Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/IsuLkl65OMTELf_8iPhOV1K0oEQ.roa
File: IsuLkl65OMTELf_8iPhOV1K0oEQ.roa (raw, json)
Hash identifier: csah9ms8B0l2qt6c4LxtIdCIw0cqeTj20aK7QhDEiBw=
Subject key identifier: 22:CB:8B:92:5E:B9:38:C4:C4:2D:FF:FC:88:F8:4E:57:52:B4:A0:44
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018AC152B4581ED5E06E0CA12D9CCFDF714C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/IsuLkl65OMTELf_8iPhOV1K0oEQ.roa
Signing time: Sat 23 Sep 2023 09:15:37 +0000
ROA not before: Sat 23 Sep 2023 09:15:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.62.0/24 maxlen: 24
88.151.63.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:c1:52:b4:58:1e:d5:e0:6e:0c:a1:2d:9c:cf:df:71:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 23 09:15:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=22cb8b925eb938c4c42dfffc88f84e5752b4a044
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:58:a4:74:fd:06:8c:2f:de:3e:58:62:28:3d:
de:dd:12:91:08:d6:9c:78:ca:94:bc:77:c0:bf:e5:
0a:73:0e:27:77:aa:53:7c:58:7c:87:0b:c2:8b:51:
d0:03:bb:0d:f9:d6:aa:39:2e:cf:3e:0f:3b:ec:5e:
42:3b:40:1c:11:0d:42:d9:0c:65:9e:73:01:11:6f:
9f:4f:5e:af:fb:48:0c:08:c4:db:af:69:2c:95:4b:
db:64:a6:4e:b0:2f:c9:92:1f:0a:b2:c7:49:e1:15:
44:08:c1:81:df:bf:69:35:b7:61:72:54:a9:20:97:
14:aa:1b:b8:47:cc:f6:f5:d6:e9:8a:76:fb:b3:47:
6d:e7:88:2b:bb:1c:44:79:c1:0b:4c:4e:d2:65:10:
60:d2:ec:34:cb:e6:da:e6:66:66:fe:1e:5a:11:c8:
07:64:d8:a0:b8:f4:7f:26:eb:62:93:8e:8e:f5:c7:
2c:f9:05:39:29:cd:32:45:ee:23:ae:85:d6:34:e6:
ff:12:e1:7d:59:6c:cf:a9:1d:b6:6c:f5:5a:c9:0a:
0f:7c:a3:06:3e:c9:4e:b3:73:85:e9:be:28:6a:f9:
43:19:8c:d7:99:37:b1:1e:4f:2d:93:61:cc:f8:23:
c1:05:0e:a8:83:1d:1a:4c:25:59:78:84:b6:c2:b0:
c4:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:CB:8B:92:5E:B9:38:C4:C4:2D:FF:FC:88:F8:4E:57:52:B4:A0:44
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/IsuLkl65OMTELf_8iPhOV1K0oEQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.151.62.0/23
88.209.211.0/24
88.209.217.0/24
88.209.253.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
46:dd:ab:ef:b1:a3:5b:ce:63:20:33:0d:6e:19:a9:61:1a:f9:
64:de:b0:53:ed:32:01:63:dd:0b:36:d6:08:6d:8d:0a:79:53:
c4:12:ed:82:0f:1c:fb:b6:9c:37:90:b4:d4:2f:cc:cd:18:2b:
dc:87:07:a0:87:c5:27:8c:8c:69:9e:33:d3:ee:20:48:17:be:
8e:d4:a0:b4:62:a4:e1:0f:8e:35:7c:04:4f:c5:16:b1:19:f9:
eb:07:11:a6:a8:2d:90:78:2a:40:76:79:fe:4a:82:c5:ff:e4:
1c:96:87:66:97:90:40:9a:5f:5d:26:d9:ca:2e:50:17:c4:0b:
56:72:cf:d8:1d:76:31:e7:1e:5b:1c:7a:fc:d5:81:64:7c:7b:
21:2d:98:46:74:21:9c:6f:ed:a1:1d:32:af:9a:5d:af:77:e5:
8a:de:8a:2f:ac:20:6c:0d:0d:b8:56:e0:4b:28:ab:8f:b8:1a:
ce:28:1e:11:08:0e:f7:28:fd:5e:e1:5e:77:93:fe:5d:23:4d:
ed:98:d1:90:39:7e:1d:40:a9:86:c9:ab:fb:b7:62:42:97:97:
d1:c2:8d:67:07:8a:5f:53:97:4c:f5:cb:fe:39:e6:e4:71:63:
18:6c:df:0f:0e:a2:c2:84:76:91:9d:fa:56:2b:e0:0d:c4:3f:
48:6a:81:15
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYrBUrRYHtXgbgyhLZzP33FMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTIzMDkxNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmNiOGI5MjVlYjkzOGM0YzQyZGZmZmM4OGY4NGU1NzUyYjRhMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21ikdP0GjC/ePlhiKD3e3RKRCNac
eMqUvHfAv+UKcw4nd6pTfFh8hwvCi1HQA7sN+daqOS7PPg877F5CO0AcEQ1C2Qxl
nnMBEW+fT16v+0gMCMTbr2kslUvbZKZOsC/Jkh8KssdJ4RVECMGB379pNbdhclSp
IJcUqhu4R8z29dbpinb7s0dt54gruxxEecELTE7SZRBg0uw0y+ba5mZm/h5aEcgH
ZNiguPR/Jutik46O9ccs+QU5Kc0yRe4jroXWNOb/EuF9WWzPqR22bPVayQoPfKMG
PslOs3OF6b4oavlDGYzXmTexHk8tk2HM+CPBBQ6ogx0aTCVZeIS2wrDEFQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCLLi5JeuTjExC3//Ij4TldStKBEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSXN1TGtsNjVPTVRFTGZfOGlQaE9WMUswb0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQATfKWAwQB
WJc4AwQBWJc+AwQAWNHTAwQAWNHZAwQAWNH9AwQAstLkMA0GCSqGSIb3DQEBCwUA
A4IBAQBG3avvsaNbzmMgMw1uGalhGvlk3rBT7TIBY90LNtYIbY0KeVPEEu2CDxz7
tpw3kLTUL8zNGCvchwegh8UnjIxpnjPT7iBIF76O1KC0YqThD441fARPxRaxGfnr
BxGmqC2QeCpAdnn+SoLF/+Qclodml5BAml9dJtnKLlAXxAtWcs/YHXYx5x5bHHr8
1YFkfHshLZhGdCGcb+2hHTKvml2vd+WK3oovrCBsDQ24VuBLKKuPuBrOKB4RCA73
KP1e4V53k/5dI03tmNGQOX4dQKmGyav7t2JCl5fRwo1nB4pfU5dM9cv+OebkcWMY
bN8PDqLChHaRnfpWK+ANxD9IaoEV
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org