Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qOps2V-kPuEE8HrLfhc0O3aY6_s.roa
File: qOps2V-kPuEE8HrLfhc0O3aY6_s.roa (raw, json)
Hash identifier: pAKGAt5Ud72kjhWY/IEJFgq/jRepBrRLzXE7pKgPuvo=
Subject key identifier: A8:EA:6C:D9:5F:A4:3E:E1:04:F0:7A:CB:7E:17:34:3B:76:98:EB:FB
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01824A70D9B3DC0A4C67DBE91FA309206C5D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qOps2V-kPuEE8HrLfhc0O3aY6_s.roa
Signing time: Fri 29 Jul 2022 14:51:25 +0000
ROA not before: Fri 29 Jul 2022 14:51:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42864
IP address blocks: 88.209.231.0/24 maxlen: 24
88.209.227.0/24 maxlen: 24
88.209.240.0/22 maxlen: 22
83.137.159.0/24 maxlen: 24
178.248.200.0/21 maxlen: 21
45.9.171.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
88.209.192.0/21 maxlen: 24
88.209.208.0/20 maxlen: 24
88.209.226.0/24 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.224.0/24 maxlen: 24
88.151.60.0/22 maxlen: 22
178.210.224.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
178.210.236.0/24 maxlen: 24
77.242.144.0/20 maxlen: 20
92.52.219.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.9.0/24 maxlen: 24
45.14.8.0/24 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.209.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:4a:70:d9:b3:dc:0a:4c:67:db:e9:1f:a3:09:20:6c:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 29 14:51:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a8ea6cd95fa43ee104f07acb7e17343b7698ebfb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:db:54:28:e3:ae:3e:00:d6:38:dc:04:c7:72:
22:61:0c:0d:a5:d1:0d:a2:fa:bf:c7:f2:0a:8e:d8:
df:df:b3:45:d5:40:d7:00:03:01:4e:f6:f1:22:95:
31:f0:d7:c7:5b:28:7e:95:08:ce:c7:f7:f5:a1:36:
0d:24:ee:5d:08:e6:7a:c9:ac:e1:2d:4a:3c:d8:4b:
12:f1:10:5e:30:61:a1:78:ac:1d:1e:1f:e8:02:14:
8f:1a:e7:bd:24:9c:c7:98:09:34:c7:0f:37:bf:d7:
34:30:77:7a:53:8a:d8:7c:4a:88:4b:6a:d0:0d:b6:
9c:62:72:36:aa:39:06:7e:27:c7:57:7d:41:c2:f4:
9c:f0:da:d9:05:b5:95:aa:36:39:c9:80:a8:69:1e:
89:4f:b3:c7:50:b1:24:f1:ca:65:71:65:f7:15:c4:
db:9c:44:b2:5b:1e:24:ed:c2:cb:a2:44:0f:5e:d3:
13:5e:e1:4a:7e:eb:be:4c:dd:94:97:6d:97:1c:75:
60:ff:9f:92:7f:1e:4e:22:8c:d2:d2:93:22:48:b3:
8f:ff:d0:82:f1:7c:eb:48:4d:07:ca:1f:67:27:a6:
86:5c:e8:0b:86:2e:b6:99:0e:ee:76:61:f1:f1:55:
9d:0e:4c:5b:5b:00:b2:d1:04:79:e0:dd:6c:a2:4d:
bf:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:EA:6C:D9:5F:A4:3E:E1:04:F0:7A:CB:7E:17:34:3B:76:98:EB:FB
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qOps2V-kPuEE8HrLfhc0O3aY6_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.8.0-45.14.10.255
