Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/GazpK9ac9s8WOAwIRCBBOEKj4iI.roa
File: GazpK9ac9s8WOAwIRCBBOEKj4iI.roa (raw, json)
Hash identifier: D68NG/UBq8suMLSwSXxGbKr8DdWIkxyVFnF+Pd78XuQ=
Subject key identifier: 19:AC:E9:2B:D6:9C:F6:CF:16:38:0C:08:44:20:41:38:42:A3:E2:22
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018B8047A73930F1B47983B36B557A97BEE7
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/GazpK9ac9s8WOAwIRCBBOEKj4iI.roa
Signing time: Mon 30 Oct 2023 11:11:01 +0000
ROA not before: Mon 30 Oct 2023 11:11:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
88.209.245.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.62.0/24 maxlen: 24
88.209.200.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:80:47:a7:39:30:f1:b4:79:83:b3:6b:55:7a:97:be:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 30 11:11:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=19ace92bd69cf6cf16380c084420413842a3e222
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:36:74:c9:7f:16:81:d3:9b:5a:88:da:5a:c9:
a4:0e:c0:50:2e:32:75:fd:fa:de:59:c2:1c:15:43:
8f:86:9d:c2:5c:50:70:99:c9:49:5b:fa:bc:84:da:
f5:a4:67:8a:ae:0b:b5:e5:8b:76:f0:6d:22:ce:0d:
b1:d2:cf:af:f1:3f:74:8a:a2:33:9e:1a:43:99:04:
0c:54:37:59:30:0e:13:00:dd:05:c3:bc:27:b2:bf:
e7:2f:b9:4e:09:31:ae:40:08:6d:31:97:42:04:f4:
fd:a4:a5:da:31:d6:ce:fe:d0:6a:5c:b0:10:61:a3:
2b:64:1c:95:be:df:f5:dd:33:6f:4c:8b:f0:0f:3b:
8a:82:4e:c4:22:6f:04:0e:2d:95:4a:fd:05:b4:f5:
9a:f1:94:3f:00:ee:a3:f2:6c:2a:c5:0c:39:cf:2e:
62:bc:42:b5:22:a9:c9:69:d7:d8:d8:43:eb:f9:79:
33:f8:5a:07:67:e7:44:44:da:39:47:5a:bc:71:71:
e3:7b:64:a2:f1:1e:62:9e:eb:26:8f:af:dd:91:d7:
af:34:52:49:e3:e1:36:56:64:4d:64:fc:6a:3f:46:
91:8b:a0:02:8b:5b:6f:1d:a5:5a:67:f6:30:a6:59:
64:aa:86:71:70:bd:b1:ea:c9:1a:ac:dd:f9:0f:ee:
b2:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:AC:E9:2B:D6:9C:F6:CF:16:38:0C:08:44:20:41:38:42:A3:E2:22
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/GazpK9ac9s8WOAwIRCBBOEKj4iI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.151.62.0/24
88.209.200.0/24
88.209.211.0/24
88.209.217.0/24
88.209.232.0/22
88.209.245.0/24
178.210.228.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:6d:cd:cf:94:61:da:73:ef:e4:aa:da:8f:26:e2:1a:a0:20:
19:32:f8:51:74:d0:05:89:29:63:3f:6e:e4:9a:f2:48:0f:23:
b8:1d:56:f8:52:16:8c:0e:70:66:12:1c:23:06:b7:aa:9b:d3:
a6:6a:bb:49:21:de:9c:15:92:a1:87:c2:31:0b:9a:08:56:a6:
18:df:b0:7a:38:16:75:57:fe:9b:de:a3:8f:8e:af:91:4c:ec:
f1:04:4f:f3:b6:88:27:43:44:09:8b:c6:0d:42:14:98:ae:3b:
00:51:db:45:78:cf:50:1f:65:fd:d2:99:b1:ad:fb:84:b5:e5:
10:5a:88:4e:46:fd:be:17:37:2e:08:de:fb:35:d6:8b:0d:ce:
e3:fd:97:be:44:ca:0e:9d:e5:49:47:6d:f6:56:2e:f3:05:d5:
51:89:d5:cc:fa:e2:55:54:a8:e4:f6:7f:06:f6:ec:31:81:03:
c6:f9:f1:52:4e:7c:c0:18:70:d1:31:ba:5c:43:d7:49:ee:b4:
00:13:b6:03:81:8d:fb:fb:db:8b:76:e6:68:63:70:f0:e3:83:
07:a8:a9:03:98:20:cf:ae:5f:ba:e3:12:06:91:7f:94:0b:84:
42:5b:ef:a5:13:25:49:4b:19:5f:bd:cc:73:6b:91:ae:32:be:
87:d1:86:0d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYuAR6c5MPG0eYOza1V6l77nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDMwMTExMTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFjZTkyYmQ2OWNmNmNmMTYzODBjMDg0NDIwNDEzODQyYTNlMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzZ0yX8WgdObWojaWsmkDsBQLjJ1
/freWcIcFUOPhp3CXFBwmclJW/q8hNr1pGeKrgu15Yt28G0izg2x0s+v8T90iqIz
nhpDmQQMVDdZMA4TAN0Fw7wnsr/nL7lOCTGuQAhtMZdCBPT9pKXaMdbO/tBqXLAQ
YaMrZByVvt/13TNvTIvwDzuKgk7EIm8EDi2VSv0FtPWa8ZQ/AO6j8mwqxQw5zy5i
vEK1IqnJadfY2EPr+Xkz+FoHZ+dERNo5R1q8cXHje2Si8R5inusmj6/dkdevNFJJ
4+E2VmRNZPxqP0aRi6ACi1tvHaVaZ/YwpllkqoZxcL2x6skarN35D+6y+wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBms6SvWnPbPFjgMCEQgQThCo+IiMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvR2F6cEs5YWM5czhXT0F3SVJDQkJPRUtqNGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQATfKWAwQB
WJc4AwQAWJc+AwQAWNHIAwQAWNHTAwQAWNHZAwQCWNHoAwQAWNH1AwQAstLkAwQA
stL6MA0GCSqGSIb3DQEBCwUAA4IBAQCLbc3PlGHac+/kqtqPJuIaoCAZMvhRdNAF
iSljP27kmvJIDyO4HVb4UhaMDnBmEhwjBreqm9OmartJId6cFZKhh8IxC5oIVqYY
37B6OBZ1V/6b3qOPjq+RTOzxBE/ztognQ0QJi8YNQhSYrjsAUdtFeM9QH2X90pmx
rfuEteUQWohORv2+FzcuCN77NdaLDc7j/Ze+RMoOneVJR232Vi7zBdVRidXM+uJV
VKjk9n8G9uwxgQPG+fFSTnzAGHDRMbpcQ9dJ7rQAE7YDgY37+9uLduZoY3Dw44MH
qKkDmCDPrl+64xIGkX+UC4RCW++lEyVJSxlfvcxza5GuMr6H0YYN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org