Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/lUlXGjbFTPHoVTTnoutWLcyprcw.roa
File: lUlXGjbFTPHoVTTnoutWLcyprcw.roa (raw, json)
Hash identifier: /VvdLdPagNQ8D6YckD3ZtVMwlIM2xbuXjR6fq5xMuUg=
Subject key identifier: 95:49:57:1A:36:C5:4C:F1:E8:55:34:E7:A2:EB:56:2D:CC:A9:AD:CC
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018CC86F29694E64AA6535FD631C74722549
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/lUlXGjbFTPHoVTTnoutWLcyprcw.roa
Signing time: Tue 02 Jan 2024 04:29:37 +0000
ROA not before: Tue 02 Jan 2024 04:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59729
IP address blocks: 88.204.42.0/24 maxlen: 24
88.204.43.0/24 maxlen: 24
88.204.44.0/24 maxlen: 24
88.204.45.0/24 maxlen: 24
88.204.46.0/24 maxlen: 24
88.204.47.0/24 maxlen: 24
78.136.248.0/24 maxlen: 24
78.136.249.0/24 maxlen: 24
78.136.250.0/24 maxlen: 24
78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:29:69:4e:64:aa:65:35:fd:63:1c:74:72:25:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jan 2 04:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9549571a36c54cf1e85534e7a2eb562dcca9adcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:5b:97:8c:f5:94:d2:ab:73:a9:f6:2c:1b:23:
aa:de:1b:74:93:e1:bb:ea:5f:b5:75:da:7a:2d:3c:
60:ba:b7:4a:d4:80:f7:53:d1:cf:88:67:e7:9a:57:
ac:2e:32:d1:3a:9c:da:a6:40:c9:a4:3e:aa:b0:b2:
e6:6e:0a:57:b4:94:43:3a:76:3d:a4:34:fd:2c:23:
62:d1:95:75:d0:85:20:8e:0a:13:eb:63:8d:b3:59:
41:46:16:fc:e5:06:b5:4c:76:4d:4e:66:e7:0f:dd:
36:3e:be:6d:b3:53:4f:64:19:02:b1:d6:73:30:d6:
62:d2:c3:b1:14:39:49:83:22:26:9b:b7:07:0d:0b:
29:32:fd:a7:92:1f:ab:97:67:a3:4a:76:b9:6b:da:
63:14:48:d6:1c:de:94:44:6a:03:58:c6:fe:2f:07:
e1:79:61:b7:ff:d2:1f:d0:b9:9e:9e:42:5c:bf:4f:
77:3d:64:fc:c4:a6:c5:38:37:a6:ef:15:61:0c:c7:
2a:b3:96:f3:37:57:90:06:64:43:4d:bf:6a:2c:88:
e6:70:b7:53:85:6c:fe:43:e2:95:62:c4:fa:f0:38:
10:d5:f6:93:9a:4a:6a:c0:f9:b4:9d:b6:33:a4:6d:
83:df:f0:fd:fa:ce:7e:58:48:b7:ef:f2:ec:8c:27:
dd:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:49:57:1A:36:C5:4C:F1:E8:55:34:E7:A2:EB:56:2D:CC:A9:AD:CC
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/lUlXGjbFTPHoVTTnoutWLcyprcw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0-78.136.254.255
88.204.42.0-88.204.47.255
Signature Algorithm: sha256WithRSAEncryption
74:7d:b6:12:45:d7:4f:81:a5:e1:e8:4c:8e:9e:67:41:5e:7a:
a0:e0:bd:3f:e7:b9:cb:78:88:d0:b5:24:03:08:62:15:49:99:
53:d1:da:cb:0b:51:9b:4a:78:1b:84:77:9b:b0:d3:35:10:0f:
b9:25:49:39:df:f3:5d:35:12:bf:60:5c:b2:e7:77:95:f8:0f:
1e:17:74:e8:54:54:9a:fe:a5:65:53:8d:1f:05:51:9b:b4:82:
b8:58:73:92:75:b7:ae:4e:46:35:dc:f2:cc:24:0c:4f:d7:ac:
fe:2c:2e:95:ed:f0:5f:8f:f4:fe:05:58:0f:fb:93:1c:f9:be:
39:48:ae:2d:84:0b:c3:c9:ac:66:d4:fa:9b:90:31:27:e1:f8:
72:02:e0:7f:c2:d3:37:f0:28:31:e9:48:c3:fb:1c:6b:83:c6:
c8:e2:40:86:bc:43:24:1d:83:59:b8:20:38:5c:8f:82:77:94:
c6:35:f7:9c:4a:1d:fd:05:89:b4:4b:ba:78:ba:3a:2e:95:6a:
5a:47:99:c3:a2:9f:fb:e5:f7:1a:ae:52:f6:e5:8e:7c:fe:fd:
8f:90:98:13:53:26:b5:c6:d4:64:b1:3a:e7:77:93:24:52:5f:
df:e0:ce:da:56:c8:99:c7:df:83:6e:0c:a8:07:67:ad:b7:7f:
9b:f2:3c:e6
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzIbylpTmSqZTX9Yxx0ciVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTQ5NTcxYTM2YzU0Y2YxZTg1NTM0ZTdhMmViNTYyZGNjYTlhZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1uXjPWU0qtzqfYsGyOq3ht0k+G7
6l+1ddp6LTxgurdK1ID3U9HPiGfnmlesLjLROpzapkDJpD6qsLLmbgpXtJRDOnY9
pDT9LCNi0ZV10IUgjgoT62ONs1lBRhb85Qa1THZNTmbnD902Pr5ts1NPZBkCsdZz
MNZi0sOxFDlJgyImm7cHDQspMv2nkh+rl2ejSna5a9pjFEjWHN6URGoDWMb+Lwfh
eWG3/9If0LmenkJcv093PWT8xKbFODem7xVhDMcqs5bzN1eQBmRDTb9qLIjmcLdT
hWz+Q+KVYsT68DgQ1faTmkpqwPm0nbYzpG2D3/D9+s5+WEi37/LsjCfdiwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJVJVxo2xUzx6FU056LrVi3Mqa3MMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvbFVsWEdqYkZUUEhvVlRUbm91dFdMY3lwcmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBANOiPgD
BABOiP4wDAMEAVjMKgMEBFjMIDANBgkqhkiG9w0BAQsFAAOCAQEAdH22EkXXT4Gl
4ehMjp5nQV56oOC9P+e5y3iI0LUkAwhiFUmZU9HaywtRm0p4G4R3m7DTNRAPuSVJ
Od/zXTUSv2Bcsud3lfgPHhd06FRUmv6lZVONHwVRm7SCuFhzknW3rk5GNdzyzCQM
T9es/iwule3wX4/0/gVYD/uTHPm+OUiuLYQLw8msZtT6m5AxJ+H4cgLgf8LTN/Ao
MelIw/sca4PGyOJAhrxDJB2DWbggOFyPgneUxjX3nEod/QWJtEu6eLo6LpVqWkeZ
w6Kf++X3Gq5S9uWOfP79j5CYE1MmtcbUZLE653eTJFJf3+DO2lbImcffg24MqAdn
rbd/m/I85g==
-----END CERTIFICATE-----
Generated at Tue Jan 30 11:24:32 2024 by rpki-client on console-ams.rpki-client.org