Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa
File: qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa (raw, json)
Hash identifier: 3X4ta9REFKEnG/nwEGfUMLhKUE9Kp5buNBXOnGi0L5c=
Subject key identifier: AA:79:92:65:DA:1C:D7:F9:28:97:06:8F:5A:1F:D8:2C:7F:AB:D2:44
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018BD2638A3996F52FDC008C635CDECA4FFA
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa
Signing time: Wed 15 Nov 2023 09:50:20 +0000
ROA not before: Wed 15 Nov 2023 09:50:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59729
IP address blocks: 88.204.41.0/24 maxlen: 24
88.204.42.0/24 maxlen: 24
88.204.43.0/24 maxlen: 24
88.204.44.0/24 maxlen: 24
88.204.45.0/24 maxlen: 24
88.204.46.0/24 maxlen: 24
88.204.47.0/24 maxlen: 24
78.136.248.0/24 maxlen: 24
78.136.249.0/24 maxlen: 24
78.136.250.0/24 maxlen: 24
78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d2:63:8a:39:96:f5:2f:dc:00:8c:63:5c:de:ca:4f:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Nov 15 09:50:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aa799265da1cd7f92897068f5a1fd82c7fabd244
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:e5:bf:c1:0b:5f:02:cb:c5:7e:f7:21:9f:5b:
b0:39:33:18:ad:8e:1f:f6:86:fe:f2:31:74:99:3c:
29:33:d2:cf:9d:2c:21:b2:23:5a:3a:1e:52:fb:7b:
8b:f8:f9:b6:20:8e:37:69:73:29:47:62:f6:3d:ba:
b3:e2:c7:2b:8b:6c:25:b1:5c:cf:26:4d:63:f2:60:
37:8c:e7:9b:1a:a8:57:af:9d:2c:e6:60:5a:72:09:
55:73:44:34:ed:cf:cb:ce:3e:0d:d4:56:e8:37:73:
e5:c1:b1:17:0e:11:37:96:17:a2:a9:5b:cb:26:00:
f6:a2:0b:19:43:56:c3:be:2c:30:97:41:c1:4a:d4:
a7:cb:f8:9e:57:53:89:fe:44:be:4f:1a:c2:35:b4:
d0:8b:11:b5:2f:05:32:02:ca:b8:33:67:b1:99:59:
c1:7e:8e:f8:fc:e9:db:d0:d2:80:a3:7c:9c:45:db:
01:69:2e:a0:2f:62:7a:38:e1:1a:22:5d:8d:7b:be:
0c:17:60:58:e7:92:95:8f:1c:61:04:f3:40:b5:b4:
94:b8:6a:e7:b0:f2:21:b2:19:1a:11:cf:c8:44:8a:
92:45:54:71:62:2f:d1:f2:e4:11:6b:0d:84:97:43:
6b:b3:83:24:c5:52:7c:64:f0:10:24:44:59:a7:a9:
24:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:79:92:65:DA:1C:D7:F9:28:97:06:8F:5A:1F:D8:2C:7F:AB:D2:44
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0-78.136.254.255
88.204.41.0-88.204.47.255
Signature Algorithm: sha256WithRSAEncryption
3c:59:b4:ea:a1:5d:81:9b:22:97:e4:d1:c6:9d:20:b2:9e:2c:
34:7a:bc:fe:05:04:c2:a8:c3:33:d4:cc:06:41:e7:ce:4d:ed:
be:39:39:c4:5a:a1:44:cb:8d:21:9d:bf:c0:02:9a:ba:22:aa:
b2:f4:25:fd:01:55:0a:ce:b3:d1:be:f2:36:ae:51:2c:fc:b9:
65:e6:68:98:fc:80:2a:86:cf:24:12:24:32:85:9d:ca:a0:88:
44:1e:74:66:2a:c3:65:92:40:72:8b:05:c7:c2:0d:c7:13:a5:
d6:1f:b6:cb:72:26:8a:c8:65:c9:e4:a3:bd:bf:2a:bf:e4:11:
83:10:ef:2e:b2:4d:b2:1b:cf:77:47:e0:bd:d0:51:36:d0:41:
1b:6f:43:5c:35:b9:f5:10:30:21:2f:cc:72:20:3b:d4:4d:94:
c5:aa:05:cd:ad:c1:71:64:d4:bf:46:d0:42:9a:b2:97:f6:54:
b2:80:8a:b2:41:6a:99:38:1c:26:eb:78:82:ec:d5:97:95:53:
aa:13:f8:5f:5a:05:9b:a8:ad:a5:f2:93:8b:23:91:3a:3f:b0:
c5:5a:ce:7e:31:50:56:de:4c:b3:2b:80:2a:a7:6b:80:f4:c2:
ae:47:44:03:6e:c5:7c:1e:b4:4e:d7:dc:58:c5:76:fc:85:d7:
08:60:83:8b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYvSY4o5lvUv3ACMY1zeyk/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMxMTE1MDk1MDIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc5OTI2NWRhMWNkN2Y5Mjg5NzA2OGY1YTFmZDgyYzdmYWJkMjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuW/wQtfAsvFfvchn1uwOTMYrY4f
9ob+8jF0mTwpM9LPnSwhsiNaOh5S+3uL+Pm2II43aXMpR2L2Pbqz4scri2wlsVzP
Jk1j8mA3jOebGqhXr50s5mBacglVc0Q07c/Lzj4N1FboN3PlwbEXDhE3lheiqVvL
JgD2ogsZQ1bDviwwl0HBStSny/ieV1OJ/kS+TxrCNbTQixG1LwUyAsq4M2exmVnB
fo74/Onb0NKAo3ycRdsBaS6gL2J6OOEaIl2Ne74MF2BY55KVjxxhBPNAtbSUuGrn
sPIhshkaEc/IRIqSRVRxYi/R8uQRaw2El0Nrs4MkxVJ8ZPAQJERZp6kkKwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKp5kmXaHNf5KJcGj1of2Cx/q9JEMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvcW5tU1pkb2MxX2tvbHdhUFdoX1lMSC1yMGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBANOiPgD
BABOiP4wDAMEAFjMKQMEBFjMIDANBgkqhkiG9w0BAQsFAAOCAQEAPFm06qFdgZsi
l+TRxp0gsp4sNHq8/gUEwqjDM9TMBkHnzk3tvjk5xFqhRMuNIZ2/wAKauiKqsvQl
/QFVCs6z0b7yNq5RLPy5ZeZomPyAKobPJBIkMoWdyqCIRB50ZirDZZJAcosFx8IN
xxOl1h+2y3ImishlyeSjvb8qv+QRgxDvLrJNshvPd0fgvdBRNtBBG29DXDW59RAw
IS/MciA71E2UxaoFza3BcWTUv0bQQpqyl/ZUsoCKskFqmTgcJut4guzVl5VTqhP4
X1oFm6itpfKTiyOROj+wxVrOfjFQVt5MsyuAKqdrgPTCrkdEA27FfB60TtfcWMV2
/IXXCGCDiw==
Generated at Thu Dec 7 13:10:30 2023 by rpki-client on console-fra.rpki-client.org