Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/faAZuYnnjEyioWywpTxOO1Hgs1k.roa
File: faAZuYnnjEyioWywpTxOO1Hgs1k.roa (raw, json)
Hash identifier: 5aWarujCkFf5qBkFHJIUlpP09gLY/qSDmQsjstuucoM=
Subject key identifier: 7D:A0:19:B9:89:E7:8C:4C:A2:A1:6C:B0:A5:3C:4E:3B:51:E0:B3:59
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018BA47F6C927323B4942647C3AB203CD4CF
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/faAZuYnnjEyioWywpTxOO1Hgs1k.roa
Signing time: Mon 06 Nov 2023 11:58:16 +0000
ROA not before: Mon 06 Nov 2023 11:58:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211619
IP address blocks: 88.209.228.0/24 maxlen: 24
88.209.239.0/24 maxlen: 24
88.209.236.0/24 maxlen: 24
88.209.236.0/22 maxlen: 22
88.209.237.0/24 maxlen: 24
88.209.238.0/24 maxlen: 24
88.209.246.0/23 maxlen: 23
88.209.254.0/24 maxlen: 24
83.137.157.0/24 maxlen: 24
83.137.153.0/24 maxlen: 24
178.210.232.0/24 maxlen: 24
178.210.229.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.235.0/24 maxlen: 24
45.9.168.0/24 maxlen: 24
77.242.152.0/22 maxlen: 24
88.209.219.0/24 maxlen: 24
92.52.217.0/24 maxlen: 24
92.52.218.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
5.182.112.0/24 maxlen: 24
5.182.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:a4:7f:6c:92:73:23:b4:94:26:47:c3:ab:20:3c:d4:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Nov 6 11:58:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7da019b989e78c4ca2a16cb0a53c4e3b51e0b359
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:e8:04:ef:c5:95:10:28:67:1c:d4:c6:01:b1:
14:57:83:4a:d2:31:ac:b3:46:31:89:d9:63:b3:4f:
db:dd:8b:33:49:8d:6c:58:cf:3c:6c:1e:6a:2c:ae:
3e:e9:c7:e2:b0:36:93:cb:da:da:6c:fe:0d:0e:af:
b3:d1:fb:e0:18:44:57:3e:83:de:b0:6c:fb:24:01:
96:b3:bf:9d:37:cb:c8:26:40:77:71:ce:55:5a:60:
ac:87:43:6c:e0:03:35:93:a3:38:7b:95:63:64:23:
4c:a3:58:b2:0b:87:3a:ca:0f:5a:22:2f:fa:11:5c:
ac:00:70:27:cd:b6:c0:75:e0:aa:51:a1:d2:d9:79:
3d:b5:19:7e:f8:54:e8:c7:f8:0a:9d:cb:5d:9f:7f:
d2:a7:6b:fe:04:0a:44:86:51:fc:0d:54:26:bd:f8:
07:32:dc:80:6d:2e:6f:3d:19:45:c9:89:99:a7:9e:
e6:f6:6c:7a:99:d4:5c:b4:95:8e:07:16:ce:f3:63:
ae:e2:64:ba:96:d8:71:02:57:67:e7:2d:6f:2e:f1:
02:9b:92:e9:f3:bc:a2:2c:d2:12:7b:5a:2c:34:b8:
a5:4d:e8:e9:04:4a:c5:f2:a6:45:7c:6e:81:c6:f0:
66:e0:fe:9e:b3:70:64:f3:bd:79:0e:d3:73:4f:da:
c4:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:A0:19:B9:89:E7:8C:4C:A2:A1:6C:B0:A5:3C:4E:3B:51:E0:B3:59
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/faAZuYnnjEyioWywpTxOO1Hgs1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.112.0/24
