Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/ru3hawkGG7zRzG5OwvgjpH3D0UQ.roa
File: ru3hawkGG7zRzG5OwvgjpH3D0UQ.roa (raw, json)
Hash identifier: 0Kez6QlGumkz16Y4uVJc+V4TL2uXoDsap9UdaoaL/lA=
Subject key identifier: AE:ED:E1:6B:09:06:1B:BC:D1:CC:6E:4E:C2:F8:23:A4:7D:C3:D1:44
Certificate issuer: /CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Certificate serial: 018693B6F1C0469425515840BABBEC436C3F
Authority key identifier: 16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/ru3hawkGG7zRzG5OwvgjpH3D0UQ.roa
Signing time: Mon 27 Feb 2023 16:31:25 +0000
ROA not before: Mon 27 Feb 2023 16:31:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16154
IP address blocks: 88.213.192.0/22 maxlen: 24
88.213.198.0/23 maxlen: 24
88.213.200.0/21 maxlen: 24
80.95.24.0/21 maxlen: 24
217.79.64.0/19 maxlen: 24
2a02:7900::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:93:b6:f1:c0:46:94:25:51:58:40:ba:bb:ec:43:6c:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Validity
Not Before: Feb 27 16:31:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aeede16b09061bbcd1cc6e4ec2f823a47dc3d144
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:a3:33:5c:23:1b:7e:79:3b:5e:68:f8:a3:06:
75:ed:65:fb:1e:f5:91:9f:d1:98:b5:89:e6:cf:63:
62:2a:13:0c:74:ff:c6:1f:07:1b:34:97:c1:7a:39:
ce:d6:96:5c:af:53:3d:1c:85:78:19:15:6d:b2:d8:
78:11:09:fb:d6:12:34:6c:3c:c7:8a:4a:04:80:28:
4b:c7:3a:a1:3b:d8:d0:48:8b:84:72:9e:24:92:c0:
f8:38:50:87:a7:8a:22:08:8f:20:79:27:d2:05:b8:
4b:d1:99:ce:d7:23:6a:be:5a:7d:81:66:34:f8:4a:
81:ca:08:9e:52:91:51:d9:11:26:0d:92:4b:38:1d:
29:34:e9:f6:9b:22:1e:5d:56:3f:9a:10:95:f7:7a:
3f:7b:ca:a1:f4:e6:74:ca:9a:7d:d0:a4:69:37:a8:
65:ba:4b:38:23:32:ed:46:5a:54:62:12:05:38:a3:
a6:fe:01:85:20:32:26:9c:00:7d:80:c5:87:ac:74:
84:1f:07:40:a7:43:3f:4a:6c:a5:82:59:69:fb:56:
0e:ff:0c:43:0c:f3:f5:e5:15:dc:64:98:bd:23:1f:
10:a7:47:1b:1e:9c:f2:93:31:94:32:87:29:44:34:
4b:6d:0d:46:b2:25:3a:ee:1f:1d:96:0b:c2:ac:0e:
87:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:ED:E1:6B:09:06:1B:BC:D1:CC:6E:4E:C2:F8:23:A4:7D:C3:D1:44
X509v3 Authority Key Identifier:
keyid:16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/ru3hawkGG7zRzG5OwvgjpH3D0UQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.95.24.0/21
88.213.192.0/22
88.213.198.0-88.213.207.255
217.79.64.0/19
IPv6:
2a02:7900::/32
Signature Algorithm: sha256WithRSAEncryption
