Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6h8UjlAid6dMbyG1nJLiB1iOQ24.roa
File: 6h8UjlAid6dMbyG1nJLiB1iOQ24.roa (raw, json)
Hash identifier: kD3/CBi7nIN52uyTu3aCcEZrGjImULCA7IezATVxVWM=
Subject key identifier: EA:1F:14:8E:50:22:77:A7:4C:6F:21:B5:9C:92:E2:07:58:8E:43:6E
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0188008A63C0ED964F9B3EAED2DFC81A2045
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6h8UjlAid6dMbyG1nJLiB1iOQ24.roa
Signing time: Tue 09 May 2023 12:44:09 +0000
ROA not before: Tue 09 May 2023 12:44:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.248.0/24 maxlen: 24
88.209.249.0/24 maxlen: 24
178.210.236.0/24 maxlen: 24
88.209.195.0/24 maxlen: 24
88.209.194.0/24 maxlen: 24
88.209.209.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.216.0/24 maxlen: 24
88.209.224.0/24 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.61.0/24 maxlen: 24
5.182.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:00:8a:63:c0:ed:96:4f:9b:3e:ae:d2:df:c8:1a:20:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: May 9 12:44:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ea1f148e502277a74c6f21b59c92e207588e436e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:d5:24:3f:c7:7e:7a:b2:ae:a2:1f:29:dd:a8:
3b:1c:fd:a2:2d:2b:72:c4:20:71:dc:c4:78:7f:af:
6f:20:33:2b:e1:4e:e4:72:50:0a:0d:c4:20:3f:a3:
2e:07:d5:90:a4:f0:7a:45:5c:5b:f2:34:5f:f8:2f:
45:78:52:6e:8e:82:67:40:cd:82:6c:92:23:dc:fd:
28:eb:e5:4e:5c:0e:90:f1:7f:07:6e:17:e4:d8:80:
95:93:d3:15:48:bc:76:26:c5:d9:8c:66:48:f8:69:
be:80:b2:73:75:92:96:ec:98:a0:84:1c:d7:52:1f:
fa:54:4b:e7:e4:4c:56:21:31:84:48:dd:a8:82:2a:
0f:e6:c7:36:1c:54:63:26:48:23:a9:dc:5e:a8:af:
9d:f4:db:4b:e3:c6:c0:ae:34:b9:62:98:af:b3:66:
b0:e2:e5:ce:3c:2d:9e:09:23:72:6e:14:1a:f6:c2:
bf:5f:62:76:d7:bf:6e:fc:d7:1b:a9:a9:e1:a3:25:
b4:1f:dd:4a:1a:e2:52:b4:6d:1c:6f:e6:62:d0:5d:
b8:54:f1:79:c9:c6:7d:5e:ea:ed:0d:6a:83:fa:4a:
fe:24:ff:36:7b:dd:77:9c:2e:56:ed:e0:67:b7:00:
e8:b1:f8:6a:a1:4e:24:72:78:18:69:66:c0:6a:17:
bd:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:1F:14:8E:50:22:77:A7:4C:6F:21:B5:9C:92:E2:07:58:8E:43:6E
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6h8UjlAid6dMbyG1nJLiB1iOQ24.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.113.0/24
88.151.58.0/24
88.151.61.0/24
88.209.194.0/23
88.209.209.0/24
88.209.211.0/24
88.209.216.0/24
88.209.221.0/24
88.209.224.0/23
88.209.248.0/23
178.210.236.0/24
Signature Algorithm: sha256WithRSAEncryption
af:5b:01:ea:92:9d:eb:8c:73:71:b9:8f:57:5b:31:1e:0f:f9:
2d:cb:4d:e0:61:41:29:62:1d:56:ec:f1:96:52:27:9a:82:4b:
2b:33:87:c5:b6:c6:1e:a9:71:ca:f1:21:df:c0:fd:33:f8:34:
f3:16:5e:a2:a2:38:be:9a:f0:85:4d:26:17:48:00:86:03:b3:
a0:a9:84:f9:39:b4:e9:aa:1a:fc:1f:2b:ad:1f:08:66:87:a3:
33:95:e8:fd:49:af:eb:21:98:20:05:a2:17:04:10:c4:96:6c:
1f:dc:48:16:fc:e2:5f:65:46:62:38:30:84:bb:f5:fb:59:d3:
3f:14:11:1b:d8:1f:2e:d0:79:e6:38:af:6c:11:7b:42:e0:63:
00:f2:dc:47:9b:58:43:6a:89:92:fd:77:33:d7:5c:8c:9f:12:
8b:24:0f:ee:42:d3:e2:8c:3f:41:c5:8b:38:d9:a0:d6:51:3f:
5e:67:d4:88:a1:24:69:24:e2:89:8b:a8:f0:19:05:0d:29:eb:
c3:06:ab:a7:9c:1b:30:48:cf:1e:6e:8f:fb:40:e8:fd:f0:25:
7e:b2:02:19:bb:5b:ef:31:11:74:eb:43:76:fc:1b:00:c0:71:
e1:c5:ae:db:8e:e4:6c:96:70:47:aa:7a:af:84:fb:cb:20:dd:
f6:fd:8a:24
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYgAimPA7ZZPmz6u0t/IGiBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTA5MTI0NDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTFmMTQ4ZTUwMjI3N2E3NGM2ZjIxYjU5YzkyZTIwNzU4OGU0MzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9UkP8d+erKuoh8p3ag7HP2iLSty
xCBx3MR4f69vIDMr4U7kclAKDcQgP6MuB9WQpPB6RVxb8jRf+C9FeFJujoJnQM2C
bJIj3P0o6+VOXA6Q8X8Hbhfk2ICVk9MVSLx2JsXZjGZI+Gm+gLJzdZKW7JighBzX
Uh/6VEvn5ExWITGESN2ogioP5sc2HFRjJkgjqdxeqK+d9NtL48bArjS5Ypivs2aw
4uXOPC2eCSNybhQa9sK/X2J2179u/NcbqanhoyW0H91KGuJStG0cb+Zi0F24VPF5
ycZ9XurtDWqD+kr+JP82e913nC5W7eBntwDosfhqoU4kcngYaWbAahe9+QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFOofFI5QInenTG8htZyS4gdYjkNuMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNmg4VWpsQWlkNmRNYnlHMW5KTGlCMWlPUTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABbZxAwQA
WJc6AwQAWJc9AwQBWNHCAwQAWNHRAwQAWNHTAwQAWNHYAwQAWNHdAwQBWNHgAwQB
WNH4AwQAstLsMA0GCSqGSIb3DQEBCwUAA4IBAQCvWwHqkp3rjHNxuY9XWzEeD/kt
y03gYUEpYh1W7PGWUieagksrM4fFtsYeqXHK8SHfwP0z+DTzFl6ioji+mvCFTSYX
SACGA7OgqYT5ObTpqhr8HyutHwhmh6Mzlej9Sa/rIZggBaIXBBDElmwf3EgW/OJf
ZUZiODCEu/X7WdM/FBEb2B8u0HnmOK9sEXtC4GMA8txHm1hDaomS/Xcz11yMnxKL
JA/uQtPijD9BxYs42aDWUT9eZ9SIoSRpJOKJi6jwGQUNKevDBqunnBswSM8ebo/7
QOj98CV+sgIZu1vvMRF060N2/BsAwHHhxa7bjuRslnBHqnqvhPvLIN32/Yok
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org