Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/u5clYEcaRDq0RTrta-b-Gg2XI_8.roa
File: u5clYEcaRDq0RTrta-b-Gg2XI_8.roa (raw, json)
Hash identifier: Az26KXcIvA7kNhdyEn38fyDlqB7nX3XHuuRQVutOahk=
Subject key identifier: BB:97:25:60:47:1A:44:3A:B4:45:3A:ED:6B:E6:FE:1A:0D:97:23:FF
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0181FC967FB2F7339650A3CB6A222952BB82
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/u5clYEcaRDq0RTrta-b-Gg2XI_8.roa
Signing time: Thu 14 Jul 2022 12:02:10 +0000
ROA not before: Thu 14 Jul 2022 12:02:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42864
IP address blocks: 88.209.227.0/24 maxlen: 24
88.209.231.0/24 maxlen: 24
178.210.236.0/24 maxlen: 24
88.209.192.0/21 maxlen: 24
88.209.208.0/20 maxlen: 24
88.209.226.0/24 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:fc:96:7f:b2:f7:33:96:50:a3:cb:6a:22:29:52:bb:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 14 12:02:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bb972560471a443ab4453aed6be6fe1a0d9723ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:fe:b7:9d:1b:95:f2:4f:18:06:27:cf:f2:5e:
74:c3:7d:a5:09:71:e2:48:7a:27:90:d9:19:8f:8d:
50:17:e8:3a:86:76:2a:cb:e6:2b:54:c8:a3:67:33:
59:36:c6:27:ef:76:ab:22:fc:0f:2a:05:23:d1:aa:
31:d7:23:a9:06:4d:15:17:a7:35:fc:24:a0:09:f4:
d0:2e:8b:2e:00:1e:d0:a2:fb:71:7a:89:9f:9b:78:
1c:17:aa:f6:14:1c:9a:44:b0:f6:27:a6:7f:1c:63:
72:b1:62:b6:4e:4a:52:81:d1:bb:51:e2:34:78:61:
b9:92:77:79:58:d4:e2:36:e0:4b:a8:b7:09:ce:4c:
df:78:1f:68:85:36:23:52:0f:53:18:b6:ad:48:25:
d3:e6:a8:4c:6a:a9:8d:80:32:79:cf:69:f7:c9:2d:
5a:49:5f:e7:55:55:10:27:30:25:34:14:c3:a4:6c:
46:20:67:6f:8c:13:85:cf:6d:eb:18:75:7a:60:a7:
74:8c:7f:5b:03:69:80:f7:6f:e8:54:76:f5:ad:9f:
87:83:d7:2f:15:a5:f3:e7:3e:e9:f3:dc:86:eb:b8:
e3:09:60:bf:ff:3c:4d:4a:3c:78:df:7d:df:5d:c4:
08:ba:1a:d2:c4:14:26:ba:04:bf:bb:69:5f:6d:d2:
0d:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:97:25:60:47:1A:44:3A:B4:45:3A:ED:6B:E6:FE:1A:0D:97:23:FF
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/u5clYEcaRDq0RTrta-b-Gg2XI_8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.192.0/21
88.209.208.0-88.209.227.255
88.209.231.0/24
178.210.236.0/24
Signature Algorithm: sha256WithRSAEncryption
99:f3:f0:5f:a4:1a:bd:79:09:7f:11:8b:2c:2c:90:f3:82:37:
9e:5b:ff:bc:86:f9:bd:0d:52:b6:75:37:69:ef:8d:b2:69:bf:
f6:69:a2:fe:8d:f5:95:a9:5f:6d:d3:01:e9:e9:77:fa:fa:04:
37:fb:b8:a3:21:95:d8:c5:fc:e8:e4:bd:cb:c5:79:05:d4:17:
15:97:e9:46:89:b0:69:f7:1e:02:2a:c7:b5:d4:8c:7e:78:e3:
b9:03:46:c3:13:a8:b0:d5:d5:53:ff:32:57:dd:8a:6d:05:2b:
5e:56:ca:42:3b:ec:32:c0:83:e5:da:b6:9d:44:9a:2f:a2:2c:
30:1f:59:5c:a6:a3:9f:76:8e:d6:78:81:d9:ae:9f:c4:9a:f2:
99:6c:50:7c:47:73:be:6c:ca:1a:c0:0f:54:51:14:32:a4:1f:
ca:29:fe:c2:ae:48:06:2a:fa:7d:52:60:1b:64:d3:35:90:05:
fb:c9:ae:4d:dc:b6:4f:97:de:b2:39:b2:7a:e7:99:c6:73:4d:
9d:06:c7:9a:bd:b3:71:e6:dd:78:14:a9:cd:3a:21:cb:05:b4:
66:84:6f:79:a9:60:9b:fd:2d:32:12:26:2d:12:31:be:3c:cc:
83:12:ed:f3:d0:4c:59:7d:60:1e:6d:3d:62:0a:2a:a4:56:3a:
b3:2d:8a:e6
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYH8ln+y9zOWUKPLaiIpUruCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzE0MTIwMjEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjk3MjU2MDQ3MWE0NDNhYjQ0NTNhZWQ2YmU2ZmUxYTBkOTcyM2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhf63nRuV8k8YBifP8l50w32lCXHi
SHonkNkZj41QF+g6hnYqy+YrVMijZzNZNsYn73arIvwPKgUj0aox1yOpBk0VF6c1
/CSgCfTQLosuAB7Qovtxeomfm3gcF6r2FByaRLD2J6Z/HGNysWK2TkpSgdG7UeI0
eGG5knd5WNTiNuBLqLcJzkzfeB9ohTYjUg9TGLatSCXT5qhMaqmNgDJ5z2n3yS1a
SV/nVVUQJzAlNBTDpGxGIGdvjBOFz23rGHV6YKd0jH9bA2mA92/oVHb1rZ+Hg9cv
FaXz5z7p89yG67jjCWC//zxNSjx4333fXcQIuhrSxBQmugS/u2lfbdINIwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLuXJWBHGkQ6tEU67Wvm/hoNlyP/MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvdTVjbFlFY2FSRHEwUlRydGEtYi1HZzJYSV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDWNHAMAwD
BARY0dADBAJY0eADBABY0ecDBACy0uwwDQYJKoZIhvcNAQELBQADggEBAJnz8F+k
Gr15CX8RiywskPOCN55b/7yG+b0NUrZ1N2nvjbJpv/Zpov6N9ZWpX23TAenpd/r6
BDf7uKMhldjF/OjkvcvFeQXUFxWX6UaJsGn3HgIqx7XUjH5447kDRsMTqLDV1VP/
Mlfdim0FK15WykI77DLAg+Xatp1Emi+iLDAfWVymo592jtZ4gdmun8Sa8plsUHxH
c75syhrAD1RRFDKkH8op/sKuSAYq+n1SYBtk0zWQBfvJrk3ctk+X3rI5snrnmcZz
TZ0Gx5q9s3Hm3XgUqc06IcsFtGaEb3mpYJv9LTISJi0SMb48zIMS7fPQTFl9YB5t
PWIKKqRWOrMtiuY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:57 2024 by rpki-client on console-ams.rpki-client.org