Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/kzvp966wnTCDgbIE5bfA9ZX8OxM.roa
File: kzvp966wnTCDgbIE5bfA9ZX8OxM.roa (raw, json)
Hash identifier: oBbX9qzcEKXv4xNpSAM5zfZqkLQiYNs3859Qz4QF5Uc=
Subject key identifier: 93:3B:E9:F7:AE:B0:9D:30:83:81:B2:04:E5:B7:C0:F5:95:FC:3B:13
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 01880091B774DDABDC6E80A041AEFC215B02
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/kzvp966wnTCDgbIE5bfA9ZX8OxM.roa
Signing time: Tue 09 May 2023 12:52:09 +0000
ROA not before: Tue 09 May 2023 12:52:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29286
IP address blocks: 81.88.68.0/23 maxlen: 23
81.88.70.0/24 maxlen: 24
81.88.67.0/24 maxlen: 24
81.88.74.0/23 maxlen: 23
81.88.73.0/24 maxlen: 24
81.88.76.0/24 maxlen: 24
81.88.78.0/24 maxlen: 24
81.88.79.0/24 maxlen: 24
84.247.142.0/24 maxlen: 24
84.247.146.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:00:91:b7:74:dd:ab:dc:6e:80:a0:41:ae:fc:21:5b:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: May 9 12:52:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=933be9f7aeb09d308381b204e5b7c0f595fc3b13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:75:18:4c:4e:95:a2:92:e8:8f:a2:f7:1d:18:
18:ef:43:4e:2b:68:ef:48:61:e2:5f:82:b0:14:aa:
e5:46:ef:4d:0b:00:9c:f7:ad:5f:ac:db:85:a6:0d:
c4:72:63:fa:bb:df:f2:28:4f:4e:73:18:b1:f5:be:
98:de:53:39:dc:aa:fc:0e:fe:e9:37:10:88:6e:49:
3f:e5:cd:0b:5e:f9:d9:9a:53:17:c1:a2:81:e5:8a:
ec:52:8c:1e:91:f8:30:08:de:03:a9:44:52:53:6d:
50:ba:c2:95:84:2b:80:3c:55:35:a3:02:a4:18:7b:
b4:b4:af:81:e3:50:d7:99:84:de:d9:33:72:88:53:
2e:e6:fe:52:df:76:23:5d:56:41:88:f5:05:05:35:
34:ae:f0:e7:d7:02:3f:c1:38:59:11:6c:61:7f:c9:
46:29:8c:4d:55:95:03:18:47:4c:37:6d:e9:f2:49:
a7:b5:db:be:41:f7:ea:b4:96:53:c5:aa:98:dd:42:
8a:c1:4b:e1:91:c1:2f:b8:1d:76:88:91:c5:fc:56:
ca:25:a9:bf:2a:e1:2b:ab:ce:39:98:47:3b:ab:cf:
cb:03:b1:cf:94:09:82:1d:68:6c:54:fd:11:ef:ff:
64:5a:41:56:f0:d5:2c:ac:d0:5d:a2:61:72:04:51:
51:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:3B:E9:F7:AE:B0:9D:30:83:81:B2:04:E5:B7:C0:F5:95:FC:3B:13
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/kzvp966wnTCDgbIE5bfA9ZX8OxM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.67.0-81.88.70.255
81.88.73.0-81.88.76.255
81.88.78.0/23
84.247.142.0/24
84.247.146.0/24
Signature Algorithm: sha256WithRSAEncryption
65:d0:f6:a4:6e:0e:d6:f0:b5:4a:29:d4:b8:e8:29:5e:a6:50:
b0:b8:14:02:39:ba:26:74:94:18:70:c8:34:31:cc:2c:c2:51:
e0:f0:18:f2:cb:63:51:36:bd:20:4a:e1:6a:28:4b:98:44:2c:
c7:15:54:40:99:4a:72:94:b5:2f:ff:7b:2c:37:37:c3:3d:52:
83:48:35:a6:f9:c2:61:2a:e3:1c:67:4f:79:b4:5c:7f:4c:dd:
90:f1:da:33:de:ca:d5:bc:13:8e:12:c3:63:f5:ca:e0:ca:3b:
19:29:56:6d:c6:b1:13:f4:d9:6f:f3:a6:07:62:ce:e6:e6:db:
10:9b:8a:28:e1:9d:44:4b:e8:df:dd:7b:c2:ae:b4:4f:99:94:
d8:60:05:1a:9e:74:a8:e4:f9:f5:79:6a:39:4a:6c:cf:48:dc:
ac:5f:52:4c:d7:7a:62:eb:8c:47:99:05:5c:f3:34:e3:d8:a0:
c7:87:d8:51:e6:27:6e:05:35:16:e6:7f:a7:43:07:f7:4c:bf:
e7:de:45:51:5b:68:7e:70:94:6e:99:a4:d9:21:04:a1:53:cc:
7f:d8:6e:ed:04:e0:30:a4:79:97:64:15:ef:d7:63:74:20:6f:
18:60:6f:c3:e2:f9:39:8c:a4:49:b3:ec:52:95:ff:e2:d8:4c:
12:c9:1b:a3
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYgAkbd03avcboCgQa78IVsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMwNTA5MTI1MjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzNiZTlmN2FlYjA5ZDMwODM4MWIyMDRlNWI3YzBmNTk1ZmMzYjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnUYTE6VopLoj6L3HRgY70NOK2jv
SGHiX4KwFKrlRu9NCwCc961frNuFpg3EcmP6u9/yKE9Ocxix9b6Y3lM53Kr8Dv7p
NxCIbkk/5c0LXvnZmlMXwaKB5YrsUowekfgwCN4DqURSU21QusKVhCuAPFU1owKk
GHu0tK+B41DXmYTe2TNyiFMu5v5S33YjXVZBiPUFBTU0rvDn1wI/wThZEWxhf8lG
KYxNVZUDGEdMN23p8kmntdu+QffqtJZTxaqY3UKKwUvhkcEvuB12iJHF/FbKJam/
KuErq845mEc7q8/LA7HPlAmCHWhsVP0R7/9kWkFW8NUsrNBdomFyBFFRmwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJM76feusJ0wg4GyBOW3wPWV/DsTMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEva3p2cDk2NnduVENEZ2JJRTViZkE5Wlg4T3hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBABRWEMD
BABRWEYwDAMEAFFYSQMEAFFYTAMEAVFYTgMEAFT3jgMEAFT3kjANBgkqhkiG9w0B
AQsFAAOCAQEAZdD2pG4O1vC1SinUuOgpXqZQsLgUAjm6JnSUGHDINDHMLMJR4PAY
8stjUTa9IErhaihLmEQsxxVUQJlKcpS1L/97LDc3wz1Sg0g1pvnCYSrjHGdPebRc
f0zdkPHaM97K1bwTjhLDY/XK4Mo7GSlWbcaxE/TZb/OmB2LO5ubbEJuKKOGdREvo
3917wq60T5mU2GAFGp50qOT59XlqOUpsz0jcrF9STNd6YuuMR5kFXPM049igx4fY
UeYnbgU1FuZ/p0MH90y/595FUVtofnCUbpmk2SEEoVPMf9hu7QTgMKR5l2QV79dj
dCBvGGBvw+L5OYykSbPsUpX/4thMEskbow==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:23 2024 by rpki-client on console-ams.rpki-client.org