Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/fALuoeJRwUYlnAF0jqfYYEOiMMw.roa
File: fALuoeJRwUYlnAF0jqfYYEOiMMw.roa (raw, json)
Hash identifier: TLu5aX7b1T/dGmUdnxPLiKQ4xUyGK/7kCiQu+xvQVYI=
Subject key identifier: 7C:02:EE:A1:E2:51:C1:46:25:9C:01:74:8E:A7:D8:60:43:A2:30:CC
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018DFA8AFB70C5145FE517BE7C1CF0F74EE6
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/fALuoeJRwUYlnAF0jqfYYEOiMMw.roa
Signing time: Fri 01 Mar 2024 15:03:48 +0000
ROA not before: Fri 01 Mar 2024 15:03:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42864
IP address blocks: 5.182.115.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.171.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.11.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
77.242.144.0/22 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.151.0/24 maxlen: 24
77.242.152.0/22 maxlen: 24
83.137.153.0/24 maxlen: 24
83.137.158.0/24 maxlen: 24
88.209.193.0/24 maxlen: 24
88.209.196.0/24 maxlen: 24
88.209.208.0/24 maxlen: 24
88.209.210.0/24 maxlen: 24
88.209.212.0/24 maxlen: 24
88.209.213.0/24 maxlen: 24
88.209.214.0/24 maxlen: 24
88.209.215.0/24 maxlen: 24
88.209.219.0/24 maxlen: 24
88.209.238.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
92.52.209.0/24 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.212.0/22 maxlen: 24
178.210.224.0/24 maxlen: 24
178.210.225.0/24 maxlen: 24
178.210.226.0/23 maxlen: 23
178.210.228.0/22 maxlen: 24
178.210.232.0/22 maxlen: 22
178.210.236.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.238.0/23 maxlen: 23
178.210.240.0/22 maxlen: 22
178.210.244.0/22 maxlen: 22
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/22 maxlen: 22
178.248.200.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
2a00:1f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:fa:8a:fb:70:c5:14:5f:e5:17:be:7c:1c:f0:f7:4e:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Mar 1 15:03:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7c02eea1e251c146259c01748ea7d86043a230cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:ac:98:15:c6:1a:e4:50:f4:74:3a:f0:eb:41:
29:64:56:37:54:5c:07:45:38:79:9a:92:64:5d:2a:
1c:df:e3:d5:5c:a3:62:4e:54:99:0f:0a:aa:8f:82:
06:01:52:68:69:ae:75:b1:61:3a:7a:e4:0c:3a:19:
80:68:ce:cd:86:04:ee:58:e0:26:fa:4d:44:cb:53:
d2:83:b2:18:73:da:0b:91:57:86:65:7f:fa:71:91:
0d:a0:8b:ff:14:d6:7d:96:f3:98:c7:b9:b2:7d:3b:
00:d7:55:72:7e:0f:f8:28:ad:c7:04:bb:48:1e:31:
56:d4:9e:bf:a8:95:19:a5:63:6c:f1:95:99:99:56:
0b:e3:b0:d0:4a:13:14:bf:7f:81:e3:f7:d8:b6:09:
ed:a6:a7:54:17:ba:24:6a:07:6f:81:3e:ea:bd:fc:
48:02:dd:05:72:9e:08:14:99:97:a1:6d:43:99:a2:
29:f4:58:f9:c9:f1:81:a0:53:a4:bb:a4:02:5f:da:
13:13:22:f2:89:c0:d9:6e:72:5f:34:53:da:12:d0:
a9:59:4d:8b:54:93:38:93:97:a6:57:fe:42:0f:34:
e1:35:cc:ab:0d:cf:7f:6e:c4:56:10:dd:7e:8b:70:
15:14:03:c7:b6:00:e1:3f:7f:0a:78:df:ed:fe:0b:
