Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/es4d_D7A6L1QuWid2ujM0i0cDuc.roa
File: es4d_D7A6L1QuWid2ujM0i0cDuc.roa (raw, json)
Hash identifier: c3cgBDaxYdPSG6wJEtCsLqmQBHkkyAlElwigfgfNGHc=
Subject key identifier: 7A:CE:1D:FC:3E:C0:E8:BD:50:B9:68:9D:DA:E8:CC:D2:2D:1C:0E:E7
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018C8B6D7F974BDCFBA6A4701CF1AD70407D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/es4d_D7A6L1QuWid2ujM0i0cDuc.roa
Signing time: Thu 21 Dec 2023 08:10:58 +0000
ROA not before: Thu 21 Dec 2023 08:10:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5650
IP address blocks: 88.209.240.0/22 maxlen: 22
178.210.252.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8b:6d:7f:97:4b:dc:fb:a6:a4:70:1c:f1:ad:70:40:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Dec 21 08:10:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7ace1dfc3ec0e8bd50b9689ddae8ccd22d1c0ee7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:9f:f6:97:15:4e:8c:26:02:c8:d9:b3:a7:41:
de:26:c6:24:18:13:49:88:40:76:9c:1e:40:d9:1e:
7b:44:10:9c:b3:1d:25:52:03:d4:bf:5a:85:d0:f6:
5e:02:e3:56:fe:17:e6:6a:7d:f7:83:5d:63:49:64:
98:4b:61:4a:f0:37:42:e8:83:a2:7f:af:4b:04:98:
c5:93:9a:46:09:01:8e:40:e4:6d:d2:fc:84:2f:8b:
51:97:c2:34:c5:71:25:00:f4:7b:4b:1f:7d:53:4b:
df:d7:d3:af:aa:4a:75:48:68:a5:af:25:63:7c:f7:
f0:3f:a1:5b:e4:e1:6d:9c:fa:fc:24:c3:a6:01:01:
b5:38:fb:4c:62:ac:63:94:ae:5b:d9:8d:72:25:fe:
fc:e4:bd:8c:89:b1:52:e7:df:ae:d5:7f:2f:8d:f2:
51:97:ec:64:aa:d8:a4:71:4a:71:32:9b:7c:08:44:
0f:cb:cb:49:15:e3:07:29:cf:7b:a3:de:e1:af:98:
5a:8a:13:46:8f:cb:93:27:e3:d0:91:5c:85:f3:74:
7d:5b:c6:9d:9c:c3:62:91:54:bf:89:81:7e:75:3a:
51:fa:e3:df:32:64:f4:29:e4:38:f8:63:ae:57:ef:
38:90:3f:5f:84:d4:81:1c:b1:57:13:a3:48:f6:10:
3a:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:CE:1D:FC:3E:C0:E8:BD:50:B9:68:9D:DA:E8:CC:D2:2D:1C:0E:E7
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/es4d_D7A6L1QuWid2ujM0i0cDuc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.240.0/22
178.210.252.0/24
Signature Algorithm: sha256WithRSAEncryption
14:ec:c9:c6:2b:99:0c:ca:de:54:cb:70:fc:41:b4:b9:84:1e:
f8:5b:d9:7b:6d:8a:64:88:0c:27:f1:cb:03:c9:61:59:1a:0b:
86:8e:c8:6d:7f:a7:21:ca:5b:96:c4:bb:a3:91:bf:89:3d:12:
c6:d3:e1:55:c6:29:65:4b:42:6d:0c:bf:fd:e9:e3:7d:53:7e:
96:20:7e:11:e8:51:97:ba:04:df:49:cf:a8:c5:d3:6e:59:9d:
ce:6f:02:67:50:72:40:f9:af:dc:97:45:bc:0f:a1:a4:55:8f:
91:4d:59:60:ca:1e:2a:95:7c:9e:64:96:92:de:f0:25:6b:64:
6b:fe:01:a6:1c:95:0d:cc:46:f2:c1:48:ff:f4:dd:b5:d3:ec:
ac:a3:34:45:ec:33:76:96:91:6f:c5:8c:3f:76:c3:12:e2:94:
2c:5f:9b:35:25:cf:97:7e:15:44:7d:7f:a6:33:a9:4d:29:19:
c8:11:0a:69:0e:03:81:3c:05:b1:f5:92:76:a6:2d:a9:27:b0:
76:7a:c7:a4:8c:b6:af:6f:aa:ed:07:fc:9c:34:89:e1:57:81:
95:7b:59:a0:63:b2:75:37:96:d6:e9:91:98:0b:3c:c9:2b:81:
df:1a:86:a1:ce:fe:81:c0:ae:d8:0b:dd:b0:cb:af:fe:91:9a:
c4:e0:14:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyLbX+XS9z7pqRwHPGtcEB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMjIxMDgxMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWNlMWRmYzNlYzBlOGJkNTBiOTY4OWRkYWU4Y2NkMjJkMWMwZWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgp/2lxVOjCYCyNmzp0HeJsYkGBNJ
iEB2nB5A2R57RBCcsx0lUgPUv1qF0PZeAuNW/hfman33g11jSWSYS2FK8DdC6IOi
f69LBJjFk5pGCQGOQORt0vyEL4tRl8I0xXElAPR7Sx99U0vf19Ovqkp1SGilryVj
fPfwP6Fb5OFtnPr8JMOmAQG1OPtMYqxjlK5b2Y1yJf785L2MibFS59+u1X8vjfJR
l+xkqtikcUpxMpt8CEQPy8tJFeMHKc97o97hr5haihNGj8uTJ+PQkVyF83R9W8ad
nMNikVS/iYF+dTpR+uPfMmT0KeQ4+GOuV+84kD9fhNSBHLFXE6NI9hA6FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHrOHfw+wOi9ULlondrozNItHA7nMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZXM0ZF9EN0E2TDFRdVdpZDJ1ak0waTBjRHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWNHwAwQA
stL8MA0GCSqGSIb3DQEBCwUAA4IBAQAU7MnGK5kMyt5Uy3D8QbS5hB74W9l7bYpk
iAwn8csDyWFZGguGjshtf6chyluWxLujkb+JPRLG0+FVxillS0JtDL/96eN9U36W
IH4R6FGXugTfSc+oxdNuWZ3ObwJnUHJA+a/cl0W8D6GkVY+RTVlgyh4qlXyeZJaS
3vAla2Rr/gGmHJUNzEbywUj/9N210+ysozRF7DN2lpFvxYw/dsMS4pQsX5s1Jc+X
fhVEfX+mM6lNKRnIEQppDgOBPAWx9ZJ2pi2pJ7B2esekjLavb6rtB/ycNInhV4GV
e1mgY7J1N5bW6ZGYCzzJK4HfGoahzv6BwK7YC92wy6/+kZrE4BTl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org