Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/4UQkMWR7klE2pLNjdUWIV12IAp4.roa
File: 4UQkMWR7klE2pLNjdUWIV12IAp4.roa (raw, json)
Hash identifier: qzGV8rzMSg+AM1JGw6W3IoKc8jA29Z6ghhkR9yW237A=
Subject key identifier: E1:44:24:31:64:7B:92:51:36:A4:B3:63:75:45:88:57:5D:88:02:9E
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0188BF880B49492AA7B053B7CA572FA52402
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/4UQkMWR7klE2pLNjdUWIV12IAp4.roa
Signing time: Thu 15 Jun 2023 14:49:03 +0000
ROA not before: Thu 15 Jun 2023 14:49:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211619
IP address blocks: 88.209.228.0/24 maxlen: 24
88.209.239.0/24 maxlen: 24
88.209.236.0/22 maxlen: 22
88.209.246.0/23 maxlen: 23
88.209.254.0/24 maxlen: 24
83.137.159.0/24 maxlen: 24
83.137.156.0/24 maxlen: 24
83.137.157.0/24 maxlen: 24
83.137.158.0/24 maxlen: 24
83.137.153.0/24 maxlen: 24
178.210.232.0/24 maxlen: 24
178.210.233.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.234.0/24 maxlen: 24
178.210.235.0/24 maxlen: 24
45.9.168.0/24 maxlen: 24
77.242.152.0/22 maxlen: 24
88.209.219.0/24 maxlen: 24
92.52.217.0/24 maxlen: 24
92.52.218.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
5.182.112.0/24 maxlen: 24
5.182.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:bf:88:0b:49:49:2a:a7:b0:53:b7:ca:57:2f:a5:24:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jun 15 14:49:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e1442431647b925136a4b363754588575d88029e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:87:a2:64:d7:2a:55:58:95:eb:7d:10:cb:1a:
4f:68:16:be:76:be:8b:60:6c:1f:47:f3:36:62:fe:
72:9f:3b:f3:56:59:8b:40:9b:88:37:90:ed:17:f7:
28:d3:47:7e:34:85:6f:e0:32:bb:9d:87:a5:8c:f3:
c0:76:3c:4b:d4:cf:37:b0:10:47:16:e9:c5:af:5f:
1c:13:98:e8:33:5d:2f:2a:a6:29:9e:fd:e2:52:55:
42:b1:01:6c:1a:82:d8:60:6e:f5:1b:ad:24:b9:4e:
87:70:d3:35:39:d2:70:64:a0:52:c2:fa:12:4d:6a:
f8:2d:e0:c4:10:17:da:91:a8:f5:10:2c:3e:ef:9d:
8a:ca:1a:b9:61:60:74:e2:ba:ea:bf:4b:72:3b:8c:
4b:5c:c5:ac:5f:22:81:95:cb:9f:fd:da:a0:80:c5:
7b:cc:7f:31:c0:d3:62:46:e7:9f:f2:ba:bf:a0:dd:
32:7b:d3:9d:de:69:56:02:79:39:e2:a2:c4:cf:c2:
14:5a:0b:1c:37:38:b2:08:a4:fe:58:5f:5d:b7:fc:
a4:2c:43:de:fe:2e:96:3d:ba:06:0d:29:29:fe:ea:
0d:1c:a4:5f:54:ab:43:eb:a6:b7:1a:60:70:9c:cc:
d5:dd:49:ad:25:12:af:c0:e1:2a:e3:ef:6b:08:c2:
e3:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:44:24:31:64:7B:92:51:36:A4:B3:63:75:45:88:57:5D:88:02:9E
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/4UQkMWR7klE2pLNjdUWIV12IAp4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.112.0/24
