Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Hk4sfuKktoIE7HQPeHJzSZCSjpU.roa
File: Hk4sfuKktoIE7HQPeHJzSZCSjpU.roa (raw, json)
Hash identifier: EtagWEJnNsf4rkh2lCeQBhUGPN1OPlKUQ7zJ0laIjXI=
Subject key identifier: 1E:4E:2C:7E:E2:A4:B6:82:04:EC:74:0F:78:72:73:49:90:92:8E:95
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018CDD95C130DE24BF0C346DAB2FB501E438
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Hk4sfuKktoIE7HQPeHJzSZCSjpU.roa
Signing time: Sat 06 Jan 2024 07:03:48 +0000
ROA not before: Sat 06 Jan 2024 07:03:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
178.210.231.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.62.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:dd:95:c1:30:de:24:bf:0c:34:6d:ab:2f:b5:01:e4:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 6 07:03:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1e4e2c7ee2a4b68204ec740f7872734990928e95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:0c:e3:f3:85:c8:75:e7:dc:cc:8d:54:4d:16:
8b:17:5c:95:5a:a3:ba:99:ef:9e:06:4d:56:a6:b5:
54:66:71:82:a0:af:22:16:0c:79:3b:f1:9d:61:25:
93:84:cd:42:4e:f3:da:8d:94:df:28:fa:f6:11:93:
c9:09:c4:c1:71:5e:1d:eb:30:1b:f0:f9:b8:92:5f:
f6:e0:e2:f6:be:04:92:bd:0a:59:c2:92:74:50:50:
ee:9d:6e:49:47:f0:c5:5e:67:ba:ce:cf:f0:ee:87:
d1:30:51:8e:50:fe:98:6b:3a:1a:d7:ec:10:ad:0e:
ca:e9:23:c5:89:32:fb:e5:f3:59:99:bd:c4:ab:ec:
cb:df:38:c4:e7:12:18:0b:a8:ba:68:29:25:6f:45:
7e:89:a2:bc:fa:73:8a:8b:fd:04:99:33:cd:8d:66:
65:07:a5:f3:83:19:90:52:4a:a2:b4:4a:4e:04:1c:
99:e0:24:ed:13:f1:95:a1:7a:50:97:71:55:c4:97:
a3:1d:39:09:58:83:5a:c1:c9:2a:01:07:6d:b6:16:
6a:3e:e3:83:98:f9:6e:bd:8f:22:52:80:1c:27:ab:
b0:57:25:f3:37:97:b9:5b:d4:4c:86:7f:12:77:ab:
c0:4f:77:fa:84:55:84:6a:bf:2a:66:f6:7f:e1:ac:
1d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:4E:2C:7E:E2:A4:B6:82:04:EC:74:0F:78:72:73:49:90:92:8E:95
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Hk4sfuKktoIE7HQPeHJzSZCSjpU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.151.62.0/24
88.209.211.0/24
88.209.232.0/22
178.210.228.0/24
178.210.230.0/23
Signature Algorithm: sha256WithRSAEncryption
9a:a3:fe:ca:e1:6f:86:8f:3c:48:3b:87:53:d3:e7:93:9d:d4:
b0:ee:9f:91:04:15:7f:87:9b:3d:9c:53:67:fb:a1:09:9a:a8:
90:89:11:e8:88:fa:3a:03:e3:fa:19:94:62:8e:02:11:3b:80:
9d:ae:e9:2f:7a:fe:13:3b:72:65:3b:17:53:c9:37:7f:42:8c:
a3:e2:0f:38:50:5a:88:c8:98:8e:4a:0d:65:2c:d4:44:69:4c:
c1:f5:f0:2b:22:bf:a0:07:89:14:e3:6b:00:6d:0c:78:94:d5:
2d:7f:32:b2:ce:c6:1e:2d:c3:4a:70:6b:81:cd:d3:2e:5a:f2:
c6:bf:d1:72:14:7f:4e:fe:82:59:c3:41:9f:4e:64:a1:29:ad:
a5:70:62:e6:d9:08:32:bf:89:47:ec:5d:15:02:e3:87:69:fb:
b7:a5:57:60:d6:22:6c:cc:42:4c:3a:65:3d:9b:02:1d:60:08:
7d:3e:17:6c:83:71:0d:d1:c2:61:3a:56:df:de:3c:91:8b:0b:
ce:22:e1:33:41:05:54:d3:41:0b:7f:84:97:cc:66:1e:7c:44:
a9:78:9e:9f:23:20:8b:b6:dd:f6:4d:b1:41:32:c9:ca:82:90:
ed:49:84:7d:ea:3b:ca:f6:fc:01:7f:ad:d8:f5:93:e4:eb:9e:
9a:96:0c:72
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzdlcEw3iS/DDRtqy+1AeQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTA2MDcwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRlMmM3ZWUyYTRiNjgyMDRlYzc0MGY3ODcyNzM0OTkwOTI4ZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAzj84XIdefczI1UTRaLF1yVWqO6
me+eBk1WprVUZnGCoK8iFgx5O/GdYSWThM1CTvPajZTfKPr2EZPJCcTBcV4d6zAb
8Pm4kl/24OL2vgSSvQpZwpJ0UFDunW5JR/DFXme6zs/w7ofRMFGOUP6Yazoa1+wQ
rQ7K6SPFiTL75fNZmb3Eq+zL3zjE5xIYC6i6aCklb0V+iaK8+nOKi/0EmTPNjWZl
B6XzgxmQUkqitEpOBByZ4CTtE/GVoXpQl3FVxJejHTkJWINawckqAQdtthZqPuOD
mPluvY8iUoAcJ6uwVyXzN5e5W9RMhn8Sd6vAT3f6hFWEar8qZvZ/4awdfwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFB5OLH7ipLaCBOx0D3hyc0mQko6VMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSGs0c2Z1S2t0b0lFN0hRUGVISnpTWkNTanBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBWJc4AwQA
WJc+AwQAWNHTAwQCWNHoAwQAstLkAwQBstLmMA0GCSqGSIb3DQEBCwUAA4IBAQCa
o/7K4W+GjzxIO4dT0+eTndSw7p+RBBV/h5s9nFNn+6EJmqiQiRHoiPo6A+P6GZRi
jgIRO4Cdrukvev4TO3JlOxdTyTd/Qoyj4g84UFqIyJiOSg1lLNREaUzB9fArIr+g
B4kU42sAbQx4lNUtfzKyzsYeLcNKcGuBzdMuWvLGv9FyFH9O/oJZw0GfTmShKa2l
cGLm2Qgyv4lH7F0VAuOHafu3pVdg1iJszEJMOmU9mwIdYAh9Phdsg3EN0cJhOlbf
3jyRiwvOIuEzQQVU00ELf4SXzGYefESpeJ6fIyCLtt32TbFBMsnKgpDtSYR96jvK
9vwBf63Y9ZPk656algxy
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org