45:83:70:34:54:39:62:31:04:f7:b3:c7:c3:76:a1:c0:1e:88:
e4:3a:95:93:ac:3f:b4:b6:d1:f2:78:6c:63:d9:cf:00:b0:f6:
ce:54:32:61:d3:7e:e0:08:f1:37:9a:78:88:11:bf:5d:cc:5c:
38:88:6f:20:c4:97:2b:12:b4:e6:2f:d3:a8:b1:4f:97:d2:73:
69:0c:1f:9f:2d:ee:f4:43:a3:2a:90:d4:bc:93:48:97:aa:3f:
da:9b:d8:38:0a:7d:81:a3:e9:86:0e:36:88:c8:3f:95:5c:6e:
7b:5b:c4:7f:0d:67:d6:da:6e:e8:8d:ab:6f:4c:dc:4d:ff:30:
9e:e7:68:64:41:ee:0c:e5:97:fd:a5:42:42:b8:11:a4:3c:dd:
39:53:11:a7:0d:0c:79:ea:eb:fb:90:08:ae:44:4d:c8:55:a2:
a0:d1:dc:06:15:ee:83:13:2d:2d:2a:f3:a8:48:1d:5b:b4:a8:
4e:2c:22:9e:6b:46:54:bb:96:a8:c8:bb:fa:22:70:a5:62:88:
12:fa:6c:38:e2:a9:ac:78:aa:ef:ef:79:11:76:f7:50:17:30:
e0:54:ed:8c:75:31:d2:26:bc:5e:49:5a:da:37:61:5e:18:c0:
51:af:3a:86:5d:59:6b:84:c5:80:d7:7d:f1:b6:d5:d1:25:e6:
85:21:93:5e
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYaTtvHARpQlUVhAurvsQ2w/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjQxZGQ4M2Q4YWMwODBiNjY1MDRiZjkzNzQ1OWZmY2Vj
NGNjYzQwHhcNMjMwMjI3MTYzMTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWVkZTE2YjA5MDYxYmJjZDFjYzZlNGVjMmY4MjNhNDdkYzNkMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaMzXCMbfnk7Xmj4owZ17WX7HvWR
n9GYtYnmz2NiKhMMdP/GHwcbNJfBejnO1pZcr1M9HIV4GRVtsth4EQn71hI0bDzH
ikoEgChLxzqhO9jQSIuEcp4kksD4OFCHp4oiCI8geSfSBbhL0ZnO1yNqvlp9gWY0
+EqBygieUpFR2REmDZJLOB0pNOn2myIeXVY/mhCV93o/e8qh9OZ0ypp90KRpN6hl
uks4IzLtRlpUYhIFOKOm/gGFIDImnAB9gMWHrHSEHwdAp0M/Smylgllp+1YO/wxD
DPP15RXcZJi9Ix8Qp0cbHpzykzGUMocpRDRLbQ1GsiU67h8dlgvCrA6HwwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFK7t4WsJBhu80cxuTsL4I6R9w9FEMB8GA1UdIwQY
MBaAFBYkHdg9isCAtmUEv5N0Wf/OxMzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWIt
NWU3NDlmNDM0MWE0LzEvcnUzaGF3a0dHN3pSekc1T3d2Z2pwSDNEMFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWItNWU3NDlmNDM0MWE0
LzEvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQDUF8YAwQC
WNXAMAwDBAFY1cYDBARY1cADBAXZT0AwDQQCAAIwBwMFACoCeQAwDQYJKoZIhvcN
AQELBQADggEBAEWDcDRUOWIxBPezx8N2ocAeiOQ6lZOsP7S20fJ4bGPZzwCw9s5U
MmHTfuAI8TeaeIgRv13MXDiIbyDElysStOYv06ixT5fSc2kMH58t7vRDoyqQ1LyT
SJeqP9qb2DgKfYGj6YYONojIP5VcbntbxH8NZ9babuiNq29M3E3/MJ7naGRB7gzl
l/2lQkK4EaQ83TlTEacNDHnq6/uQCK5ETchVoqDR3AYV7oMTLS0q86hIHVu0qE4s
Ip5rRlS7lqjIu/oicKViiBL6bDjiqax4qu/veRF291AXMOBU7Yx1MdImvF5JWto3
YV4YwFGvOoZdWWuExYDXffG21dEl5oUhk14=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:56 2023 by rpki-client on console-ams.rpki-client.org