Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8R7KbKFeX9hwcKMg5IGT2KKhgnI.roa
File: 8R7KbKFeX9hwcKMg5IGT2KKhgnI.roa (raw, json)
Hash identifier: nRb2MxJV9XYTxlCgict56INPVpiJca0y/lRPXe2oUUM=
Subject key identifier: F1:1E:CA:6C:A1:5E:5F:D8:70:70:A3:20:E4:81:93:D8:A2:A1:82:72
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0188BB6C184A6EDADB45D2098AF98C2C4BA4
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8R7KbKFeX9hwcKMg5IGT2KKhgnI.roa
Signing time: Wed 14 Jun 2023 19:40:03 +0000
ROA not before: Wed 14 Jun 2023 19:40:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211619
IP address blocks: 88.209.228.0/24 maxlen: 24
88.209.239.0/24 maxlen: 24
88.209.236.0/22 maxlen: 22
88.209.246.0/23 maxlen: 23
88.209.253.0/24 maxlen: 24
88.209.254.0/24 maxlen: 24
83.137.159.0/24 maxlen: 24
83.137.156.0/24 maxlen: 24
83.137.157.0/24 maxlen: 24
83.137.158.0/24 maxlen: 24
83.137.153.0/24 maxlen: 24
45.9.168.0/24 maxlen: 24
88.209.206.0/24 maxlen: 24
88.209.219.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
178.210.232.0/24 maxlen: 24
178.210.233.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.234.0/24 maxlen: 24
178.210.235.0/24 maxlen: 24
77.242.152.0/22 maxlen: 24
92.52.217.0/24 maxlen: 24
92.52.218.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
5.182.112.0/24 maxlen: 24
5.182.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:bb:6c:18:4a:6e:da:db:45:d2:09:8a:f9:8c:2c:4b:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jun 14 19:40:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f11eca6ca15e5fd87070a320e48193d8a2a18272
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:29:eb:23:8f:d9:4c:ed:48:88:d6:e9:38:5b:
bc:68:27:5b:a2:7a:e7:cb:64:69:b4:48:94:01:25:
44:b0:69:58:28:87:0b:c2:14:e5:c4:fa:37:04:5d:
47:d8:02:d4:6b:a9:75:a4:ab:45:21:0f:42:8a:ec:
d6:2c:5f:9c:06:6b:71:95:ff:56:5d:c6:6d:ed:30:
bd:1e:e2:58:0e:d4:fe:f8:60:a9:a4:c7:c8:0a:b0:
c2:6d:7f:da:18:62:f0:b7:96:19:79:ad:f0:34:cf:
ce:f0:e7:36:21:58:28:1a:33:ff:d0:5f:a4:7f:fd:
ba:a1:5b:c7:e2:b5:67:9b:b1:3f:ae:21:b3:4f:e7:
b5:aa:9c:31:a9:39:d6:38:50:d1:2d:2c:b5:a4:19:
36:fc:35:66:db:3a:a6:ee:e1:85:16:14:73:77:69:
65:bf:be:60:f1:59:38:af:66:46:c6:ec:f0:4d:ad:
92:5a:29:fd:22:87:23:37:7d:8d:4f:31:32:07:e3:
0e:a3:6c:ee:b0:d6:0a:26:6e:dc:8f:6c:82:77:70:
61:38:66:25:a5:66:ff:f6:40:92:bd:7e:55:12:00:
a3:c1:87:7c:90:3d:44:0f:21:e8:84:bd:36:25:a0:
fa:96:50:93:95:fd:b7:1c:df:65:82:f5:a7:45:b8:
b0:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:1E:CA:6C:A1:5E:5F:D8:70:70:A3:20:E4:81:93:D8:A2:A1:82:72
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8R7KbKFeX9hwcKMg5IGT2KKhgnI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.112.0/24
