Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7xa75u75i6BQNc8H0v9lsGOoViM.roa
File: 7xa75u75i6BQNc8H0v9lsGOoViM.roa (raw, json)
Hash identifier: +iuzfJ4kVI8W/UwoIHunzUVFAqr9N5RoZJF1c1qEvy0=
Subject key identifier: EF:16:BB:E6:EE:F9:8B:A0:50:35:CF:07:D2:FF:65:B0:63:A8:56:23
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0181F78445FE344FB1EE1EE1C9C14B7A9799
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7xa75u75i6BQNc8H0v9lsGOoViM.roa
Signing time: Wed 13 Jul 2022 12:24:09 +0000
ROA not before: Wed 13 Jul 2022 12:24:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42864
IP address blocks: 88.209.228.0/24 maxlen: 24
178.210.236.0/24 maxlen: 24
88.209.192.0/21 maxlen: 24
88.209.208.0/20 maxlen: 24
88.209.226.0/24 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.224.0/21 maxlen: 21
88.209.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:f7:84:45:fe:34:4f:b1:ee:1e:e1:c9:c1:4b:7a:97:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 13 12:24:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ef16bbe6eef98ba05035cf07d2ff65b063a85623
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:da:75:35:b7:14:5d:3e:91:0f:fe:2a:86:12:
24:d7:56:fa:3d:a7:e2:9b:cf:17:34:23:07:7f:bd:
eb:ab:e6:9f:02:83:e1:b0:aa:37:1a:64:de:c7:14:
99:1d:99:9e:4e:3a:38:60:5b:8b:60:85:c0:90:da:
50:81:37:2b:1e:f7:49:2c:cf:ce:f1:cf:a6:45:45:
00:e2:86:e7:29:7b:e0:ad:9e:70:95:61:22:bc:fa:
ed:22:63:b9:3d:00:fc:f8:59:f9:c7:00:cf:51:b2:
52:be:d1:94:89:00:b2:b2:4b:b6:29:63:53:57:44:
19:30:ed:e8:9b:0a:c1:8d:b6:c9:24:71:96:28:c8:
59:30:07:14:5b:d0:90:c8:22:1c:09:55:f9:16:42:
a6:6b:83:fe:39:2f:67:ab:22:2c:fe:fd:6a:a8:03:
f1:2d:5f:79:42:67:9e:48:37:32:e4:a2:39:54:b6:
7d:c3:0e:06:1b:e0:25:f8:89:0a:6e:ba:30:fd:3b:
89:1d:54:25:e1:2a:c5:ad:7f:a4:6c:65:d2:c9:d2:
8d:d3:aa:84:ce:5c:60:3a:1b:09:b6:41:a1:a0:65:
d5:55:3a:9f:7f:6d:b5:a5:55:10:d6:2c:4c:c5:cd:
c6:b3:ab:b2:5c:36:21:bc:c8:7d:73:a1:8f:5c:be:
63:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:16:BB:E6:EE:F9:8B:A0:50:35:CF:07:D2:FF:65:B0:63:A8:56:23
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7xa75u75i6BQNc8H0v9lsGOoViM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.192.0/21
88.209.208.0-88.209.231.255
178.210.236.0/24
Signature Algorithm: sha256WithRSAEncryption
71:48:bd:b8:c6:ed:2e:06:c2:95:1a:e8:5c:d9:5d:50:69:18:
af:f1:77:10:da:df:ae:3c:8b:04:0b:6f:58:ec:16:1f:c0:a7:
d0:d8:22:27:20:45:31:e4:0b:a8:d1:ca:6e:59:9b:35:a8:b5:
15:a7:de:1f:cd:f6:5d:46:26:02:0e:32:0a:c1:93:e3:3b:40:
33:9d:c2:8a:1b:19:7e:e1:1d:b3:a8:c8:d9:84:eb:1d:fe:e5:
0d:78:9d:0c:fc:c9:86:6b:b4:bf:29:14:29:93:f7:58:8f:9f:
b9:2b:e8:02:e4:9b:7f:be:4d:85:ad:d2:f4:94:89:62:03:78:
a7:13:61:72:c7:12:df:15:d7:71:9b:7e:3b:af:1e:07:f3:f5:
ab:97:46:ea:ed:ec:ca:b1:9a:2d:b6:2d:0f:35:fc:95:7a:e6:
36:b6:bc:7f:e9:55:e4:d4:ea:0e:30:1d:70:99:2a:75:0a:26:
ba:7c:cc:da:53:71:ed:08:ca:2d:fe:18:16:42:b4:17:bb:72:
f3:de:bc:8d:17:4e:94:e3:8e:07:90:12:fd:28:73:ad:cb:5f:
70:3a:64:08:59:24:63:f0:16:9e:40:35:56:c8:90:ee:fd:38:
a2:6e:4a:18:f4:21:c7:fb:58:b0:0f:cb:48:78:17:e1:4b:ee:
a3:c2:c1:da
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYH3hEX+NE+x7h7hycFLepeZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzEzMTIyNDA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjE2YmJlNmVlZjk4YmEwNTAzNWNmMDdkMmZmNjViMDYzYTg1NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7tp1NbcUXT6RD/4qhhIk11b6Pafi
m88XNCMHf73rq+afAoPhsKo3GmTexxSZHZmeTjo4YFuLYIXAkNpQgTcrHvdJLM/O
8c+mRUUA4obnKXvgrZ5wlWEivPrtImO5PQD8+Fn5xwDPUbJSvtGUiQCysku2KWNT
V0QZMO3omwrBjbbJJHGWKMhZMAcUW9CQyCIcCVX5FkKma4P+OS9nqyIs/v1qqAPx
LV95QmeeSDcy5KI5VLZ9ww4GG+Al+IkKbrow/TuJHVQl4SrFrX+kbGXSydKN06qE
zlxgOhsJtkGhoGXVVTqff221pVUQ1ixMxc3Gs6uyXDYhvMh9c6GPXL5j8QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFO8Wu+bu+YugUDXPB9L/ZbBjqFYjMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN3hhNzV1NzVpNkJRTmM4SDB2OWxzR09vVmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDWNHAMAwD
BARY0dADBANY0eADBACy0uwwDQYJKoZIhvcNAQELBQADggEBAHFIvbjG7S4GwpUa
6FzZXVBpGK/xdxDa3648iwQLb1jsFh/Ap9DYIicgRTHkC6jRym5ZmzWotRWn3h/N
9l1GJgIOMgrBk+M7QDOdwoobGX7hHbOoyNmE6x3+5Q14nQz8yYZrtL8pFCmT91iP
n7kr6ALkm3++TYWt0vSUiWIDeKcTYXLHEt8V13GbfjuvHgfz9auXRurt7Mqxmi22
LQ81/JV65ja2vH/pVeTU6g4wHXCZKnUKJrp8zNpTce0Iyi3+GBZCtBe7cvPevI0X
TpTjjgeQEv0oc63LX3A6ZAhZJGPwFp5ANVbIkO79OKJuShj0Icf7WLAPy0h4F+FL
7qPCwdo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org