Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ieiQbgYXvIVAQ1eoL23CM4cfPCs.roa
File: ieiQbgYXvIVAQ1eoL23CM4cfPCs.roa (raw, json)
Hash identifier: BxhknmdWk2SjfQPoCcaXvgsZTdIbmIX79QedrN/W6bU=
Subject key identifier: 89:E8:90:6E:06:17:BC:85:40:43:57:A8:2F:6D:C2:33:87:1F:3C:2B
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018CACFD21D562A6CC5E81B53FB2FCE4BD09
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ieiQbgYXvIVAQ1eoL23CM4cfPCs.roa
Signing time: Wed 27 Dec 2023 20:35:19 +0000
ROA not before: Wed 27 Dec 2023 20:35:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
178.210.228.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.211.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ac:fd:21:d5:62:a6:cc:5e:81:b5:3f:b2:fc:e4:bd:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Dec 27 20:35:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=89e8906e0617bc85404357a82f6dc233871f3c2b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:02:16:1f:42:64:01:67:d8:4d:d7:5e:ca:b3:
15:04:41:51:55:9b:2b:0c:47:a9:79:1d:9d:ad:fc:
90:67:d9:59:58:b5:86:e0:c2:97:7f:53:bc:ea:4e:
d9:e7:4e:a7:fe:02:3b:c5:cd:70:f7:76:90:14:29:
22:f5:df:c8:c9:28:fa:1f:87:ea:e1:5f:f1:6f:d6:
a6:83:04:3c:01:2c:22:71:04:63:a2:0e:cc:b4:11:
d7:ce:04:93:d7:ff:87:e7:6e:ca:9e:c5:86:c3:f4:
5d:e7:f8:f6:1d:5d:82:d6:c5:a9:cf:80:61:bb:58:
0d:b7:7a:3c:52:6a:65:78:06:1e:1d:3c:64:71:b0:
07:fa:56:f9:c1:a7:b1:c3:36:00:68:1d:61:a3:e4:
9e:eb:29:f6:20:0d:ea:39:72:8f:91:0d:df:0e:55:
c9:78:25:0b:7e:06:e9:e2:80:92:a7:ec:56:7f:a3:
a8:14:e6:99:c4:e0:ab:84:ca:23:17:79:27:82:41:
29:ee:41:f5:aa:8c:58:9d:32:db:44:3f:78:e6:2a:
2b:7a:2d:61:9b:de:a8:52:38:56:d1:c1:5b:1b:9b:
08:e0:31:49:a9:1b:98:78:4a:ee:29:a1:a1:d6:a7:
09:84:8d:8c:5e:2b:09:42:35:38:be:04:b9:b3:3d:
1d:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:E8:90:6E:06:17:BC:85:40:43:57:A8:2F:6D:C2:33:87:1F:3C:2B
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ieiQbgYXvIVAQ1eoL23CM4cfPCs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.211.0/24
88.209.232.0/22
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
66:9a:58:17:94:ce:33:2a:26:0b:61:03:5f:ba:71:e7:c9:f9:
a7:75:3c:41:f5:db:11:f4:69:aa:c3:44:42:33:02:d1:d9:7f:
31:91:71:1a:a4:0f:3a:f1:a6:06:f8:a4:b1:c2:6a:8c:2c:6a:
04:e9:23:a9:c0:a1:e7:2a:df:87:f7:df:4a:7c:ff:90:02:ca:
42:6c:87:93:b8:69:ee:bc:bd:df:7f:1e:be:50:eb:a0:36:c8:
9e:c3:bd:74:81:21:71:dd:28:e9:0d:db:20:a8:c7:7f:79:af:
af:c1:22:d9:f0:53:b5:0d:13:16:3d:36:4a:7d:c7:8d:d6:f0:
27:72:31:17:65:87:85:9c:a1:9c:78:94:2d:80:ca:5c:d1:aa:
31:7a:43:19:5f:7b:59:fe:e3:3f:96:09:90:dd:d0:ce:89:70:
aa:90:99:eb:2d:89:6f:80:2d:fd:34:48:16:69:a2:30:cd:13:
0b:30:68:0e:1e:f4:0a:7c:7e:c9:73:39:e7:7d:15:59:e7:8e:
67:be:f4:22:a0:e3:a2:fa:30:64:c3:dc:60:8c:5f:7f:5b:b6:
ea:49:74:0f:88:37:30:a4:17:4d:49:d2:c3:de:13:44:66:8f:
03:bd:e3:fd:13:3f:25:e9:7b:64:b9:86:f3:61:97:f2:89:88:
f8:ce:54:e3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYys/SHVYqbMXoG1P7L85L0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMjI3MjAzNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWU4OTA2ZTA2MTdiYzg1NDA0MzU3YTgyZjZkYzIzMzg3MWYzYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgIWH0JkAWfYTddeyrMVBEFRVZsr
DEepeR2drfyQZ9lZWLWG4MKXf1O86k7Z506n/gI7xc1w93aQFCki9d/IySj6H4fq
4V/xb9amgwQ8ASwicQRjog7MtBHXzgST1/+H527KnsWGw/Rd5/j2HV2C1sWpz4Bh
u1gNt3o8UmpleAYeHTxkcbAH+lb5waexwzYAaB1ho+Se6yn2IA3qOXKPkQ3fDlXJ
eCULfgbp4oCSp+xWf6OoFOaZxOCrhMojF3kngkEp7kH1qoxYnTLbRD945iorei1h
m96oUjhW0cFbG5sI4DFJqRuYeEruKaGh1qcJhI2MXisJQjU4vgS5sz0dFwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFInokG4GF7yFQENXqC9twjOHHzwrMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvaWVpUWJnWVh2SVZBUTFlb0wyM0NNNGNmUENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBWJc4AwQA
WNHTAwQCWNHoAwQAstLkMA0GCSqGSIb3DQEBCwUAA4IBAQBmmlgXlM4zKiYLYQNf
unHnyfmndTxB9dsR9Gmqw0RCMwLR2X8xkXEapA868aYG+KSxwmqMLGoE6SOpwKHn
Kt+H999KfP+QAspCbIeTuGnuvL3ffx6+UOugNsiew710gSFx3SjpDdsgqMd/ea+v
wSLZ8FO1DRMWPTZKfceN1vAncjEXZYeFnKGceJQtgMpc0aoxekMZX3tZ/uM/lgmQ
3dDOiXCqkJnrLYlvgC39NEgWaaIwzRMLMGgOHvQKfH7JcznnfRVZ545nvvQioOOi
+jBkw9xgjF9/W7bqSXQPiDcwpBdNSdLD3hNEZo8DveP9Ez8l6XtkuYbzYZfyiYj4
zlTj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org