Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/T8qUQImFuEP8uweyOxJFCp171bc.roa
File: T8qUQImFuEP8uweyOxJFCp171bc.roa (raw, json)
Hash identifier: kwIZHCE3ugJ7WChHGbtcDsXOoL7/n9mpDiUXmutLeo0=
Subject key identifier: 4F:CA:94:40:89:85:B8:43:FC:BB:07:B2:3B:12:45:0A:9D:7B:D5:B7
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018B4D58073AABF992A537F14E65F1F14CD0
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/T8qUQImFuEP8uweyOxJFCp171bc.roa
Signing time: Fri 20 Oct 2023 13:48:16 +0000
ROA not before: Fri 20 Oct 2023 13:48:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47169
IP address blocks: 88.209.250.0/23 maxlen: 23
45.88.92.0/24 maxlen: 24
178.210.254.0/23 maxlen: 23
92.52.192.0/21 maxlen: 21
45.14.8.0/23 maxlen: 23
92.52.200.0/22 maxlen: 22
88.209.218.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:4d:58:07:3a:ab:f9:92:a5:37:f1:4e:65:f1:f1:4c:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 20 13:48:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4fca94408985b843fcbb07b23b12450a9d7bd5b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:79:86:11:a9:7c:a0:da:a4:45:68:18:34:2f:
09:47:aa:10:db:cb:f3:58:43:02:91:b1:97:97:a9:
69:f6:b9:2e:a6:8e:cf:4e:92:a6:13:35:72:1c:d0:
47:19:a1:2f:2e:f1:f6:8d:b4:99:41:eb:6c:4c:e7:
86:b0:79:cd:ed:f3:96:94:d4:8a:54:21:9a:70:14:
39:65:12:05:b3:53:13:04:ed:ba:95:c5:a6:29:70:
42:ef:0d:9d:e7:1a:1f:69:40:3b:68:aa:3f:02:b9:
91:90:8c:33:c7:6d:90:b9:07:5e:c7:03:44:44:42:
ed:85:45:bc:e3:f6:be:aa:24:0a:a6:b5:2f:8a:5c:
fb:db:e1:3e:44:5c:ee:b5:cb:1b:18:da:2f:39:a1:
4e:81:a5:e0:fe:c3:15:3f:09:64:2f:15:fc:3a:0c:
0d:f4:3d:7a:d0:c7:12:93:a9:2e:cd:58:8d:d6:a5:
a3:32:d8:fa:5e:2b:46:14:47:85:7a:b0:4b:a5:ed:
6f:84:20:0e:8e:1b:5c:1c:4f:9a:77:d5:82:ae:ac:
9d:42:fb:5f:37:d6:0a:4a:47:c5:3f:a2:d1:6f:ae:
0a:d5:9f:2d:ad:69:9f:e0:46:fd:cb:79:f2:29:0f:
0d:5d:1e:4d:5c:43:c5:b4:55:64:48:60:84:68:2c:
f5:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:CA:94:40:89:85:B8:43:FC:BB:07:B2:3B:12:45:0A:9D:7B:D5:B7
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/T8qUQImFuEP8uweyOxJFCp171bc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.14.8.0/23
45.88.92.0/24
88.209.218.0/24
88.209.250.0/23
92.52.192.0-92.52.203.255
178.210.254.0/23
Signature Algorithm: sha256WithRSAEncryption
51:37:4b:be:79:46:8b:68:d9:fd:47:5c:cf:15:12:41:24:21:
b5:dd:d4:85:fc:7d:dd:7d:73:2f:ed:35:31:07:29:07:30:7c:
94:41:f0:bb:f9:26:b6:be:96:fc:62:bc:e1:47:85:a1:6b:de:
63:d9:73:8b:df:6b:e8:8e:e5:cc:f0:35:30:99:10:d3:2a:c9:
f3:8f:02:9c:9b:75:89:5b:9d:26:d7:7f:fe:ea:75:0c:d6:f8:
51:46:8c:77:d3:22:8e:7b:cc:8a:66:2d:32:4e:df:d2:a2:7f:
99:f2:cd:18:a8:56:7b:59:f4:b9:91:10:f0:e3:6b:57:18:cf:
24:6d:c2:d8:49:84:d6:91:9e:16:55:e5:b1:d6:bd:1f:80:4f:
99:cf:f8:76:41:41:29:06:8a:03:e0:44:22:af:84:ae:01:8f:
0a:22:a6:46:87:73:9e:ac:a9:e1:03:66:90:9d:9c:bb:84:a4:
6c:6f:29:0f:9b:ac:42:fa:60:08:c3:f5:ce:82:3c:cf:13:ab:
b4:af:51:be:52:c3:11:4e:f6:4d:18:a0:53:33:be:5f:6f:41:
cf:32:1a:1b:da:d0:f1:fd:91:40:1e:89:a4:39:39:c2:3a:73:
66:fc:44:06:fd:e4:e9:52:f9:a3:db:c7:b7:37:d7:81:8d:d4:
03:83:2e:3f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYtNWAc6q/mSpTfxTmXx8UzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDIwMTM0ODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmNhOTQ0MDg5ODViODQzZmNiYjA3YjIzYjEyNDUwYTlkN2JkNWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXmGEal8oNqkRWgYNC8JR6oQ28vz
WEMCkbGXl6lp9rkupo7PTpKmEzVyHNBHGaEvLvH2jbSZQetsTOeGsHnN7fOWlNSK
VCGacBQ5ZRIFs1MTBO26lcWmKXBC7w2d5xofaUA7aKo/ArmRkIwzx22QuQdexwNE
RELthUW84/a+qiQKprUvilz72+E+RFzutcsbGNovOaFOgaXg/sMVPwlkLxX8OgwN
9D160McSk6kuzViN1qWjMtj6XitGFEeFerBLpe1vhCAOjhtcHE+ad9WCrqydQvtf
N9YKSkfFP6LRb64K1Z8trWmf4Eb9y3nyKQ8NXR5NXEPFtFVkSGCEaCz17wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFE/KlECJhbhD/LsHsjsSRQqde9W3MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVDhxVVFJbUZ1RVA4dXdleU94SkZDcDE3MWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBLQ4IAwQA
LVhcAwQAWNHaAwQBWNH6MAwDBAZcNMADBAJcNMgDBAGy0v4wDQYJKoZIhvcNAQEL
BQADggEBAFE3S755Roto2f1HXM8VEkEkIbXd1IX8fd19cy/tNTEHKQcwfJRB8Lv5
Jra+lvxivOFHhaFr3mPZc4vfa+iO5czwNTCZENMqyfOPApybdYlbnSbXf/7qdQzW
+FFGjHfTIo57zIpmLTJO39Kif5nyzRioVntZ9LmREPDja1cYzyRtwthJhNaRnhZV
5bHWvR+AT5nP+HZBQSkGigPgRCKvhK4BjwoipkaHc56sqeEDZpCdnLuEpGxvKQ+b
rEL6YAjD9c6CPM8Tq7SvUb5SwxFO9k0YoFMzvl9vQc8yGhva0PH9kUAeiaQ5OcI6
c2b8RAb95OlS+aPbx7c314GN1AODLj8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org