Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/nFaTjd0ac5WfKWbfCnzbrkiuujc.roa
File: nFaTjd0ac5WfKWbfCnzbrkiuujc.roa (raw, json)
Hash identifier: f/1vMEFXee2sAzdiqtEwu+VvTAggQ8Y/rQv/SCJ4y6c=
Subject key identifier: 9C:56:93:8D:DD:1A:73:95:9F:29:66:DF:0A:7C:DB:AE:48:AE:BA:37
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018CC953720300FF4CF0A1A46C4A2B3B5D9E
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/nFaTjd0ac5WfKWbfCnzbrkiuujc.roa
Signing time: Tue 02 Jan 2024 08:38:58 +0000
ROA not before: Tue 02 Jan 2024 08:38:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 88.209.232.0/22 maxlen: 24
178.210.231.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.211.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:53:72:03:00:ff:4c:f0:a1:a4:6c:4a:2b:3b:5d:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 2 08:38:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9c56938ddd1a73959f2966df0a7cdbae48aeba37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:21:a9:24:31:2a:c9:2e:3c:27:67:7a:04:c7:
33:4e:0f:52:b7:67:bf:89:ad:d1:3c:09:9a:ef:23:
6c:8d:5d:a3:6e:1a:62:e7:c3:2f:1f:9f:6a:0c:d3:
3f:b1:a6:e5:22:ea:85:9e:d0:cf:3a:5b:81:7c:3d:
51:40:61:b1:d4:93:94:30:b4:7b:cc:06:db:f9:79:
d8:7a:4f:81:b6:49:44:cd:ba:98:5e:ee:12:f1:91:
ac:a9:09:9d:dd:1f:58:0e:07:8b:9f:00:aa:39:1c:
cb:ed:b6:5b:23:cf:84:c4:1d:9a:ad:a9:c1:26:92:
a7:0d:6b:a2:4d:7c:04:66:0a:0a:40:cb:65:6c:4d:
4e:ab:46:66:66:eb:0f:01:5a:b2:7b:3c:ac:7a:9e:
39:14:6d:b1:11:52:a9:77:4a:a4:47:ab:20:e8:b3:
66:fe:86:88:9d:85:7a:3e:97:89:74:0b:f6:2a:73:
c6:57:bb:6d:ba:54:36:49:3f:f8:33:ea:1f:f8:f5:
f5:3a:90:bd:6f:aa:ef:43:6b:e9:e2:87:94:f7:2c:
40:07:e8:d2:cd:df:79:ce:f3:48:e2:7b:52:65:3e:
04:b9:92:03:c9:12:07:4a:80:c5:0b:4b:0b:e8:57:
0e:34:67:d2:12:49:d5:65:b7:20:23:01:ac:0f:35:
67:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:56:93:8D:DD:1A:73:95:9F:29:66:DF:0A:7C:DB:AE:48:AE:BA:37
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/nFaTjd0ac5WfKWbfCnzbrkiuujc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.211.0/24
88.209.232.0/22
178.210.228.0/24
178.210.230.0/23
Signature Algorithm: sha256WithRSAEncryption
b6:b3:17:22:06:82:d5:11:2f:8b:00:9a:fc:52:0b:11:84:74:
97:f8:81:35:f6:19:96:07:0a:ff:d8:b4:0e:c6:e8:d3:50:ab:
b4:89:03:7a:39:36:65:75:2c:4a:df:80:27:e0:b2:cb:77:e0:
8e:78:b7:ff:8f:7a:16:15:67:6f:07:05:76:f1:10:46:09:5b:
eb:3e:2a:76:46:c4:76:87:5b:3c:51:2e:40:db:9f:69:39:71:
5e:36:97:6a:8a:f1:40:34:9b:5f:0b:f9:ef:0b:5d:2d:49:f9:
48:48:79:a2:0f:6d:f8:e9:c4:c9:9d:f1:d2:39:66:61:13:9e:
dd:2a:7c:6f:f6:f6:4f:bb:33:2e:8d:7b:c8:60:dd:50:df:c5:
c9:99:df:f2:19:8b:b0:c3:97:f7:f2:41:60:df:67:5a:c4:30:
36:e0:52:9c:91:ab:14:dd:aa:6e:58:5d:7d:af:65:95:7a:ef:
bd:20:bd:ed:d9:a3:d2:ad:2e:69:29:3f:23:b9:b3:66:b8:42:
0b:0d:cb:bc:07:a8:37:60:ad:67:3a:38:d0:83:e8:73:c5:76:
eb:e3:c8:d9:fb:02:ec:d7:02:0d:4f:ed:1f:e2:60:f9:29:a4:
a9:d9:ca:c1:b9:c4:96:c1:dd:0a:41:d4:95:77:ab:6f:49:bb:
14:38:f7:b8
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzJU3IDAP9M8KGkbEorO12eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAyMDgzODU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzU2OTM4ZGRkMWE3Mzk1OWYyOTY2ZGYwYTdjZGJhZTQ4YWViYTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCGpJDEqyS48J2d6BMczTg9St2e/
ia3RPAma7yNsjV2jbhpi58MvH59qDNM/sablIuqFntDPOluBfD1RQGGx1JOUMLR7
zAbb+XnYek+BtklEzbqYXu4S8ZGsqQmd3R9YDgeLnwCqORzL7bZbI8+ExB2aranB
JpKnDWuiTXwEZgoKQMtlbE1Oq0ZmZusPAVqyezysep45FG2xEVKpd0qkR6sg6LNm
/oaInYV6PpeJdAv2KnPGV7ttulQ2ST/4M+of+PX1OpC9b6rvQ2vp4oeU9yxAB+jS
zd95zvNI4ntSZT4EuZIDyRIHSoDFC0sL6FcONGfSEknVZbcgIwGsDzVnuwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJxWk43dGnOVnylm3wp8265Irro3MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbkZhVGpkMGFjNVdmS1diZkNuemJya2l1dWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBWJc4AwQA
WNHTAwQCWNHoAwQAstLkAwQBstLmMA0GCSqGSIb3DQEBCwUAA4IBAQC2sxciBoLV
ES+LAJr8UgsRhHSX+IE19hmWBwr/2LQOxujTUKu0iQN6OTZldSxK34An4LLLd+CO
eLf/j3oWFWdvBwV28RBGCVvrPip2RsR2h1s8US5A259pOXFeNpdqivFANJtfC/nv
C10tSflISHmiD2346cTJnfHSOWZhE57dKnxv9vZPuzMujXvIYN1Q38XJmd/yGYuw
w5f38kFg32daxDA24FKckasU3apuWF19r2WVeu+9IL3t2aPSrS5pKT8jubNmuEIL
Dcu8B6g3YK1nOjjQg+hzxXbr48jZ+wLs1wINT+0f4mD5KaSp2crBucSWwd0KQdSV
d6tvSbsUOPe4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org