Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/bMFdmRB59XdoU9BGoY5YRkeT4YU.roa
File: bMFdmRB59XdoU9BGoY5YRkeT4YU.roa (raw, json)
Hash identifier: ZFTkJZ5EANi9xT/X8dvJXudcdoslAPmIq/sk7RbJ8AI=
Subject key identifier: 6C:C1:5D:99:10:79:F5:77:68:53:D0:46:A1:8E:58:46:47:93:E1:85
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018B004B69D23D8225048FF0F88850277906
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/bMFdmRB59XdoU9BGoY5YRkeT4YU.roa
Signing time: Thu 05 Oct 2023 14:43:44 +0000
ROA not before: Thu 05 Oct 2023 14:43:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
77.242.157.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
88.209.200.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:00:4b:69:d2:3d:82:25:04:8f:f0:f8:88:50:27:79:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 5 14:43:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6cc15d991079f5776853d046a18e58464793e185
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:fa:f7:e5:9b:6b:fb:b7:b8:1b:61:14:85:fd:
19:78:d5:4f:91:e4:4f:cc:ff:dd:51:9e:8f:7f:13:
26:53:8f:c4:09:d6:6f:47:42:ea:28:94:b6:1c:5b:
bd:42:f7:45:b6:60:23:c2:c4:f2:32:3c:69:bd:c6:
11:2d:97:29:e0:18:cb:14:fd:8e:a7:0f:b8:c2:eb:
6b:75:db:ca:9e:20:40:65:c4:48:90:11:eb:ae:2d:
18:aa:55:0c:82:c1:c3:a6:9d:fd:55:ff:95:b4:9b:
11:fc:94:b6:20:57:4e:fc:64:2b:60:b2:dd:9a:e5:
78:54:3a:a8:6c:d8:ed:b3:ae:e9:4c:44:e9:5a:47:
90:36:c0:75:9e:1b:18:6a:23:08:2b:a9:84:5b:01:
22:97:be:6f:67:7d:53:0f:36:1a:cd:fe:90:84:cc:
5c:fe:46:e8:dc:d0:a1:90:c6:e0:e0:47:ce:28:a3:
56:88:a5:d3:5d:c6:48:21:e0:53:77:ae:78:49:b0:
b4:ad:e8:07:96:33:e8:1b:94:4b:16:46:68:1f:bd:
00:ea:bc:4f:3a:fd:f2:32:dc:5a:43:18:73:0d:88:
62:10:19:79:76:6c:77:82:88:02:35:78:a0:3f:c3:
cc:7f:96:21:92:b0:96:f9:38:8c:52:e0:c7:1c:46:
78:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:C1:5D:99:10:79:F5:77:68:53:D0:46:A1:8E:58:46:47:93:E1:85
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/bMFdmRB59XdoU9BGoY5YRkeT4YU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.157.0/24
88.151.56.0/23
88.151.62.0/24
88.209.200.0/24
88.209.211.0/24
88.209.217.0/24
88.209.253.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
32:a8:85:cd:79:49:2b:76:2b:9f:ac:68:c3:a1:eb:3a:d2:72:
cc:bd:e0:7a:71:01:b2:75:2c:87:cc:da:d6:9d:60:73:da:f2:
8e:cb:36:48:7b:4f:e7:d0:94:b9:19:17:42:12:c7:07:09:3e:
cf:94:fe:ec:e5:b7:56:12:56:94:8c:00:63:d2:84:16:dd:3b:
ca:00:e6:d0:30:3a:06:6c:54:df:58:82:07:0a:12:82:fb:2a:
de:2b:a3:39:b7:68:5e:05:68:88:92:65:4b:11:90:4c:72:bb:
42:4d:48:c1:ce:b3:80:6f:e4:8d:10:67:8c:7a:f9:0f:88:10:
1a:ac:25:da:5e:96:bb:7d:1c:94:d4:03:95:88:90:c4:17:b6:
35:98:75:a7:b9:78:4b:aa:f3:6a:54:88:af:c9:48:30:10:a8:
83:2c:a3:bc:27:1a:ea:73:e4:a3:a7:42:7a:10:40:79:9a:ca:
d5:66:50:75:56:76:8d:0f:09:47:1d:76:38:46:d1:60:ef:19:
32:26:1d:ad:7d:d4:dd:a0:28:63:7c:a7:32:92:ad:62:ef:b7:
34:ad:5c:d1:f6:01:70:e8:84:a9:f8:d6:9d:45:7a:e3:fd:f2:
a4:c7:e4:77:7a:60:3a:a0:32:8a:6b:61:2f:66:03:8d:4f:fb:
4e:b2:f0:7f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYsAS2nSPYIlBI/w+IhQJ3kGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDA1MTQ0MzQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2MxNWQ5OTEwNzlmNTc3Njg1M2QwNDZhMThlNTg0NjQ3OTNlMTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Pr35Ztr+7e4G2EUhf0ZeNVPkeRP
zP/dUZ6PfxMmU4/ECdZvR0LqKJS2HFu9QvdFtmAjwsTyMjxpvcYRLZcp4BjLFP2O
pw+4wutrddvKniBAZcRIkBHrri0YqlUMgsHDpp39Vf+VtJsR/JS2IFdO/GQrYLLd
muV4VDqobNjts67pTETpWkeQNsB1nhsYaiMIK6mEWwEil75vZ31TDzYazf6QhMxc
/kbo3NChkMbg4EfOKKNWiKXTXcZIIeBTd654SbC0regHljPoG5RLFkZoH70A6rxP
Ov3yMtxaQxhzDYhiEBl5dmx3gogCNXigP8PMf5YhkrCW+TiMUuDHHEZ4VQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGzBXZkQefV3aFPQRqGOWEZHk+GFMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYk1GZG1SQjU5WGRvVTlCR29ZNVlSa2VUNFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATfKdAwQB
WJc4AwQAWJc+AwQAWNHIAwQAWNHTAwQAWNHZAwQAWNH9AwQAstLkMA0GCSqGSIb3
DQEBCwUAA4IBAQAyqIXNeUkrdiufrGjDoes60nLMveB6cQGydSyHzNrWnWBz2vKO
yzZIe0/n0JS5GRdCEscHCT7PlP7s5bdWElaUjABj0oQW3TvKAObQMDoGbFTfWIIH
ChKC+yreK6M5t2heBWiIkmVLEZBMcrtCTUjBzrOAb+SNEGeMevkPiBAarCXaXpa7
fRyU1AOViJDEF7Y1mHWnuXhLqvNqVIivyUgwEKiDLKO8Jxrqc+Sjp0J6EEB5msrV
ZlB1VnaNDwlHHXY4RtFg7xkyJh2tfdTdoChjfKcykq1i77c0rVzR9gFw6ISp+Nad
RXrj/fKkx+R3emA6oDKKa2EvZgONT/tOsvB/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org