Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/iSCWgrRl29ku28WXDiJNEDl4aas.roa
File: iSCWgrRl29ku28WXDiJNEDl4aas.roa (raw, json)
Hash identifier: U3NEUHHIBOM+mnuX5BJ0Di9n1Xubqfox52YwrfgXGz0=
Subject key identifier: 89:20:96:82:B4:65:DB:D9:2E:DB:C5:97:0E:22:4D:10:39:78:69:AB
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018CFE659AB127EC302F3D9693B8085181B2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/iSCWgrRl29ku28WXDiJNEDl4aas.roa
Signing time: Fri 12 Jan 2024 15:58:40 +0000
ROA not before: Fri 12 Jan 2024 15:58:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211619
IP address blocks: 88.209.228.0/24 maxlen: 24
88.209.239.0/24 maxlen: 24
88.209.236.0/24 maxlen: 24
88.209.236.0/22 maxlen: 22
88.209.237.0/24 maxlen: 24
88.209.238.0/24 maxlen: 24
88.209.246.0/23 maxlen: 24
88.209.254.0/24 maxlen: 24
83.137.156.0/24 maxlen: 24
83.137.157.0/24 maxlen: 24
83.137.158.0/24 maxlen: 24
83.137.153.0/24 maxlen: 24
178.210.232.0/24 maxlen: 24
178.210.229.0/24 maxlen: 24
45.9.168.0/24 maxlen: 24
77.242.152.0/22 maxlen: 24
88.209.206.0/24 maxlen: 24
88.209.219.0/24 maxlen: 24
92.52.217.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
5.182.112.0/24 maxlen: 24
5.182.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:fe:65:9a:b1:27:ec:30:2f:3d:96:93:b8:08:51:81:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 12 15:58:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=89209682b465dbd92edbc5970e224d10397869ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:52:43:c3:02:fa:64:4d:f9:b3:b5:20:b8:33:
e3:a0:ae:29:fa:4e:b4:e9:13:37:94:aa:79:89:bf:
c8:63:52:74:82:01:ce:71:18:89:da:cb:3d:f1:4f:
56:c4:d9:56:e9:3b:85:a8:54:f2:b8:0e:ae:bf:24:
be:3a:d6:58:97:2b:64:63:44:0d:0c:1b:1c:2e:34:
a7:e2:98:7c:e0:4b:b7:e8:3c:99:3c:91:87:04:b0:
d8:7a:b3:a4:2d:dc:8c:b3:50:ac:7f:78:bc:c7:81:
35:ee:8b:fb:8c:42:c7:48:aa:44:34:95:4d:c2:8c:
d7:f6:8f:b1:18:e4:d2:e5:85:39:fd:6f:c4:1c:13:
a6:04:fe:42:87:75:de:20:f0:ba:7c:6c:97:06:76:
4f:fa:ca:61:f9:a5:6c:a4:6f:5b:14:d1:96:18:3a:
51:0f:28:72:09:aa:10:32:5c:f7:15:9a:21:78:42:
e9:57:7e:db:4a:a2:3c:cc:10:9f:07:6b:74:89:b1:
33:0c:63:dd:cc:45:5a:d1:5b:09:e9:f2:a1:94:ba:
48:45:57:9b:e6:7f:01:0d:8e:75:91:32:c4:21:31:
c2:af:bd:c4:35:4d:fb:03:47:4f:0a:82:9b:df:03:
15:a4:47:5e:c1:bd:9a:74:6e:0f:d2:55:02:4d:c9:
ad:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:20:96:82:B4:65:DB:D9:2E:DB:C5:97:0E:22:4D:10:39:78:69:AB
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/iSCWgrRl29ku28WXDiJNEDl4aas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.112.0/24
