Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/JlDuODyZG_BwrlWByR_xeYGaShA.roa
File: JlDuODyZG_BwrlWByR_xeYGaShA.roa (raw, json)
Hash identifier: TspjNRKS78/QzBy+GXkwA8cAAdBFC85FUyNxiOM1HEI=
Subject key identifier: 26:50:EE:38:3C:99:1B:F0:70:AE:55:81:C9:1F:F1:79:81:9A:4A:10
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018C8C1C5D773B2B0466AF321C5EC259F14C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/JlDuODyZG_BwrlWByR_xeYGaShA.roa
Signing time: Thu 21 Dec 2023 11:21:58 +0000
ROA not before: Thu 21 Dec 2023 11:21:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 88.209.240.0/22 maxlen: 22
178.210.252.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8c:1c:5d:77:3b:2b:04:66:af:32:1c:5e:c2:59:f1:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Dec 21 11:21:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2650ee383c991bf070ae5581c91ff179819a4a10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d1:2c:57:1d:43:c6:29:eb:33:ac:6b:56:3d:
f5:58:70:1a:ab:c3:b8:50:db:4c:d8:af:84:09:fb:
cf:8f:e8:f4:66:c3:64:1a:a2:39:73:9d:43:95:0c:
9f:9d:25:29:c7:19:57:08:7d:f3:cd:0a:85:59:dc:
ce:47:13:97:ec:16:84:e6:f5:78:4d:fe:29:53:44:
c4:19:4c:4d:f8:2d:08:2d:4c:5b:89:12:60:56:1e:
9f:94:3f:5f:02:dd:a4:31:a9:3e:1c:b8:6c:9a:e8:
1c:99:27:5c:9e:ab:12:3b:d4:10:a0:41:ab:63:ef:
98:9f:2a:da:c5:4d:a9:ae:79:e0:1d:8b:4d:06:30:
5b:5e:9b:fe:f3:32:30:ca:0b:64:87:d5:13:7a:0d:
b4:09:a7:e7:0a:e6:21:60:89:4f:f2:84:2d:c4:81:
03:75:04:7e:ec:16:b3:d7:31:8e:ad:d2:6b:23:0a:
5d:bd:f2:6b:89:56:46:78:38:05:1f:82:25:c9:a2:
ba:09:2e:8b:4a:2e:8c:3b:40:0a:e1:39:62:dd:96:
f2:b3:79:8c:ea:c8:74:4a:3d:e9:0c:0e:31:a2:4d:
44:5d:c9:ed:cc:ec:41:15:f4:cf:2d:fa:98:d4:61:
df:1f:17:48:c2:bc:e3:32:1e:c2:be:62:4f:1a:8c:
84:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:50:EE:38:3C:99:1B:F0:70:AE:55:81:C9:1F:F1:79:81:9A:4A:10
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/JlDuODyZG_BwrlWByR_xeYGaShA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.240.0/22
178.210.252.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:34:98:fe:c1:75:65:8d:e2:35:ee:e9:46:e6:3c:1d:4b:a1:
4c:7c:a7:fa:c0:1d:34:1a:f7:3f:30:cd:96:d9:53:c8:92:db:
06:f2:10:39:6b:c5:05:78:62:2d:8f:08:b4:bd:e6:91:48:40:
e5:01:0e:6b:80:29:40:e2:d5:76:f8:7c:ff:00:d9:01:57:ec:
bc:42:11:c6:d0:a3:49:14:50:e0:cc:c0:57:c8:12:95:7e:35:
ab:80:40:6c:a1:48:db:fb:de:21:cd:28:36:73:24:62:85:14:
ad:6f:08:76:4a:01:36:98:34:78:b7:d1:6e:a0:7d:19:55:7c:
e5:85:3f:b3:52:03:41:01:1a:4e:80:47:c3:fd:c6:4a:37:7d:
2d:db:5d:a2:20:e0:b6:56:b5:32:53:8f:de:37:e3:35:22:e9:
0e:d8:f4:98:54:f3:e8:97:82:8b:fa:d7:bc:71:aa:39:fb:b3:
29:96:d8:1d:a0:91:0b:db:77:0e:73:aa:46:b9:41:72:0a:05:
48:0b:f2:7f:56:b3:b7:bc:b5:47:a6:e5:ea:ed:71:76:0e:8f:
04:ea:00:93:75:e1:67:5c:ce:86:9b:cd:f6:a8:7e:8f:f2:41:
49:8c:39:06:9e:ad:06:10:b7:19:b6:4d:12:0f:cc:10:8d:03:
0c:02:f6:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyMHF13OysEZq8yHF7CWfFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMjIxMTEyMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjUwZWUzODNjOTkxYmYwNzBhZTU1ODFjOTFmZjE3OTgxOWE0YTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltEsVx1DxinrM6xrVj31WHAaq8O4
UNtM2K+ECfvPj+j0ZsNkGqI5c51DlQyfnSUpxxlXCH3zzQqFWdzORxOX7BaE5vV4
Tf4pU0TEGUxN+C0ILUxbiRJgVh6flD9fAt2kMak+HLhsmugcmSdcnqsSO9QQoEGr
Y++YnyraxU2prnngHYtNBjBbXpv+8zIwygtkh9UTeg20CafnCuYhYIlP8oQtxIED
dQR+7Baz1zGOrdJrIwpdvfJriVZGeDgFH4IlyaK6CS6LSi6MO0AK4Tli3Zbys3mM
6sh0Sj3pDA4xok1EXcntzOxBFfTPLfqY1GHfHxdIwrzjMh7CvmJPGoyEoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCZQ7jg8mRvwcK5Vgckf8XmBmkoQMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSmxEdU9EeVpHX0J3cmxXQnlSX3hlWUdhU2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWNHwAwQA
stL8MA0GCSqGSIb3DQEBCwUAA4IBAQCONJj+wXVljeI17ulG5jwdS6FMfKf6wB00
Gvc/MM2W2VPIktsG8hA5a8UFeGItjwi0veaRSEDlAQ5rgClA4tV2+Hz/ANkBV+y8
QhHG0KNJFFDgzMBXyBKVfjWrgEBsoUjb+94hzSg2cyRihRStbwh2SgE2mDR4t9Fu
oH0ZVXzlhT+zUgNBARpOgEfD/cZKN30t212iIOC2VrUyU4/eN+M1IukO2PSYVPPo
l4KL+te8cao5+7MpltgdoJEL23cOc6pGuUFyCgVIC/J/VrO3vLVHpuXq7XF2Do8E
6gCTdeFnXM6Gm832qH6P8kFJjDkGnq0GELcZtk0SD8wQjQMMAvZB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org