Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RFF2JVlP8P5uSwnNuJRjapx9UCg.roa
File: RFF2JVlP8P5uSwnNuJRjapx9UCg.roa (raw, json)
Hash identifier: KXfNSVI1+Ux8ASVu7rIUO4+R8koxfIIeOSSxhs2Kx/k=
Subject key identifier: 44:51:76:25:59:4F:F0:FE:6E:4B:09:CD:B8:94:63:6A:9C:7D:50:28
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01887074398C9186781DFDB51C4421C47B7C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RFF2JVlP8P5uSwnNuJRjapx9UCg.roa
Signing time: Wed 31 May 2023 06:17:25 +0000
ROA not before: Wed 31 May 2023 06:17:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 88.209.244.0/24 maxlen: 24
178.210.236.0/24 maxlen: 24
88.209.192.0/24 maxlen: 24
88.209.194.0/24 maxlen: 24
88.151.59.0/24 maxlen: 24
88.209.207.0/24 maxlen: 24
88.209.209.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:70:74:39:8c:91:86:78:1d:fd:b5:1c:44:21:c4:7b:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: May 31 06:17:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=44517625594ff0fe6e4b09cdb894636a9c7d5028
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:9e:a1:6d:15:95:4c:d7:95:d0:c6:ff:80:bc:
18:91:f2:59:63:1b:9a:7c:33:cc:bc:72:d4:94:a0:
86:f0:df:96:69:88:d8:6c:80:2d:85:e9:24:33:af:
66:42:f3:82:a6:20:e8:60:59:ac:27:d9:49:72:06:
85:bc:f9:61:7a:15:dc:9b:6f:67:2c:0a:21:44:fe:
08:d8:e9:46:55:7c:b9:0d:17:4a:65:11:9e:7c:6f:
50:55:0b:7c:45:10:57:07:de:32:42:fd:05:14:5a:
70:51:2c:16:06:52:8c:fe:fd:1a:76:e1:96:fa:94:
f4:72:cc:8e:28:12:01:6c:c5:b7:20:27:89:48:f9:
3d:52:0f:f6:df:61:c1:89:64:9b:38:e9:84:26:87:
5c:f7:e9:c2:a8:91:b5:5a:83:15:a9:ac:b6:05:22:
46:19:74:fd:83:34:0b:5c:d5:55:45:9f:ef:b2:4b:
19:ff:65:98:7f:ec:c9:b0:d8:a7:20:60:a7:d1:0f:
6b:7c:15:8d:65:07:79:6b:92:b5:19:4d:39:a3:b0:
f0:be:67:00:2f:cf:ab:63:29:71:ab:ee:ea:40:db:
21:c9:d1:51:46:0c:ca:f5:fa:c9:59:44:2e:1a:b6:
6e:78:c1:af:a5:bc:59:e1:ef:61:29:db:f5:96:5f:
fd:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:51:76:25:59:4F:F0:FE:6E:4B:09:CD:B8:94:63:6A:9C:7D:50:28
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RFF2JVlP8P5uSwnNuJRjapx9UCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.59.0/24
88.209.192.0/24
88.209.194.0/24
88.209.207.0/24
88.209.209.0/24
88.209.221.0/24
88.209.244.0/24
178.210.236.0/24
Signature Algorithm: sha256WithRSAEncryption
73:25:43:c2:0c:b0:95:ed:5b:b7:a9:b5:d0:5a:49:ff:62:52:
a7:50:6f:54:3c:3d:43:ab:62:f5:0a:50:42:8f:87:bb:de:24:
65:a2:e7:c9:fe:59:29:d5:6a:4b:79:c3:b0:77:d8:f1:08:d0:
bd:0f:6d:d9:ab:20:5c:a4:e2:40:cb:ee:c2:0d:05:fb:db:e9:
53:01:4f:1d:4f:15:06:c5:18:c8:50:3f:78:fd:24:35:af:32:
5b:18:cf:66:f8:89:c1:e6:8d:36:c7:9e:c7:be:1d:5a:58:55:
45:f0:e0:21:ca:9b:a1:38:80:e4:78:a5:70:72:00:f6:d6:14:
b4:46:98:b2:87:9a:93:98:da:13:14:98:c5:27:9b:a0:5f:ec:
45:20:aa:ce:b9:6c:e4:c9:e5:f0:d5:7e:07:33:cf:2c:d3:06:
7f:0e:e4:1a:8a:f2:ba:0a:a9:99:2e:eb:74:a7:da:a2:13:d1:
5f:2a:3c:72:96:81:aa:5e:d3:00:7e:2e:52:f5:7f:03:ab:c2:
ae:26:c3:7c:71:60:b7:a7:8d:20:10:da:cf:01:bf:ea:e1:97:
44:7f:11:23:f5:71:dc:73:75:7b:a0:92:25:1a:95:ac:83:9a:
b9:8b:c3:dd:3e:90:c6:db:93:cc:57:00:4a:3d:c9:b2:79:75:
a6:d6:f5:fd
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYhwdDmMkYZ4Hf21HEQhxHt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTMxMDYxNzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDUxNzYyNTU5NGZmMGZlNmU0YjA5Y2RiODk0NjM2YTljN2Q1MDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz56hbRWVTNeV0Mb/gLwYkfJZYxua
fDPMvHLUlKCG8N+WaYjYbIAthekkM69mQvOCpiDoYFmsJ9lJcgaFvPlhehXcm29n
LAohRP4I2OlGVXy5DRdKZRGefG9QVQt8RRBXB94yQv0FFFpwUSwWBlKM/v0aduGW
+pT0csyOKBIBbMW3ICeJSPk9Ug/232HBiWSbOOmEJodc9+nCqJG1WoMVqay2BSJG
GXT9gzQLXNVVRZ/vsksZ/2WYf+zJsNinIGCn0Q9rfBWNZQd5a5K1GU05o7DwvmcA
L8+rYylxq+7qQNshydFRRgzK9frJWUQuGrZueMGvpbxZ4e9hKdv1ll/93wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFERRdiVZT/D+bksJzbiUY2qcfVAoMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUkZGMkpWbFA4UDV1U3duTnVKUmphcHg5VUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAWJc7AwQA
WNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNHdAwQAWNH0AwQAstLsMA0GCSqGSIb3
DQEBCwUAA4IBAQBzJUPCDLCV7Vu3qbXQWkn/YlKnUG9UPD1Dq2L1ClBCj4e73iRl
oufJ/lkp1WpLecOwd9jxCNC9D23ZqyBcpOJAy+7CDQX72+lTAU8dTxUGxRjIUD94
/SQ1rzJbGM9m+InB5o02x57Hvh1aWFVF8OAhypuhOIDkeKVwcgD21hS0Rpiyh5qT
mNoTFJjFJ5ugX+xFIKrOuWzkyeXw1X4HM88s0wZ/DuQaivK6CqmZLut0p9qiE9Ff
KjxyloGqXtMAfi5S9X8Dq8KuJsN8cWC3p40gENrPAb/q4ZdEfxEj9XHcc3V7oJIl
GpWsg5q5i8PdPpDG25PMVwBKPcmyeXWm1vX9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org