Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/nLEAaL1b044gSSkuws9W7I8TFjI.roa
File: nLEAaL1b044gSSkuws9W7I8TFjI.roa (raw, json)
Hash identifier: o+xzLCebHEoOG/Vl7b96MqvzH0qzWLCaePK9T4E99r0=
Subject key identifier: 9C:B1:00:68:BD:5B:D3:8E:20:49:29:2E:C2:CF:56:EC:8F:13:16:32
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018B133B205B9681417701D9C8C11B9BAC14
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/nLEAaL1b044gSSkuws9W7I8TFjI.roa
Signing time: Mon 09 Oct 2023 06:58:43 +0000
ROA not before: Mon 09 Oct 2023 06:58:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211440
IP address blocks: 88.209.252.0/24 maxlen: 24
178.210.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:13:3b:20:5b:96:81:41:77:01:d9:c8:c1:1b:9b:ac:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 9 06:58:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9cb10068bd5bd38e2049292ec2cf56ec8f131632
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:08:e5:ea:00:14:2a:16:5a:34:dd:25:34:80:
e4:21:52:40:3d:28:69:9a:60:35:4f:44:cf:22:73:
f3:aa:34:c5:3c:73:11:f0:c2:63:be:9f:ff:9b:29:
b3:e4:f3:2f:82:b3:32:41:0b:2c:bd:c4:80:05:6c:
c8:11:ae:0d:ed:0e:21:9d:02:91:e8:d2:27:ad:e6:
bc:3b:03:c5:ab:df:41:10:5d:49:c5:77:08:e9:da:
c8:e5:bf:99:1f:ed:cc:cc:b7:e5:58:b6:5b:f8:fc:
2e:c2:7f:2a:77:7f:93:d0:56:65:89:01:e5:eb:77:
5c:b5:48:67:8a:82:02:e7:a7:58:03:45:50:2b:8d:
3f:aa:c5:5b:70:76:c4:0a:97:27:21:79:6e:b4:f3:
b6:39:d4:6d:6f:ed:f0:b1:15:be:60:71:fa:f5:70:
2c:e8:b9:2f:56:75:84:7a:29:48:ee:e1:e5:c3:eb:
1d:44:c2:c4:7a:49:4d:25:95:a8:1a:39:c7:b7:b1:
71:89:92:72:10:b0:b7:f4:1e:9d:69:a7:2e:6c:1c:
c1:e3:ee:53:2f:db:c1:84:68:b2:2c:07:5f:31:c8:
93:ed:3c:98:9a:9d:3c:17:5d:1f:17:7a:4b:ba:b0:
50:a7:93:93:b5:a7:5d:b0:75:e0:7f:01:1d:2f:0f:
42:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:B1:00:68:BD:5B:D3:8E:20:49:29:2E:C2:CF:56:EC:8F:13:16:32
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/nLEAaL1b044gSSkuws9W7I8TFjI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.252.0/24
178.210.253.0/24
Signature Algorithm: sha256WithRSAEncryption
2e:5c:5f:a8:cb:40:e9:28:ed:7a:88:85:e4:b3:7a:a4:f4:fd:
52:d6:13:45:30:a8:48:46:30:cb:f8:6a:32:35:ed:43:74:a3:
39:06:c0:52:85:de:9a:7e:9d:0e:14:b1:4b:a3:48:bb:6e:f6:
9e:fb:00:10:2d:91:0b:d1:05:65:1b:8a:83:98:ef:10:f4:ca:
d2:7f:01:d9:e7:05:a9:ad:dc:4f:c5:2c:83:f1:2c:33:28:33:
4b:a9:df:52:41:02:90:ee:ab:7e:58:fa:1b:ff:4c:67:35:d2:
69:66:2c:a2:df:e9:77:62:7b:99:48:8a:0d:e9:c1:9b:c7:eb:
81:98:68:8d:f4:00:42:11:9b:73:72:3d:e1:ef:65:23:a5:b5:
df:9e:a3:c8:c3:7a:52:d0:a5:8a:ba:83:b1:d9:b9:eb:9b:46:
06:cd:8d:8d:cf:2a:a0:f9:0d:88:0d:d1:03:f4:0a:79:bc:15:
c9:85:2f:5b:bd:cf:6b:83:b0:a2:b3:12:05:f3:be:40:38:73:
89:59:67:7d:e7:7f:b3:46:5f:86:5d:90:c6:78:79:d6:14:5d:
72:00:22:70:e6:4a:27:e9:6e:46:28:98:69:df:76:aa:42:b1:
fc:bb:e8:29:8a:20:04:41:6d:e9:61:c8:62:0a:1e:1e:9b:88:
fd:3a:3c:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYsTOyBbloFBdwHZyMEbm6wUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDA5MDY1ODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2IxMDA2OGJkNWJkMzhlMjA0OTI5MmVjMmNmNTZlYzhmMTMxNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQjl6gAUKhZaNN0lNIDkIVJAPShp
mmA1T0TPInPzqjTFPHMR8MJjvp//mymz5PMvgrMyQQssvcSABWzIEa4N7Q4hnQKR
6NInrea8OwPFq99BEF1JxXcI6drI5b+ZH+3MzLflWLZb+Pwuwn8qd3+T0FZliQHl
63dctUhnioIC56dYA0VQK40/qsVbcHbECpcnIXlutPO2OdRtb+3wsRW+YHH69XAs
6LkvVnWEeilI7uHlw+sdRMLEeklNJZWoGjnHt7FxiZJyELC39B6daacubBzB4+5T
L9vBhGiyLAdfMciT7TyYmp08F10fF3pLurBQp5OTtaddsHXgfwEdLw9C4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJyxAGi9W9OOIEkpLsLPVuyPExYyMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbkxFQWFMMWIwNDRnU1NrdXdzOVc3SThURmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNH8AwQA
stL9MA0GCSqGSIb3DQEBCwUAA4IBAQAuXF+oy0DpKO16iIXks3qk9P1S1hNFMKhI
RjDL+GoyNe1DdKM5BsBShd6afp0OFLFLo0i7bvae+wAQLZEL0QVlG4qDmO8Q9MrS
fwHZ5wWprdxPxSyD8SwzKDNLqd9SQQKQ7qt+WPob/0xnNdJpZiyi3+l3YnuZSIoN
6cGbx+uBmGiN9ABCEZtzcj3h72UjpbXfnqPIw3pS0KWKuoOx2bnrm0YGzY2Nzyqg
+Q2IDdED9Ap5vBXJhS9bvc9rg7CisxIF875AOHOJWWd953+zRl+GXZDGeHnWFF1y
ACJw5kon6W5GKJhp33aqQrH8u+gpiiAEQW3pYchiCh4em4j9Ojzf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org