Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DZKdO8tKnMr6QrhVRy6VRAuvAYI.roa
File: DZKdO8tKnMr6QrhVRy6VRAuvAYI.roa (raw, json)
Hash identifier: Mui6Hv8QHzIzkCHXHs9yeLifVzrYnvgGntsadauxRSg=
Subject key identifier: 0D:92:9D:3B:CB:4A:9C:CA:FA:42:B8:55:47:2E:95:44:0B:AF:01:82
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018249C2E50FCE7D74567CECA235385B3D8D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DZKdO8tKnMr6QrhVRy6VRAuvAYI.roa
Signing time: Fri 29 Jul 2022 11:41:25 +0000
ROA not before: Fri 29 Jul 2022 11:41:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42864
IP address blocks: 88.209.231.0/24 maxlen: 24
88.209.227.0/24 maxlen: 24
83.137.159.0/24 maxlen: 24
45.9.171.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
178.210.236.0/24 maxlen: 24
77.242.144.0/20 maxlen: 20
88.209.192.0/21 maxlen: 24
88.209.208.0/20 maxlen: 24
88.209.226.0/24 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.224.0/24 maxlen: 24
88.151.60.0/22 maxlen: 22
45.14.10.0/24 maxlen: 24
45.14.9.0/24 maxlen: 24
45.14.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:49:c2:e5:0f:ce:7d:74:56:7c:ec:a2:35:38:5b:3d:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 29 11:41:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0d929d3bcb4a9ccafa42b855472e95440baf0182
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:96:3a:1a:1f:a0:8d:15:1a:6d:24:9d:0a:e2:
d8:96:6c:71:e3:31:30:f3:c3:db:10:e4:a1:49:18:
6d:cc:dc:d5:78:06:aa:03:13:cc:d9:fd:a3:aa:cf:
f0:bd:55:30:84:fd:0d:b2:98:26:10:74:d8:07:ec:
fd:8d:c6:9e:99:36:01:7a:81:71:02:3d:62:39:c6:
9a:e0:bf:1a:56:ba:b7:b7:cc:e3:c3:ba:b9:e5:77:
3e:cf:5a:ca:ff:97:e2:a8:35:bd:29:25:ec:d2:e0:
46:59:6f:61:62:5b:6a:ee:03:67:e2:e7:2b:00:e7:
97:8b:99:23:cc:43:3c:d7:6b:b2:26:fd:42:5a:ad:
61:c7:bd:a2:f0:8c:5c:a5:96:ec:0e:31:a1:02:be:
b9:60:8a:6d:a1:ab:64:c9:ef:c8:a5:a0:28:a6:80:
51:28:cf:bb:3e:55:ca:26:44:d0:07:2b:a6:a7:b7:
b3:97:8d:8a:d4:30:7d:32:c3:bc:4d:02:a1:6a:00:
7a:ec:97:37:ec:98:51:74:21:17:dc:68:da:1f:37:
cc:c4:4d:23:38:e3:50:85:8d:31:46:22:79:70:31:
26:6e:20:98:db:d3:73:7a:c2:24:4d:70:ae:72:af:
0a:26:c5:88:74:32:2f:d5:25:93:c5:1d:5b:ff:65:
53:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:92:9D:3B:CB:4A:9C:CA:FA:42:B8:55:47:2E:95:44:0B:AF:01:82
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DZKdO8tKnMr6QrhVRy6VRAuvAYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.8.0-45.14.10.255
77.242.144.0/20
83.137.159.0/24
88.151.60.0/22
88.209.192.0/21
88.209.208.0-88.209.227.255
88.209.231.0/24
178.210.236.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:0f:9c:39:de:29:19:5c:a5:20:8d:20:a3:90:73:2d:7f:b5:
60:30:96:ae:87:fd:93:23:b2:fa:2e:86:94:78:26:5b:35:9a:
b2:81:b5:81:ee:cd:d0:26:5f:dd:61:45:6f:8e:e3:f9:37:e4:
b8:96:e0:78:28:be:df:c8:e5:ad:54:d2:51:51:ad:02:00:69:
2d:97:ea:38:8a:4d:45:01:81:f5:d2:cb:97:83:5f:4b:8f:0d:
ba:fd:be:94:af:f3:37:e2:f1:0e:8c:de:13:9d:3e:b7:5d:10:
cc:00:f7:3e:20:06:b8:83:24:c5:15:f7:03:51:3e:d0:b0:ea:
26:bc:cc:21:d9:da:ad:03:4a:e7:4f:8f:59:f2:2d:7d:4f:02:
a5:a0:c0:bf:82:4b:9a:96:00:8a:74:b8:67:87:93:d1:01:b9:
17:35:17:34:7c:11:70:02:61:fd:4c:08:cc:01:9c:20:83:7a:
bc:5d:af:66:50:c3:17:0c:b7:f8:6c:17:46:b6:95:29:3b:23:
cd:7c:1b:1a:02:46:4e:ba:e4:93:6b:44:8f:9a:91:50:d5:8d:
7d:7c:9f:50:ed:c8:7f:1f:c8:8e:03:2d:dd:89:13:ba:51:2e:
eb:aa:c9:a5:d8:0f:d7:c6:96:08:91:cc:c8:25:24:7d:1a:e9:
ce:aa:d0:11
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYJJwuUPzn10VnzsojU4Wz2NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzI5MTE0MTI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDkyOWQzYmNiNGE5Y2NhZmE0MmI4NTU0NzJlOTU0NDBiYWYwMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZY6Gh+gjRUabSSdCuLYlmxx4zEw
88PbEOShSRhtzNzVeAaqAxPM2f2jqs/wvVUwhP0NspgmEHTYB+z9jcaemTYBeoFx
Aj1iOcaa4L8aVrq3t8zjw7q55Xc+z1rK/5fiqDW9KSXs0uBGWW9hYltq7gNn4ucr
AOeXi5kjzEM812uyJv1CWq1hx72i8IxcpZbsDjGhAr65YIptoatkye/IpaAopoBR
KM+7PlXKJkTQByump7ezl42K1DB9MsO8TQKhagB67Jc37JhRdCEX3GjaHzfMxE0j
OONQhY0xRiJ5cDEmbiCY29NzesIkTXCucq8KJsWIdDIv1SWTxR1b/2VThQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFA2SnTvLSpzK+kK4VUculUQLrwGCMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRFpLZE84dEtuTXI2UXJoVlJ5NlZSQXV2QVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBAAtCakD
BAItCagwDAMEAy0OCAMEAC0OCgMEBE3ykAMEAFOJnwMEAliXPAMEA1jRwDAMAwQE
WNHQAwQCWNHgAwQAWNHnAwQAstLsMA0GCSqGSIb3DQEBCwUAA4IBAQBrD5w53ikZ
XKUgjSCjkHMtf7VgMJauh/2TI7L6LoaUeCZbNZqygbWB7s3QJl/dYUVvjuP5N+S4
luB4KL7fyOWtVNJRUa0CAGktl+o4ik1FAYH10suXg19Ljw26/b6Ur/M34vEOjN4T
nT63XRDMAPc+IAa4gyTFFfcDUT7QsOomvMwh2dqtA0rnT49Z8i19TwKloMC/gkua
lgCKdLhnh5PRAbkXNRc0fBFwAmH9TAjMAZwgg3q8Xa9mUMMXDLf4bBdGtpUpOyPN
fBsaAkZOuuSTa0SPmpFQ1Y19fJ9Q7ch/H8iOAy3diRO6US7rqsml2A/XxpYIkczI
JSR9GunOqtAR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org