Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/48nXaoKWFiPMpVhFAH3URkR6XW0.roa
File: 48nXaoKWFiPMpVhFAH3URkR6XW0.roa (raw, json)
Hash identifier: 65ZGmUfVGooNCJI6Q/sFfyv9AvgNCByEzFxNa1foNwU=
Subject key identifier: E3:C9:D7:6A:82:96:16:23:CC:A5:58:45:00:7D:D4:46:44:7A:5D:6D
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0184C7901C6ADFFF284C168169AED474EA47
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/48nXaoKWFiPMpVhFAH3URkR6XW0.roa
Signing time: Wed 30 Nov 2022 08:03:41 +0000
ROA not before: Wed 30 Nov 2022 08:03:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 88.209.231.0/24 maxlen: 24
88.209.232.0/22 maxlen: 22
88.209.227.0/24 maxlen: 24
88.209.249.0/24 maxlen: 24
83.137.152.0/24 maxlen: 24
83.137.154.0/23 maxlen: 24
88.209.204.0/22 maxlen: 24
88.209.200.0/22 maxlen: 32
88.209.205.0/24 maxlen: 24
88.209.206.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
178.210.252.0/24 maxlen: 24
178.210.248.0/24 maxlen: 24
88.151.61.0/24 maxlen: 24
88.151.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:c7:90:1c:6a:df:ff:28:4c:16:81:69:ae:d4:74:ea:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Nov 30 08:03:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e3c9d76a82961623cca55845007dd446447a5d6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:5d:87:99:62:86:2d:29:84:de:6c:e2:d2:47:
25:ff:66:ad:e9:ae:20:a4:37:4e:5f:40:81:f0:62:
0b:89:fc:e3:02:7d:a5:84:94:44:2a:8b:2c:75:db:
8c:95:1a:69:fa:cf:98:61:32:06:dc:49:1e:b1:2a:
33:a5:1c:4e:62:22:65:b7:e9:ab:d6:3d:27:de:7e:
0d:b8:ea:50:69:70:ce:72:89:e9:8d:3f:b4:5f:64:
c6:2e:7a:f6:ef:be:1c:d3:e8:3b:22:3b:f6:81:3f:
d9:87:e3:8e:6d:f8:48:e7:11:d4:26:1b:53:38:63:
22:d7:c8:fc:6e:27:cb:89:76:b3:45:07:b3:d9:2f:
10:a6:6f:50:1f:28:cf:a4:ab:6b:19:b5:9e:b8:21:
9d:2b:2e:f1:55:47:ab:d4:78:55:dd:36:7f:f0:86:
0f:e7:6a:7c:39:86:d9:66:12:ce:c1:5d:86:5f:5f:
31:6c:bd:38:49:69:f6:3a:d3:58:83:04:ba:30:f5:
7a:8d:b8:6d:a9:e1:e5:df:e9:c3:f3:98:64:b1:7c:
13:1a:78:c6:83:b0:38:23:e7:ad:fc:95:91:d2:0e:
69:18:87:ff:f5:8c:36:45:fa:44:ef:18:ca:2e:3b:
34:9d:99:e0:2d:d0:20:e5:55:fd:92:88:c9:f3:2d:
28:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:C9:D7:6A:82:96:16:23:CC:A5:58:45:00:7D:D4:46:44:7A:5D:6D
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/48nXaoKWFiPMpVhFAH3URkR6XW0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.152.0/24
83.137.154.0/23
88.151.61.0/24
