Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/4I7aYRrEACqCOS0NltYDU6rFx3Q.roa
File: 4I7aYRrEACqCOS0NltYDU6rFx3Q.roa (raw, json)
Hash identifier: I5lMiUoKrW9irs3VcG6M/Dh3l7ehQQCeHKKLXN/BxC8=
Subject key identifier: E0:8E:DA:61:1A:C4:00:2A:82:39:2D:0D:96:D6:03:53:AA:C5:C7:74
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018D59781CB6B74772C3970A2E39A4233995
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/4I7aYRrEACqCOS0NltYDU6rFx3Q.roa
Signing time: Tue 30 Jan 2024 08:24:20 +0000
ROA not before: Tue 30 Jan 2024 08:24:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209372
IP address blocks: 78.136.248.0/23 maxlen: 24
78.136.250.0/23 maxlen: 24
78.136.252.0/23 maxlen: 24
78.136.254.0/24 maxlen: 24
78.136.255.0/24 maxlen: 24
88.204.44.0/23 maxlen: 24
88.204.46.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:59:78:1c:b6:b7:47:72:c3:97:0a:2e:39:a4:23:39:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jan 30 08:24:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e08eda611ac4002a82392d0d96d60353aac5c774
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f4:f0:f2:9e:03:f3:30:88:21:a1:c2:b7:0f:
a9:f2:7b:96:2f:47:52:38:bc:9d:da:5e:c7:b6:79:
14:ed:27:88:48:a3:c0:b7:73:7f:d3:d9:fe:4a:06:
40:28:8a:b8:4b:c0:e7:9d:8b:8c:8f:49:89:99:3b:
92:09:db:b6:e9:01:46:b3:e9:42:01:b5:f2:b8:58:
c2:9f:86:c9:e3:bf:f0:b7:6c:80:ed:bd:50:9a:f7:
09:22:f3:4f:03:7c:40:40:93:75:a5:ff:be:82:36:
6c:a3:86:8d:55:b8:49:c1:e4:dd:dc:20:57:35:d9:
24:a4:fd:01:9c:91:02:2f:a0:1c:24:d7:f3:c0:d6:
d5:e0:9b:a6:bc:86:72:5f:c6:ff:f4:d2:3d:b0:fb:
40:8c:19:4d:72:1f:15:23:df:2e:f3:49:d5:4e:93:
cd:4f:b2:c1:2b:86:de:6c:62:4f:08:33:1e:58:79:
1e:82:c8:a4:70:e7:85:32:43:85:e7:46:78:be:19:
a0:a7:c8:11:3d:f6:f6:16:cc:f7:5f:6d:cf:7b:c4:
17:f0:a0:fe:54:22:c6:8d:32:85:3b:d3:53:0e:a7:
3b:59:44:38:5f:82:f7:29:93:f7:70:ab:29:c9:50:
6c:78:48:99:03:6a:c3:0b:01:21:4a:89:4b:70:56:
39:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:8E:DA:61:1A:C4:00:2A:82:39:2D:0D:96:D6:03:53:AA:C5:C7:74
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/4I7aYRrEACqCOS0NltYDU6rFx3Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0/21
88.204.44.0/22
Signature Algorithm: sha256WithRSAEncryption
38:04:90:35:59:16:41:d9:31:d0:b3:19:b3:91:11:ec:af:88:
a5:63:70:a9:d7:ff:85:30:60:68:ab:5a:4b:2e:dc:29:97:cd:
45:67:4b:4d:c6:b6:27:4b:65:45:e0:33:fa:c0:30:e5:e1:4d:
28:e1:33:b5:27:19:ef:7c:92:e7:bf:52:86:5a:e3:19:96:9d:
83:35:1c:c5:90:43:b3:ed:fd:1e:4b:5e:29:8d:da:a8:b7:1c:
48:f8:0c:26:65:ca:ed:a4:a0:0a:79:87:2d:8f:20:e1:13:3a:
a0:71:e3:c2:db:92:19:75:05:0a:12:e1:87:f3:38:92:4a:50:
5c:cd:c9:09:e2:52:55:ea:89:a2:a2:c6:81:fd:84:e1:0b:a5:
d8:ea:b5:0d:e9:be:5a:5f:8b:cb:62:61:ce:fb:75:a2:2f:c0:
97:a7:f0:88:67:af:f8:1c:9a:5c:a3:35:be:08:bb:e1:0a:e2:
37:44:a0:45:9a:74:3a:3d:6a:80:95:26:7e:04:58:19:dc:47:
8e:71:a8:58:91:48:0b:4a:17:81:2e:36:f9:72:91:a5:13:bf:
76:7a:aa:66:5f:54:3b:be:46:0b:a0:38:d0:b0:17:89:69:d3:
4f:2b:98:ba:e0:16:9a:54:39:66:79:14:a3:89:38:47:c2:e9:
d6:79:09:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1ZeBy2t0dyw5cKLjmkIzmVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjQwMTMwMDgyNDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDhlZGE2MTFhYzQwMDJhODIzOTJkMGQ5NmQ2MDM1M2FhYzVjNzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/Tw8p4D8zCIIaHCtw+p8nuWL0dS
OLyd2l7HtnkU7SeISKPAt3N/09n+SgZAKIq4S8DnnYuMj0mJmTuSCdu26QFGs+lC
AbXyuFjCn4bJ47/wt2yA7b1QmvcJIvNPA3xAQJN1pf++gjZso4aNVbhJweTd3CBX
NdkkpP0BnJECL6AcJNfzwNbV4JumvIZyX8b/9NI9sPtAjBlNch8VI98u80nVTpPN
T7LBK4bebGJPCDMeWHkegsikcOeFMkOF50Z4vhmgp8gRPfb2Fsz3X23Pe8QX8KD+
VCLGjTKFO9NTDqc7WUQ4X4L3KZP3cKspyVBseEiZA2rDCwEhSolLcFY5jwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOCO2mEaxAAqgjktDZbWA1Oqxcd0MB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvNEk3YVlSckVBQ3FDT1MwTmx0WURVNnJGeDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDToj4AwQC
WMwsMA0GCSqGSIb3DQEBCwUAA4IBAQA4BJA1WRZB2THQsxmzkRHsr4ilY3Cp1/+F
MGBoq1pLLtwpl81FZ0tNxrYnS2VF4DP6wDDl4U0o4TO1JxnvfJLnv1KGWuMZlp2D
NRzFkEOz7f0eS14pjdqotxxI+AwmZcrtpKAKeYctjyDhEzqgcePC25IZdQUKEuGH
8ziSSlBczckJ4lJV6omiosaB/YThC6XY6rUN6b5aX4vLYmHO+3WiL8CXp/CIZ6/4
HJpcozW+CLvhCuI3RKBFmnQ6PWqAlSZ+BFgZ3EeOcahYkUgLSheBLjb5cpGlE792
eqpmX1Q7vkYLoDjQsBeJadNPK5i64BaaVDlmeRSjiThHwunWeQkE
-----END CERTIFICATE-----
Generated at Mon Apr 15 14:34:14 2024 by rpki-client on console-ams.rpki-client.org