Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OOLnA5VaFb1fRlPC9JFuB8pQzyk.roa
File: OOLnA5VaFb1fRlPC9JFuB8pQzyk.roa (raw, json)
Hash identifier: WQ+Dh6PySbgNnGwuCJNQ6ExDaKprdlNs3anttxqYPN0=
Subject key identifier: 38:E2:E7:03:95:5A:15:BD:5F:46:53:C2:F4:91:6E:07:CA:50:CF:29
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01840DDDEAA78FD0F7E01ACBCF0982D4F3D2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OOLnA5VaFb1fRlPC9JFuB8pQzyk.roa
Signing time: Tue 25 Oct 2022 06:39:18 +0000
ROA not before: Tue 25 Oct 2022 06:39:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42864
IP address blocks: 88.209.227.0/24 maxlen: 24
178.210.224.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
178.248.200.0/21 maxlen: 21
45.9.171.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
178.210.236.0/24 maxlen: 24
77.242.144.0/20 maxlen: 20
88.209.192.0/21 maxlen: 24
88.209.208.0/20 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.224.0/24 maxlen: 24
92.52.219.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.8.0/24 maxlen: 24
92.52.212.0/22 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.209.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:0d:dd:ea:a7:8f:d0:f7:e0:1a:cb:cf:09:82:d4:f3:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 25 06:39:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=38e2e703955a15bd5f4653c2f4916e07ca50cf29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:1a:05:79:70:91:af:ec:39:b3:85:5c:33:ec:
ea:41:85:4a:33:78:d7:05:c5:a2:05:15:fc:f0:d1:
1c:e1:78:60:e5:83:d2:38:2b:f7:0c:3a:b4:2d:e8:
50:fb:23:3b:90:4a:30:9d:be:38:3f:ee:f2:d7:1c:
37:0b:e1:62:9e:53:1a:ff:27:38:23:7b:28:a7:be:
cf:0e:e0:6f:05:02:ed:07:0b:7c:14:84:53:c8:c8:
6a:82:bb:06:e4:9e:75:4c:25:5b:7c:97:0b:a8:02:
7e:59:e1:17:44:cc:a8:92:ba:30:ef:b7:a5:8d:5d:
8f:cd:20:24:1f:16:55:e1:58:04:cb:93:91:f6:da:
db:10:9b:13:fb:9f:ac:dc:57:e7:e7:e0:bc:cb:1f:
66:d3:ac:51:b6:8b:25:6e:47:42:28:6c:b0:97:d2:
3b:7c:7f:d1:a9:29:8b:42:01:f3:54:01:da:60:9b:
b6:ae:37:19:ca:3f:3c:a9:b3:0f:68:e4:ed:ce:5d:
0e:69:d8:6b:05:37:e8:c6:32:a6:22:2e:06:ec:74:
6b:02:ed:86:da:be:d5:33:b3:f3:05:98:ec:22:e1:
a4:5d:19:45:15:60:31:b3:a0:ff:6f:01:4d:6b:4f:
15:0b:43:05:62:35:8e:0f:cc:6e:c0:52:33:76:9c:
08:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:E2:E7:03:95:5A:15:BD:5F:46:53:C2:F4:91:6E:07:CA:50:CF:29
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OOLnA5VaFb1fRlPC9JFuB8pQzyk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.8.0/24
