Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ZSQaJEzYLix3-fbPsxj1G_NxZes.roa
File: ZSQaJEzYLix3-fbPsxj1G_NxZes.roa (raw, json)
Hash identifier: dYJwIb1OOids3uHyYxT6aXf9BWchqVrc1scn85YhGM0=
Subject key identifier: 65:24:1A:24:4C:D8:2E:2C:77:F9:F6:CF:B3:18:F5:1B:F3:71:65:EB
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0187FF61C313F82FCAD22C8EA4C4CF1E5989
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ZSQaJEzYLix3-fbPsxj1G_NxZes.roa
Signing time: Tue 09 May 2023 07:20:09 +0000
ROA not before: Tue 09 May 2023 07:20:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211619
IP address blocks: 88.209.228.0/24 maxlen: 24
88.209.236.0/22 maxlen: 22
88.209.246.0/23 maxlen: 23
88.209.254.0/24 maxlen: 24
83.137.159.0/24 maxlen: 24
83.137.156.0/24 maxlen: 24
83.137.157.0/24 maxlen: 24
83.137.153.0/24 maxlen: 24
45.9.168.0/24 maxlen: 24
88.209.205.0/24 maxlen: 24
88.209.206.0/24 maxlen: 24
88.209.219.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
178.210.231.0/24 maxlen: 24
178.210.232.0/24 maxlen: 24
178.210.233.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.234.0/24 maxlen: 24
178.210.235.0/24 maxlen: 24
77.242.152.0/22 maxlen: 24
77.242.157.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
92.52.217.0/24 maxlen: 24
92.52.218.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
5.182.112.0/24 maxlen: 24
5.182.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ff:61:c3:13:f8:2f:ca:d2:2c:8e:a4:c4:cf:1e:59:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: May 9 07:20:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=65241a244cd82e2c77f9f6cfb318f51bf37165eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:7e:be:82:83:ef:26:68:be:f7:70:08:0b:33:
1f:55:0a:ce:44:28:5e:42:3e:47:9e:f9:8d:24:04:
fb:d5:33:6d:2e:1a:f6:70:c9:63:55:d3:75:87:e8:
2a:b7:e6:b7:f1:e2:05:d8:ba:27:6a:b8:a2:4a:01:
67:3f:9d:82:57:93:6f:b1:38:96:73:e3:77:9e:91:
15:28:b2:67:d4:d2:b3:08:bc:4b:a7:4e:df:00:a9:
05:e0:93:1f:0e:b3:73:d4:88:10:dd:e3:53:c7:b6:
fe:e7:98:b1:15:ce:dc:42:38:d2:b1:20:91:ca:63:
35:a9:07:db:0e:c9:e0:78:06:08:30:4d:af:30:e7:
09:56:5e:14:0d:6e:a4:60:96:c1:3e:e4:e3:8f:1e:
d9:84:0e:6e:92:a0:f9:74:df:a4:5b:0b:af:3d:39:
1a:a2:77:a8:20:24:d2:0f:8d:6e:b4:63:30:6a:8c:
8a:7f:ad:63:69:e0:86:5b:f2:3f:33:b1:85:e1:09:
b3:bc:4a:db:e9:a3:cb:cd:fa:f7:01:7a:2b:65:22:
a0:18:5b:8b:2a:28:70:a2:86:6b:aa:b7:01:26:d3:
aa:e8:84:34:02:59:90:4c:43:2d:6d:80:a6:18:ef:
e9:ea:5f:65:18:7a:09:5a:d7:79:f0:c6:a6:b3:0b:
a0:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:24:1A:24:4C:D8:2E:2C:77:F9:F6:CF:B3:18:F5:1B:F3:71:65:EB
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ZSQaJEzYLix3-fbPsxj1G_NxZes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.112.0/24