88.151.63.0/24
88.209.200.0/21
88.209.226.0/23
88.209.231.0-88.209.235.255
88.209.249.0/24
178.210.248.0/24
178.210.252.0/24
Signature Algorithm: sha256WithRSAEncryption
07:75:9d:83:16:0e:d3:17:7e:b3:22:e8:7e:e7:fe:5d:a6:c5:
f7:23:fe:2e:bd:a4:b1:d8:04:ea:aa:58:b9:b8:7b:3c:0d:07:
fc:46:00:cc:67:b0:d0:5e:9e:54:8c:7c:d8:eb:4a:0b:e7:f1:
6b:5d:fb:12:51:8b:43:cf:a6:ef:aa:c6:e0:34:53:83:24:de:
cc:c5:19:23:d8:39:20:11:9a:7b:e1:1a:0e:6c:d1:ff:e1:13:
ff:c3:4c:17:ab:b0:7a:25:3a:66:d5:7c:b2:e1:b4:1d:7c:e2:
1c:ae:e7:36:05:db:2c:19:09:55:2f:80:2c:7a:71:90:bf:2c:
dd:92:06:0b:63:ca:b6:46:7d:d0:d6:52:19:b4:d2:37:fb:fa:
3f:58:f2:38:a5:c8:28:bf:89:a4:b6:4e:3e:4a:0c:ee:1e:f8:
8a:c7:6b:e4:4c:8a:db:9f:66:64:89:68:30:5a:d3:07:cd:2f:
40:e7:e7:cd:36:dd:17:c1:ff:f7:99:2e:5e:9e:b8:1d:fe:f2:
a6:e2:28:48:06:c8:72:d7:d1:49:46:e8:3e:bd:32:78:86:93:
b5:2b:11:5e:44:12:df:4b:65:f7:cb:d5:19:03:40:31:a4:58:
f6:5c:f2:0d:0a:f7:d4:10:ea:fe:24:15:97:1e:db:a2:2f:da:
f3:51:bd:74
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYTHkBxq3/8oTBaBaa7UdOpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMTMwMDgwMzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M5ZDc2YTgyOTYxNjIzY2NhNTU4NDUwMDdkZDQ0NjQ0N2E1ZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0F2HmWKGLSmE3mzi0kcl/2at6a4g
pDdOX0CB8GILifzjAn2lhJREKossdduMlRpp+s+YYTIG3EkesSozpRxOYiJlt+mr
1j0n3n4NuOpQaXDOconpjT+0X2TGLnr2774c0+g7Ijv2gT/Zh+OObfhI5xHUJhtT
OGMi18j8bifLiXazRQez2S8Qpm9QHyjPpKtrGbWeuCGdKy7xVUer1HhV3TZ/8IYP
52p8OYbZZhLOwV2GX18xbL04SWn2OtNYgwS6MPV6jbhtqeHl3+nD85hksXwTGnjG
g7A4I+et/JWR0g5pGIf/9Yw2RfpE7xjKLjs0nZngLdAg5VX9kojJ8y0okQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFOPJ12qClhYjzKVYRQB91EZEel1tMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNDhuWGFvS1dGaVBNcFZoRkFIM1VSa1I2WFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAU4mYAwQB
U4maAwQAWJc9AwQAWJc/AwQDWNHIAwQBWNHiMAwDBABY0ecDBAJY0egDBABY0fkD
BACy0vgDBACy0vwwDQYJKoZIhvcNAQELBQADggEBAAd1nYMWDtMXfrMi6H7n/l2m
xfcj/i69pLHYBOqqWLm4ezwNB/xGAMxnsNBenlSMfNjrSgvn8Wtd+xJRi0PPpu+q
xuA0U4Mk3szFGSPYOSARmnvhGg5s0f/hE//DTBersHolOmbVfLLhtB184hyu5zYF
2ywZCVUvgCx6cZC/LN2SBgtjyrZGfdDWUhm00jf7+j9Y8jilyCi/iaS2Tj5KDO4e
+IrHa+RMitufZmSJaDBa0wfNL0Dn58023RfB//eZLl6euB3+8qbiKEgGyHLX0UlG
6D69MniGk7UrEV5EEt9LZffL1RkDQDGkWPZc8g0K99QQ6v4kFZce26Iv2vNRvXQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:26 2024 by rpki-client on console-fra.rpki-client.org