45.14.10.0/24
77.242.144.0/20
88.209.192.0/21
88.209.208.0-88.209.225.255
88.209.227.0/24
92.52.208.0/21
92.52.219.0/24
178.210.224.0/21
178.210.236.0/24
178.248.200.0/21
193.138.125.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:0f:fc:43:da:a7:ae:8e:4b:0a:13:4e:3b:da:df:3d:f8:09:
ab:86:2b:88:9e:16:a0:88:29:1e:15:39:43:cb:d0:82:a3:44:
44:1a:b9:ce:bf:43:63:57:19:14:a9:b9:b5:cf:c6:6d:7a:7c:
ef:b4:4f:b5:18:b7:19:4c:d6:5a:f2:08:49:d2:01:b5:d1:11:
bb:f2:dc:1f:c6:64:8e:71:19:b5:46:2a:cd:1a:b9:b2:59:d5:
06:f1:e7:3c:5d:a7:e0:44:da:1a:8c:10:d4:83:4e:cd:a2:61:
e0:ad:ce:b7:b9:49:d7:1f:89:32:bd:1f:55:d1:8b:37:77:0f:
98:d9:3c:5d:99:c8:0f:96:a9:93:8d:dd:90:d4:cd:3e:ae:95:
39:63:ef:55:b0:20:e7:2a:9e:50:e1:af:cf:48:5b:f3:ff:a1:
bf:a8:55:aa:8d:1f:12:cd:17:d9:d2:c0:2d:2a:7c:09:7d:8b:
6a:9e:d5:62:dc:aa:0f:cc:0d:00:0d:e8:21:72:c9:93:bc:16:
a3:d8:4e:5a:aa:11:17:b6:bc:45:e2:24:13:cf:0f:50:72:90:
65:21:d1:44:e9:14:85:46:54:ca:58:b7:7d:d5:06:60:1a:eb:
4c:31:e4:81:d8:5a:b4:6a:f7:c6:23:ed:08:d4:57:6b:f4:2c:
e5:83:56:5a
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYQN3eqnj9D34BrLzwmC1PPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMDI1MDYzOTE4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGUyZTcwMzk1NWExNWJkNWY0NjUzYzJmNDkxNmUwN2NhNTBjZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxoFeXCRr+w5s4VcM+zqQYVKM3jX
BcWiBRX88NEc4Xhg5YPSOCv3DDq0LehQ+yM7kEownb44P+7y1xw3C+FinlMa/yc4
I3sop77PDuBvBQLtBwt8FIRTyMhqgrsG5J51TCVbfJcLqAJ+WeEXRMyokrow77el
jV2PzSAkHxZV4VgEy5OR9trbEJsT+5+s3Ffn5+C8yx9m06xRtoslbkdCKGywl9I7
fH/RqSmLQgHzVAHaYJu2rjcZyj88qbMPaOTtzl0OadhrBTfoxjKmIi4G7HRrAu2G
2r7VM7PzBZjsIuGkXRlFFWAxs6D/bwFNa08VC0MFYjWOD8xuwFIzdpwIjQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFDji5wOVWhW9X0ZTwvSRbgfKUM8pMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvT09MbkE1VmFGYjFmUmxQQzlKRnVCOHBRenlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeMAwDBAAtCakD
BAItCagDBAAtDggDBAAtDgoDBARN8pADBANY0cAwDAMEBFjR0AMEAVjR4AMEAFjR
4wMEA1w00AMEAFw02wMEA7LS4AMEALLS7AMEA7L4yAMEAMGKfTANBgkqhkiG9w0B
AQsFAAOCAQEAPg/8Q9qnro5LChNOO9rfPfgJq4YriJ4WoIgpHhU5Q8vQgqNERBq5
zr9DY1cZFKm5tc/GbXp877RPtRi3GUzWWvIISdIBtdERu/LcH8ZkjnEZtUYqzRq5
slnVBvHnPF2n4ETaGowQ1INOzaJh4K3Ot7lJ1x+JMr0fVdGLN3cPmNk8XZnID5ap
k43dkNTNPq6VOWPvVbAg5yqeUOGvz0hb8/+hv6hVqo0fEs0X2dLALSp8CX2Lap7V
YtyqD8wNAA3oIXLJk7wWo9hOWqoRF7a8ReIkE88PUHKQZSHRROkUhUZUyli3fdUG
YBrrTDHkgdhatGr3xiPtCNRXa/Qs5YNWWg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org