Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/c4FbdqczSerEQclTomnCYuGkZZg.roa
File: c4FbdqczSerEQclTomnCYuGkZZg.roa (raw, json)
Hash identifier: 1D5RbwHye4qCisPpHITiQ1X97XgIhj1+0HtPqXd93ac=
Subject key identifier: 73:81:5B:76:A7:33:49:EA:C4:41:C9:53:A2:69:C2:62:E1:A4:65:98
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018A4BF1732170D5E8C4323FBA7B2ACE51CD
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/c4FbdqczSerEQclTomnCYuGkZZg.roa
Signing time: Thu 31 Aug 2023 14:13:49 +0000
ROA not before: Thu 31 Aug 2023 14:13:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59729
IP address blocks: 88.204.40.0/24 maxlen: 24
88.204.41.0/24 maxlen: 24
88.204.42.0/24 maxlen: 24
88.204.43.0/24 maxlen: 24
88.204.44.0/24 maxlen: 24
88.204.46.0/24 maxlen: 24
88.204.47.0/24 maxlen: 24
88.204.45.0/24 maxlen: 24
78.136.248.0/24 maxlen: 24
78.136.249.0/24 maxlen: 24
78.136.250.0/24 maxlen: 24
78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4b:f1:73:21:70:d5:e8:c4:32:3f:ba:7b:2a:ce:51:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Aug 31 14:13:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=73815b76a73349eac441c953a269c262e1a46598
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:4f:ae:54:e0:48:b6:9f:4c:90:aa:83:03:6f:
7e:1c:c1:1d:8f:46:d7:e1:2e:91:e7:ff:e9:2a:14:
77:c1:2f:8a:fa:04:71:ac:e4:1f:7e:1e:34:3c:df:
77:a1:cd:5e:f8:ed:00:70:55:2f:75:80:a8:f3:ab:
0c:fa:9e:d3:ab:1b:e9:9a:c7:42:4d:f2:8a:8e:13:
e0:48:4e:20:ab:0b:3a:25:1f:a1:56:82:93:5d:cb:
9d:f2:95:9c:19:aa:60:32:5f:fa:42:0a:5d:d7:d1:
a2:75:bb:35:28:91:dc:8c:c1:a1:26:21:80:a0:b1:
00:29:6b:47:5b:62:3b:64:e1:7f:bd:69:10:cf:e8:
73:59:ff:22:3e:d5:84:45:6d:c4:97:fb:b3:24:52:
ad:f7:97:df:1b:17:b2:6a:66:25:0c:82:5e:dd:be:
1b:fc:0e:4e:c1:4c:ff:d3:5f:f0:74:7a:62:e8:9d:
0f:b3:79:7d:1b:64:ec:52:5a:32:8c:98:e2:ee:b8:
3f:1a:0a:be:c3:cf:6a:b0:b9:9f:0c:7a:ae:ea:46:
61:0e:2c:e2:96:d7:c3:06:b3:84:88:34:8d:7e:75:
e3:b8:42:ec:47:7b:e4:a2:d0:59:59:3c:d9:ca:b1:
60:21:04:74:c8:cf:f4:da:d0:0b:6b:37:8a:75:f3:
66:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:81:5B:76:A7:33:49:EA:C4:41:C9:53:A2:69:C2:62:E1:A4:65:98
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/c4FbdqczSerEQclTomnCYuGkZZg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0-78.136.254.255
88.204.40.0/21
Signature Algorithm: sha256WithRSAEncryption
56:1b:a9:e6:a6:ee:76:a5:ba:54:3f:1a:fc:b4:2a:3a:60:98:
12:34:6f:f3:b6:39:92:15:cc:85:85:c7:1e:2c:88:a3:15:0a:
d4:46:aa:bf:41:8c:05:5e:d3:57:8e:c2:19:61:0b:68:d6:73:
43:bd:84:87:17:40:ab:72:f9:95:63:99:b0:60:08:10:e5:f4:
14:5d:8d:8e:c3:c6:3c:3b:79:62:24:38:d1:fa:59:46:d1:d1:
9b:68:d4:6c:b7:7b:f1:75:66:a9:ea:7c:32:41:59:55:82:43:
92:b6:36:5b:b0:dd:0e:d0:e7:71:4c:9f:07:2d:83:1f:6b:5d:
de:8d:fd:b1:f4:05:73:02:3b:9c:84:56:38:56:54:03:04:c5:
09:6c:3e:c2:0b:cb:91:e1:70:78:67:f4:cc:51:e4:7e:55:bc:
76:1b:19:a6:f2:19:3d:2b:17:14:a8:ee:2d:72:de:bc:57:e6:
a2:7d:2c:59:7c:49:d0:4e:30:ea:e0:62:16:10:14:79:93:8d:
ba:e0:2c:db:9b:45:b0:17:da:82:20:4b:24:9f:c5:20:ec:e6:
23:35:97:0a:4c:f5:91:6d:60:6d:98:c1:9d:ee:fd:90:82:53:
0a:2a:96:23:ef:01:12:63:5f:6d:13:b4:64:c8:e4:f1:02:e6:
92:27:9a:2d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYpL8XMhcNXoxDI/unsqzlHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMwODMxMTQxMzQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzgxNWI3NmE3MzM0OWVhYzQ0MWM5NTNhMjY5YzI2MmUxYTQ2NTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0+uVOBItp9MkKqDA29+HMEdj0bX
4S6R5//pKhR3wS+K+gRxrOQffh40PN93oc1e+O0AcFUvdYCo86sM+p7TqxvpmsdC
TfKKjhPgSE4gqws6JR+hVoKTXcud8pWcGapgMl/6Qgpd19Gidbs1KJHcjMGhJiGA
oLEAKWtHW2I7ZOF/vWkQz+hzWf8iPtWERW3El/uzJFKt95ffGxeyamYlDIJe3b4b
/A5OwUz/01/wdHpi6J0Ps3l9G2TsUloyjJji7rg/Ggq+w89qsLmfDHqu6kZhDizi
ltfDBrOEiDSNfnXjuELsR3vkotBZWTzZyrFgIQR0yM/02tALazeKdfNmqQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHOBW3anM0nqxEHJU6JpwmLhpGWYMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvYzRGYmRxY3pTZXJFUWNsVG9tbkNZdUdrWlpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANOiPgD
BABOiP4DBANYzCgwDQYJKoZIhvcNAQELBQADggEBAFYbqeam7nalulQ/Gvy0Kjpg
mBI0b/O2OZIVzIWFxx4siKMVCtRGqr9BjAVe01eOwhlhC2jWc0O9hIcXQKty+ZVj
mbBgCBDl9BRdjY7Dxjw7eWIkONH6WUbR0Zto1Gy3e/F1ZqnqfDJBWVWCQ5K2Nluw
3Q7Q53FMnwctgx9rXd6N/bH0BXMCO5yEVjhWVAMExQlsPsILy5HhcHhn9MxR5H5V
vHYbGabyGT0rFxSo7i1y3rxX5qJ9LFl8SdBOMOrgYhYQFHmTjbrgLNubRbAX2oIg
SySfxSDs5iM1lwpM9ZFtYG2YwZ3u/ZCCUwoqliPvARJjX20TtGTI5PEC5pInmi0=
-----END CERTIFICATE-----
Generated at Wed Nov 15 10:43:13 2023 by rpki-client on console-ams.rpki-client.org