5.182.115.0/24
45.9.168.0/24
77.242.152.0/22
83.137.153.0/24
83.137.156.0-83.137.158.255
88.209.206.0/24
88.209.219.0/24
88.209.228.0/24
88.209.236.0/22
88.209.246.0/23
88.209.254.0/24
92.52.217.0/24
178.210.229.0/24
178.210.232.0/24
194.41.47.0/24
Signature Algorithm: sha256WithRSAEncryption
50:2d:d0:9e:bf:98:b9:31:3a:9e:6c:5e:3e:37:9e:52:45:2e:
09:ec:63:23:47:f5:d6:2a:04:05:85:39:a2:2e:97:f1:6b:34:
e9:c1:9b:f7:81:8b:b3:6c:dd:e4:f8:4e:2f:a3:c7:4b:d3:a0:
ef:fe:19:ff:b6:b7:3e:0a:4e:78:52:0c:51:34:12:5f:f7:d8:
10:cb:6c:c7:b7:bd:7c:56:60:d0:12:f8:b6:e6:f8:28:82:68:
ba:24:10:f3:01:f0:8f:42:e6:b7:4e:98:55:e4:b4:2f:5e:34:
ab:2b:1e:15:33:dc:83:96:e1:a5:4b:0c:4e:1f:5d:63:52:88:
90:54:05:e1:b8:79:b2:4f:f1:fc:d1:27:f6:54:5b:57:40:c2:
96:8f:99:de:3c:2e:b7:94:ea:18:56:ae:44:12:f6:96:8a:88:
5c:44:82:fa:8b:8d:8a:02:65:5e:bf:e9:ea:b5:cf:ce:b6:ed:
49:89:61:60:d9:db:c4:34:84:9a:3f:76:99:93:b7:50:b8:0c:
15:f2:67:60:7c:0b:45:bf:fe:cc:9d:41:69:ac:54:f0:b5:a4:
88:bb:eb:47:cb:fa:63:0a:39:0e:a4:d8:0d:1b:11:57:54:89:
a3:ec:83:ed:a2:58:10:cf:aa:0a:a5:1b:21:9e:bc:2d:a3:4c:
a6:b9:7e:6d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYz+ZZqxJ+wwLz2Wk7gIUYGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTEyMTU1ODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTIwOTY4MmI0NjVkYmQ5MmVkYmM1OTcwZTIyNGQxMDM5Nzg2OWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFJDwwL6ZE35s7UguDPjoK4p+k60
6RM3lKp5ib/IY1J0ggHOcRiJ2ss98U9WxNlW6TuFqFTyuA6uvyS+OtZYlytkY0QN
DBscLjSn4ph84Eu36DyZPJGHBLDYerOkLdyMs1Csf3i8x4E17ov7jELHSKpENJVN
wozX9o+xGOTS5YU5/W/EHBOmBP5Ch3XeIPC6fGyXBnZP+sph+aVspG9bFNGWGDpR
DyhyCaoQMlz3FZoheELpV37bSqI8zBCfB2t0ibEzDGPdzEVa0VsJ6fKhlLpIRVeb
5n8BDY51kTLEITHCr73ENU37A0dPCoKb3wMVpEdewb2adG4P0lUCTcmt2wIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFIkgloK0ZdvZLtvFlw4iTRA5eGmrMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvaVNDV2dyUmwyOWt1MjhXWERpSk5FRGw0YWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAAW2cAME
AAW2cwMEAC0JqAMEAk3ymAMEAFOJmTAMAwQCU4mcAwQAU4meAwQAWNHOAwQAWNHb
AwQAWNHkAwQCWNHsAwQBWNH2AwQAWNH+AwQAXDTZAwQAstLlAwQAstLoAwQAwikv
MA0GCSqGSIb3DQEBCwUAA4IBAQBQLdCev5i5MTqebF4+N55SRS4J7GMjR/XWKgQF
hTmiLpfxazTpwZv3gYuzbN3k+E4vo8dL06Dv/hn/trc+Ck54UgxRNBJf99gQy2zH
t718VmDQEvi25vgogmi6JBDzAfCPQua3TphV5LQvXjSrKx4VM9yDluGlSwxOH11j
UoiQVAXhuHmyT/H80Sf2VFtXQMKWj5nePC63lOoYVq5EEvaWiohcRIL6i42KAmVe
v+nqtc/Otu1JiWFg2dvENISaP3aZk7dQuAwV8mdgfAtFv/7MnUFprFTwtaSIu+tH
y/pjCjkOpNgNGxFXVImj7IPtolgQz6oKpRshnrwto0ymuX5t
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org