5.182.115.0/24
45.9.168.0/24
77.242.152.0/22
83.137.153.0/24
83.137.157.0/24
88.209.219.0/24
88.209.228.0/24
88.209.236.0/22
88.209.246.0/23
88.209.254.0/24
92.52.217.0-92.52.218.255
178.210.229.0/24
178.210.232.0/24
178.210.235.0/24
178.210.237.0/24
194.41.47.0/24
Signature Algorithm: sha256WithRSAEncryption
ae:00:55:0b:50:bf:75:0f:0f:61:88:62:35:2d:7a:a5:19:37:
8d:7c:c3:ad:87:d0:6b:7b:ce:7a:f3:c1:18:0e:67:4f:62:0b:
a9:95:c1:47:77:56:3c:50:80:37:b7:50:19:39:68:e6:5d:cb:
8f:f4:3d:86:bc:db:dd:d5:68:4f:62:eb:b2:6a:eb:f8:6a:ce:
a7:ae:21:6a:a6:6a:5b:a7:0a:05:84:1a:84:58:f2:91:7d:1c:
62:7f:db:46:5d:b4:88:b8:1c:f4:b0:21:d9:4b:90:7f:d1:c4:
e1:60:f4:11:f8:da:d2:64:c4:a7:4d:fd:0e:4d:b3:94:79:0c:
d1:9d:9a:b1:34:15:b8:2c:77:40:9b:7e:c0:5a:89:4c:38:30:
60:63:df:00:89:10:02:c2:f1:c2:df:cc:53:a0:b4:46:c0:33:
ac:74:13:1f:a6:29:68:0b:e9:63:0c:3b:1e:7a:cc:e0:6c:c2:
76:62:6e:d6:1d:13:8a:08:6d:a9:fb:dd:6b:c6:e9:f4:4e:70:
d1:be:e4:e0:0c:ad:47:b2:26:67:f0:e0:e9:8d:f7:e1:e9:d6:
3f:5a:75:11:99:b1:01:9b:12:fd:2d:07:21:43:55:ae:4a:82:
29:a2:bf:e4:b2:1f:e9:22:18:2d:bf:09:15:d9:3c:36:3e:b7:
87:4b:ca:07
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYukf2yScyO0lCZHw6sgPNTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMTA2MTE1ODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGEwMTliOTg5ZTc4YzRjYTJhMTZjYjBhNTNjNGUzYjUxZTBiMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsugE78WVEChnHNTGAbEUV4NK0jGs
s0Yxidljs0/b3YszSY1sWM88bB5qLK4+6cfisDaTy9rabP4NDq+z0fvgGERXPoPe
sGz7JAGWs7+dN8vIJkB3cc5VWmCsh0Ns4AM1k6M4e5VjZCNMo1iyC4c6yg9aIi/6
EVysAHAnzbbAdeCqUaHS2Xk9tRl++FTox/gKnctdn3/Sp2v+BApEhlH8DVQmvfgH
MtyAbS5vPRlFyYmZp57m9mx6mdRctJWOBxbO82Ou4mS6lthxAldn5y1vLvECm5Lp
87yiLNISe1osNLilTejpBErF8qZFfG6BxvBm4P6es3Bk8715DtNzT9rEFQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFH2gGbmJ54xMoqFssKU8TjtR4LNZMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZmFBWnVZbm5qRXlpb1d5d3BUeE9PMUhnczFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAAW2cAME
AAW2cwMEAC0JqAMEAk3ymAMEAFOJmQMEAFOJnQMEAFjR2wMEAFjR5AMEAljR7AME
AVjR9gMEAFjR/jAMAwQAXDTZAwQAXDTaAwQAstLlAwQAstLoAwQAstLrAwQAstLt
AwQAwikvMA0GCSqGSIb3DQEBCwUAA4IBAQCuAFULUL91Dw9hiGI1LXqlGTeNfMOt
h9Bre85688EYDmdPYguplcFHd1Y8UIA3t1AZOWjmXcuP9D2GvNvd1WhPYuuyauv4
as6nriFqpmpbpwoFhBqEWPKRfRxif9tGXbSIuBz0sCHZS5B/0cThYPQR+NrSZMSn
Tf0OTbOUeQzRnZqxNBW4LHdAm37AWolMODBgY98AiRACwvHC38xToLRGwDOsdBMf
piloC+ljDDseeszgbMJ2Ym7WHROKCG2p+91rxun0TnDRvuTgDK1HsiZn8ODpjffh
6dY/WnURmbEBmxL9LQchQ1WuSoIpor/ksh/pIhgtvwkV2Tw2PreHS8oH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org