77.242.144.0/20
83.137.159.0/24
88.151.60.0/22
88.209.192.0/21
88.209.208.0-88.209.227.255
88.209.231.0/24
88.209.240.0/22
92.52.208.0/22
92.52.219.0/24
178.210.224.0/21
178.210.236.0/24
178.248.200.0/21
193.138.125.0/24
Signature Algorithm: sha256WithRSAEncryption
b5:d9:bb:8b:47:b6:a7:ee:59:c0:ac:18:60:85:72:7a:af:e3:
ba:26:83:4a:60:17:e2:c3:41:82:5f:85:46:72:c7:d7:e3:b8:
ea:48:c0:98:81:8b:d4:83:44:4e:17:14:79:42:23:5d:46:03:
5d:cb:91:13:c3:26:c5:57:6d:70:a9:d5:4b:e1:5a:29:7c:d2:
ef:41:8e:a0:72:1e:77:eb:43:96:01:a5:5c:d8:ab:2d:a1:6f:
e5:4d:b3:23:c2:9f:85:12:50:b0:c0:99:ee:ae:c5:fc:ad:16:
c1:51:9f:bc:43:32:84:28:da:f1:f9:fd:db:2b:67:89:01:c1:
97:1c:d7:4e:6f:58:33:8f:ba:38:92:61:ac:62:36:11:81:9f:
8c:05:22:cb:c5:b6:40:cf:2d:17:fa:d4:fa:43:8b:69:a9:98:
6e:8e:b8:71:8d:85:b3:d2:a6:32:45:9a:e9:87:12:e1:d7:ec:
2d:07:31:4b:b8:46:bb:47:35:35:a1:26:a8:31:38:f4:62:52:
64:34:22:ab:ce:64:05:58:26:83:5d:73:4d:61:4b:a9:74:e8:
7e:88:78:c8:1a:24:3f:22:af:7d:b6:ce:9c:08:de:30:6d:34:
4c:06:a0:d4:4b:23:16:49:c6:68:1d:0d:24:17:e4:ba:78:5a:
24:cc:a4:57
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAYJKcNmz3ApMZ9vpH6MJIGxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzI5MTQ1MTI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVhNmNkOTVmYTQzZWUxMDRmMDdhY2I3ZTE3MzQzYjc2OThlYmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdtUKOOuPgDWONwEx3IiYQwNpdEN
ovq/x/IKjtjf37NF1UDXAAMBTvbxIpUx8NfHWyh+lQjOx/f1oTYNJO5dCOZ6yazh
LUo82EsS8RBeMGGheKwdHh/oAhSPGue9JJzHmAk0xw83v9c0MHd6U4rYfEqIS2rQ
DbacYnI2qjkGfifHV31BwvSc8NrZBbWVqjY5yYCoaR6JT7PHULEk8cplcWX3FcTb
nESyWx4k7cLLokQPXtMTXuFKfuu+TN2Ul22XHHVg/5+Sfx5OIozS0pMiSLOP/9CC
8XzrSE0Hyh9nJ6aGXOgLhi62mQ7udmHx8VWdDkxbWwCy0QR54N1sok2/HwIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFKjqbNlfpD7hBPB6y34XNDt2mOv7MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcU9wczJWLWtQdUVFOEhyTGZoYzBPM2FZNl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcjAMAwQALQmp
AwQCLQmoMAwDBAMtDggDBAAtDgoDBARN8pADBABTiZ8DBAJYlzwDBANY0cAwDAME
BFjR0AMEAljR4AMEAFjR5wMEAljR8AMEAlw00AMEAFw02wMEA7LS4AMEALLS7AME
A7L4yAMEAMGKfTANBgkqhkiG9w0BAQsFAAOCAQEAtdm7i0e2p+5ZwKwYYIVyeq/j
uiaDSmAX4sNBgl+FRnLH1+O46kjAmIGL1INEThcUeUIjXUYDXcuRE8MmxVdtcKnV
S+FaKXzS70GOoHIed+tDlgGlXNirLaFv5U2zI8KfhRJQsMCZ7q7F/K0WwVGfvEMy
hCja8fn92ytniQHBlxzXTm9YM4+6OJJhrGI2EYGfjAUiy8W2QM8tF/rU+kOLaamY
bo64cY2Fs9KmMkWa6YcS4dfsLQcxS7hGu0c1NaEmqDE49GJSZDQiq85kBVgmg11z
TWFLqXTofoh4yBokPyKvfbbOnAjeMG00TAag1EsjFknGaB0NJBfkunhaJMykVw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org