Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/cbAVhK3e2HJnOlq21hn-5vOQOvY.roa
File: cbAVhK3e2HJnOlq21hn-5vOQOvY.roa (raw, json)
Hash identifier: tB2xGpjKI7XJkUFtAcan0VSZpLpXXjm1/SeYlm7xnSU=
Subject key identifier: 71:B0:15:84:AD:DE:D8:72:67:3A:5A:B6:D6:19:FE:E6:F3:90:3A:F6
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018CC3B6B66B165322C3BD3F186258B0D3D2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/cbAVhK3e2HJnOlq21hn-5vOQOvY.roa
Signing time: Mon 01 Jan 2024 06:29:40 +0000
ROA not before: Mon 01 Jan 2024 06:29:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1239
IP address blocks: 88.209.240.0/22 maxlen: 22
178.210.252.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:b6:6b:16:53:22:c3:bd:3f:18:62:58:b0:d3:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 1 06:29:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=71b01584added872673a5ab6d619fee6f3903af6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f8:55:b1:aa:9c:37:68:1b:69:92:1d:88:70:
f6:9b:e4:af:fe:06:7d:1d:67:14:47:19:c8:4d:1c:
0f:59:91:17:08:b8:26:40:22:5a:53:29:71:de:01:
dc:69:c6:bb:7c:2d:58:1e:b4:cb:11:76:72:06:c8:
83:9a:e1:e8:29:e3:6c:fc:63:6f:2d:53:08:35:e0:
46:be:61:2b:74:8a:13:ec:87:31:e1:b6:8e:df:09:
45:38:2d:38:fb:1b:78:6b:25:00:90:d8:d7:e3:57:
3a:f0:b3:03:c9:ca:39:c8:54:e4:f8:87:1e:5e:d9:
a5:8b:8a:97:05:c8:a9:3e:31:c8:23:42:07:8c:75:
f7:d2:5d:b9:f4:e1:6a:32:30:61:cc:e6:8d:30:55:
af:a4:cd:d8:07:37:66:36:b3:92:c0:98:48:c5:05:
85:51:58:9f:2f:31:74:8d:10:36:49:75:b6:81:4f:
4e:1e:c7:c4:8b:b7:99:58:cc:40:1b:5f:18:d2:10:
9e:d8:c5:d2:d7:75:67:60:4a:2b:72:81:42:b6:a7:
2a:16:be:00:26:1e:79:6a:9a:9a:94:fc:7c:df:44:
fc:6a:85:44:75:23:7a:9b:e4:bc:83:bb:1c:6b:39:
5d:fc:f5:be:06:22:07:60:f3:3f:0b:eb:e5:38:33:
e3:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:B0:15:84:AD:DE:D8:72:67:3A:5A:B6:D6:19:FE:E6:F3:90:3A:F6
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/cbAVhK3e2HJnOlq21hn-5vOQOvY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.240.0/22
178.210.252.0/24
Signature Algorithm: sha256WithRSAEncryption
11:4b:74:e6:1b:57:2b:d0:13:af:62:3d:8d:ac:d9:62:c9:e2:
e6:fe:5f:5d:4b:a2:e1:d6:d6:71:45:95:fa:80:33:1a:57:53:
8a:9e:90:fa:ec:ed:1a:9b:6e:f1:b8:af:de:62:2a:e5:4f:5a:
41:b9:37:84:92:75:93:21:bf:b7:13:ce:80:2e:07:fc:a2:7b:
04:17:ff:65:a8:9c:41:40:62:cc:c6:0a:b9:d7:43:5a:ba:4a:
3d:5e:28:62:7b:47:b8:09:50:f4:d6:b8:b1:e0:b6:25:29:a6:
3c:f4:71:e8:52:91:16:9c:c1:b7:36:1b:d3:56:ad:73:47:8f:
f4:8f:66:1e:e9:a3:89:bc:82:93:0a:2c:de:49:19:87:4b:52:
b8:59:17:d2:9a:03:d1:c9:57:e8:4d:21:97:c4:3f:cc:d4:3e:
63:ca:0c:2f:7a:7a:eb:95:19:81:40:7e:86:93:ee:18:22:6b:
06:98:d3:0f:b1:42:38:1b:11:bb:ec:db:16:3a:e5:3b:1e:38:
66:9b:0a:04:91:cc:07:53:eb:71:6f:c4:f4:36:e5:47:9f:eb:
0c:8f:fa:ec:08:61:84:13:0c:6b:60:4a:95:b2:2f:b4:b6:63:
0b:66:aa:cf:64:0d:0c:7f:60:6a:db:3c:2c:5b:3c:48:39:90:
ac:ad:72:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtrZrFlMiw70/GGJYsNPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWIwMTU4NGFkZGVkODcyNjczYTVhYjZkNjE5ZmVlNmYzOTAzYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfhVsaqcN2gbaZIdiHD2m+Sv/gZ9
HWcURxnITRwPWZEXCLgmQCJaUylx3gHcaca7fC1YHrTLEXZyBsiDmuHoKeNs/GNv
LVMINeBGvmErdIoT7Icx4baO3wlFOC04+xt4ayUAkNjX41c68LMDyco5yFTk+Ice
Xtmli4qXBcipPjHII0IHjHX30l259OFqMjBhzOaNMFWvpM3YBzdmNrOSwJhIxQWF
UVifLzF0jRA2SXW2gU9OHsfEi7eZWMxAG18Y0hCe2MXS13VnYEorcoFCtqcqFr4A
Jh55apqalPx830T8aoVEdSN6m+S8g7scazld/PW+BiIHYPM/C+vlODPjuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHGwFYSt3thyZzpattYZ/ubzkDr2MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvY2JBVmhLM2UySEpuT2xxMjFobi01dk9RT3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWNHwAwQA
stL8MA0GCSqGSIb3DQEBCwUAA4IBAQARS3TmG1cr0BOvYj2NrNliyeLm/l9dS6Lh
1tZxRZX6gDMaV1OKnpD67O0am27xuK/eYirlT1pBuTeEknWTIb+3E86ALgf8onsE
F/9lqJxBQGLMxgq510Nauko9Xihie0e4CVD01rix4LYlKaY89HHoUpEWnMG3NhvT
Vq1zR4/0j2Ye6aOJvIKTCizeSRmHS1K4WRfSmgPRyVfoTSGXxD/M1D5jygwvenrr
lRmBQH6Gk+4YImsGmNMPsUI4GxG77NsWOuU7HjhmmwoEkcwHU+txb8T0NuVHn+sM
j/rsCGGEEwxrYEqVsi+0tmMLZqrPZA0Mf2Bq2zwsWzxIOZCsrXL/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org