Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tctzar_hH8pyEXcl81pmgaut4F8.roa
File: tctzar_hH8pyEXcl81pmgaut4F8.roa (raw, json)
Hash identifier: 2o9EA8mIm4F5le2KTJBFy6D/1MVD1EJr1ffSudF7Bt0=
Subject key identifier: B5:CB:73:6A:BF:E1:1F:CA:72:11:77:25:F3:5A:66:81:AB:AD:E0:5F
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0185A4FEDF4A57F3B19BDDF8E5534F0203AB
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tctzar_hH8pyEXcl81pmgaut4F8.roa
Signing time: Thu 12 Jan 2023 08:00:44 +0000
ROA not before: Thu 12 Jan 2023 08:00:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211619
IP address blocks: 88.209.228.0/24 maxlen: 24
88.209.239.0/24 maxlen: 24
88.209.236.0/22 maxlen: 22
88.209.246.0/23 maxlen: 23
88.209.253.0/24 maxlen: 24
83.137.156.0/24 maxlen: 24
83.137.157.0/24 maxlen: 24
83.137.153.0/24 maxlen: 24
178.210.232.0/24 maxlen: 24
178.210.233.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.234.0/24 maxlen: 24
178.210.235.0/24 maxlen: 24
45.9.168.0/24 maxlen: 24
77.242.152.0/22 maxlen: 22
92.52.218.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
5.182.112.0/24 maxlen: 24
45.14.9.0/24 maxlen: 24
5.182.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a4:fe:df:4a:57:f3:b1:9b:dd:f8:e5:53:4f:02:03:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jan 12 08:00:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b5cb736abfe11fca72117725f35a6681abade05f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:99:ee:14:34:5b:c5:ec:6a:5a:06:ec:39:5b:
56:2d:36:4c:42:66:92:c7:fd:04:07:ed:a3:f6:19:
26:e0:5d:6f:ed:74:4d:59:3f:51:17:f9:2a:b1:10:
bb:37:54:14:d6:30:03:eb:2b:65:3e:3f:b7:43:91:
1f:3d:f2:42:54:84:73:6e:4a:8a:54:ce:b8:5d:14:
9e:5d:f3:63:1c:f7:39:f6:9e:3f:da:b9:3c:03:33:
e3:cd:ea:5f:88:3b:81:40:ca:dd:39:50:a5:e2:96:
82:48:dc:4b:c9:9f:bb:e5:f4:d9:ef:cb:d6:65:82:
8c:c8:14:02:b8:c3:a9:1b:21:09:9f:fa:08:95:87:
bf:d8:ad:7e:83:85:b9:a3:ce:21:ca:6e:63:33:ec:
b6:6d:e2:4d:e1:ab:cd:87:0a:9a:29:c6:8f:0c:bb:
76:75:28:bb:77:3b:54:3e:b9:ad:c0:77:0f:7b:49:
b1:e9:9d:b8:f3:e3:1a:00:f8:a9:e6:a2:bf:1b:13:
14:80:e1:a2:e6:fc:e1:4a:a0:52:8b:e3:66:5a:09:
9f:54:85:a8:32:42:44:e9:e7:82:2c:9f:51:0a:f9:
dd:78:ff:60:8e:6b:b9:49:a1:1f:f5:33:c5:6f:29:
a5:23:48:c4:f4:20:06:19:ea:cb:7e:0d:7e:8c:fe:
30:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:CB:73:6A:BF:E1:1F:CA:72:11:77:25:F3:5A:66:81:AB:AD:E0:5F
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tctzar_hH8pyEXcl81pmgaut4F8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.112.0/24
5.182.115.0/24
