Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/btqwn8WJ_6Cl0OkGBzWcR4Tq77g.roa
File: btqwn8WJ_6Cl0OkGBzWcR4Tq77g.roa (raw, json)
Hash identifier: Qk3W6NrvsYhaXlOFx012v9vyiYLJxTMZJ1ezH77q32k=
Subject key identifier: 6E:DA:B0:9F:C5:89:FF:A0:A5:D0:E9:06:07:35:9C:47:84:EA:EF:B8
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018AC152B4DAA304C2C870578414BDE93987
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/btqwn8WJ_6Cl0OkGBzWcR4Tq77g.roa
Signing time: Sat 23 Sep 2023 09:15:37 +0000
ROA not before: Sat 23 Sep 2023 09:15:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 92.52.214.0/24 maxlen: 24
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:c1:52:b4:da:a3:04:c2:c8:70:57:84:14:bd:e9:39:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 23 09:15:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6edab09fc589ffa0a5d0e90607359c4784eaefb8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:26:69:59:2f:ea:95:0a:5f:b0:11:f0:05:5b:
ba:0a:b0:eb:84:ea:67:cd:22:91:c5:df:cb:df:b7:
7b:12:35:31:7c:79:04:1c:83:35:20:71:4c:b1:47:
d5:11:b2:ef:21:07:9e:1d:ef:a3:50:04:1b:36:c8:
1a:d0:18:4a:3a:a0:80:54:6a:b4:f0:0c:a4:54:d4:
f8:9f:b5:18:d3:eb:6b:04:db:23:56:11:85:46:fd:
3f:37:56:93:70:3a:68:26:0b:e3:b8:00:d6:99:78:
91:7d:ee:e9:12:a5:68:ba:0f:5c:14:a0:b8:b6:2c:
a0:6a:ba:82:56:53:ae:ec:63:f3:82:61:ab:af:64:
1e:17:ce:c3:6d:8f:5a:2c:d1:ce:24:8e:5a:95:cc:
c0:86:ef:be:56:b7:55:49:6f:2e:13:f9:81:0f:87:
03:25:b1:55:4a:d9:14:d7:fc:28:b1:4a:de:3a:f6:
62:90:6f:ab:91:3f:0e:85:67:4d:9b:c9:6c:55:3a:
05:66:aa:cb:b3:d9:7e:9d:90:d6:28:af:d8:42:38:
fd:3d:3f:9a:35:d4:3f:29:71:6d:36:e4:5c:e6:3f:
82:19:cb:1f:7d:bf:52:4b:7c:f6:42:71:2e:b8:1e:
e3:bf:e4:d0:1b:ec:3d:1f:ee:b2:8c:b2:c8:0f:27:
59:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:DA:B0:9F:C5:89:FF:A0:A5:D0:E9:06:07:35:9C:47:84:EA:EF:B8
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/btqwn8WJ_6Cl0OkGBzWcR4Tq77g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.226.0/24
92.52.214.0/24
178.210.248.0/23
178.210.251.0-178.210.252.255
Signature Algorithm: sha256WithRSAEncryption
13:5d:12:94:b8:1e:d8:3c:07:4b:6f:d9:fd:59:f5:f3:34:a2:
a4:b6:14:2e:33:78:07:9a:3e:42:79:69:39:7f:ff:38:98:ea:
a7:df:ff:fc:db:2d:db:2f:f0:5c:59:e7:8f:26:02:ee:c9:b9:
6e:83:8f:7a:58:d8:b7:61:47:47:86:11:61:e5:a1:1a:c3:f8:
4f:60:06:32:27:2e:f7:62:f5:dd:80:df:e8:f2:aa:5f:71:46:
1c:5e:0b:02:f1:79:1b:54:d1:1c:c2:c5:c2:da:86:50:7d:b8:
ea:a1:06:da:be:a9:86:3e:05:a6:3d:a9:a1:12:47:7f:46:9c:
70:8a:ee:b0:8a:72:86:e3:24:a9:c7:d7:76:f4:24:40:a2:35:
cb:fa:a0:b9:7d:00:3b:3a:66:f4:86:99:50:56:9e:2c:68:b3:
24:db:98:ca:d8:23:64:5f:9b:fd:6a:06:17:c8:a8:12:1b:f3:
ea:19:6a:16:3c:80:7a:ce:be:d3:09:b3:ac:df:fb:2c:6e:44:
c5:43:67:fd:e2:c4:e9:f1:54:fe:07:5c:14:f4:4f:c8:9b:2f:
d2:42:15:3c:7e:67:0c:5b:70:5c:d3:c6:f3:28:6c:69:e4:05:
b3:9e:a4:17:81:da:0c:08:d9:e1:56:6f:0f:df:89:75:e2:cf:
9c:5a:77:3d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYrBUrTaowTCyHBXhBS96TmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTIzMDkxNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWRhYjA5ZmM1ODlmZmEwYTVkMGU5MDYwNzM1OWM0Nzg0ZWFlZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yZpWS/qlQpfsBHwBVu6CrDrhOpn
zSKRxd/L37d7EjUxfHkEHIM1IHFMsUfVEbLvIQeeHe+jUAQbNsga0BhKOqCAVGq0
8AykVNT4n7UY0+trBNsjVhGFRv0/N1aTcDpoJgvjuADWmXiRfe7pEqVoug9cFKC4
tiygarqCVlOu7GPzgmGrr2QeF87DbY9aLNHOJI5alczAhu++VrdVSW8uE/mBD4cD
JbFVStkU1/wosUreOvZikG+rkT8OhWdNm8lsVToFZqrLs9l+nZDWKK/YQjj9PT+a
NdQ/KXFtNuRc5j+CGcsffb9SS3z2QnEuuB7jv+TQG+w9H+6yjLLIDydZtwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFG7asJ/Fif+gpdDpBgc1nEeE6u+4MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYnRxd244V0pfNkNsME9rR0J6V2NSNFRxNzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAWNHiAwQA
XDTWAwQBstL4MAwDBACy0vsDBACy0vwwDQYJKoZIhvcNAQELBQADggEBABNdEpS4
Htg8B0tv2f1Z9fM0oqS2FC4zeAeaPkJ5aTl//ziY6qff//zbLdsv8FxZ548mAu7J
uW6Dj3pY2LdhR0eGEWHloRrD+E9gBjInLvdi9d2A3+jyql9xRhxeCwLxeRtU0RzC
xcLahlB9uOqhBtq+qYY+BaY9qaESR39GnHCK7rCKcobjJKnH13b0JECiNcv6oLl9
ADs6ZvSGmVBWnixosyTbmMrYI2Rfm/1qBhfIqBIb8+oZahY8gHrOvtMJs6zf+yxu
RMVDZ/3ixOnxVP4HXBT0T8ibL9JCFTx+ZwxbcFzTxvMobGnkBbOepBeB2gwI2eFW
bw/fiXXiz5xadz0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org