Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Xy0jvguHxisXz5P_HQp_3RymL2Y.roa
File: Xy0jvguHxisXz5P_HQp_3RymL2Y.roa (raw, json)
Hash identifier: otipWZoT/oUCcXKbKEAgX/9Fi5rYQkInonDYmZXqnOw=
Subject key identifier: 5F:2D:23:BE:0B:87:C6:2B:17:CF:93:FF:1D:0A:7F:DD:1C:A6:2F:66
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018B8FE9A6BC48BF912C010277585A16C0FA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Xy0jvguHxisXz5P_HQp_3RymL2Y.roa
Signing time: Thu 02 Nov 2023 12:02:16 +0000
ROA not before: Thu 02 Nov 2023 12:02:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.200.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:8f:e9:a6:bc:48:bf:91:2c:01:02:77:58:5a:16:c0:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Nov 2 12:02:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5f2d23be0b87c62b17cf93ff1d0a7fdd1ca62f66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:a7:30:57:1b:55:aa:e5:4c:40:aa:68:c2:79:
17:2a:d2:fe:85:e1:38:1b:30:eb:99:ef:b1:c5:9b:
83:a8:6e:2b:f4:6d:e0:2e:d1:ab:cf:cf:23:ad:fe:
ce:a1:9b:c8:6b:9d:b4:45:5d:f9:a5:95:62:78:fb:
45:c0:c7:04:7b:2c:5d:87:a3:00:0a:25:9b:f4:af:
9d:f3:3d:c6:17:7b:ac:b8:48:d0:c2:d8:6f:f6:8f:
13:0d:0c:09:10:38:da:d5:f1:df:51:e1:98:2b:f6:
f1:0a:78:fa:6a:b0:df:78:8b:8f:3c:84:7f:51:14:
b3:47:a6:af:9c:f4:1e:68:52:40:12:f3:96:34:bd:
81:5c:5a:e0:ca:ce:b4:8a:80:1f:bb:38:2f:5c:d7:
18:9e:37:2e:b5:bf:5f:59:fa:6b:cf:7b:4a:7e:b0:
94:15:9a:9a:a4:ae:af:e5:e8:b7:fe:43:d0:1c:b1:
15:78:7c:5f:e4:2b:fe:ce:67:3f:f4:81:a1:53:a4:
77:07:b6:c4:ca:4e:84:85:af:9a:1d:c2:77:4d:c7:
9f:d5:2c:4c:c9:2e:84:59:a0:2d:26:80:f2:4a:e0:
bd:26:a7:bb:50:0f:db:69:0e:10:78:37:83:0d:3f:
1c:0d:25:a8:98:78:bf:2e:4d:51:84:73:e3:2d:14:
0b:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:2D:23:BE:0B:87:C6:2B:17:CF:93:FF:1D:0A:7F:DD:1C:A6:2F:66
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Xy0jvguHxisXz5P_HQp_3RymL2Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.209.200.0/24
88.209.211.0/24
88.209.217.0/24
88.209.232.0/22
178.210.228.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
74:18:39:70:15:ee:77:d5:e2:ca:fa:37:5b:c6:b2:cf:1c:60:
a3:61:30:8e:20:ce:35:57:11:ed:4a:a0:91:75:9f:f7:bd:d1:
7c:c1:8f:65:2e:d9:da:3f:3b:4b:32:7a:6c:bb:54:75:30:26:
f2:48:e4:2c:1e:cd:ff:fe:56:ef:e5:8e:f4:dc:48:ee:0c:b8:
55:c7:ba:40:95:87:24:66:d7:78:43:19:d3:bb:88:9f:92:fd:
19:95:5b:2a:5c:4e:b7:3a:3b:ee:ba:81:9f:50:b3:a2:c3:c9:
3c:22:38:0c:db:b5:13:e2:29:15:fb:06:fe:3a:88:2a:b9:48:
42:2a:fd:f8:50:9e:0b:5c:c8:e5:49:b0:33:b0:11:8e:3d:f1:
75:73:56:f1:c8:71:11:34:4f:41:df:b7:15:9e:76:4b:46:16:
cb:dd:75:d8:c7:93:2f:6b:65:9a:34:ff:3c:b4:08:7f:92:05:
ca:b6:ca:a6:c9:33:51:d9:e2:ae:68:56:7d:4a:2f:07:7c:34:
ce:2a:a2:11:d0:84:57:65:94:db:b9:d4:0f:32:13:52:c2:13:
6c:51:f4:a3:50:a2:e7:af:29:3b:68:96:3c:89:8c:ac:fa:75:
0a:6e:25:df:20:31:fc:70:d0:b2:ed:11:9d:d5:2f:30:28:fe:
6a:a8:7b:48
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYuP6aa8SL+RLAECd1haFsD6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMTAyMTIwMjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjJkMjNiZTBiODdjNjJiMTdjZjkzZmYxZDBhN2ZkZDFjYTYyZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtacwVxtVquVMQKpownkXKtL+heE4
GzDrme+xxZuDqG4r9G3gLtGrz88jrf7OoZvIa520RV35pZViePtFwMcEeyxdh6MA
CiWb9K+d8z3GF3usuEjQwthv9o8TDQwJEDja1fHfUeGYK/bxCnj6arDfeIuPPIR/
URSzR6avnPQeaFJAEvOWNL2BXFrgys60ioAfuzgvXNcYnjcutb9fWfprz3tKfrCU
FZqapK6v5ei3/kPQHLEVeHxf5Cv+zmc/9IGhU6R3B7bEyk6Eha+aHcJ3Tcef1SxM
yS6EWaAtJoDySuC9Jqe7UA/baQ4QeDeDDT8cDSWomHi/Lk1RhHPjLRQLvQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF8tI74Lh8YrF8+T/x0Kf90cpi9mMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWHkwanZndUh4aXNYejVQX0hRcF8zUnltTDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATfKWAwQB
WJc4AwQAWNHIAwQAWNHTAwQAWNHZAwQCWNHoAwQAstLkAwQAstL6MA0GCSqGSIb3
DQEBCwUAA4IBAQB0GDlwFe531eLK+jdbxrLPHGCjYTCOIM41VxHtSqCRdZ/3vdF8
wY9lLtnaPztLMnpsu1R1MCbySOQsHs3//lbv5Y703EjuDLhVx7pAlYckZtd4QxnT
u4ifkv0ZlVsqXE63OjvuuoGfULOiw8k8IjgM27UT4ikV+wb+OogquUhCKv34UJ4L
XMjlSbAzsBGOPfF1c1bxyHERNE9B37cVnnZLRhbL3XXYx5Mva2WaNP88tAh/kgXK
tsqmyTNR2eKuaFZ9Si8HfDTOKqIR0IRXZZTbudQPMhNSwhNsUfSjUKLnryk7aJY8
iYys+nUKbiXfIDH8cNCy7RGd1S8wKP5qqHtI
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org