Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OaO5ZzH-T3_6Gk-pWYUnngu81Cw.roa
File: OaO5ZzH-T3_6Gk-pWYUnngu81Cw.roa (raw, json)
Hash identifier: TGzNoXvmiUpzdUT7BZAYbI+eDKkas6VBP9ad8Ij0feQ=
Subject key identifier: 39:A3:B9:67:31:FE:4F:7F:FA:1A:4F:A9:59:85:27:9E:0B:BC:D4:2C
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018ACD01BB42ED32503F6B317DB91000EFF8
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OaO5ZzH-T3_6Gk-pWYUnngu81Cw.roa
Signing time: Mon 25 Sep 2023 15:42:37 +0000
ROA not before: Mon 25 Sep 2023 15:42:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.62.0/24 maxlen: 24
88.151.63.0/24 maxlen: 24
5.182.113.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:cd:01:bb:42:ed:32:50:3f:6b:31:7d:b9:10:00:ef:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 25 15:42:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=39a3b96731fe4f7ffa1a4fa95985279e0bbcd42c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:1f:ea:b9:13:17:24:ec:3e:e9:de:98:e5:37:
70:12:07:38:1f:56:e4:b9:e0:d2:2b:22:87:a2:eb:
b1:52:26:c1:17:fe:50:93:f0:56:55:28:54:db:74:
a1:67:22:a4:12:e6:11:ad:06:9e:16:c1:ec:81:81:
f4:ce:de:de:cf:33:8a:14:bf:60:8a:15:2b:82:2e:
fe:91:07:bc:a4:8d:1b:51:2c:41:02:9c:3d:ac:33:
7c:59:ae:af:63:4a:ed:26:08:48:14:f8:0f:7b:2e:
e5:86:07:a6:c1:20:97:d8:5f:f7:6f:54:5e:89:a4:
bb:75:4a:44:fc:48:83:e3:d8:3e:cc:06:db:5b:4b:
4c:29:d4:8c:40:71:57:21:35:04:66:93:8e:d4:b3:
1f:5c:55:0d:4f:ce:a2:e0:8c:5e:6e:3d:89:03:dd:
bf:c1:15:19:f7:e2:7f:bb:97:29:1d:b4:09:a7:17:
78:62:f6:e0:f6:f5:4c:80:66:0f:40:15:b0:51:12:
d3:ce:fb:c7:00:4f:01:a6:4e:38:58:91:26:84:9f:
ba:e1:14:23:3d:f3:6e:e1:3d:7c:c7:25:d3:d8:05:
9d:0b:a0:c1:f2:77:05:f1:2a:a1:34:f5:d6:57:e5:
26:7c:18:00:b9:7d:1c:55:bf:20:48:4a:33:1d:d5:
9c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:A3:B9:67:31:FE:4F:7F:FA:1A:4F:A9:59:85:27:9E:0B:BC:D4:2C
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/OaO5ZzH-T3_6Gk-pWYUnngu81Cw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.113.0/24
77.242.150.0/24
88.151.56.0/23
88.151.62.0/23
88.209.211.0/24
88.209.217.0/24
88.209.253.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
83:68:da:dd:9e:7f:d3:47:b3:1e:8b:9a:79:85:80:ef:18:d2:
55:45:bd:30:77:47:90:11:51:d7:16:ab:5d:1d:ce:c8:99:34:
ff:96:df:1a:ca:c1:fc:a6:de:13:6d:40:81:ed:f6:68:6f:65:
25:53:d8:69:1a:6f:ca:4d:6d:37:a2:33:fc:33:2b:f3:ce:e4:
63:a3:0f:8b:99:32:6e:1f:bc:ad:d7:29:2a:90:46:33:90:0b:
f9:5b:a8:a7:eb:81:12:83:99:17:59:68:c9:f8:12:a7:66:4a:
bc:03:6d:b8:fa:f8:f1:6c:f8:cf:72:67:24:63:15:e4:9b:91:
6c:f0:09:7e:d0:4f:78:ba:95:80:6c:48:80:9d:48:ed:21:03:
2d:16:b4:07:ea:3f:a5:06:85:f0:8a:d6:96:c3:8f:e0:cb:f6:
0f:42:69:e5:bc:04:41:a0:02:c5:03:6a:f5:07:5a:24:7d:3a:
db:23:16:59:f7:0d:c8:d9:63:fb:05:8e:0a:14:4d:74:56:ec:
21:ff:45:15:3b:95:49:56:85:49:89:08:13:6c:f3:c9:92:ff:
12:48:62:03:1f:f1:4d:b3:e1:88:9d:e3:10:25:00:7d:ef:c6:
ad:6c:88:04:49:ce:37:02:46:73:c6:55:63:0c:8e:c1:c5:2b:
56:a8:e2:75
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYrNAbtC7TJQP2sxfbkQAO/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTI1MTU0MjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWEzYjk2NzMxZmU0ZjdmZmExYTRmYTk1OTg1Mjc5ZTBiYmNkNDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjh/quRMXJOw+6d6Y5TdwEgc4H1bk
ueDSKyKHouuxUibBF/5Qk/BWVShU23ShZyKkEuYRrQaeFsHsgYH0zt7ezzOKFL9g
ihUrgi7+kQe8pI0bUSxBApw9rDN8Wa6vY0rtJghIFPgPey7lhgemwSCX2F/3b1Re
iaS7dUpE/EiD49g+zAbbW0tMKdSMQHFXITUEZpOO1LMfXFUNT86i4Ixebj2JA92/
wRUZ9+J/u5cpHbQJpxd4Yvbg9vVMgGYPQBWwURLTzvvHAE8Bpk44WJEmhJ+64RQj
PfNu4T18xyXT2AWdC6DB8ncF8SqhNPXWV+UmfBgAuX0cVb8gSEozHdWciwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDmjuWcx/k9/+hpPqVmFJ54LvNQsMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvT2FPNVp6SC1UM182R2stcFdZVW5uZ3U4MUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQABbZxAwQA
TfKWAwQBWJc4AwQBWJc+AwQAWNHTAwQAWNHZAwQAWNH9AwQAstLkMA0GCSqGSIb3
DQEBCwUAA4IBAQCDaNrdnn/TR7Mei5p5hYDvGNJVRb0wd0eQEVHXFqtdHc7ImTT/
lt8aysH8pt4TbUCB7fZob2UlU9hpGm/KTW03ojP8MyvzzuRjow+LmTJuH7yt1ykq
kEYzkAv5W6in64ESg5kXWWjJ+BKnZkq8A224+vjxbPjPcmckYxXkm5Fs8Al+0E94
upWAbEiAnUjtIQMtFrQH6j+lBoXwitaWw4/gy/YPQmnlvARBoALFA2r1B1okfTrb
IxZZ9w3I2WP7BY4KFE10Vuwh/0UVO5VJVoVJiQgTbPPJkv8SSGIDH/FNs+GIneMQ
JQB978atbIgESc43AkZzxlVjDI7BxStWqOJ1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org