Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/W7EblXG8OGIuyitoFgJNzbSDVpY.roa
File: W7EblXG8OGIuyitoFgJNzbSDVpY.roa (raw, json)
Hash identifier: CCWfdFb14Mu6i/aKf5ZSYaYuPqMRVmnWvf45TUW5DAE=
Subject key identifier: 5B:B1:1B:95:71:BC:38:62:2E:CA:2B:68:16:02:4D:CD:B4:83:56:96
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018C3E23FCB0616260B8EA90EBEDB4A9049F
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/W7EblXG8OGIuyitoFgJNzbSDVpY.roa
Signing time: Wed 06 Dec 2023 07:59:54 +0000
ROA not before: Wed 06 Dec 2023 07:59:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3e:23:fc:b0:61:62:60:b8:ea:90:eb:ed:b4:a9:04:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Dec 6 07:59:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5bb11b9571bc38622eca2b6816024dcdb4835696
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:49:71:bf:91:51:75:e1:87:dc:05:f5:23:9e:
70:38:86:f4:88:b8:ed:49:ab:a2:87:3a:54:c6:1b:
e3:5c:5b:4d:63:cb:5c:c2:3a:eb:31:5d:7a:39:fb:
fb:74:be:48:3d:d5:e1:af:de:fe:32:ff:49:f2:6f:
23:12:5e:45:ff:3c:b2:a5:09:d3:21:9f:96:4e:6b:
0c:08:19:3a:d8:0a:60:94:6d:c2:5d:a0:a8:19:32:
46:89:f6:f2:c4:06:d5:ac:91:19:68:44:e0:48:66:
7f:67:6c:5d:2a:65:a4:0b:e9:85:20:85:d6:cd:2c:
d0:32:b4:86:69:76:d0:3c:f3:5b:af:11:bf:a5:47:
c4:96:06:c8:57:61:40:c2:1e:15:8e:a9:1f:b4:37:
03:ca:8a:bb:5f:51:a8:5c:57:5c:73:ce:01:61:6a:
c7:7c:ed:c7:98:be:fe:0e:1e:9e:71:2d:df:f8:23:
a2:9b:cd:90:af:4c:a9:ae:7f:da:83:cd:34:ca:68:
f9:d6:64:15:4b:78:1c:05:b4:9a:9a:b4:10:68:19:
c0:a2:9d:f6:54:2b:c7:5a:c2:c8:25:5d:67:f9:ef:
11:78:55:7d:a6:16:17:24:2c:2c:e8:e8:76:5f:fc:
57:59:78:ac:df:56:36:84:10:ff:39:d3:3d:9b:1f:
8f:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:B1:1B:95:71:BC:38:62:2E:CA:2B:68:16:02:4D:CD:B4:83:56:96
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/W7EblXG8OGIuyitoFgJNzbSDVpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.209.211.0/24
88.209.226.0/24
88.209.232.0/22
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
11:ef:97:1a:be:25:8b:c7:91:c1:0b:35:2c:d2:dd:31:62:e7:
ad:c7:cf:af:4b:b4:72:e0:91:b8:f0:f8:72:81:f5:88:86:5e:
e8:fc:0b:b5:9a:ec:f3:68:fe:38:9c:51:0f:71:71:4e:7e:4e:
b1:e0:7d:25:21:7a:c5:5d:c8:9c:b5:e5:5a:17:91:3c:38:6e:
47:7c:cc:d4:bf:a8:f6:f5:c5:e7:4e:8d:8a:13:af:72:62:00:
9a:77:e0:48:cf:b2:28:79:43:df:0c:bd:9e:34:53:2a:6a:c6:
9e:f3:b7:d7:3a:32:7c:e3:2f:04:b3:bd:bb:f2:c9:1b:5c:ac:
b0:be:d2:b9:01:ad:be:81:ba:5b:cc:b0:8c:6d:32:f1:ea:fb:
d6:41:11:4d:80:4c:98:7e:94:dc:54:e2:51:41:e6:fb:46:1c:
ac:a9:ec:0c:27:b2:32:d6:55:d9:4d:ef:bd:44:61:68:40:d7:
50:ea:95:ce:e2:32:a3:69:98:2b:53:1c:ba:7a:a0:70:3d:55:
98:51:6e:37:9c:48:82:c6:7a:f8:22:7a:5d:a7:8c:fc:6c:80:
f4:48:fd:37:27:11:4f:dd:de:f1:5a:8e:11:40:da:5b:0f:87:
f2:1f:81:b7:51:b7:1b:92:38:4f:41:a4:a1:b1:dc:90:9b:1c:
67:1f:b8:ea
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYw+I/ywYWJguOqQ6+20qQSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMjA2MDc1OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmIxMWI5NTcxYmMzODYyMmVjYTJiNjgxNjAyNGRjZGI0ODM1Njk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUlxv5FRdeGH3AX1I55wOIb0iLjt
SauihzpUxhvjXFtNY8tcwjrrMV16Ofv7dL5IPdXhr97+Mv9J8m8jEl5F/zyypQnT
IZ+WTmsMCBk62ApglG3CXaCoGTJGifbyxAbVrJEZaETgSGZ/Z2xdKmWkC+mFIIXW
zSzQMrSGaXbQPPNbrxG/pUfElgbIV2FAwh4VjqkftDcDyoq7X1GoXFdcc84BYWrH
fO3HmL7+Dh6ecS3f+COim82Qr0yprn/ag800ymj51mQVS3gcBbSamrQQaBnAop32
VCvHWsLIJV1n+e8ReFV9phYXJCws6Oh2X/xXWXis31Y2hBD/OdM9mx+PNwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFuxG5VxvDhiLsoraBYCTc20g1aWMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVzdFYmxYRzhPR0l1eWl0b0ZnSk56YlNEVnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQATfKWAwQB
WJc4AwQAWNHTAwQAWNHiAwQCWNHoAwQAstLkMA0GCSqGSIb3DQEBCwUAA4IBAQAR
75caviWLx5HBCzUs0t0xYuetx8+vS7Ry4JG48PhygfWIhl7o/Au1muzzaP44nFEP
cXFOfk6x4H0lIXrFXcicteVaF5E8OG5HfMzUv6j29cXnTo2KE69yYgCad+BIz7Io
eUPfDL2eNFMqasae87fXOjJ84y8Es7278skbXKywvtK5Aa2+gbpbzLCMbTLx6vvW
QRFNgEyYfpTcVOJRQeb7RhysqewMJ7Iy1lXZTe+9RGFoQNdQ6pXO4jKjaZgrUxy6
eqBwPVWYUW43nEiCxnr4Inpdp4z8bID0SP03JxFP3d7xWo4RQNpbD4fyH4G3Ubcb
kjhPQaShsdyQmxxnH7jq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org