Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RkzQRtuayW5loubYXnNOOqd25yY.roa
File: RkzQRtuayW5loubYXnNOOqd25yY.roa (raw, json)
Hash identifier: 5wjwOnNV2tIKpeALisLNbxtgH6X3m8Zc7lHIoQe1o+s=
Subject key identifier: 46:4C:D0:46:DB:9A:C9:6E:65:A2:E6:D8:5E:73:4E:3A:A7:76:E7:26
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018C2A153358EEA6D378C399876A6B60DF84
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RkzQRtuayW5loubYXnNOOqd25yY.roa
Signing time: Sat 02 Dec 2023 10:31:21 +0000
ROA not before: Sat 02 Dec 2023 10:31:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.62.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:2a:15:33:58:ee:a6:d3:78:c3:99:87:6a:6b:60:df:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Dec 2 10:31:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=464cd046db9ac96e65a2e6d85e734e3aa776e726
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:41:0c:a7:e8:e2:c4:73:ff:81:c6:8f:e5:e1:
10:12:a1:cf:f4:00:58:0d:c9:79:75:7e:fb:f9:12:
48:8d:79:bb:50:38:99:6a:bd:7f:a9:b3:ff:34:4a:
a8:23:7d:b8:e4:0a:dd:ab:53:a7:60:f8:15:ee:2a:
eb:21:36:68:ac:9a:73:11:77:69:a3:06:5c:fc:fd:
a0:f2:71:5b:84:0d:6a:5c:81:7b:a6:25:06:87:82:
e2:e2:a4:29:f2:45:73:c0:62:2b:13:1d:d2:ba:3d:
da:e0:30:a0:bf:39:e8:30:e5:87:58:ef:68:9b:5b:
86:68:09:79:82:f3:0d:c0:62:0f:8f:67:60:c4:ba:
4c:15:87:ea:86:e2:95:d8:b9:23:3c:53:83:79:de:
64:c0:94:65:01:08:c0:ef:17:3a:11:ae:71:ad:51:
d9:1d:e8:52:6f:2a:26:3e:bd:36:bf:9c:ed:2d:0c:
eb:52:8c:df:e6:78:3c:46:70:d1:e6:bf:93:ea:da:
a8:95:53:1e:53:88:96:d5:db:4c:a3:5c:2f:08:b9:
10:de:42:bf:dd:cb:d0:73:ff:8e:00:e4:2e:af:0a:
d5:0b:23:b4:45:4f:30:3b:1c:43:12:1c:44:95:0d:
f7:da:95:63:c6:f2:50:9e:20:60:84:0c:a4:a0:8e:
41:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:4C:D0:46:DB:9A:C9:6E:65:A2:E6:D8:5E:73:4E:3A:A7:76:E7:26
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RkzQRtuayW5loubYXnNOOqd25yY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.151.62.0/24
88.209.211.0/24
88.209.226.0/24
88.209.232.0/22
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
be:87:ed:34:3a:02:33:d1:4b:72:f0:7a:c2:05:a3:bf:9c:b8:
48:8d:0a:f4:c2:4a:e3:95:ef:a4:d8:8e:81:3e:95:de:42:41:
fb:40:5f:d0:d1:ee:a3:18:a3:dc:70:2d:8f:7b:cc:00:a0:1a:
0a:1e:c0:4d:85:14:69:85:3f:16:ec:da:8e:ce:19:8b:ff:b6:
ba:5c:9f:c2:c6:00:2e:ce:1f:73:22:f8:23:b0:08:16:65:4b:
5a:62:1e:4e:34:3f:85:6a:42:fc:87:a8:b7:ad:73:30:d2:38:
4a:33:f2:9c:db:f2:40:97:d6:8d:d1:03:18:27:70:b8:4d:70:
3f:d4:20:35:11:64:d3:ad:2e:67:55:5f:7d:14:ab:f2:f6:b0:
be:44:d9:1d:f0:6e:34:b9:fd:50:2a:26:9d:a6:3b:33:86:03:
d9:59:3d:b2:17:82:a4:c3:06:9e:d3:1c:d8:b4:fe:b7:73:e3:
59:50:14:ed:cf:df:62:93:c4:21:53:ca:79:78:a1:29:f9:5a:
58:bd:da:cc:62:be:62:b2:0e:7f:51:d7:dd:4d:b6:17:aa:a8:
ca:68:44:88:75:fe:3c:53:95:ca:a9:a0:ab:a8:dc:0a:dc:75:
e1:9a:78:fa:15:04:e8:33:0e:69:8c:6b:da:49:83:7c:40:c2:
c5:7b:39:a0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYwqFTNY7qbTeMOZh2prYN+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMjAyMTAzMTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjRjZDA0NmRiOWFjOTZlNjVhMmU2ZDg1ZTczNGUzYWE3NzZlNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEEMp+jixHP/gcaP5eEQEqHP9ABY
Dcl5dX77+RJIjXm7UDiZar1/qbP/NEqoI3245Ardq1OnYPgV7irrITZorJpzEXdp
owZc/P2g8nFbhA1qXIF7piUGh4Li4qQp8kVzwGIrEx3Suj3a4DCgvznoMOWHWO9o
m1uGaAl5gvMNwGIPj2dgxLpMFYfqhuKV2LkjPFODed5kwJRlAQjA7xc6Ea5xrVHZ
HehSbyomPr02v5ztLQzrUozf5ng8RnDR5r+T6tqolVMeU4iW1dtMo1wvCLkQ3kK/
3cvQc/+OAOQurwrVCyO0RU8wOxxDEhxElQ332pVjxvJQniBghAykoI5BqQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEZM0EbbmsluZaLm2F5zTjqnducmMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUmt6UVJ0dWF5VzVsb3ViWVhuTk9PcWQyNXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQATfKWAwQB
WJc4AwQAWJc+AwQAWNHTAwQAWNHiAwQCWNHoAwQAstLkMA0GCSqGSIb3DQEBCwUA
A4IBAQC+h+00OgIz0Uty8HrCBaO/nLhIjQr0wkrjle+k2I6BPpXeQkH7QF/Q0e6j
GKPccC2Pe8wAoBoKHsBNhRRphT8W7NqOzhmL/7a6XJ/CxgAuzh9zIvgjsAgWZUta
Yh5OND+FakL8h6i3rXMw0jhKM/Kc2/JAl9aN0QMYJ3C4TXA/1CA1EWTTrS5nVV99
FKvy9rC+RNkd8G40uf1QKiadpjszhgPZWT2yF4Kkwwae0xzYtP63c+NZUBTtz99i
k8QhU8p5eKEp+VpYvdrMYr5isg5/UdfdTbYXqqjKaESIdf48U5XKqaCrqNwK3HXh
mnj6FQToMw5pjGvaSYN8QMLFezmg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org