Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7IOr7ykrfGSmuP8BQbPiasiRdcw.roa
File: 7IOr7ykrfGSmuP8BQbPiasiRdcw.roa (raw, json)
Hash identifier: ATZbrUdogHXZN/WbbcGrv58Uc6GqDAKVb/ybcWVAjko=
Subject key identifier: EC:83:AB:EF:29:2B:7C:64:A6:B8:FF:01:41:B3:E2:6A:C8:91:75:CC
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01885CD3CE1DCD95CF2788D2B4B61708848A
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7IOr7ykrfGSmuP8BQbPiasiRdcw.roa
Signing time: Sat 27 May 2023 10:49:24 +0000
ROA not before: Sat 27 May 2023 10:49:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42864
IP address blocks: 178.248.200.0/21 maxlen: 21
45.9.171.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
88.209.196.0/24 maxlen: 24
88.209.193.0/24 maxlen: 24
88.209.208.0/24 maxlen: 24
88.209.213.0/24 maxlen: 24
88.209.212.0/24 maxlen: 24
88.209.210.0/24 maxlen: 24
88.209.215.0/24 maxlen: 24
88.209.214.0/24 maxlen: 24
178.210.224.0/22 maxlen: 24
193.138.125.0/24 maxlen: 24
77.242.144.0/22 maxlen: 24
77.242.151.0/24 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.156.0/24 maxlen: 24
92.52.219.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
45.14.11.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.8.0/24 maxlen: 24
92.52.212.0/22 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.209.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
2a00:1f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:5c:d3:ce:1d:cd:95:cf:27:88:d2:b4:b6:17:08:84:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: May 27 10:49:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ec83abef292b7c64a6b8ff0141b3e26ac89175cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:fd:2d:c6:65:c7:df:80:23:59:60:1f:93:bc:
e9:50:9b:df:63:96:b9:42:80:93:78:19:c6:0d:9e:
6e:3f:80:3a:5f:7c:5d:d8:b7:ff:d4:00:90:17:ba:
bf:d7:b4:e5:0b:f1:54:0a:e8:d1:5f:6b:6d:3f:52:
fd:e7:0d:7e:a6:c9:39:27:dc:b0:ab:1c:36:f6:60:
d0:f2:b7:ee:c7:ae:da:9e:60:08:f0:dc:d8:5e:7f:
09:ad:4b:8c:8d:b1:38:bd:b4:05:11:eb:69:7a:d4:
6a:70:d6:14:92:2d:d2:e1:dc:4f:3e:90:70:38:ec:
c7:29:41:72:a8:b0:c3:e7:6a:c6:3c:37:d8:a6:93:
2c:5c:2b:e3:1f:97:6b:86:0a:2b:4d:8c:d6:c8:9e:
3c:26:28:d7:bf:a8:07:9f:dc:e8:f6:33:88:56:ab:
ee:c1:58:b0:fd:02:68:5b:0b:69:dc:19:63:02:9d:
7d:59:4a:82:67:8e:fb:0c:8a:a6:e9:3f:9d:03:b1:
70:6a:41:32:07:c1:7a:fe:3a:47:ba:75:38:0c:0a:
cd:c7:e7:0f:45:b6:1e:26:38:75:3a:40:61:1f:4b:
4d:95:77:44:68:3e:b2:4f:ad:9b:ee:e1:e5:fb:68:
54:cd:69:bb:7a:dd:63:ef:98:d8:9b:40:d6:d7:00:
d6:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:83:AB:EF:29:2B:7C:64:A6:B8:FF:01:41:B3:E2:6A:C8:91:75:CC
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7IOr7ykrfGSmuP8BQbPiasiRdcw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.8.0/24
