Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Uy_GNnirKFE_DXrUZbpSNB9iTB0.roa
File: Uy_GNnirKFE_DXrUZbpSNB9iTB0.roa (raw, json)
Hash identifier: 3YDi8Q/ggTO3PY0jjrnfEF42OMBBVvKU3psWLy+Ce54=
Subject key identifier: 53:2F:C6:36:78:AB:28:51:3F:0D:7A:D4:65:BA:52:34:1F:62:4C:1D
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018B27A438E8D16DC728119FC894F898BCC3
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Uy_GNnirKFE_DXrUZbpSNB9iTB0.roa
Signing time: Fri 13 Oct 2023 06:05:55 +0000
ROA not before: Fri 13 Oct 2023 06:05:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.200.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:27:a4:38:e8:d1:6d:c7:28:11:9f:c8:94:f8:98:bc:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 13 06:05:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=532fc63678ab28513f0d7ad465ba52341f624c1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:cf:db:ae:b3:dc:aa:4c:62:ab:25:d0:bd:70:
94:be:b7:ce:d4:ff:b2:5f:27:f1:a5:1d:fe:a6:44:
54:31:1e:76:dc:ac:c2:07:36:c2:7d:2b:d7:cc:2a:
b7:3f:89:f5:86:2e:da:27:69:9f:c5:18:e2:94:83:
11:95:95:70:b4:38:62:f7:e2:9a:5a:57:80:11:c9:
3a:c6:23:32:61:bf:f0:49:48:bc:e2:a3:cb:39:ff:
8d:a2:62:e2:d9:ec:96:47:ac:8e:6a:fb:c5:d5:cb:
fa:9c:d1:38:6e:ea:b8:aa:fb:3a:51:7e:3d:3b:d0:
10:48:17:e7:5a:b8:5a:c7:7a:58:29:a1:4f:85:34:
7d:4e:39:cc:af:e1:5d:9a:f9:1c:55:d0:b1:3b:38:
14:20:ad:10:d3:41:02:eb:48:14:db:46:da:5d:eb:
e2:ff:f6:96:6e:0a:21:96:9c:8b:50:fd:25:62:53:
6b:af:fa:5e:25:4a:67:6c:2f:cd:d2:e3:9d:8f:8e:
11:65:82:18:03:56:f1:23:e9:85:df:0e:6b:05:39:
75:b5:39:6a:e2:a7:97:5e:ca:a8:ea:7e:22:4c:4b:
bf:0d:10:09:6e:a4:e9:45:9b:b3:14:4f:6d:ed:91:
ae:70:b0:e5:67:d8:a2:07:4d:2f:37:47:e5:a3:f9:
66:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:2F:C6:36:78:AB:28:51:3F:0D:7A:D4:65:BA:52:34:1F:62:4C:1D
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Uy_GNnirKFE_DXrUZbpSNB9iTB0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.200.0/24
88.209.211.0/24
88.209.217.0/24
88.209.253.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
07:be:14:bf:51:7d:67:ac:4e:d1:c3:37:07:37:2e:bb:b3:a8:
7d:5f:0c:b9:c0:27:0d:83:8a:cf:92:e3:a5:08:d4:55:4b:42:
ad:0b:75:e2:f2:65:16:80:d7:1d:7e:54:8f:24:8a:e0:bf:fe:
cb:46:7f:ca:f3:c1:8e:27:fb:2c:6e:6f:02:6f:0e:f8:22:9e:
be:40:80:13:e6:bb:87:a3:f3:ec:29:44:5b:f5:94:68:a3:4d:
6f:6d:ad:8f:d8:a1:a8:df:4a:c4:9f:22:ac:a8:9f:4e:b4:23:
91:95:15:10:e4:ea:23:e4:82:ef:77:53:8a:4f:1f:80:ed:30:
54:aa:a2:c3:60:9a:78:27:7c:ae:68:1a:bc:f1:f0:b6:e5:12:
51:9c:f2:6a:bf:b8:24:d0:93:c8:bc:1a:60:be:c7:e9:76:0d:
5f:27:34:33:11:e4:cb:e5:d4:fa:12:04:46:98:04:f2:c9:ad:
cf:1c:64:10:86:9d:bd:ac:ef:7e:45:6e:54:1f:4b:40:3e:80:
26:6f:0d:f9:a0:23:aa:c5:3a:7c:b5:74:c0:cd:7c:85:d5:5e:
1a:e0:5e:89:04:28:2b:1c:fd:fb:66:72:c6:3e:94:c9:3e:b6:
5f:60:4b:ec:60:4e:c1:f5:7e:79:d2:34:3c:fb:4c:f2:0e:95:
b1:31:9a:d9
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYsnpDjo0W3HKBGfyJT4mLzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDEzMDYwNTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJmYzYzNjc4YWIyODUxM2YwZDdhZDQ2NWJhNTIzNDFmNjI0YzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAls/brrPcqkxiqyXQvXCUvrfO1P+y
XyfxpR3+pkRUMR523KzCBzbCfSvXzCq3P4n1hi7aJ2mfxRjilIMRlZVwtDhi9+Ka
WleAEck6xiMyYb/wSUi84qPLOf+NomLi2eyWR6yOavvF1cv6nNE4buq4qvs6UX49
O9AQSBfnWrhax3pYKaFPhTR9TjnMr+FdmvkcVdCxOzgUIK0Q00EC60gU20baXevi
//aWbgohlpyLUP0lYlNrr/peJUpnbC/N0uOdj44RZYIYA1bxI+mF3w5rBTl1tTlq
4qeXXsqo6n4iTEu/DRAJbqTpRZuzFE9t7ZGucLDlZ9iiB00vN0flo/lm4wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFMvxjZ4qyhRPw161GW6UjQfYkwdMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVXlfR05uaXJLRkVfRFhyVVpicFNOQjlpVEIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBWJc4AwQA
WNHIAwQAWNHTAwQAWNHZAwQAWNH9AwQAstLkMA0GCSqGSIb3DQEBCwUAA4IBAQAH
vhS/UX1nrE7RwzcHNy67s6h9Xwy5wCcNg4rPkuOlCNRVS0KtC3Xi8mUWgNcdflSP
JIrgv/7LRn/K88GOJ/ssbm8Cbw74Ip6+QIAT5ruHo/PsKURb9ZRoo01vba2P2KGo
30rEnyKsqJ9OtCORlRUQ5Ooj5ILvd1OKTx+A7TBUqqLDYJp4J3yuaBq88fC25RJR
nPJqv7gk0JPIvBpgvsfpdg1fJzQzEeTL5dT6EgRGmATyya3PHGQQhp29rO9+RW5U
H0tAPoAmbw35oCOqxTp8tXTAzXyF1V4a4F6JBCgrHP37ZnLGPpTJPrZfYEvsYE7B
9X550jQ8+0zyDpWxMZrZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org