45.9.168.0/24
45.14.9.0/24
77.242.152.0/22
83.137.153.0/24
83.137.156.0/23
88.151.62.0/24
88.209.228.0/24
88.209.236.0/22
88.209.246.0/23
88.209.253.0/24
92.52.218.0/24
178.210.232.0/22
178.210.237.0/24
194.41.47.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:fe:16:2f:5e:4d:82:19:92:13:51:9c:fb:cb:34:91:df:8c:
08:90:fc:f6:4a:86:b2:71:bc:d3:21:47:c3:9a:7e:e5:44:cd:
fb:65:6c:77:51:5d:43:e8:b7:ac:9c:26:80:dc:77:b2:35:34:
7b:bc:82:39:ca:b3:4c:01:2e:be:4e:0c:3d:c4:73:c6:02:ce:
f6:33:78:41:e7:0a:bd:e7:e4:13:ef:54:a2:2f:a4:81:e3:59:
ee:79:18:a5:04:ba:b4:e4:29:d6:f6:3f:1a:9e:b5:47:0c:33:
50:e7:cc:b8:3a:1b:a1:c0:ce:0f:fb:ea:88:47:c5:5d:5b:95:
49:e9:53:d4:b1:0a:a0:d4:5f:34:06:c5:f1:58:3f:1a:68:79:
fc:2d:0f:f2:89:2f:f1:52:5d:97:1f:39:2d:39:ef:f4:e5:2b:
42:fe:f7:42:6f:aa:bc:7e:af:e9:fb:3f:09:b3:48:17:5a:11:
89:36:01:c4:01:66:31:66:72:e9:84:90:94:5f:93:e3:73:50:
aa:92:11:2c:24:63:f4:72:b2:8b:1c:87:60:d2:5e:27:3e:e9:
32:a5:05:e9:25:19:a3:e6:77:a6:13:dc:75:1b:f2:af:16:4b:
95:e1:5a:42:de:1d:aa:9c:bf:c5:18:1e:dc:e9:4e:98:45:61:
9d:14:8f:95
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYWk/t9KV/Oxm9345VNPAgOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwMTEyMDgwMDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNiNzM2YWJmZTExZmNhNzIxMTc3MjVmMzVhNjY4MWFiYWRlMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpnuFDRbxexqWgbsOVtWLTZMQmaS
x/0EB+2j9hkm4F1v7XRNWT9RF/kqsRC7N1QU1jAD6ytlPj+3Q5EfPfJCVIRzbkqK
VM64XRSeXfNjHPc59p4/2rk8AzPjzepfiDuBQMrdOVCl4paCSNxLyZ+75fTZ78vW
ZYKMyBQCuMOpGyEJn/oIlYe/2K1+g4W5o84hym5jM+y2beJN4avNhwqaKcaPDLt2
dSi7dztUPrmtwHcPe0mx6Z248+MaAPip5qK/GxMUgOGi5vzhSqBSi+NmWgmfVIWo
MkJE6eeCLJ9RCvndeP9gjmu5SaEf9TPFbymlI0jE9CAGGerLfg1+jP4wXQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFLXLc2q/4R/KchF3JfNaZoGrreBfMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvdGN0emFyX2hIOHB5RVhjbDgxcG1nYXV0NEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQABbZwAwQA
BbZzAwQALQmoAwQALQ4JAwQCTfKYAwQAU4mZAwQBU4mcAwQAWJc+AwQAWNHkAwQC
WNHsAwQBWNH2AwQAWNH9AwQAXDTaAwQCstLoAwQAstLtAwQAwikvMA0GCSqGSIb3
DQEBCwUAA4IBAQCk/hYvXk2CGZITUZz7yzSR34wIkPz2SoaycbzTIUfDmn7lRM37
ZWx3UV1D6LesnCaA3HeyNTR7vII5yrNMAS6+Tgw9xHPGAs72M3hB5wq95+QT71Si
L6SB41nueRilBLq05CnW9j8anrVHDDNQ58y4OhuhwM4P++qIR8VdW5VJ6VPUsQqg
1F80BsXxWD8aaHn8LQ/yiS/xUl2XHzktOe/05StC/vdCb6q8fq/p+z8Js0gXWhGJ
NgHEAWYxZnLphJCUX5Pjc1CqkhEsJGP0crKLHIdg0l4nPukypQXpJRmj5nemE9x1
G/KvFkuV4VpC3h2qnL/FGB7c6U6YRWGdFI+V
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:57 2024 by rpki-client on console-ams.rpki-client.org