Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1-C7l9PuP50UkxoY2gNATPlI-hOc.roa
File: 1-C7l9PuP50UkxoY2gNATPlI-hOc.roa (raw, json)
Hash identifier: 3gLXa6ZBB41yw7Yvkm9iKAdID5pKXm1Eqbs8P97W9q8=
Subject key identifier: F8:2E:E5:F4:FB:8F:E7:45:24:C6:86:36:80:D0:13:3E:52:3E:84:E7
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01892F2077520296E05AD4D5273AC1506F86
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1-C7l9PuP50UkxoY2gNATPlI-hOc.roa
Signing time: Fri 07 Jul 2023 06:53:23 +0000
ROA not before: Fri 07 Jul 2023 06:53:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 88.209.245.0/24 maxlen: 24
88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.157.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
92.52.214.0/24 maxlen: 24
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/24 maxlen: 24
88.151.56.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:2f:20:77:52:02:96:e0:5a:d4:d5:27:3a:c1:50:6f:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 7 06:53:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f82ee5f4fb8fe74524c6863680d0133e523e84e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:42:31:4c:1a:5f:75:a5:81:e0:32:d0:4f:96:
47:d3:d7:59:bb:63:3c:38:28:bc:b6:4d:cd:99:13:
ca:f4:30:e3:5b:e1:63:75:f6:a8:34:cc:ab:d3:05:
6e:c5:05:dd:8a:8e:21:50:76:dd:74:84:0a:77:86:
2c:1f:29:20:8a:e7:ce:2b:c4:30:3d:0c:7a:d7:9f:
11:b8:f4:c7:65:e4:4d:60:7a:74:80:04:c1:31:98:
82:bd:f7:d0:37:32:52:22:3e:48:27:a5:f5:69:03:
d4:db:75:a8:1c:f0:a4:ae:1b:d5:62:9d:87:0d:89:
b5:ec:31:c7:82:e2:27:66:e9:89:6b:5a:62:0d:66:
20:fb:77:8a:ad:fc:50:b4:cc:5c:ea:da:d8:ea:1c:
fd:73:f5:bd:70:df:cd:4c:6a:0b:21:34:25:34:3f:
68:c5:49:4e:e6:fb:84:c3:ce:22:be:4e:4a:79:c9:
94:51:29:30:52:4c:72:95:fd:07:3d:22:76:7f:26:
9f:b5:de:72:ba:7f:70:96:40:9b:35:d0:bc:f4:64:
31:e1:03:8d:6e:4a:c9:ef:0e:7c:34:f8:43:b8:ba:
7c:d3:84:c2:79:37:46:00:1a:7d:d4:18:f9:14:a5:
48:0e:5e:66:b9:49:99:c1:c5:78:b1:2a:49:8d:03:
a8:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:2E:E5:F4:FB:8F:E7:45:24:C6:86:36:80:D0:13:3E:52:3E:84:E7
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1-C7l9PuP50UkxoY2gNATPlI-hOc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.170.0/24
77.242.157.0-77.242.158.255
88.151.56.0/24
88.151.62.0/24
88.209.226.0/24
88.209.245.0/24
88.209.253.0/24
92.52.214.0/24
178.210.228.0/24
178.210.248.0/23
178.210.251.0-178.210.252.255
Signature Algorithm: sha256WithRSAEncryption
37:30:d8:5b:8a:0a:ab:e0:4e:76:50:8a:bd:41:2a:dc:c7:13:
d9:e4:27:ad:e8:05:60:4e:77:1a:31:db:80:91:a7:12:2a:2a:
79:e8:89:1a:c4:64:ec:95:a5:fe:7f:8e:13:6a:a3:73:8e:b5:
62:3d:4f:1d:5c:e1:b2:fb:3a:52:c5:e6:4a:f6:da:7a:39:e4:
66:4c:da:a6:6e:d3:e8:70:80:f8:fa:02:26:87:c2:e4:3b:d1:
90:85:7e:00:83:c8:c4:13:06:57:c9:89:7f:5e:14:3c:3c:f4:
b7:e2:47:45:3f:9f:dd:18:69:ae:dc:43:fc:94:59:d1:84:61:
02:2b:43:30:20:6e:9e:f6:47:92:2d:c6:90:34:5a:30:40:0b:
ae:1e:cb:87:d3:31:3d:18:04:2d:c5:6a:c1:9c:ba:85:2e:f2:
92:33:6b:3b:28:bc:67:c4:14:90:77:f9:d7:ae:95:79:d1:2c:
8b:d7:a6:7b:dd:e2:a6:fa:97:a0:d5:02:25:46:e2:d1:a0:c0:
d2:5d:5c:87:2b:b1:45:8b:4a:9a:f8:8d:1b:4a:cb:88:24:98:
5c:8a:6b:47:1f:3c:47:e1:d9:56:16:0c:ad:e4:1e:4b:e7:e7:
b8:ca:70:12:0a:17:27:c1:c5:19:58:fa:5e:5a:c6:44:48:83:
82:b2:af:fd
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYkvIHdSApbgWtTVJzrBUG+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzA3MDY1MzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODJlZTVmNGZiOGZlNzQ1MjRjNjg2MzY4MGQwMTMzZTUyM2U4NGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUIxTBpfdaWB4DLQT5ZH09dZu2M8
OCi8tk3NmRPK9DDjW+FjdfaoNMyr0wVuxQXdio4hUHbddIQKd4YsHykgiufOK8Qw
PQx6158RuPTHZeRNYHp0gATBMZiCvffQNzJSIj5IJ6X1aQPU23WoHPCkrhvVYp2H
DYm17DHHguInZumJa1piDWYg+3eKrfxQtMxc6trY6hz9c/W9cN/NTGoLITQlND9o
xUlO5vuEw84ivk5KecmUUSkwUkxylf0HPSJ2fyaftd5yun9wlkCbNdC89GQx4QON
bkrJ7w58NPhDuLp804TCeTdGABp91Bj5FKVIDl5muUmZwcV4sSpJjQOoNQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFPgu5fT7j+dFJMaGNoDQEz5SPoTnMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMS1DN2w5UHVQNTBVa3hvWTJnTkFUUGxJLWhPYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGQvNTg5MTI3LTEwOTYtNGM5MS05NmNjLTdlNGQ2ZjZmNmU2
Ni8xL3phcWc0SUkyQTJDczJqUjJaT3VERk9zUjJoQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBrBggrBgEFBQcBBwEB/wRcMFowWAQCAAEwUgMEAAI6qjAM
AwQATfKdAwQATfKeAwQAWJc4AwQAWJc+AwQAWNHiAwQAWNH1AwQAWNH9AwQAXDTW
AwQAstLkAwQBstL4MAwDBACy0vsDBACy0vwwDQYJKoZIhvcNAQELBQADggEBADcw
2FuKCqvgTnZQir1BKtzHE9nkJ63oBWBOdxox24CRpxIqKnnoiRrEZOyVpf5/jhNq
o3OOtWI9Tx1c4bL7OlLF5kr22no55GZM2qZu0+hwgPj6AiaHwuQ70ZCFfgCDyMQT
BlfJiX9eFDw89LfiR0U/n90Yaa7cQ/yUWdGEYQIrQzAgbp72R5ItxpA0WjBAC64e
y4fTMT0YBC3FasGcuoUu8pIzazsovGfEFJB3+deulXnRLIvXpnvd4qb6l6DVAiVG
4tGgwNJdXIcrsUWLSpr4jRtKy4gkmFyKa0cfPEfh2VYWDK3kHkvn57jKcBIKFyfB
xRlY+l5axkRIg4Kyr/0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org