Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/wKsyVI1Syw2Kl6no7xwG6h_e6kM.roa
File: wKsyVI1Syw2Kl6no7xwG6h_e6kM.roa (raw, json)
Hash identifier: /cMUp8SJtMkqPHQ4nBnr+Q2xjvgcHpVSutc/95nI8RM=
Subject key identifier: C0:AB:32:54:8D:52:CB:0D:8A:97:A9:E8:EF:1C:06:EA:1F:DE:EA:43
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01877F5A6125B6246B1CA09C8C1DDCA5A1CE
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/wKsyVI1Syw2Kl6no7xwG6h_e6kM.roa
Signing time: Fri 14 Apr 2023 10:40:41 +0000
ROA not before: Fri 14 Apr 2023 10:40:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.210.236.0/24 maxlen: 24
88.151.56.0/24 maxlen: 24
88.209.209.0/24 maxlen: 24
5.182.113.0/24 maxlen: 24
88.209.216.0/24 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7f:5a:61:25:b6:24:6b:1c:a0:9c:8c:1d:dc:a5:a1:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Apr 14 10:40:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c0ab32548d52cb0d8a97a9e8ef1c06ea1fdeea43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:70:d8:07:69:56:64:56:aa:13:a9:33:6e:2e:
c1:b9:90:3d:0c:e5:cd:29:db:e4:39:93:39:80:d4:
0e:29:40:21:5c:1e:d5:d9:b4:21:1e:42:7e:3a:31:
cd:99:f3:80:f8:cc:cf:42:53:53:35:2d:ae:81:f1:
d1:8c:67:e3:fc:17:eb:38:14:58:b4:e7:43:9c:98:
5d:72:c4:b8:7a:01:79:82:cb:e6:be:79:81:40:33:
71:41:12:d6:e4:6f:36:18:3a:fd:19:1f:ae:36:6a:
52:2d:18:65:de:f4:02:36:4f:5a:d0:4c:21:c1:df:
46:f9:fd:c1:96:e4:35:d4:4b:27:2b:a0:ed:47:0d:
e2:5b:be:c6:8d:63:b9:f1:1c:7d:1b:11:82:4b:f7:
29:04:db:19:49:d5:60:88:85:43:0c:86:29:70:d2:
fb:27:d1:4e:8e:3d:77:64:55:9d:3c:4b:86:33:47:
92:5c:8a:22:29:1c:30:9a:e6:72:1b:cc:54:1f:88:
c6:e8:f4:08:8f:f9:58:c5:b4:7e:04:c7:9b:0c:26:
fb:11:d6:53:ec:d1:06:1f:48:cc:64:29:da:c3:fa:
e8:a6:24:9f:5e:36:53:38:78:2e:6c:a3:a1:e0:ad:
b2:4e:31:32:34:7f:fa:c5:ee:41:39:c7:70:b7:4f:
d0:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:AB:32:54:8D:52:CB:0D:8A:97:A9:E8:EF:1C:06:EA:1F:DE:EA:43
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/wKsyVI1Syw2Kl6no7xwG6h_e6kM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.113.0/24
88.151.56.0/24
88.209.209.0/24
88.209.216.0/24
88.209.221.0/24
88.209.225.0/24
178.210.236.0/24
Signature Algorithm: sha256WithRSAEncryption
53:16:c4:fd:20:bd:19:ba:cf:77:87:9f:25:0a:9f:e3:45:f9:
7c:91:d0:a5:3a:30:a0:c4:91:b8:6a:fb:8d:f6:f6:86:f7:a2:
f6:cf:4f:ba:e1:17:63:65:4f:77:65:21:d2:fc:e4:59:5d:22:
a3:dc:00:3e:73:ba:5f:4c:fb:b6:71:61:16:fe:2a:3e:c6:e5:
37:15:b6:91:02:76:0c:cc:d5:db:7e:38:fc:41:89:78:03:a8:
4a:99:86:10:d9:c4:08:c2:bb:c4:11:b0:c1:81:72:16:cd:be:
98:ce:49:15:25:f3:61:c8:a8:b0:64:50:37:ba:e6:1a:13:aa:
ad:ab:0e:55:bf:bc:40:34:72:5d:1c:67:e8:47:32:de:8b:97:
9b:a1:5d:ea:13:9c:fe:9a:e5:7b:ec:82:aa:b7:92:e0:3f:d0:
dd:d1:9a:55:a1:5e:77:4c:fa:5a:2e:a0:55:28:e0:fd:42:03:
4b:6e:1d:32:cd:94:73:29:7f:04:f9:0b:62:b9:7e:72:19:b9:
94:7a:9f:81:d4:77:31:f5:7f:d2:fe:0d:1f:3f:a6:bf:3a:4d:
03:39:30:08:29:f3:c7:69:5e:3d:f6:61:33:b4:10:92:d4:fc:
7f:b4:0f:13:ed:01:70:ad:ce:99:3c:e7:18:cd:c8:0d:dc:0c:
65:72:b2:98
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYd/WmEltiRrHKCcjB3cpaHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNDE0MTA0MDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGFiMzI1NDhkNTJjYjBkOGE5N2E5ZThlZjFjMDZlYTFmZGVlYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3DYB2lWZFaqE6kzbi7BuZA9DOXN
KdvkOZM5gNQOKUAhXB7V2bQhHkJ+OjHNmfOA+MzPQlNTNS2ugfHRjGfj/BfrOBRY
tOdDnJhdcsS4egF5gsvmvnmBQDNxQRLW5G82GDr9GR+uNmpSLRhl3vQCNk9a0Ewh
wd9G+f3BluQ11EsnK6DtRw3iW77GjWO58Rx9GxGCS/cpBNsZSdVgiIVDDIYpcNL7
J9FOjj13ZFWdPEuGM0eSXIoiKRwwmuZyG8xUH4jG6PQIj/lYxbR+BMebDCb7EdZT
7NEGH0jMZCnaw/ropiSfXjZTOHgubKOh4K2yTjEyNH/6xe5BOcdwt0/Q6wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMCrMlSNUssNipep6O8cBuof3upDMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvd0tzeVZJMVN5dzJLbDZubzd4d0c2aF9lNmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQABbZxAwQA
WJc4AwQAWNHRAwQAWNHYAwQAWNHdAwQAWNHhAwQAstLsMA0GCSqGSIb3DQEBCwUA
A4IBAQBTFsT9IL0Zus93h58lCp/jRfl8kdClOjCgxJG4avuN9vaG96L2z0+64Rdj
ZU93ZSHS/ORZXSKj3AA+c7pfTPu2cWEW/io+xuU3FbaRAnYMzNXbfjj8QYl4A6hK
mYYQ2cQIwrvEEbDBgXIWzb6YzkkVJfNhyKiwZFA3uuYaE6qtqw5Vv7xANHJdHGfo
RzLei5eboV3qE5z+muV77IKqt5LgP9Dd0ZpVoV53TPpaLqBVKOD9QgNLbh0yzZRz
KX8E+QtiuX5yGbmUep+B1Hcx9X/S/g0fP6a/Ok0DOTAIKfPHaV499mEztBCS1Px/
tA8T7QFwrc6ZPOcYzcgN3AxlcrKY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org