Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/n_9fKgt6g6iBqektIBaY5r25HZ8.roa
File: n_9fKgt6g6iBqektIBaY5r25HZ8.roa (raw, json)
Hash identifier: yC5Vx9BkOllFJnXonDVX2/leqYvI7Ng4+Ku5wXxFJv0=
Subject key identifier: 9F:FF:5F:2A:0B:7A:83:A8:81:A9:E9:2D:20:16:98:E6:BD:B9:1D:9F
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018A4BF173DA5AF0B3CE52F73E44A475D513
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/n_9fKgt6g6iBqektIBaY5r25HZ8.roa
Signing time: Thu 31 Aug 2023 14:13:49 +0000
ROA not before: Thu 31 Aug 2023 14:13:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209372
IP address blocks: 88.204.40.0/23 maxlen: 24
88.204.44.0/23 maxlen: 24
88.204.42.0/23 maxlen: 24
88.204.46.0/23 maxlen: 24
78.136.252.0/23 maxlen: 24
78.136.248.0/23 maxlen: 24
78.136.250.0/23 maxlen: 24
78.136.254.0/24 maxlen: 24
78.136.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4b:f1:73:da:5a:f0:b3:ce:52:f7:3e:44:a4:75:d5:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Aug 31 14:13:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9fff5f2a0b7a83a881a9e92d201698e6bdb91d9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:3f:e7:d5:50:2f:d9:3f:f4:b3:59:d5:73:87:
4d:82:08:af:96:50:64:f4:16:aa:57:59:58:cc:16:
01:eb:50:d0:82:a8:55:e1:36:05:f2:a3:37:78:c1:
c2:26:c7:0c:3e:b0:27:14:0b:28:15:5a:0e:51:06:
8e:2c:df:a7:8b:3c:a1:17:d2:51:3c:17:7b:57:8e:
ca:4e:34:f9:81:be:a4:59:7d:1e:b6:8e:af:4a:bb:
fa:61:46:2a:56:c1:f6:e7:80:b8:c2:59:e0:f2:e8:
41:a0:21:8b:58:3c:2a:d0:bc:63:ac:4b:20:8b:eb:
80:1b:1a:c0:b5:6e:b6:e2:35:51:4f:07:8c:d7:6c:
3d:6a:1f:9c:fb:90:5a:2d:a5:60:ce:e8:4c:ee:ec:
a3:2a:cb:e2:36:2f:05:dd:f2:3a:c4:d2:77:f4:5b:
bf:16:f4:95:87:21:46:b7:50:47:8a:f6:e5:b5:5f:
cc:00:4e:77:8e:c6:89:6e:1e:e1:71:f0:ae:80:bc:
28:47:86:6c:4d:58:9b:93:e3:a6:9b:f7:8f:58:50:
f6:47:39:b2:9a:8b:fd:fc:21:52:ae:6d:f6:6f:d5:
8f:08:f0:3f:72:96:e0:6b:7f:37:11:1a:b5:73:a0:
ee:7c:fc:a7:17:83:bb:7e:6d:f9:37:07:23:ca:4e:
e6:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:FF:5F:2A:0B:7A:83:A8:81:A9:E9:2D:20:16:98:E6:BD:B9:1D:9F
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/n_9fKgt6g6iBqektIBaY5r25HZ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0/21
88.204.40.0/21
Signature Algorithm: sha256WithRSAEncryption
43:ed:34:d4:cd:7c:bc:fe:05:6c:1e:a6:15:d3:6b:a7:a8:5c:
20:8e:25:35:c7:57:53:fb:96:73:e7:f2:a4:99:09:82:08:f5:
47:06:9d:ee:86:7b:89:dc:9b:ab:12:09:e5:c7:df:30:2c:6a:
ea:f4:8d:46:69:06:a9:a1:dc:9d:fd:78:9e:40:d7:e8:6e:53:
af:cc:d8:50:ac:b8:62:3d:4d:60:7c:1e:c5:95:db:c9:22:33:
1b:c2:a8:cf:a9:f7:e0:71:20:b4:92:b7:ec:41:fc:d8:b1:62:
bd:55:08:9c:2c:61:1d:7b:75:14:8e:18:3e:6f:a7:3e:db:2f:
4e:ef:09:88:7e:51:8b:aa:40:e1:92:06:cb:1d:19:7a:b6:db:
ff:76:13:b0:91:2e:ca:d7:31:a5:a6:32:c0:9f:ca:a6:4a:b3:
82:79:22:92:b9:c5:e9:3a:70:7e:80:e4:d6:ab:8a:84:5e:b0:
48:4c:31:1a:17:02:b5:16:fe:1a:c1:bf:9d:6a:a6:2f:35:97:
c5:b7:41:42:87:8a:08:f7:5b:57:17:5c:da:e9:05:16:30:aa:
a7:f9:d3:3f:33:e8:24:97:62:51:4d:47:89:8e:d2:0f:21:75:
93:02:03:72:1a:f4:95:fe:90:83:e1:77:a0:64:bc:38:90:3f:
ff:8e:83:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYpL8XPaWvCzzlL3PkSkddUTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMwODMxMTQxMzQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmZmNWYyYTBiN2E4M2E4ODFhOWU5MmQyMDE2OThlNmJkYjkxZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD/n1VAv2T/0s1nVc4dNggivllBk
9BaqV1lYzBYB61DQgqhV4TYF8qM3eMHCJscMPrAnFAsoFVoOUQaOLN+nizyhF9JR
PBd7V47KTjT5gb6kWX0eto6vSrv6YUYqVsH254C4wlng8uhBoCGLWDwq0LxjrEsg
i+uAGxrAtW624jVRTweM12w9ah+c+5BaLaVgzuhM7uyjKsviNi8F3fI6xNJ39Fu/
FvSVhyFGt1BHivbltV/MAE53jsaJbh7hcfCugLwoR4ZsTVibk+Omm/ePWFD2Rzmy
mov9/CFSrm32b9WPCPA/cpbga383ERq1c6DufPynF4O7fm35Nwcjyk7m4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ//XyoLeoOoganpLSAWmOa9uR2fMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvbl85ZktndDZnNmlCcWVrdElCYVk1cjI1SFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDToj4AwQD
WMwoMA0GCSqGSIb3DQEBCwUAA4IBAQBD7TTUzXy8/gVsHqYV02unqFwgjiU1x1dT
+5Zz5/KkmQmCCPVHBp3uhnuJ3JurEgnlx98wLGrq9I1GaQapodyd/XieQNfoblOv
zNhQrLhiPU1gfB7FldvJIjMbwqjPqffgcSC0krfsQfzYsWK9VQicLGEde3UUjhg+
b6c+2y9O7wmIflGLqkDhkgbLHRl6ttv/dhOwkS7K1zGlpjLAn8qmSrOCeSKSucXp
OnB+gOTWq4qEXrBITDEaFwK1Fv4awb+daqYvNZfFt0FCh4oI91tXF1za6QUWMKqn
+dM/M+gkl2JRTUeJjtIPIXWTAgNyGvSV/pCD4XegZLw4kD//joNG
-----END CERTIFICATE-----
Generated at Wed Nov 15 10:43:13 2023 by rpki-client on console-ams.rpki-client.org