Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/e15vLmt8umzTyHXQBx3Ru4tXkBk.roa
File: e15vLmt8umzTyHXQBx3Ru4tXkBk.roa (raw, json)
Hash identifier: jLBlN2Y4RdVYB9sy9mehBdCH/+fkkI+zuWKVxxa+v2g=
Subject key identifier: 7B:5E:6F:2E:6B:7C:BA:6C:D3:C8:75:D0:07:1D:D1:BB:8B:57:90:19
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018DEB3531786859A8B13815FE34EBF59758
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/e15vLmt8umzTyHXQBx3Ru4tXkBk.roa
Signing time: Tue 27 Feb 2024 15:35:48 +0000
ROA not before: Tue 27 Feb 2024 15:35:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 88.151.56.0/23 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
178.210.252.0/24 maxlen: 24
178.210.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:eb:35:31:78:68:59:a8:b1:38:15:fe:34:eb:f5:97:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Feb 27 15:35:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7b5e6f2e6b7cba6cd3c875d0071dd1bb8b579019
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:f5:2a:d9:94:6a:71:b7:84:20:b2:d9:67:dc:
a0:ff:4f:10:6b:60:d1:df:70:ab:fd:59:0d:d3:ad:
55:a3:c1:57:43:73:2d:77:97:12:dd:35:24:c1:3a:
7a:82:c3:b3:e9:eb:e7:a2:4f:41:9d:9f:1c:40:c3:
64:e9:b5:8f:4a:d5:b6:42:40:e3:cf:33:2b:22:22:
6b:96:a8:be:a7:cd:be:12:83:1e:3d:06:bf:e5:7f:
10:15:6b:cf:50:c3:1e:be:84:53:03:e2:c7:a1:92:
ac:92:91:03:75:98:01:18:99:9b:12:a1:3e:ba:18:
12:1e:17:b8:4e:bc:6b:4e:68:0a:a5:d7:aa:95:4e:
35:0e:fe:3f:6c:71:10:77:23:21:89:cb:2a:e6:c8:
76:60:18:ca:a4:43:60:49:d7:9f:e7:29:3f:fc:ac:
9d:d6:55:d5:b1:c2:cc:3e:e6:ce:76:b2:43:3a:8f:
0c:f3:7f:c4:1d:9b:e6:fe:38:4f:ea:be:14:61:8e:
7d:66:59:f3:77:79:72:af:ca:95:f3:f2:fa:38:fb:
11:db:f9:03:d7:a9:ba:ab:dd:e0:75:a0:70:1a:22:
c9:08:79:c0:98:46:f7:0f:8b:82:10:62:80:30:e1:
50:55:5b:a7:9d:55:4e:09:ad:cc:c4:e7:8b:a9:4f:
06:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:5E:6F:2E:6B:7C:BA:6C:D3:C8:75:D0:07:1D:D1:BB:8B:57:90:19
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/e15vLmt8umzTyHXQBx3Ru4tXkBk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.211.0/24
88.209.232.0/22
178.210.252.0/23
Signature Algorithm: sha256WithRSAEncryption
55:ab:66:60:57:bf:bf:21:f8:28:79:f6:49:c7:9c:b1:66:fa:
bf:87:56:f8:70:ad:cd:1a:80:67:5a:43:89:c6:c7:24:b7:95:
36:22:1a:a3:97:f5:28:53:74:71:b4:9f:57:eb:2a:f1:c7:bd:
c3:a3:06:95:ba:d1:a5:83:e5:1f:ec:e8:99:d0:de:e9:ec:0f:
61:cd:9c:f0:a2:47:86:e1:f6:a9:c8:66:ac:a6:45:cc:d6:52:
74:cb:a3:f2:28:e9:76:f0:13:54:2b:6d:d6:1d:f8:cb:9f:fc:
68:ba:ce:28:40:f1:91:90:d6:85:6c:17:db:7d:2a:d1:b7:67:
f9:5e:0d:78:52:f8:73:da:49:40:93:04:52:71:99:b5:ec:d8:
28:f7:10:ac:8b:41:a5:82:01:31:07:a6:bc:fe:b9:d3:19:82:
3b:5f:51:2f:aa:4e:3e:d9:b8:7e:22:e6:fb:7f:f1:86:a6:98:
0a:d9:24:a6:25:81:ff:7d:54:a8:f8:b6:61:62:38:59:dd:b0:
ac:fd:00:eb:10:da:b6:51:81:c7:ce:1a:59:cc:f6:59:83:fd:
f2:61:38:e0:97:19:85:23:ac:fa:c3:d8:b4:ee:16:85:72:eb:
04:5a:f2:13:1a:1c:cf:52:00:7f:fb:ab:29:42:9f:f3:ea:9b:
93:bf:d2:4f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY3rNTF4aFmosTgV/jTr9ZdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMjI3MTUzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjVlNmYyZTZiN2NiYTZjZDNjODc1ZDAwNzFkZDFiYjhiNTc5MDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvUq2ZRqcbeEILLZZ9yg/08Qa2DR
33Cr/VkN061Vo8FXQ3Mtd5cS3TUkwTp6gsOz6evnok9BnZ8cQMNk6bWPStW2QkDj
zzMrIiJrlqi+p82+EoMePQa/5X8QFWvPUMMevoRTA+LHoZKskpEDdZgBGJmbEqE+
uhgSHhe4TrxrTmgKpdeqlU41Dv4/bHEQdyMhicsq5sh2YBjKpENgSdef5yk//Kyd
1lXVscLMPubOdrJDOo8M83/EHZvm/jhP6r4UYY59Zlnzd3lyr8qV8/L6OPsR2/kD
16m6q93gdaBwGiLJCHnAmEb3D4uCEGKAMOFQVVunnVVOCa3MxOeLqU8GkQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHteby5rfLps08h10Acd0buLV5AZMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZTE1dkxtdDh1bXpUeUhYUUJ4M1J1NHRYa0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBWJc4AwQA
WNHTAwQCWNHoAwQBstL8MA0GCSqGSIb3DQEBCwUAA4IBAQBVq2ZgV7+/IfgoefZJ
x5yxZvq/h1b4cK3NGoBnWkOJxsckt5U2Ihqjl/UoU3RxtJ9X6yrxx73DowaVutGl
g+Uf7OiZ0N7p7A9hzZzwokeG4fapyGaspkXM1lJ0y6PyKOl28BNUK23WHfjLn/xo
us4oQPGRkNaFbBfbfSrRt2f5Xg14Uvhz2klAkwRScZm17Ngo9xCsi0GlggExB6a8
/rnTGYI7X1Evqk4+2bh+Iub7f/GGppgK2SSmJYH/fVSo+LZhYjhZ3bCs/QDrENq2
UYHHzhpZzPZZg/3yYTjglxmFI6z6w9i07haFcusEWvITGhzPUgB/+6spQp/z6puT
v9JP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org