5.182.115.0/24
45.9.168.0/24
77.242.152.0/22
77.242.157.0-77.242.158.255
83.137.153.0/24
83.137.156.0/23
83.137.159.0/24
88.151.62.0/24
88.209.205.0-88.209.206.255
88.209.217.0/24
88.209.219.0/24
88.209.228.0/24
88.209.236.0/22
88.209.246.0/23
88.209.254.0/24
92.52.217.0-92.52.218.255
178.210.228.0/24
178.210.230.0-178.210.235.255
178.210.237.0/24
194.41.47.0/24
Signature Algorithm: sha256WithRSAEncryption
52:17:39:06:98:eb:e4:6b:94:fd:79:e9:ad:11:a8:ac:82:1e:
8d:29:13:ce:fb:73:58:0b:fa:87:4c:e3:ec:63:ad:1d:68:09:
7d:d3:6c:94:ce:91:a2:19:29:56:35:ae:a5:c0:7d:a7:f8:72:
e9:a9:3d:32:af:4c:9a:74:2b:e8:53:5c:3a:5c:ec:ec:1d:51:
06:df:ec:d7:bf:ba:1c:c4:10:8c:d8:8a:8f:63:31:8a:e0:de:
a1:d7:32:0a:6b:14:3b:3c:79:24:8a:d6:21:fb:cf:46:75:24:
56:6a:e9:11:01:25:bd:98:3c:89:c7:b0:9e:84:d7:7a:12:c9:
62:3a:28:6b:8d:33:90:92:c4:fc:67:54:b0:81:cf:c0:ef:85:
d4:2b:a1:63:a2:91:0d:d7:1c:8a:7e:10:43:fd:fc:24:65:36:
6c:4d:5e:85:1e:8e:3c:64:3f:cc:fa:b3:e8:b4:43:e1:37:3a:
65:10:c9:e2:e8:e0:80:16:36:cc:aa:3f:87:ff:33:50:25:ff:
5a:f8:6b:b4:2e:5b:4f:07:ac:ff:d5:27:91:a2:5a:5b:b9:08:
53:e9:2e:ce:d3:80:68:c4:6a:14:93:97:52:b9:c3:46:bd:ef:
eb:19:32:fb:81:d1:0d:35:94:7b:17:30:28:17:29:99:3e:9a:
e1:ab:83:b1
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAYf/YcMT+C/K0iyOpMTPHlmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTA5MDcyMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI0MWEyNDRjZDgyZTJjNzdmOWY2Y2ZiMzE4ZjUxYmYzNzE2NWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiH6+goPvJmi+93AICzMfVQrORChe
Qj5HnvmNJAT71TNtLhr2cMljVdN1h+gqt+a38eIF2LonariiSgFnP52CV5NvsTiW
c+N3npEVKLJn1NKzCLxLp07fAKkF4JMfDrNz1IgQ3eNTx7b+55ixFc7cQjjSsSCR
ymM1qQfbDsngeAYIME2vMOcJVl4UDW6kYJbBPuTjjx7ZhA5ukqD5dN+kWwuvPTka
oneoICTSD41utGMwaoyKf61jaeCGW/I/M7GF4QmzvErb6aPLzfr3AXorZSKgGFuL
KihwooZrqrcBJtOq6IQ0AlmQTEMtbYCmGO/p6l9lGHoJWtd58MamswugwQIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFGUkGiRM2C4sd/n2z7MY9RvzcWXrMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWlNRYUpFellMaXgzLWZiUHN4ajFHX054WmVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDCBpQQCAAEwgZ4DBAAF
tnADBAAFtnMDBAAtCagDBAJN8pgwDAMEAE3ynQMEAE3yngMEAFOJmQMEAVOJnAME
AFOJnwMEAFiXPjAMAwQAWNHNAwQAWNHOAwQAWNHZAwQAWNHbAwQAWNHkAwQCWNHs
AwQBWNH2AwQAWNH+MAwDBABcNNkDBABcNNoDBACy0uQwDAMEAbLS5gMEArLS6AME
ALLS7QMEAMIpLzANBgkqhkiG9w0BAQsFAAOCAQEAUhc5Bpjr5GuU/XnprRGorIIe
jSkTzvtzWAv6h0zj7GOtHWgJfdNslM6RohkpVjWupcB9p/hy6ak9Mq9MmnQr6FNc
Olzs7B1RBt/s17+6HMQQjNiKj2MxiuDeodcyCmsUOzx5JIrWIfvPRnUkVmrpEQEl
vZg8icewnoTXehLJYjooa40zkJLE/GdUsIHPwO+F1CuhY6KRDdccin4QQ/38JGU2
bE1ehR6OPGQ/zPqz6LRD4Tc6ZRDJ4ujggBY2zKo/h/8zUCX/WvhrtC5bTwes/9Un
kaJaW7kIU+kuztOAaMRqFJOXUrnDRr3v6xky+4HRDTWUexcwKBcpmT6a4auDsQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org