Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/2BC72JYNIFRKc_Jkz79tIu63TEw.roa
File: 2BC72JYNIFRKc_Jkz79tIu63TEw.roa (raw, json)
Hash identifier: NgoCqkBotKN5H4ud8fqlZdDZ7EArdl1/amXZVXWT5nc=
Subject key identifier: D8:10:BB:D8:96:0D:20:54:4A:73:F2:64:CF:BF:6D:22:EE:B7:4C:4C
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018CC3B6C1BFB1FF2EDEFDB1E629361E298C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/2BC72JYNIFRKc_Jkz79tIu63TEw.roa
Signing time: Mon 01 Jan 2024 06:29:43 +0000
ROA not before: Mon 01 Jan 2024 06:29:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211440
IP address blocks: 88.209.252.0/24 maxlen: 24
178.210.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:c1:bf:b1:ff:2e:de:fd:b1:e6:29:36:1e:29:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 1 06:29:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d810bbd8960d20544a73f264cfbf6d22eeb74c4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:ec:61:78:f2:53:9d:e2:f8:44:bf:33:b1:55:
82:23:8d:a1:08:57:da:23:d9:fa:1b:3d:5f:8a:af:
b9:f0:dc:1a:0a:4c:21:c6:11:2e:ea:3f:ef:10:2b:
bd:28:ab:1c:c4:69:b0:22:86:3d:6d:16:47:94:f1:
64:7c:49:cb:40:68:12:5b:2f:88:28:c8:c5:ca:87:
78:a6:c5:87:57:13:9e:81:86:f0:a6:3e:4f:4e:ad:
e8:9a:5d:9f:4e:e5:48:e9:a6:2e:34:a4:59:17:74:
27:9d:8f:f8:0f:22:7c:c9:ee:ca:98:ae:7a:8b:90:
be:f2:3d:0b:7e:1a:46:61:93:1e:9d:ac:82:cb:5d:
13:ca:15:a7:2c:91:76:42:77:88:74:5e:7a:fb:33:
fa:0e:c8:4b:7c:6e:ba:79:07:47:fa:42:c4:76:51:
b1:db:1d:0e:b3:9d:14:ff:c1:1c:b3:0f:12:6c:cd:
4b:93:a6:fc:72:9b:bf:85:4f:9e:53:11:3a:36:89:
31:89:85:81:57:56:41:a4:ac:e8:ee:b3:a5:ca:43:
19:5a:d1:50:91:33:51:cc:ac:37:eb:04:23:d2:15:
bc:6a:91:60:c8:d8:30:a5:4b:c5:cb:f4:19:49:80:
fe:59:01:7d:16:9b:b5:48:cd:dc:97:44:24:09:4a:
43:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:10:BB:D8:96:0D:20:54:4A:73:F2:64:CF:BF:6D:22:EE:B7:4C:4C
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/2BC72JYNIFRKc_Jkz79tIu63TEw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.252.0/24
178.210.253.0/24
Signature Algorithm: sha256WithRSAEncryption
83:a0:c0:42:a5:c0:d2:c2:14:48:1f:0c:dd:9b:ab:60:fd:5e:
db:23:c5:a4:9f:90:bb:34:64:cc:56:74:cd:d4:66:a2:ec:63:
18:16:d9:cd:10:b9:0f:32:a9:a0:80:a8:93:87:61:ec:3c:53:
7b:ea:8b:a9:3f:f1:17:b3:1d:b1:68:86:f0:c4:1b:04:0c:26:
fc:da:47:dc:dd:cb:2a:51:1f:07:49:9a:84:29:c2:f4:98:b8:
b1:6f:ed:5d:6c:2f:95:cc:8c:cd:f8:03:a5:5f:61:a5:6d:26:
1b:2d:e4:a9:aa:7e:1b:17:2d:3a:7d:7a:a3:91:30:79:63:f8:
f0:5a:1c:3d:6e:31:22:f0:81:a7:70:95:75:ba:f5:48:25:77:
e4:5a:6b:99:3c:e7:98:08:91:38:d8:41:42:e5:ec:6e:87:9d:
c8:d4:1b:18:20:7a:78:50:eb:0f:16:86:ff:a4:bd:5f:d6:e8:
36:d8:26:59:f0:28:c9:74:2c:0a:4d:c4:0d:8e:8a:47:1e:6c:
b4:fc:fe:84:10:9b:a0:64:cf:3d:56:36:e9:3d:4d:eb:d9:4a:
be:ed:fa:61:b6:ab:5b:4a:c6:5d:9b:4a:09:40:2e:00:76:ef:
e0:9e:fe:be:85:e1:6d:54:19:dc:f6:08:0a:76:a1:90:9f:eb:
f0:db:fd:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtsG/sf8u3v2x5ik2HimMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODEwYmJkODk2MGQyMDU0NGE3M2YyNjRjZmJmNmQyMmVlYjc0YzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOxhePJTneL4RL8zsVWCI42hCFfa
I9n6Gz1fiq+58NwaCkwhxhEu6j/vECu9KKscxGmwIoY9bRZHlPFkfEnLQGgSWy+I
KMjFyod4psWHVxOegYbwpj5PTq3oml2fTuVI6aYuNKRZF3QnnY/4DyJ8ye7KmK56
i5C+8j0LfhpGYZMenayCy10TyhWnLJF2QneIdF56+zP6DshLfG66eQdH+kLEdlGx
2x0Os50U/8Ecsw8SbM1Lk6b8cpu/hU+eUxE6NokxiYWBV1ZBpKzo7rOlykMZWtFQ
kTNRzKw36wQj0hW8apFgyNgwpUvFy/QZSYD+WQF9Fpu1SM3cl0QkCUpD0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNgQu9iWDSBUSnPyZM+/bSLut0xMMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMkJDNzJKWU5JRlJLY19Ka3o3OXRJdTYzVEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNH8AwQA
stL9MA0GCSqGSIb3DQEBCwUAA4IBAQCDoMBCpcDSwhRIHwzdm6tg/V7bI8Wkn5C7
NGTMVnTN1Gai7GMYFtnNELkPMqmggKiTh2HsPFN76oupP/EXsx2xaIbwxBsEDCb8
2kfc3csqUR8HSZqEKcL0mLixb+1dbC+VzIzN+AOlX2GlbSYbLeSpqn4bFy06fXqj
kTB5Y/jwWhw9bjEi8IGncJV1uvVIJXfkWmuZPOeYCJE42EFC5exuh53I1BsYIHp4
UOsPFob/pL1f1ug22CZZ8CjJdCwKTcQNjopHHmy0/P6EEJugZM89VjbpPU3r2Uq+
7fphtqtbSsZdm0oJQC4Adu/gnv6+heFtVBnc9ggKdqGQn+vw2/3l
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:26 2024 by rpki-client on console-fra.rpki-client.org