5.182.115.0/24
45.9.168.0/24
77.242.152.0/22
83.137.153.0/24
83.137.156.0/22
88.151.62.0/24
88.209.206.0/24
88.209.217.0/24
88.209.219.0/24
88.209.228.0/24
88.209.236.0/22
88.209.246.0/23
88.209.253.0-88.209.254.255
92.52.217.0-92.52.218.255
178.210.232.0/22
178.210.237.0/24
194.41.47.0/24
Signature Algorithm: sha256WithRSAEncryption
ba:81:c8:19:ea:46:16:98:44:74:c3:79:f3:8f:8b:25:32:97:
2d:8a:52:b6:da:f2:4c:d0:60:34:bf:c5:6e:8d:5c:5c:ae:2f:
31:cc:a8:d9:cc:7a:b3:6d:52:4d:48:66:22:9f:84:52:19:6a:
52:a9:87:9b:29:db:98:f7:a1:10:59:b9:5f:74:a4:52:d8:cd:
3f:62:c8:b2:e8:d5:a4:6a:73:84:0f:0f:78:8c:5a:e7:b9:93:
17:9c:7d:e9:52:b2:ad:28:af:2d:fc:8b:77:86:bd:0c:ec:67:
2d:34:4c:ac:3e:f1:12:26:55:c4:d0:4d:50:22:2e:2e:fd:a3:
b1:c2:d9:c3:0f:9f:a3:5a:29:c7:ba:5b:d7:77:d7:08:50:17:
43:41:cc:7f:85:0c:eb:49:cf:36:a4:4a:74:d4:c9:b5:6c:f1:
91:19:49:e9:b8:06:4e:77:c0:8c:d6:78:ae:b0:b5:dc:45:e8:
9d:9f:e2:5c:d3:2c:83:6c:a9:86:bc:11:ff:5e:94:af:a3:cf:
17:89:e3:55:1e:e8:7c:e9:5f:84:0b:5a:95:be:7e:c4:e5:86:
b3:35:e7:00:0b:17:e6:f4:d3:d7:fc:45:76:4a:c7:cc:1a:2e:
cc:55:3e:3d:05:27:ca:9c:a3:f8:18:a4:4f:41:99:a9:2f:11:
f4:ae:00:63
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYi7bBhKbtrbRdIJivmMLEukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjE0MTk0MDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTFlY2E2Y2ExNWU1ZmQ4NzA3MGEzMjBlNDgxOTNkOGEyYTE4MjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSnrI4/ZTO1IiNbpOFu8aCdbonrn
y2RptEiUASVEsGlYKIcLwhTlxPo3BF1H2ALUa6l1pKtFIQ9CiuzWLF+cBmtxlf9W
XcZt7TC9HuJYDtT++GCppMfICrDCbX/aGGLwt5YZea3wNM/O8Oc2IVgoGjP/0F+k
f/26oVvH4rVnm7E/riGzT+e1qpwxqTnWOFDRLSy1pBk2/DVm2zqm7uGFFhRzd2ll
v75g8Vk4r2ZGxuzwTa2SWin9IocjN32NTzEyB+MOo2zusNYKJm7cj2yCd3BhOGYl
pWb/9kCSvX5VEgCjwYd8kD1EDyHohL02JaD6llCTlf23HN9lgvWnRbiwhQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFPEeymyhXl/YcHCjIOSBk9iioYJyMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvOFI3S2JLRmVYOWh3Y0tNZzVJR1QyS0toZ25JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAAW2
cAMEAAW2cwMEAC0JqAMEAk3ymAMEAFOJmQMEAlOJnAMEAFiXPgMEAFjRzgMEAFjR
2QMEAFjR2wMEAFjR5AMEAljR7AMEAVjR9jAMAwQAWNH9AwQAWNH+MAwDBABcNNkD
BABcNNoDBAKy0ugDBACy0u0DBADCKS8wDQYJKoZIhvcNAQELBQADggEBALqByBnq
RhaYRHTDefOPiyUyly2KUrba8kzQYDS/xW6NXFyuLzHMqNnMerNtUk1IZiKfhFIZ
alKph5sp25j3oRBZuV90pFLYzT9iyLLo1aRqc4QPD3iMWue5kxecfelSsq0ory38
i3eGvQzsZy00TKw+8RImVcTQTVAiLi79o7HC2cMPn6NaKce6W9d31whQF0NBzH+F
DOtJzzakSnTUybVs8ZEZSem4Bk53wIzWeK6wtdxF6J2f4lzTLINsqYa8Ef9elK+j
zxeJ41Ue6HzpX4QLWpW+fsTlhrM15wALF+b009f8RXZKx8waLsxVPj0FJ8qco/gY
pE9BmakvEfSuAGM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org