45.14.10.0/23
45.88.93.0/24
77.242.144.0-77.242.148.255
77.242.151.0/24
77.242.156.0/24
88.209.193.0/24
88.209.196.0/24
88.209.208.0/24
88.209.210.0/24
88.209.212.0/22
92.52.208.0/21
92.52.219.0/24
178.210.224.0/22
178.248.200.0/21
193.138.125.0/24
IPv6:
2a00:1f40::/29
Signature Algorithm: sha256WithRSAEncryption
01:a0:d3:be:b4:40:da:43:da:9f:2b:84:f6:08:3f:f4:67:1c:
ee:e4:ed:35:f6:96:ba:b1:49:8b:f2:ff:41:17:ab:1d:50:f3:
32:64:ca:bb:59:77:95:d6:54:d4:2e:8d:73:d7:49:26:64:14:
36:56:f3:f6:2b:18:15:b9:e1:d0:1a:2a:3e:b8:33:69:64:31:
e6:b1:29:6f:40:ed:01:44:5e:35:a9:89:41:c2:19:21:5f:dd:
b1:2e:40:47:9a:06:1c:17:93:1e:4b:96:df:36:2f:e9:00:fd:
32:e2:6e:08:c2:61:10:08:96:87:c3:01:5c:05:b1:2c:fb:4d:
09:ee:4b:d0:3b:82:ff:82:25:21:60:63:86:42:2b:d7:17:46:
7d:b7:49:ec:35:5c:b2:ec:46:53:7b:cd:57:cc:bd:88:24:22:
4a:93:d2:07:d3:f3:8d:0e:2b:df:1c:cd:00:3d:97:fc:c9:75:
a7:e3:1d:4b:5b:5a:ea:7b:53:b6:db:cf:dd:6d:69:ae:dc:db:
ab:08:63:c4:21:c0:d8:c5:f2:c9:46:63:6c:37:8d:3b:ac:d9:
37:12:7d:da:37:28:5a:bd:ca:96:1b:3e:c7:38:d0:17:dd:8a:
0e:4a:74:15:80:7d:48:b0:91:2f:60:5e:bd:f6:53:3b:c1:7d:
42:31:35:46
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgISAYhc084dzZXPJ4jStLYXCISKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTI3MTA0OTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzgzYWJlZjI5MmI3YzY0YTZiOGZmMDE0MWIzZTI2YWM4OTE3NWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP0txmXH34AjWWAfk7zpUJvfY5a5
QoCTeBnGDZ5uP4A6X3xd2Lf/1ACQF7q/17TlC/FUCujRX2ttP1L95w1+psk5J9yw
qxw29mDQ8rfux67anmAI8NzYXn8JrUuMjbE4vbQFEetpetRqcNYUki3S4dxPPpBw
OOzHKUFyqLDD52rGPDfYppMsXCvjH5drhgorTYzWyJ48JijXv6gHn9zo9jOIVqvu
wViw/QJoWwtp3BljAp19WUqCZ477DIqm6T+dA7FwakEyB8F6/jpHunU4DArNx+cP
RbYeJjh1OkBhH0tNlXdEaD6yT62b7uHl+2hUzWm7et1j75jYm0DW1wDWgQIDAQAB
o4ICizCCAocwHQYDVR0OBBYEFOyDq+8pK3xkprj/AUGz4mrIkXXMMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN0lPcjd5a3JmR1NtdVA4QlFiUGlhc2lSZGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGgBggrBgEFBQcBBwEB/wSBkDCBjTB8BAIAATB2MAwDBAAt
CakDBAItCagDBAAtDggDBAEtDgoDBAAtWF0wDAMEBE3ykAMEAE3ylAMEAE3ylwME
AE3ynAMEAFjRwQMEAFjRxAMEAFjR0AMEAFjR0gMEAljR1AMEA1w00AMEAFw02wME
ArLS4AMEA7L4yAMEAMGKfTANBAIAAjAHAwUDKgAfQDANBgkqhkiG9w0BAQsFAAOC
AQEAAaDTvrRA2kPanyuE9gg/9Gcc7uTtNfaWurFJi/L/QRerHVDzMmTKu1l3ldZU
1C6Nc9dJJmQUNlbz9isYFbnh0BoqPrgzaWQx5rEpb0DtAUReNamJQcIZIV/dsS5A
R5oGHBeTHkuW3zYv6QD9MuJuCMJhEAiWh8MBXAWxLPtNCe5L0DuC/4IlIWBjhkIr
1xdGfbdJ7DVcsuxGU3vNV8y9iCQiSpPSB9PzjQ4r3xzNAD2X/Ml1p+MdS1ta6ntT
ttvP3W1prtzbqwhjxCHA2MXyyUZjbDeNO6zZNxJ92jcoWr3Klhs+xzjQF92KDkp0
FYB9SLCRL2BevfZTO8F9QjE1Rg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org