASZKy4lXvlI/qphpDAn4UPN5
K+BUVtH9NHxuvVmicoq/ICHdMgRf5XQmqzTwhHLICOVNsyQEcjLEGEhYSzQyY3re
aIeBIKJBZuupWd775BRvj3/5JYpj42pdyHDenH1PU+U3OPQLHEaUaySb4jL1bV1/
YdgUMTL/3VebaWjhw2bln60d1G8JBG86zOBx1nHLMuyFXrKs0Ro9aPjurXVab0MG
rE0sKO4lXmEjKxYnX0djKuJjVwXmwuL6PKaidegywQQyWZKpf1OJQnROnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLm4vvbPdOv4CmBdIIXt0BuBlpzpMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvdWJpLTlzOTA2X2dLWUYwZ2hlM1FHNEdXbk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCXDWgAwQC
XDWsAwQFsDSAMA0GCSqGSIb3DQEBCwUAA4IBAQBACRANy8FKDC4Ph4U6XZmwndV9
BXj+yjIMKuDxxBd5jeYZPDaF1Cz/U9r6PivarHPqCSbx0lIN6h6lLSNdReauS3kL
dcvfJA682b44QwhaFS1D7aRKUkMUgYS7tLXLKzwGdjs4M9h/u84bjpKDJCBbBhXV
bgAEm3Pbv4o2vKbdg0BHYmgbnAlbZBxf2OiLe9m7MxYEKpRH/oUPVyBnlfQeOoo/
6vSEcUbrawx4Jg91OOcI6QAaShHBOr57euGk3nzoBsdalE/a7DuziyM8EuWRiZ2T
zjyuyPReS+vZGTHCvN3CoI3inRSEpbZPBDQA25Bc4ocBu89G08RJnBlvlCpm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:05 2024 by rpki-client on console-ams.rpki-client.org