Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DYHCOjwx92vDNPoaCzD5UccJqPE.roa
File: DYHCOjwx92vDNPoaCzD5UccJqPE.roa (raw, json)
Hash identifier: mcZgge93WVbnTVOhJlun4zUTMW8YQyH0IYyIMikjZVQ=
Subject key identifier: 0D:81:C2:3A:3C:31:F7:6B:C3:34:FA:1A:0B:30:F9:51:C7:09:A8:F1
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018576C68EE7EB75FE026F9FA0F0A9E7B9A6
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DYHCOjwx92vDNPoaCzD5UccJqPE.roa
Signing time: Tue 03 Jan 2023 08:36:42 +0000
ROA not before: Tue 03 Jan 2023 08:36:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 178.210.252.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:76:c6:8e:e7:eb:75:fe:02:6f:9f:a0:f0:a9:e7:b9:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 3 08:36:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0d81c23a3c31f76bc334fa1a0b30f951c709a8f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:cd:02:68:ba:f8:44:24:73:ee:9d:ee:e7:aa:
60:b1:89:6b:32:19:7f:0d:e0:6d:2a:44:33:b9:9b:
cf:c4:8b:cf:9c:cb:8f:f8:89:c1:22:36:4a:ce:5f:
44:e3:80:5e:10:40:a3:68:45:05:76:84:d0:39:53:
c0:da:6d:fa:01:2d:67:74:d0:b2:22:0c:36:c5:f5:
db:e6:62:2f:55:05:99:7f:3f:cf:35:7a:d8:5e:32:
b8:53:28:03:50:6d:39:2c:3d:da:87:99:46:7b:5e:
cb:40:0c:cf:dc:d7:af:e6:0d:59:7f:f3:5d:35:38:
d6:a3:b2:2b:ff:15:d3:9d:1d:62:42:3f:09:f8:a4:
22:0c:ea:43:86:0a:13:f5:82:79:d1:6c:a3:fa:b5:
7e:5c:b2:08:fd:56:f3:84:ff:83:1c:8e:a9:1e:d6:
27:4c:84:fe:fe:f7:a7:46:31:9b:c4:b4:a9:6c:27:
c8:0a:fa:82:34:02:5b:b5:c2:3c:64:3f:06:58:f8:
52:6a:9d:e3:0c:f7:a6:dd:58:95:5f:1e:b5:e0:42:
77:f9:17:8f:2e:73:a8:97:a8:90:ac:89:7b:4a:37:
53:cb:f5:f0:d4:f3:07:28:0b:5b:19:06:66:0f:24:
60:77:b9:5c:0c:4e:87:8d:19:68:76:6a:47:1b:bc:
52:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:81:C2:3A:3C:31:F7:6B:C3:34:FA:1A:0B:30:F9:51:C7:09:A8:F1
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DYHCOjwx92vDNPoaCzD5UccJqPE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.226.0/24
178.210.252.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:85:14:04:b4:a9:91:80:a7:93:19:69:ba:8c:06:53:1f:ed:
6c:fd:8e:0f:09:82:1d:12:51:97:42:cf:21:ac:ef:a4:17:67:
80:dc:41:5a:ce:d2:e1:80:a2:4d:d6:67:63:de:23:73:7d:f5:
d6:6f:21:6a:01:c0:8a:b5:49:00:63:0b:6d:e8:e5:1e:39:9d:
96:57:e5:9d:67:d6:7c:37:24:f7:20:59:21:6f:f9:15:44:84:
7d:c6:b5:bc:46:e8:77:68:54:c5:15:89:45:fb:be:d3:24:92:
2f:c1:71:49:16:03:e7:65:f9:ee:c6:eb:9a:fe:cb:72:c7:f1:
24:50:b9:bf:39:ea:c7:65:df:b1:73:57:77:fb:33:3e:ab:0b:
ca:66:0b:1f:6a:88:0c:7e:82:01:8e:42:2e:14:4d:6e:15:c1:
7c:d5:24:7a:d4:33:fe:63:40:df:a7:e9:72:30:3c:03:de:23:
e0:ce:db:bf:b1:f7:71:e6:ef:de:7c:53:5a:77:c2:78:ba:60:
50:89:6e:36:ba:5b:8c:5f:e0:aa:cb:d5:37:72:d9:09:69:52:
53:ac:cb:59:f3:dc:a5:28:46:d2:1e:bd:69:28:64:d7:b8:1a:
dc:24:74:24:68:db:1b:a6:bb:dc:b0:39:8b:b3:91:85:00:fc:
bd:df:8f:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYV2xo7n63X+Am+foPCp57mmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwMTAzMDgzNjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDgxYzIzYTNjMzFmNzZiYzMzNGZhMWEwYjMwZjk1MWM3MDlhOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis0CaLr4RCRz7p3u56pgsYlrMhl/
DeBtKkQzuZvPxIvPnMuP+InBIjZKzl9E44BeEECjaEUFdoTQOVPA2m36AS1ndNCy
Igw2xfXb5mIvVQWZfz/PNXrYXjK4UygDUG05LD3ah5lGe17LQAzP3Nev5g1Zf/Nd
NTjWo7Ir/xXTnR1iQj8J+KQiDOpDhgoT9YJ50Wyj+rV+XLII/VbzhP+DHI6pHtYn
TIT+/venRjGbxLSpbCfICvqCNAJbtcI8ZD8GWPhSap3jDPem3ViVXx614EJ3+ReP
LnOol6iQrIl7SjdTy/Xw1PMHKAtbGQZmDyRgd7lcDE6HjRlodmpHG7xSTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA2Bwjo8MfdrwzT6Ggsw+VHHCajxMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRFlIQ09qd3g5MnZETlBvYUN6RDVVY2NKcVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNHiAwQA
stL8MA0GCSqGSIb3DQEBCwUAA4IBAQA8hRQEtKmRgKeTGWm6jAZTH+1s/Y4PCYId
ElGXQs8hrO+kF2eA3EFaztLhgKJN1mdj3iNzffXWbyFqAcCKtUkAYwtt6OUeOZ2W
V+WdZ9Z8NyT3IFkhb/kVRIR9xrW8Ruh3aFTFFYlF+77TJJIvwXFJFgPnZfnuxuua
/styx/EkULm/OerHZd+xc1d3+zM+qwvKZgsfaogMfoIBjkIuFE1uFcF81SR61DP+
Y0Dfp+lyMDwD3iPgztu/sfdx5u/efFNad8J4umBQiW42uluMX+Cqy9U3ctkJaVJT
rMtZ89ylKEbSHr1pKGTXuBrcJHQkaNsbprvcsDmLs5GFAPy934/d
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org