Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/AiewBLwjBZYpsHrHnwOV3H0H0YQ.roa
File: AiewBLwjBZYpsHrHnwOV3H0H0YQ.roa (raw, json)
Hash identifier: 1iwy/BGoOk9VTR4HhEY9EwxvT+ErmAZDsLqaJ/E357M=
Subject key identifier: 02:27:B0:04:BC:23:05:96:29:B0:7A:C7:9F:03:95:DC:7D:07:D1:84
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01878DFBCB6C5E82C66821236896023E88EC
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/AiewBLwjBZYpsHrHnwOV3H0H0YQ.roa
Signing time: Mon 17 Apr 2023 06:51:41 +0000
ROA not before: Mon 17 Apr 2023 06:51:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.210.236.0/24 maxlen: 24
88.151.56.0/24 maxlen: 24
88.209.198.0/24 maxlen: 24
88.209.209.0/24 maxlen: 24
5.182.113.0/24 maxlen: 24
88.209.216.0/24 maxlen: 24
88.209.225.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:8d:fb:cb:6c:5e:82:c6:68:21:23:68:96:02:3e:88:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Apr 17 06:51:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0227b004bc23059629b07ac79f0395dc7d07d184
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:a2:3c:bd:ae:38:c1:ea:b5:74:d7:8f:d2:d5:
a1:27:53:d0:65:3a:52:67:53:cb:2c:88:22:c1:f3:
60:8b:98:08:1d:19:b6:65:d0:b2:ad:86:e0:51:b4:
d4:6c:78:41:89:71:33:0e:f9:50:cb:0e:d2:09:47:
fd:f1:07:23:68:12:96:6e:8b:c4:fd:72:d0:bd:7b:
90:f1:3d:94:c8:0a:a4:52:4c:f0:7a:b0:64:a9:92:
47:2d:ea:9b:16:58:81:48:ce:6d:58:fc:ba:e8:67:
e3:bd:04:13:f0:c9:b5:bf:2b:6b:fc:57:fa:2d:7f:
46:74:96:0c:71:cf:29:5e:37:21:73:ba:b9:d3:b5:
eb:cf:56:a0:93:72:e8:d1:e8:79:0b:c9:eb:6b:9e:
69:c3:03:05:7d:e4:7b:bf:5e:23:a3:55:32:3c:24:
ce:91:c5:3e:03:d6:f5:08:12:20:56:61:5c:d0:c2:
78:93:ce:38:65:ab:a2:24:43:23:b0:b2:c4:6d:5a:
ce:89:4b:aa:68:2d:af:cd:cc:6c:7f:da:c7:96:f9:
60:f1:bb:c1:84:a7:85:d2:a5:97:79:f8:af:44:86:
af:2f:a6:e2:02:11:24:c3:2f:27:05:b1:c8:19:d5:
11:a8:7f:9a:76:3d:37:ca:08:22:b0:cf:0e:64:ad:
b0:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:27:B0:04:BC:23:05:96:29:B0:7A:C7:9F:03:95:DC:7D:07:D1:84
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/AiewBLwjBZYpsHrHnwOV3H0H0YQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.113.0/24
88.151.56.0/24
88.209.198.0/24
88.209.209.0/24
88.209.216.0/24
88.209.221.0/24
88.209.225.0/24
178.210.236.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:06:85:bd:bd:78:a6:63:4f:12:b9:cc:6b:e9:31:73:51:e5:
94:c4:01:f0:64:89:37:47:3f:88:80:5d:3e:2d:f6:f0:23:10:
d3:d1:6f:fe:02:9c:8e:08:40:c7:58:3e:8b:41:80:03:70:9a:
ee:ce:6d:e6:80:9f:29:43:4b:b6:32:6b:1e:85:99:81:61:14:
ba:8b:dc:05:c4:02:1d:af:d2:a6:94:1e:38:a4:c1:b3:34:c7:
c4:08:87:f1:43:13:28:5f:cb:43:51:bd:e8:53:d7:30:65:de:
1e:2b:a3:75:28:77:d1:31:b7:e8:c0:7b:cd:84:54:14:4f:e3:
19:fb:3b:4f:10:6c:28:7e:24:f2:56:13:86:65:03:59:6e:a8:
ff:ae:08:44:be:08:9b:e3:6f:60:65:4f:25:b3:5f:57:4a:0d:
e5:42:f4:84:36:0f:b4:c2:23:94:65:7a:51:c5:cf:af:05:fd:
35:96:f1:a8:99:0c:4d:fa:9f:19:60:8d:76:6b:a5:26:50:47:
cb:19:bb:1c:a5:6a:9b:59:72:41:d2:f8:6b:f6:f3:74:20:da:
35:c5:82:4a:68:47:49:a1:7e:a0:c3:59:95:75:19:e0:e6:6c:
04:f0:ee:a0:8c:db:1a:f5:d5:ba:b0:4c:95:34:87:ad:26:86:
01:b3:48:c7
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYeN+8tsXoLGaCEjaJYCPojsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNDE3MDY1MTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjI3YjAwNGJjMjMwNTk2MjliMDdhYzc5ZjAzOTVkYzdkMDdkMTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaI8va44weq1dNeP0tWhJ1PQZTpS
Z1PLLIgiwfNgi5gIHRm2ZdCyrYbgUbTUbHhBiXEzDvlQyw7SCUf98QcjaBKWbovE
/XLQvXuQ8T2UyAqkUkzwerBkqZJHLeqbFliBSM5tWPy66GfjvQQT8Mm1vytr/Ff6
LX9GdJYMcc8pXjchc7q507Xrz1agk3Lo0eh5C8nra55pwwMFfeR7v14jo1UyPCTO
kcU+A9b1CBIgVmFc0MJ4k844ZauiJEMjsLLEbVrOiUuqaC2vzcxsf9rHlvlg8bvB
hKeF0qWXefivRIavL6biAhEkwy8nBbHIGdURqH+adj03yggisM8OZK2wQQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAInsAS8IwWWKbB6x58Dldx9B9GEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvQWlld0JMd2pCWllwc0hySG53T1YzSDBIMFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQABbZxAwQA
WJc4AwQAWNHGAwQAWNHRAwQAWNHYAwQAWNHdAwQAWNHhAwQAstLsMA0GCSqGSIb3
DQEBCwUAA4IBAQCNBoW9vXimY08Sucxr6TFzUeWUxAHwZIk3Rz+IgF0+LfbwIxDT
0W/+ApyOCEDHWD6LQYADcJruzm3mgJ8pQ0u2MmsehZmBYRS6i9wFxAIdr9KmlB44
pMGzNMfECIfxQxMoX8tDUb3oU9cwZd4eK6N1KHfRMbfowHvNhFQUT+MZ+ztPEGwo
fiTyVhOGZQNZbqj/rghEvgib429gZU8ls19XSg3lQvSENg+0wiOUZXpRxc+vBf01
lvGomQxN+p8ZYI12a6UmUEfLGbscpWqbWXJB0vhr9vN0INo1xYJKaEdJoX6gw1mV
dRng5mwE8O6gjNsa9dW6sEyVNIetJoYBs0jH
-----END CERTIFICATE-----
Generated at Sun May 11 21:36:32 2025 by rpki-client