Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/e5IKZ1xaY3TV6AlEXQoSP5M87Ks.roa
File: e5IKZ1xaY3TV6AlEXQoSP5M87Ks.roa (raw, json)
Hash identifier: vugYVJTQ/Ij42SUAIMS6lvCxTKCbVRA3viV8YjZrXfM=
Subject key identifier: 7B:92:0A:67:5C:5A:63:74:D5:E8:09:44:5D:0A:12:3F:93:3C:EC:AB
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0189347F537ECE0FDE890BA949749E9EA10E
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/e5IKZ1xaY3TV6AlEXQoSP5M87Ks.roa
Signing time: Sat 08 Jul 2023 07:55:06 +0000
ROA not before: Sat 08 Jul 2023 07:55:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.230.0/24 maxlen: 24
88.209.255.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.195.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
5.182.113.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:34:7f:53:7e:ce:0f:de:89:0b:a9:49:74:9e:9e:a1:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 8 07:55:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7b920a675c5a6374d5e809445d0a123f933cecab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:85:2b:d8:b5:0b:b7:d6:b6:e6:07:e1:6b:6b:
53:74:9b:1c:8b:a9:ad:c9:9d:2f:6e:2c:35:6e:6a:
82:6a:a8:b0:9f:e4:31:29:1f:40:64:d2:bf:9d:ed:
2e:4a:7b:f0:fc:17:75:37:a2:9f:a7:55:2c:92:4b:
67:97:41:8c:ed:29:fb:0e:5f:f5:e4:9a:94:17:bb:
87:cc:b6:de:88:f4:e2:94:d0:14:a5:05:28:9c:fb:
5c:fc:b9:f1:7b:a6:08:62:e6:60:44:21:ec:9f:eb:
9f:72:62:4e:27:33:47:bc:9a:ca:62:3d:83:51:8b:
4f:7b:88:fd:ea:c6:8a:b0:ee:ba:17:28:01:4e:4d:
24:27:8e:f5:57:41:81:41:33:4d:6b:ff:3e:42:ba:
5a:04:f1:e4:53:1b:97:33:12:f9:a5:07:5a:76:88:
e7:ae:85:f9:53:3c:09:23:12:58:92:6f:23:f3:93:
a9:9b:47:a6:6f:2d:f0:41:a0:59:a1:89:f2:80:a6:
2a:09:bf:23:bc:fd:82:dd:47:2f:54:b1:a7:7b:0d:
51:47:ff:12:5c:3c:80:d0:19:40:b7:69:7a:93:a1:
64:b0:df:b0:3d:2d:59:be:cd:08:a1:cf:5b:8c:69:
5c:e8:e1:9b:0b:3e:c5:2c:fa:99:95:06:52:22:47:
2f:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:92:0A:67:5C:5A:63:74:D5:E8:09:44:5D:0A:12:3F:93:3C:EC:AB
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/e5IKZ1xaY3TV6AlEXQoSP5M87Ks.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.169.0/24
5.182.113.0/24
88.151.56.0-88.151.58.255
88.209.195.0/24
88.209.211.0/24
88.209.221.0/24
88.209.230.0/24
88.209.255.0/24
178.210.230.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:f4:8c:50:68:d9:51:a0:1f:dc:bf:9f:23:08:a8:21:46:85:
65:73:a3:6f:9d:db:34:33:95:2b:a8:6a:af:c2:eb:0c:d0:01:
3a:eb:f1:6a:e6:32:b1:a5:e0:57:ed:c2:7f:c7:13:44:75:8c:
9d:cb:f5:a4:63:80:dd:c6:7d:05:74:82:c9:e0:88:81:3c:27:
e0:63:15:4a:6c:1c:16:5d:f7:83:f6:9e:23:f0:e7:10:0e:73:
3c:22:3a:94:98:c1:99:1b:0f:e9:b2:c4:29:d8:16:49:c4:85:
0d:56:9a:ed:e0:6b:d8:5d:2b:4d:cb:fc:f8:c4:d2:b7:4c:1b:
0b:5e:03:34:23:4f:3b:09:57:70:af:4c:1d:de:a3:f1:22:e8:
38:8e:64:95:8d:6f:88:c2:d1:4c:8b:07:3e:9d:e2:c8:6c:0e:
27:ab:2e:98:8d:b7:08:52:15:a9:32:28:3b:93:36:3c:af:94:
06:40:eb:85:4e:c5:90:34:51:b2:a3:e7:1d:87:54:75:4f:9d:
87:b6:fa:76:1d:07:07:27:ef:2b:b8:67:cb:97:f8:bd:27:19:
48:84:0e:c6:19:cc:fd:dc:67:d9:18:a4:1d:25:eb:c3:99:48:
aa:b1:78:c8:03:42:91:fd:59:2c:2d:5d:1f:de:2c:b1:02:31:
51:cd:5d:f5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYk0f1N+zg/eiQupSXSenqEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzA4MDc1NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjkyMGE2NzVjNWE2Mzc0ZDVlODA5NDQ1ZDBhMTIzZjkzM2NlY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIUr2LULt9a25gfha2tTdJsci6mt
yZ0vbiw1bmqCaqiwn+QxKR9AZNK/ne0uSnvw/Bd1N6Kfp1Uskktnl0GM7Sn7Dl/1
5JqUF7uHzLbeiPTilNAUpQUonPtc/Lnxe6YIYuZgRCHsn+ufcmJOJzNHvJrKYj2D
UYtPe4j96saKsO66FygBTk0kJ471V0GBQTNNa/8+QrpaBPHkUxuXMxL5pQdadojn
roX5UzwJIxJYkm8j85Opm0emby3wQaBZoYnygKYqCb8jvP2C3UcvVLGnew1RR/8S
XDyA0BlAt2l6k6FksN+wPS1Zvs0Ioc9bjGlc6OGbCz7FLPqZlQZSIkcvcQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHuSCmdcWmN01egJRF0KEj+TPOyrMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZTVJS1oxeGFZM1RWNkFsRVhRb1NQNU04N0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqpAwQA
BbZxMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0d0DBABY0eYDBABY0f8D
BACy0uYwDQYJKoZIhvcNAQELBQADggEBAE70jFBo2VGgH9y/nyMIqCFGhWVzo2+d
2zQzlSuoaq/C6wzQATrr8WrmMrGl4Fftwn/HE0R1jJ3L9aRjgN3GfQV0gsngiIE8
J+BjFUpsHBZd94P2niPw5xAOczwiOpSYwZkbD+myxCnYFknEhQ1Wmu3ga9hdK03L
/PjE0rdMGwteAzQjTzsJV3CvTB3eo/Ei6DiOZJWNb4jC0UyLBz6d4shsDierLpiN
twhSFakyKDuTNjyvlAZA64VOxZA0UbKj5x2HVHVPnYe2+nYdBwcn7yu4Z8uX+L0n
GUiEDsYZzP3cZ9kYpB0l68OZSKqxeMgDQpH9WSwtXR/eLLECMVHNXfU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org