Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gPXPCf6qoGETxUXROAp_L_pQctY.roa
File: gPXPCf6qoGETxUXROAp_L_pQctY.roa (raw, json)
Hash identifier: QYnyEig4bqvTdDS7HAD8xjOJ5eI180J5jZ6dpFaumy4=
Subject key identifier: 80:F5:CF:09:FE:AA:A0:61:13:C5:45:D1:38:0A:7F:2F:FA:50:72:D6
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018AF462D2953EF9D0A3C7E246CAB7E86AD7
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gPXPCf6qoGETxUXROAp_L_pQctY.roa
Signing time: Tue 03 Oct 2023 07:13:51 +0000
ROA not before: Tue 03 Oct 2023 07:13:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
77.242.157.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
88.209.200.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
88.209.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:f4:62:d2:95:3e:f9:d0:a3:c7:e2:46:ca:b7:e8:6a:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 3 07:13:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=80f5cf09feaaa06113c545d1380a7f2ffa5072d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:d0:31:45:a5:12:24:2a:e6:a4:e4:db:8e:da:
5b:5c:04:69:52:aa:53:9d:fe:a9:fa:af:df:0f:6f:
a0:3d:d2:e9:72:1a:5c:f7:a4:93:ef:72:61:95:93:
50:4f:3d:53:ec:5e:8c:c0:12:09:8c:79:1a:0b:e6:
36:c8:58:69:b0:0a:a9:25:3c:83:a4:0d:eb:a4:d3:
e8:dd:38:61:dc:d0:f4:22:f7:7e:01:34:b6:66:5d:
b8:6f:cb:de:50:0f:58:1d:0d:a6:78:91:fe:bd:f0:
f5:51:a6:fc:ce:d4:c4:ec:3b:01:44:70:38:a6:c7:
bc:6e:d4:fc:39:98:48:06:bc:97:38:67:9f:a0:5c:
8e:ca:13:8f:e8:63:86:2e:f4:58:01:7f:ba:7f:bd:
8d:ca:eb:12:00:16:3e:7e:0c:c9:a8:09:9c:08:5b:
a0:19:44:55:dc:12:b9:b1:37:fc:94:b8:54:09:5a:
c0:c9:49:3a:27:2f:86:41:e2:51:9e:9b:71:8f:88:
9b:a7:be:40:02:0e:69:0b:af:38:55:6b:19:80:73:
96:c3:8f:d9:c6:2a:ee:db:c4:0a:64:69:bc:25:dc:
44:1f:8e:74:94:61:76:55:da:f2:08:03:82:b9:71:
6f:fb:1b:fa:27:34:67:ad:73:31:39:c3:b3:cb:ac:
ac:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:F5:CF:09:FE:AA:A0:61:13:C5:45:D1:38:0A:7F:2F:FA:50:72:D6
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gPXPCf6qoGETxUXROAp_L_pQctY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
77.242.157.0/24
88.151.56.0/23
88.151.62.0/24
88.209.200.0/24
88.209.211.0/24
88.209.217.0/24
88.209.220.0/24
88.209.253.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
54:91:d9:c9:7d:b6:41:d3:94:7a:30:df:16:a3:ce:cb:0c:a1:
ba:48:f6:84:fd:ee:68:99:c0:79:3c:0b:a7:6c:60:da:6c:35:
a2:cf:aa:05:92:6a:e9:f7:e9:64:ba:32:7e:ee:d0:af:6c:b1:
73:e1:87:36:dd:cf:74:0c:bb:47:3f:b5:56:68:20:bd:70:87:
8c:30:06:f7:f5:d8:50:d4:0f:18:3a:18:7d:ba:54:d6:96:f1:
e9:29:d3:ec:d7:db:46:72:10:59:97:ff:c1:33:8f:92:b7:dc:
53:2e:6b:85:90:13:3e:f9:3f:22:d0:ce:9b:26:90:91:b0:47:
9a:37:18:37:8b:28:89:54:65:5f:6a:2a:db:bd:23:ee:d3:16:
7d:82:ab:d3:20:e9:f4:49:45:86:0e:ea:a7:87:a2:fa:84:3b:
ba:c6:11:b4:18:1a:a1:00:29:51:54:d9:49:b9:1c:25:67:d8:
d3:12:a5:77:f0:65:b5:31:19:3e:7f:be:dd:1d:11:59:09:99:
2a:04:9c:38:e4:d3:c7:9d:90:b3:cb:83:03:ea:d3:c9:73:7d:
2a:db:70:f0:df:e5:25:eb:55:9b:81:43:f5:2f:94:80:6b:50:
9c:a1:04:7d:dc:36:50:d5:9c:7a:30:32:e5:03:ae:bc:21:cf:
c7:5e:6f:d7
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYr0YtKVPvnQo8fiRsq36GrXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDAzMDcxMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGY1Y2YwOWZlYWFhMDYxMTNjNTQ1ZDEzODBhN2YyZmZhNTA3MmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodAxRaUSJCrmpOTbjtpbXARpUqpT
nf6p+q/fD2+gPdLpchpc96ST73JhlZNQTz1T7F6MwBIJjHkaC+Y2yFhpsAqpJTyD
pA3rpNPo3Thh3ND0Ivd+ATS2Zl24b8veUA9YHQ2meJH+vfD1Uab8ztTE7DsBRHA4
pse8btT8OZhIBryXOGefoFyOyhOP6GOGLvRYAX+6f72NyusSABY+fgzJqAmcCFug
GURV3BK5sTf8lLhUCVrAyUk6Jy+GQeJRnptxj4ibp75AAg5pC684VWsZgHOWw4/Z
xiru28QKZGm8JdxEH450lGF2VdryCAOCuXFv+xv6JzRnrXMxOcOzy6ysPwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFID1zwn+qqBhE8VF0TgKfy/6UHLWMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZ1BYUENmNnFvR0VUeFVYUk9BcF9MX3BRY3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQATfKWAwQA
TfKdAwQBWJc4AwQAWJc+AwQAWNHIAwQAWNHTAwQAWNHZAwQAWNHcAwQAWNH9AwQA
stLkMA0GCSqGSIb3DQEBCwUAA4IBAQBUkdnJfbZB05R6MN8Wo87LDKG6SPaE/e5o
mcB5PAunbGDabDWiz6oFkmrp9+lkujJ+7tCvbLFz4Yc23c90DLtHP7VWaCC9cIeM
MAb39dhQ1A8YOhh9ulTWlvHpKdPs19tGchBZl//BM4+St9xTLmuFkBM++T8i0M6b
JpCRsEeaNxg3iyiJVGVfairbvSPu0xZ9gqvTIOn0SUWGDuqnh6L6hDu6xhG0GBqh
AClRVNlJuRwlZ9jTEqV38GW1MRk+f77dHRFZCZkqBJw45NPHnZCzy4MD6tPJc30q
23Dw3+Ul61WbgUP1L5SAa1CcoQR93DZQ1Zx6MDLlA668Ic/HXm/X
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org