Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0NGRRJuQtzdLbCxVHBc20B_s0BA.roa
File: 0NGRRJuQtzdLbCxVHBc20B_s0BA.roa (raw, json)
Hash identifier: 47egcUlOrInngfZDQXHVohrcwnFlhw7mb9aBYMLOv4M=
Subject key identifier: D0:D1:91:44:9B:90:B7:37:4B:6C:2C:55:1C:17:36:D0:1F:EC:D0:10
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018BA5234CB6943C620E9C4BEDCDB4ECC887
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0NGRRJuQtzdLbCxVHBc20B_s0BA.roa
Signing time: Mon 06 Nov 2023 14:57:15 +0000
ROA not before: Mon 06 Nov 2023 14:57:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 92.52.214.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.200.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:a5:23:4c:b6:94:3c:62:0e:9c:4b:ed:cd:b4:ec:c8:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Nov 6 14:57:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d0d191449b90b7374b6c2c551c1736d01fecd010
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:8b:3c:b0:ab:55:fb:d8:82:af:a6:b3:aa:58:
17:f3:31:58:b0:35:98:d2:c8:11:af:12:33:ba:b2:
df:b0:5d:59:d1:45:82:8b:8f:d9:56:70:e9:4f:ab:
b3:03:f3:44:f7:3f:f3:93:27:4f:24:d3:7d:b3:a3:
27:45:ea:d0:af:b9:ed:9e:71:9f:f0:97:a8:95:3c:
8c:9a:54:14:fd:63:44:39:0d:ca:be:f1:a8:ba:2f:
69:f5:68:55:13:c3:4f:fb:61:71:a1:a9:9e:19:b3:
6b:3b:3f:06:32:31:0e:0b:1a:36:40:2b:02:f4:c8:
2a:02:d3:58:a6:ee:05:fe:08:9b:0e:98:f3:ac:bb:
71:72:fd:cf:2e:d6:25:84:ab:73:90:56:ea:2f:74:
21:23:f6:1d:7d:28:46:ce:81:df:7f:81:17:5a:cf:
62:95:6d:e9:07:8f:5a:7b:70:83:66:47:f8:0a:6f:
13:3e:5d:ac:94:0d:c4:3b:1e:d2:88:3e:d2:b6:53:
c6:77:77:d0:16:0d:78:f6:c3:0d:8a:25:b6:d9:78:
da:30:49:06:1b:36:58:63:ac:50:4c:6e:40:28:e7:
64:21:fa:39:1d:b3:db:5f:3b:f5:94:6d:6a:39:8c:
0e:6b:67:cf:e9:44:08:30:7d:82:27:80:d4:f4:f3:
e1:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:D1:91:44:9B:90:B7:37:4B:6C:2C:55:1C:17:36:D0:1F:EC:D0:10
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0NGRRJuQtzdLbCxVHBc20B_s0BA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.209.200.0/24
88.209.211.0/24
88.209.217.0/24
88.209.226.0/24
88.209.232.0/22
92.52.214.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:8e:ac:67:09:c4:63:8f:0a:cb:3e:57:6c:45:57:a0:02:14:
95:17:27:d4:a1:ac:68:13:67:9a:9f:b2:7f:d9:8d:9f:97:65:
b2:94:25:25:0f:2f:49:7b:19:59:39:fa:e3:3e:17:1c:cc:17:
19:55:b2:fc:c2:65:80:17:e8:32:58:c3:5c:07:f9:0b:a9:dd:
cd:83:7c:5b:c9:5e:fb:81:8a:4e:ce:a5:2a:ae:92:f1:f3:29:
d0:8b:5d:43:5d:b6:a7:c0:ec:10:9f:c3:2c:14:58:95:af:8c:
dd:b5:c7:e9:e3:d2:59:6a:1b:84:52:18:9a:10:95:3e:e3:2e:
04:e3:43:46:53:f1:68:d5:48:f0:f8:cb:69:a9:39:e5:b4:15:
a5:c3:49:1e:53:09:a7:16:ed:dd:c5:67:b4:3b:75:a3:bb:10:
3d:9d:2a:6c:85:5b:e9:30:4f:fc:61:5a:a8:d8:ae:11:72:a9:
4c:6e:9f:ea:a4:99:20:07:85:50:ab:ca:6c:74:a7:22:a9:91:
01:a8:c2:28:3f:53:6b:87:6b:a2:57:9f:ab:a5:40:10:56:57:
8c:a3:7f:4c:dc:bf:9d:f7:5d:a1:51:5e:a4:ab:68:a1:21:2f:
27:41:cf:ee:49:bf:5b:7e:fc:09:21:22:81:c3:73:0f:da:f6:
7e:a4:2f:fa
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYulI0y2lDxiDpxL7c207MiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMTA2MTQ1NzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQxOTE0NDliOTBiNzM3NGI2YzJjNTUxYzE3MzZkMDFmZWNkMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgos8sKtV+9iCr6azqlgX8zFYsDWY
0sgRrxIzurLfsF1Z0UWCi4/ZVnDpT6uzA/NE9z/zkydPJNN9s6MnRerQr7ntnnGf
8JeolTyMmlQU/WNEOQ3KvvGoui9p9WhVE8NP+2FxoameGbNrOz8GMjEOCxo2QCsC
9MgqAtNYpu4F/gibDpjzrLtxcv3PLtYlhKtzkFbqL3QhI/YdfShGzoHff4EXWs9i
lW3pB49ae3CDZkf4Cm8TPl2slA3EOx7SiD7StlPGd3fQFg149sMNiiW22XjaMEkG
GzZYY6xQTG5AKOdkIfo5HbPbXzv1lG1qOYwOa2fP6UQIMH2CJ4DU9PPhNwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNDRkUSbkLc3S2wsVRwXNtAf7NAQMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvME5HUlJKdVF0emRMYkN4VkhCYzIwQl9zMEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATfKWAwQB
WJc4AwQAWNHIAwQAWNHTAwQAWNHZAwQAWNHiAwQCWNHoAwQAXDTWAwQAstLkMA0G
CSqGSIb3DQEBCwUAA4IBAQBrjqxnCcRjjwrLPldsRVegAhSVFyfUoaxoE2ean7J/
2Y2fl2WylCUlDy9JexlZOfrjPhcczBcZVbL8wmWAF+gyWMNcB/kLqd3Ng3xbyV77
gYpOzqUqrpLx8ynQi11DXbanwOwQn8MsFFiVr4zdtcfp49JZahuEUhiaEJU+4y4E
40NGU/Fo1Ujw+MtpqTnltBWlw0keUwmnFu3dxWe0O3WjuxA9nSpshVvpME/8YVqo
2K4RcqlMbp/qpJkgB4VQq8psdKciqZEBqMIoP1Nrh2uiV5+rpUAQVleMo39M3L+d
912hUV6kq2ihIS8nQc/uSb9bfvwJISKBw3MP2vZ+pC/6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:26 2024 by rpki-client on console-fra.rpki-client.org