ca:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:02:EE:A1:E2:51:C1:46:25:9C:01:74:8E:A7:D8:60:43:A2:30:CC
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/fALuoeJRwUYlnAF0jqfYYEOiMMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.115.0/24
45.9.169.0-45.9.171.255
45.14.10.0/23
45.88.93.0/24
77.242.144.0-77.242.148.255
77.242.151.0-77.242.155.255
83.137.153.0/24
83.137.158.0/24
88.209.193.0/24
88.209.196.0/24
88.209.208.0/24
88.209.210.0/24
88.209.212.0/22
88.209.219.0/24
88.209.238.0/24
92.52.208.0/21
178.210.224.0/19
178.248.200.0/21
193.138.125.0/24
IPv6:
2a00:1f40::/29
Signature Algorithm: sha256WithRSAEncryption
7f:cf:56:75:04:a6:51:63:83:70:de:cf:5a:ff:ec:22:2a:96:
9b:77:6f:6e:57:3d:e1:a6:b4:e7:f2:2a:c6:ad:48:22:c5:96:
26:b9:b4:e8:e7:22:f5:5c:57:31:a0:69:90:d7:5f:11:28:f2:
49:b9:c8:39:0e:e2:dc:aa:cb:bc:44:34:84:9a:0c:67:76:36:
a7:92:33:ab:86:b0:27:7d:07:9a:0d:76:75:54:77:a7:11:ef:
7c:2e:d2:e2:50:24:8f:61:59:62:ae:06:65:6d:82:a0:ae:c1:
a9:e6:cb:81:a2:b2:fb:bb:e2:9f:df:79:4d:48:a2:64:ae:5c:
4e:63:56:c2:cf:db:e6:92:ec:43:e9:1f:29:37:0a:03:b4:f0:
83:91:09:92:ca:77:f1:1e:cf:53:da:eb:f8:a9:3e:6c:aa:42:
a6:a6:27:b1:19:71:1d:c7:ec:39:ba:10:5c:ee:f2:e9:45:99:
f8:8f:0f:cf:d8:68:18:e4:fe:b9:aa:f8:c2:85:7f:ea:3b:2a:
ef:83:27:0c:9a:3d:f6:2e:5b:9c:d8:d4:51:ce:33:37:d8:24:
16:76:e4:6b:cf:64:2c:e7:4c:a4:f9:50:1e:59:3f:8b:a3:34:
09:69:b0:41:c3:ae:af:a9:96:90:83:4b:cb:78:ab:b1:eb:e3:
bd:cc:b0:12
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAY36ivtwxRRf5Re+fBzw907mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMzAxMTUwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzAyZWVhMWUyNTFjMTQ2MjU5YzAxNzQ4ZWE3ZDg2MDQzYTIzMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqyYFcYa5FD0dDrw60EpZFY3VFwH
RTh5mpJkXSoc3+PVXKNiTlSZDwqqj4IGAVJoaa51sWE6euQMOhmAaM7NhgTuWOAm
+k1Ey1PSg7IYc9oLkVeGZX/6cZENoIv/FNZ9lvOYx7myfTsA11Vyfg/4KK3HBLtI
HjFW1J6/qJUZpWNs8ZWZmVYL47DQShMUv3+B4/fYtgntpqdUF7okagdvgT7qvfxI
At0Fcp4IFJmXoW1DmaIp9Fj5yfGBoFOku6QCX9oTEyLyicDZbnJfNFPaEtCpWU2L
VJM4k5emV/5CDzThNcyrDc9/bsRWEN1+i3AVFAPHtgDhP38KeN/t/gvKhwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFHwC7qHiUcFGJZwBdI6n2GBDojDMMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZkFMdW9lSlJ3VVlsbkFGMGpxZllZRU9pTU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG2BggrBgEFBQcBBwEB/wSBpjCBozCBkQQCAAEwgYoDBAAF
tnMwDAMEAC0JqQMEAi0JqAMEAS0OCgMEAC1YXTAMAwQETfKQAwQATfKUMAwDBABN
8pcDBAJN8pgDBABTiZkDBABTiZ4DBABY0cEDBABY0cQDBABY0dADBABY0dIDBAJY
0dQDBABY0dsDBABY0e4DBANcNNADBAWy0uADBAOy+MgDBADBin0wDQQCAAIwBwMF
AyoAH0AwDQYJKoZIhvcNAQELBQADggEBAH/PVnUEplFjg3Dez1r/7CIqlpt3b25X
PeGmtOfyKsatSCLFlia5tOjnIvVcVzGgaZDXXxEo8km5yDkO4tyqy7xENISaDGd2
NqeSM6uGsCd9B5oNdnVUd6cR73wu0uJQJI9hWWKuBmVtgqCuwanmy4Gisvu74p/f
eU1IomSuXE5jVsLP2+aS7EPpHyk3CgO08IORCZLKd/Eez1Pa6/ipPmyqQqamJ7EZ
cR3H7Dm6EFzu8ulFmfiPD8/YaBjk/rmq+MKFf+o7Ku+DJwyaPfYuW5zY1FHOMzfY
JBZ25GvPZCznTKT5UB5ZP4ujNAlpsEHDrq+plpCDS8t4q7Hr473MsBI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org