Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/30zqlCDxCaq5JNBQ445lbGMMR8E.roa
File: 30zqlCDxCaq5JNBQ445lbGMMR8E.roa (raw, json)
Hash identifier: G8wf5QG8/98GAnxwNQNEuQ2n2U4bvZ8QufSAAhy/T8o=
Subject key identifier: DF:4C:EA:94:20:F1:09:AA:B9:24:D0:50:E3:8E:65:6C:63:0C:47:C1
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018B46AE3F6E82582924F3FC40216D0A464A
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/30zqlCDxCaq5JNBQ445lbGMMR8E.roa
Signing time: Thu 19 Oct 2023 06:45:06 +0000
ROA not before: Thu 19 Oct 2023 06:45:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
88.209.245.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.200.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:46:ae:3f:6e:82:58:29:24:f3:fc:40:21:6d:0a:46:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 19 06:45:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=df4cea9420f109aab924d050e38e656c630c47c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:2d:bb:80:8d:f4:03:b0:bc:70:80:53:8c:94:
3a:7c:e5:56:33:c7:df:f6:e8:5c:e6:75:de:35:04:
9d:90:66:81:d3:01:ae:c5:64:00:88:90:f6:2f:80:
58:5a:f1:c8:0a:31:fe:66:5c:ec:89:15:76:a0:99:
15:8b:bd:2d:9c:2f:3e:09:bf:d3:66:e8:c4:be:d7:
54:ed:03:b1:f7:41:8f:4f:21:63:71:31:e1:84:47:
81:7d:4d:35:54:67:66:7b:ea:65:d5:8e:de:27:58:
fa:59:e4:24:6b:b3:36:cf:d4:f8:ba:95:63:a7:4f:
fa:8a:a0:b1:35:1d:85:86:0c:17:f5:0c:da:e2:0f:
9e:0a:69:e6:7e:d2:a4:73:be:a7:1c:06:a7:8f:0a:
32:7b:51:50:b3:a2:02:e6:4c:a8:7b:ee:02:47:28:
70:e6:9f:1d:ba:29:74:73:44:f7:d1:c1:1a:fc:52:
b1:44:7b:48:b6:e5:ad:ed:7b:f0:84:56:42:c5:8f:
7e:4c:4e:b6:03:ed:49:37:99:74:f9:37:fb:fa:53:
f1:df:7b:c3:2c:40:bc:16:1a:b0:73:f3:4e:66:cb:
49:8c:4e:fe:20:3c:97:30:6d:e9:15:c0:94:50:36:
9e:e1:3f:08:7a:7a:4f:c5:95:15:6d:18:a2:2c:45:
2f:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:4C:EA:94:20:F1:09:AA:B9:24:D0:50:E3:8E:65:6C:63:0C:47:C1
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/30zqlCDxCaq5JNBQ445lbGMMR8E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.200.0/24
88.209.211.0/24
88.209.217.0/24
88.209.232.0/22
88.209.245.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:df:d1:d8:d2:7a:a7:d2:5d:e4:a3:29:27:d9:d9:f5:05:32:
a8:17:ca:33:17:14:85:38:e5:73:86:c6:39:87:55:aa:27:35:
8a:08:a8:92:8d:b3:36:dc:df:72:94:d5:63:89:8a:f6:d8:df:
15:29:4b:fe:ca:46:fe:ad:ec:93:a9:41:11:b4:a9:c1:a8:43:
84:b7:57:9e:b2:2c:c6:64:2a:e2:f2:8d:f9:c8:f6:7f:2c:5b:
4e:6a:ea:8b:92:a9:ca:26:64:0e:c6:69:74:f9:49:09:92:dc:
cc:26:e5:a7:b2:e4:03:c0:c6:b4:62:08:86:17:af:88:21:f6:
06:2a:e7:92:63:89:e1:78:0c:99:b0:e0:da:09:b7:25:f3:d3:
52:20:7b:cf:f4:cc:a6:07:05:2c:bd:44:a0:2d:e4:6e:4b:db:
87:3f:a8:6b:ce:45:b0:ea:c5:93:2f:28:e2:73:10:be:55:b5:
68:af:1c:82:2f:81:62:7e:08:65:e2:30:83:7f:43:b3:1d:6c:
68:9a:28:b6:59:8f:a3:b4:94:82:3a:a2:5e:90:24:60:ec:77:
1f:fb:8d:42:a3:dd:2b:5a:74:60:10:af:c4:71:61:73:f2:cc:
3a:cf:20:3e:cf:0d:df:9a:fb:e4:49:c6:57:82:e8:2b:40:ce:
c9:a2:c4:e7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYtGrj9uglgpJPP8QCFtCkZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDE5MDY0NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjRjZWE5NDIwZjEwOWFhYjkyNGQwNTBlMzhlNjU2YzYzMGM0N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyy27gI30A7C8cIBTjJQ6fOVWM8ff
9uhc5nXeNQSdkGaB0wGuxWQAiJD2L4BYWvHICjH+ZlzsiRV2oJkVi70tnC8+Cb/T
ZujEvtdU7QOx90GPTyFjcTHhhEeBfU01VGdme+pl1Y7eJ1j6WeQka7M2z9T4upVj
p0/6iqCxNR2FhgwX9Qza4g+eCmnmftKkc76nHAanjwoye1FQs6IC5kyoe+4CRyhw
5p8duil0c0T30cEa/FKxRHtItuWt7XvwhFZCxY9+TE62A+1JN5l0+Tf7+lPx33vD
LEC8Fhqwc/NOZstJjE7+IDyXMG3pFcCUUDae4T8IenpPxZUVbRiiLEUvjQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFN9M6pQg8QmquSTQUOOOZWxjDEfBMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMzB6cWxDRHhDYXE1Sk5CUTQ0NWxiR01NUjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBWJc4AwQA
WNHIAwQAWNHTAwQAWNHZAwQCWNHoAwQAWNH1AwQAstLkMA0GCSqGSIb3DQEBCwUA
A4IBAQBa39HY0nqn0l3koykn2dn1BTKoF8ozFxSFOOVzhsY5h1WqJzWKCKiSjbM2
3N9ylNVjiYr22N8VKUv+ykb+reyTqUERtKnBqEOEt1eesizGZCri8o35yPZ/LFtO
auqLkqnKJmQOxml0+UkJktzMJuWnsuQDwMa0YgiGF6+IIfYGKueSY4nheAyZsODa
Cbcl89NSIHvP9MymBwUsvUSgLeRuS9uHP6hrzkWw6sWTLyjicxC+VbVorxyCL4Fi
fghl4jCDf0OzHWxomii2WY+jtJSCOqJekCRg7Hcf+41Co90rWnRgEK/EcWFz8sw6
zyA+zw3fmvvkScZXgugrQM7JosTn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org