Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/W5vtEvnRk75VNTSswBXyPz-2RCA.roa
File: W5vtEvnRk75VNTSswBXyPz-2RCA.roa (raw, json)
Hash identifier: inXyvmIv3ukDUGE7fkwZK7sLO+fkxakdg0I9Wcm7saY=
Subject key identifier: 5B:9B:ED:12:F9:D1:93:BE:55:35:34:AC:C0:15:F2:3F:3F:B6:44:20
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018571E7AB170A312F5DB3C6906163632CA9
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/W5vtEvnRk75VNTSswBXyPz-2RCA.roa
Signing time: Mon 02 Jan 2023 09:54:46 +0000
ROA not before: Mon 02 Jan 2023 09:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202485
IP address blocks: 92.52.217.0/24 maxlen: 24
88.209.254.0/24 maxlen: 24
178.210.233.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:e7:ab:17:0a:31:2f:5d:b3:c6:90:61:63:63:2c:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 2 09:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5b9bed12f9d193be553534acc015f23f3fb64420
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:da:bb:b2:ad:a5:3c:dd:a2:e0:16:81:bc:59:
0c:b1:1c:52:a4:8a:c3:24:c2:94:ec:62:fc:3e:a1:
6c:b5:34:29:bd:a9:5c:42:c9:25:0c:c2:f7:54:f5:
60:e1:18:19:60:79:c6:8d:17:54:d1:05:6d:3a:7d:
9f:f4:92:80:ee:31:f1:2e:1e:af:14:93:f4:10:08:
ba:d4:20:f3:82:97:7a:8a:5a:fc:b7:cf:cf:7e:b7:
7e:d4:70:18:fb:65:5a:f1:f8:73:56:e4:be:26:57:
e7:1e:4e:87:51:35:9c:a0:96:b3:bd:69:e8:20:fb:
ec:d1:b5:93:53:7b:d6:c9:a9:66:ba:4c:1d:16:0a:
9c:57:1a:1b:b6:04:0d:98:e9:a0:7e:40:f7:dc:1f:
3d:a8:96:12:13:17:ca:67:07:e8:11:1f:24:f4:98:
d4:0d:a2:ca:99:a6:7b:0a:e6:fc:45:b0:40:28:2a:
bb:06:dd:a5:69:6d:72:cc:6a:98:c6:2b:0f:6c:2b:
dd:57:ba:52:a3:20:14:23:2c:fc:23:a7:99:4d:7e:
8d:b1:1b:0f:50:22:ff:9e:59:97:44:60:82:5a:cd:
de:e7:b3:85:21:12:b8:d5:de:db:7d:c5:7c:0e:fa:
a9:a4:87:91:45:59:c9:85:14:79:9b:fe:bf:5f:44:
93:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:9B:ED:12:F9:D1:93:BE:55:35:34:AC:C0:15:F2:3F:3F:B6:44:20
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/W5vtEvnRk75VNTSswBXyPz-2RCA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.254.0/24
92.52.217.0/24
178.210.233.0/24
Signature Algorithm: sha256WithRSAEncryption
11:08:44:da:ff:30:86:57:80:70:28:96:ed:9b:ae:5c:5d:ef:
59:e5:80:32:8b:17:ab:68:3b:2a:b9:c5:c1:07:0c:92:f2:51:
a4:8f:1f:3c:e0:4f:d7:df:f8:69:40:3a:05:67:7b:a9:7d:6c:
55:55:14:59:d1:ba:53:88:4e:c5:04:0b:b9:93:74:ca:59:85:
de:9a:e8:4a:eb:ce:98:47:b1:eb:83:12:e0:40:95:51:c0:b0:
25:e6:ff:42:21:0c:24:e3:b2:db:79:99:ef:2d:5e:59:f1:1b:
ca:46:ce:4a:b5:e6:b6:91:d5:62:50:cc:f7:ac:40:e8:42:96:
ac:b0:f9:c1:81:6e:c9:66:78:89:2b:9f:fb:45:32:02:09:3f:
e3:40:01:eb:f7:e6:4e:9d:9e:c3:d9:07:4e:98:c0:84:78:99:
b6:3e:c5:db:82:a6:43:ee:99:6c:de:57:43:31:09:5c:49:e0:
cf:6c:b6:75:8a:63:32:87:81:be:ed:4b:69:4b:7b:e7:9b:a8:
3f:48:8c:87:b5:85:11:c6:e7:be:30:1e:0f:82:d3:15:8a:93:
ac:bf:e8:d4:a6:ba:94:52:57:a7:36:93:b6:aa:1b:f8:b4:16:
02:8b:2f:06:e5:19:5c:5c:7e:43:b1:67:00:1b:88:8c:fd:e6:
44:2e:d3:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVx56sXCjEvXbPGkGFjYyypMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwMTAyMDk1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjliZWQxMmY5ZDE5M2JlNTUzNTM0YWNjMDE1ZjIzZjNmYjY0NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9q7sq2lPN2i4BaBvFkMsRxSpIrD
JMKU7GL8PqFstTQpvalcQsklDML3VPVg4RgZYHnGjRdU0QVtOn2f9JKA7jHxLh6v
FJP0EAi61CDzgpd6ilr8t8/Pfrd+1HAY+2Va8fhzVuS+JlfnHk6HUTWcoJazvWno
IPvs0bWTU3vWyalmukwdFgqcVxobtgQNmOmgfkD33B89qJYSExfKZwfoER8k9JjU
DaLKmaZ7Cub8RbBAKCq7Bt2laW1yzGqYxisPbCvdV7pSoyAUIyz8I6eZTX6NsRsP
UCL/nlmXRGCCWs3e57OFIRK41d7bfcV8DvqppIeRRVnJhRR5m/6/X0STwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFub7RL50ZO+VTU0rMAV8j8/tkQgMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVzV2dEV2blJrNzVWTlRTc3dCWHlQei0yUkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWNH+AwQA
XDTZAwQAstLpMA0GCSqGSIb3DQEBCwUAA4IBAQARCETa/zCGV4BwKJbtm65cXe9Z
5YAyixeraDsqucXBBwyS8lGkjx884E/X3/hpQDoFZ3upfWxVVRRZ0bpTiE7FBAu5
k3TKWYXemuhK686YR7HrgxLgQJVRwLAl5v9CIQwk47LbeZnvLV5Z8RvKRs5Ktea2
kdViUMz3rEDoQpassPnBgW7JZniJK5/7RTICCT/jQAHr9+ZOnZ7D2QdOmMCEeJm2
PsXbgqZD7pls3ldDMQlcSeDPbLZ1imMyh4G+7UtpS3vnm6g/SIyHtYURxue+MB4P
gtMVipOsv+jUprqUUlenNpO2qhv4tBYCiy8G5RlcXH5DsWcAG4iM/eZELtPr
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org