Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/dFdTB7-JtW-_YDkd7p-T_j-PjZk.roa
File: dFdTB7-JtW-_YDkd7p-T_j-PjZk.roa (raw, json)
Hash identifier: PZrb+YA+HmruTbXonLZGXn8mwILDsHbEo681dtGiZDU=
Subject key identifier: 74:57:53:07:BF:89:B5:6F:BF:60:39:1D:EE:9F:93:FE:3F:8F:8D:99
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018CC47AE80614FE9FFD01B7B3F333AECC49
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/dFdTB7-JtW-_YDkd7p-T_j-PjZk.roa
Signing time: Mon 01 Jan 2024 10:03:58 +0000
ROA not before: Mon 01 Jan 2024 10:03:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
88.209.229.0/24 maxlen: 24
178.210.231.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.211.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:7a:e8:06:14:fe:9f:fd:01:b7:b3:f3:33:ae:cc:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 1 10:03:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=74575307bf89b56fbf60391dee9f93fe3f8f8d99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:54:ef:6f:e1:2c:7f:32:af:82:87:49:f3:5c:
5b:7f:af:8d:80:c6:4d:89:6a:85:21:de:5e:eb:3d:
75:0a:a3:a3:f8:10:d9:00:fd:4e:1c:2c:32:5e:f3:
9c:b2:65:cd:d9:56:fb:5b:67:d0:ad:1a:51:bc:65:
f2:20:a6:be:57:62:9d:a5:f6:d2:12:fa:18:12:1e:
23:f0:de:1a:1c:b0:6c:5c:2c:f8:43:bd:fb:2a:9a:
74:56:37:5e:72:54:c9:2b:74:04:f1:fa:94:07:1c:
c3:9c:1a:fe:31:5b:f8:c3:6a:84:d7:4e:5a:8d:3f:
f8:b6:fa:f1:04:76:d8:e1:63:2a:2a:71:7e:07:64:
77:e6:c6:c2:da:19:ba:13:ec:ba:ef:67:aa:ad:77:
28:23:43:c9:e9:14:2f:8d:5e:92:bc:99:07:25:ad:
f6:b6:ec:7f:7e:fe:52:d4:0f:63:27:6b:a8:62:28:
8d:c1:fa:bb:30:61:ab:09:9b:ec:37:a6:96:a6:04:
dc:0f:50:e1:68:b0:d8:a7:fc:c8:df:28:19:c4:b2:
27:7d:2f:be:82:26:b8:cc:97:99:29:d6:a4:1d:f6:
65:07:69:ab:f5:b8:09:05:04:3c:ba:95:b9:99:e6:
8d:4d:2c:ac:38:32:b6:99:20:17:b7:a9:87:fa:e5:
e5:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:57:53:07:BF:89:B5:6F:BF:60:39:1D:EE:9F:93:FE:3F:8F:8D:99
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/dFdTB7-JtW-_YDkd7p-T_j-PjZk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.211.0/24
88.209.229.0/24
88.209.232.0/22
178.210.228.0/24
178.210.230.0/23
Signature Algorithm: sha256WithRSAEncryption
60:63:f9:0e:a3:2d:43:d5:3f:f6:b0:0f:bb:2b:24:1f:26:1b:
29:42:89:7b:0a:af:85:48:07:fe:f7:fc:ea:a9:71:66:ca:64:
c9:e3:d6:9e:d0:1d:45:d3:6c:ae:6a:7f:28:88:43:34:8e:53:
8f:aa:0b:f4:17:a7:63:72:16:ae:b5:5c:91:00:a6:e6:a0:67:
66:04:f6:77:88:8d:e4:0f:98:6a:64:15:c2:db:95:0b:d9:90:
0f:2c:c9:4e:46:94:b7:12:99:a6:24:60:60:95:58:81:1c:89:
85:39:0d:04:c9:5b:31:46:b2:64:bc:5a:5b:e3:d0:48:1b:ce:
e9:6e:30:57:b7:99:50:f0:d3:af:5a:f9:fa:10:c1:e8:4c:f8:
9f:7a:8b:e4:bd:14:52:50:50:36:ae:60:ed:91:48:d8:85:78:
ab:de:bf:94:e6:17:11:8b:b4:fe:c9:9f:68:c8:7f:e8:cf:e4:
9c:55:c1:e6:8e:f6:24:9e:1f:89:dd:bc:56:ad:3d:dd:43:05:
61:6b:11:e1:46:88:e8:89:e5:c4:a7:be:3a:d6:2e:53:e5:56:
a1:d7:ae:a5:ef:f2:4a:7a:74:4b:63:c4:8d:d2:03:5b:30:ba:
52:61:3f:b1:c7:e1:2a:4c:05:6b:b9:95:78:6a:c6:f1:67:11:
f6:5b:94:79
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzEeugGFP6f/QG3s/MzrsxJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMTAwMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDU3NTMwN2JmODliNTZmYmY2MDM5MWRlZTlmOTNmZTNmOGY4ZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFTvb+EsfzKvgodJ81xbf6+NgMZN
iWqFId5e6z11CqOj+BDZAP1OHCwyXvOcsmXN2Vb7W2fQrRpRvGXyIKa+V2KdpfbS
EvoYEh4j8N4aHLBsXCz4Q737Kpp0VjdeclTJK3QE8fqUBxzDnBr+MVv4w2qE105a
jT/4tvrxBHbY4WMqKnF+B2R35sbC2hm6E+y672eqrXcoI0PJ6RQvjV6SvJkHJa32
tux/fv5S1A9jJ2uoYiiNwfq7MGGrCZvsN6aWpgTcD1DhaLDYp/zI3ygZxLInfS++
gia4zJeZKdakHfZlB2mr9bgJBQQ8upW5meaNTSysODK2mSAXt6mH+uXlbQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHRXUwe/ibVvv2A5He6fk/4/j42ZMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZEZkVEI3LUp0Vy1fWURrZDdwLVRfai1QalprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBWJc4AwQA
WNHTAwQAWNHlAwQCWNHoAwQAstLkAwQBstLmMA0GCSqGSIb3DQEBCwUAA4IBAQBg
Y/kOoy1D1T/2sA+7KyQfJhspQol7Cq+FSAf+9/zqqXFmymTJ49ae0B1F02yuan8o
iEM0jlOPqgv0F6djchautVyRAKbmoGdmBPZ3iI3kD5hqZBXC25UL2ZAPLMlORpS3
EpmmJGBglViBHImFOQ0EyVsxRrJkvFpb49BIG87pbjBXt5lQ8NOvWvn6EMHoTPif
eovkvRRSUFA2rmDtkUjYhXir3r+U5hcRi7T+yZ9oyH/oz+ScVcHmjvYknh+J3bxW
rT3dQwVhaxHhRojoieXEp7461i5T5Vah166l7/JKenRLY8SN0gNbMLpSYT+xx+Eq
TAVruZV4asbxZxH2W5R5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org