5.182.115.0/24
45.9.168.0/24
77.242.152.0/22
83.137.153.0/24
83.137.156.0/22
88.209.219.0/24
88.209.228.0/24
88.209.236.0/22
88.209.246.0/23
88.209.254.0/24
92.52.217.0-92.52.218.255
178.210.232.0/22
178.210.237.0/24
194.41.47.0/24
Signature Algorithm: sha256WithRSAEncryption
61:5c:af:70:8b:22:de:81:f1:be:1e:a5:19:94:6e:76:81:b4:
da:36:df:f8:76:54:3b:66:4e:20:95:d3:32:c4:45:71:25:ba:
b7:d0:c6:4f:d0:58:45:5f:e1:38:dc:4f:c0:0d:56:e1:c5:79:
92:61:9a:4d:86:c1:11:4f:63:94:be:3a:19:09:86:84:7a:6f:
48:13:74:30:01:d9:3e:9d:43:1d:c3:1a:84:b2:70:a7:93:df:
c6:fe:76:d5:0c:62:69:a3:3e:1a:55:83:b7:f5:d2:2e:99:7d:
3e:67:a2:9c:58:97:60:f1:ac:79:b7:8e:22:67:26:52:60:b7:
30:92:64:9a:d0:87:16:aa:d7:a0:41:37:c2:ff:b9:50:01:06:
95:7a:6d:34:4f:2a:ee:56:c5:c0:19:d4:ac:61:82:2f:3c:e5:
8c:c7:59:41:14:5e:50:92:13:3a:22:61:0c:a1:97:69:21:90:
9a:12:5d:09:14:9a:dd:b4:44:39:33:dd:90:c7:20:81:0d:86:
a3:a2:fd:cd:61:12:5a:a8:df:b6:9b:e0:cf:9c:cb:da:82:6c:
64:92:e5:67:e9:4e:da:8a:7d:7e:05:cc:2a:57:b9:64:d7:94:
55:6c:c6:0e:5a:a5:f5:7e:ed:be:62:fb:dc:44:f6:15:37:9d:
fe:25:0a:fa
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYi/iAtJSSqnsFO3ylcvpSQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjE1MTQ0OTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQ0MjQzMTY0N2I5MjUxMzZhNGIzNjM3NTQ1ODg1NzVkODgwMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYeiZNcqVViV630QyxpPaBa+dr6L
YGwfR/M2Yv5ynzvzVlmLQJuIN5DtF/co00d+NIVv4DK7nYeljPPAdjxL1M83sBBH
FunFr18cE5joM10vKqYpnv3iUlVCsQFsGoLYYG71G60kuU6HcNM1OdJwZKBSwvoS
TWr4LeDEEBfakaj1ECw+752Kyhq5YWB04rrqv0tyO4xLXMWsXyKBlcuf/dqggMV7
zH8xwNNiRuef8rq/oN0ye9Od3mlWAnk54qLEz8IUWgscNziyCKT+WF9dt/ykLEPe
/i6WPboGDSkp/uoNHKRfVKtD66a3GmBwnMzV3UmtJRKvwOEq4+9rCMLjVwIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFOFEJDFke5JRNqSzY3VFiFddiAKeMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNFVRa01XUjdrbEUycExOamRVV0lWMTJJQXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQABbZwAwQA
BbZzAwQALQmoAwQCTfKYAwQAU4mZAwQCU4mcAwQAWNHbAwQAWNHkAwQCWNHsAwQB
WNH2AwQAWNH+MAwDBABcNNkDBABcNNoDBAKy0ugDBACy0u0DBADCKS8wDQYJKoZI
hvcNAQELBQADggEBAGFcr3CLIt6B8b4epRmUbnaBtNo23/h2VDtmTiCV0zLERXEl
urfQxk/QWEVf4TjcT8ANVuHFeZJhmk2GwRFPY5S+OhkJhoR6b0gTdDAB2T6dQx3D
GoSycKeT38b+dtUMYmmjPhpVg7f10i6ZfT5nopxYl2DxrHm3jiJnJlJgtzCSZJrQ
hxaq16BBN8L/uVABBpV6bTRPKu5WxcAZ1Kxhgi885YzHWUEUXlCSEzoiYQyhl2kh
kJoSXQkUmt20RDkz3ZDHIIENhqOi/c1hElqo37ab4M+cy9qCbGSS5WfpTtqKfX4F
zCpXuWTXlFVsxg5apfV+7b5i+9xE9hU3nf4lCvo=
-----END CERTIFICATE-----