Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0kCHo8U9hpBsYIGy02ZYvq9rGRY.roa
File: 0kCHo8U9hpBsYIGy02ZYvq9rGRY.roa (raw, json)
Hash identifier: LhKh5vn+K6H8E22nxHK2cyhxihKHR7cgjEmI/Qsmfkc=
Subject key identifier: D2:40:87:A3:C5:3D:86:90:6C:60:81:B2:D3:66:58:BE:AF:6B:19:16
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0189C12D51A32B10CFC825393DA47BBB1F41
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0kCHo8U9hpBsYIGy02ZYvq9rGRY.roa
Signing time: Fri 04 Aug 2023 15:31:59 +0000
ROA not before: Fri 04 Aug 2023 15:31:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.195.0/24 maxlen: 24
77.242.156.0/24 maxlen: 24
77.242.159.0/24 maxlen: 24
2.58.168.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:c1:2d:51:a3:2b:10:cf:c8:25:39:3d:a4:7b:bb:1f:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Aug 4 15:31:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d24087a3c53d86906c6081b2d36658beaf6b1916
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:12:f6:96:ee:88:9d:4e:c9:47:d9:75:fa:aa:
0c:31:e7:55:cd:53:51:87:68:e7:64:f5:c8:d2:e6:
1e:e5:03:59:e6:8a:fe:52:b9:ef:34:1d:16:1a:8f:
89:36:15:d1:8c:8d:82:a1:27:89:d5:26:57:be:3c:
e1:0c:34:35:4e:46:9e:87:d0:5c:ee:8d:80:95:45:
5a:a5:9c:1a:3c:bb:07:56:c6:64:60:38:e7:03:f3:
43:0f:94:70:3b:5c:4a:2e:41:e1:c5:36:11:de:cb:
d3:40:b3:27:68:61:cc:2e:5b:82:7c:e6:ed:e6:61:
b5:1a:aa:15:9b:29:17:f6:2a:da:e8:b9:5a:64:98:
83:4a:fe:cd:01:7a:ac:ad:c4:f4:4a:ac:a8:23:f0:
7c:fc:97:23:1b:8a:c5:db:02:e8:f4:d9:22:a3:44:
02:da:41:c4:28:37:fa:bc:f8:63:40:f4:bc:a7:bc:
27:21:3b:11:57:94:4d:14:47:c6:e9:70:4e:01:45:
59:62:3f:6e:cc:f9:2a:e6:41:00:15:06:09:76:8f:
3b:8c:2a:e9:9b:86:28:42:16:75:09:87:6f:12:55:
21:d6:ac:3e:9f:fb:6e:88:1f:8f:13:2a:79:25:c5:
c8:ed:5c:74:42:52:e8:0c:d6:40:66:49:94:89:11:
b1:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:40:87:A3:C5:3D:86:90:6C:60:81:B2:D3:66:58:BE:AF:6B:19:16
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0kCHo8U9hpBsYIGy02ZYvq9rGRY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0/24
77.242.150.0/24
77.242.156.0/24
77.242.159.0/24
88.151.56.0-88.151.58.255
88.209.195.0/24
88.209.211.0/24
88.209.217.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:c0:c0:07:c7:17:a8:97:0a:74:a5:46:ce:c9:1f:6d:5e:c1:
80:33:83:57:2c:00:ed:f3:bd:03:e7:76:65:6d:9b:c3:7e:9e:
d8:4c:34:3a:22:cb:da:7d:ae:34:b9:d4:d9:a5:d1:04:ea:ea:
08:c2:ad:70:27:ff:5e:7e:2f:00:a6:fd:54:5c:7a:56:32:84:
9f:21:df:9f:59:b8:b9:f1:2a:f6:58:d7:55:fd:1b:72:85:1c:
92:41:d3:4f:cf:ed:d0:9b:75:ae:c9:d0:8e:fe:bd:8e:cc:5d:
30:d2:a7:c0:5a:49:21:7e:ce:7f:5d:87:00:d4:bf:99:45:4c:
82:a2:d1:7c:66:2b:b3:09:ce:19:92:8e:2f:2e:5f:75:16:17:
23:a5:00:15:80:96:71:63:46:2e:56:4c:cb:0e:b4:62:c1:dc:
ad:6c:c2:52:2f:d3:7a:d6:aa:6d:80:43:7c:60:8f:2d:d9:be:
9a:4e:50:93:14:17:b8:c5:b5:fa:fc:54:fc:ad:42:e9:fb:a2:
d5:e2:c7:47:74:e9:48:6b:5d:5a:c2:37:0a:06:13:5c:0e:cc:
e7:75:26:26:71:f9:a0:d4:07:6a:3d:aa:fc:6c:bd:c6:0f:7b:
9b:2f:5f:a9:4e:23:6a:84:36:4b:a7:39:13:4e:c0:ab:27:dc:
0a:3e:da:94
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYnBLVGjKxDPyCU5PaR7ux9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODA0MTUzMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQwODdhM2M1M2Q4NjkwNmM2MDgxYjJkMzY2NThiZWFmNmIxOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxL2lu6InU7JR9l1+qoMMedVzVNR
h2jnZPXI0uYe5QNZ5or+UrnvNB0WGo+JNhXRjI2CoSeJ1SZXvjzhDDQ1Tkaeh9Bc
7o2AlUVapZwaPLsHVsZkYDjnA/NDD5RwO1xKLkHhxTYR3svTQLMnaGHMLluCfObt
5mG1GqoVmykX9ira6LlaZJiDSv7NAXqsrcT0SqyoI/B8/JcjG4rF2wLo9Nkio0QC
2kHEKDf6vPhjQPS8p7wnITsRV5RNFEfG6XBOAUVZYj9uzPkq5kEAFQYJdo87jCrp
m4YoQhZ1CYdvElUh1qw+n/tuiB+PEyp5JcXI7Vx0QlLoDNZAZkmUiRGx0QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNJAh6PFPYaQbGCBstNmWL6vaxkWMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMGtDSG84VTlocEJzWUlHeTAyWll2cTlyR1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqoAwQA
TfKWAwQATfKcAwQATfKfMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0dkD
BACy0vowDQYJKoZIhvcNAQELBQADggEBAJ/AwAfHF6iXCnSlRs7JH21ewYAzg1cs
AO3zvQPndmVtm8N+nthMNDoiy9p9rjS51Nml0QTq6gjCrXAn/15+LwCm/VRcelYy
hJ8h359ZuLnxKvZY11X9G3KFHJJB00/P7dCbda7J0I7+vY7MXTDSp8BaSSF+zn9d
hwDUv5lFTIKi0XxmK7MJzhmSji8uX3UWFyOlABWAlnFjRi5WTMsOtGLB3K1swlIv
03rWqm2AQ3xgjy3ZvppOUJMUF7jFtfr8VPytQun7otXix0d06UhrXVrCNwoGE1wO
zOd1JiZx+aDUB2o9qvxsvcYPe5svX6lOI2qENkunORNOwKsn3Ao+2pQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:26 2024 by rpki-client on console-fra.rpki-client.org