Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1Iaua4gNnbpSEJwlgaPmcvjpWZ4.roa
File: 1Iaua4gNnbpSEJwlgaPmcvjpWZ4.roa (raw, json)
Hash identifier: 2ye3pKuGOCzlBQhIXfcwnh81VH1O6DDotSP0FYlOf+o=
Subject key identifier: D4:86:AE:6B:88:0D:9D:BA:52:10:9C:25:81:A3:E6:72:F8:E9:59:9E
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0189E352C2BDB63941D02BC3AD32F5A92434
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1Iaua4gNnbpSEJwlgaPmcvjpWZ4.roa
Signing time: Fri 11 Aug 2023 06:39:59 +0000
ROA not before: Fri 11 Aug 2023 06:39:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 92.52.214.0/24 maxlen: 24
88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/24 maxlen: 24
77.242.157.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:e3:52:c2:bd:b6:39:41:d0:2b:c3:ad:32:f5:a9:24:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Aug 11 06:39:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d486ae6b880d9dba52109c2581a3e672f8e9599e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:e9:26:ba:5e:e8:0b:bb:66:4c:2b:0f:1c:f2:
a4:24:2b:03:d9:73:3b:7f:2b:cb:21:c4:74:7b:87:
62:d3:78:4b:6d:f6:62:8d:25:b3:a4:ab:c3:fa:8f:
e4:23:3c:3a:3e:6c:65:aa:d3:dc:20:c0:40:be:df:
76:b6:97:33:2b:03:59:f2:b0:81:7e:d9:15:55:86:
f2:87:32:bb:35:38:9c:3a:59:fc:8c:d0:01:db:ad:
d1:1f:de:8e:28:be:69:ee:e6:9e:aa:37:c3:4f:81:
e8:fc:84:07:33:38:9d:7c:d7:58:8f:dc:6a:90:a3:
49:de:5d:7c:d1:0b:cc:4e:d0:5c:a9:4b:04:fb:16:
a9:ff:30:bb:10:94:f4:a9:43:46:43:3e:87:03:ad:
69:46:c3:81:af:b4:61:64:44:53:fe:37:14:f1:c6:
10:c7:1e:c7:a8:1d:77:df:cd:64:37:23:ee:98:b0:
09:a4:bc:a6:85:0e:2a:9b:60:ec:5f:66:9e:ca:e2:
12:4d:fa:b2:60:c9:08:8d:39:5f:ff:c6:39:b1:79:
24:ea:a9:b2:1e:93:b2:00:f7:21:be:ce:a8:f8:b8:
fb:0b:8c:40:91:dd:83:ef:b8:33:4d:80:0c:c3:9e:
c8:4c:86:db:ec:35:8d:63:a3:11:f7:c6:2b:da:bb:
53:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:86:AE:6B:88:0D:9D:BA:52:10:9C:25:81:A3:E6:72:F8:E9:59:9E
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1Iaua4gNnbpSEJwlgaPmcvjpWZ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.157.0-77.242.158.255
88.151.62.0/24
88.209.226.0/24
88.209.253.0/24
92.52.214.0/24
178.210.228.0/24
178.210.248.0/23
178.210.251.0-178.210.252.255
Signature Algorithm: sha256WithRSAEncryption
10:2c:a8:3d:4c:de:0a:c2:9d:f0:04:10:28:19:2f:0e:76:fc:
4e:8f:92:ff:db:d1:36:70:c7:e6:1f:de:5d:aa:4b:d0:56:f2:
5a:64:25:6e:7e:5a:42:c1:37:46:7d:06:58:00:8f:30:9b:df:
4f:de:11:2b:7f:24:18:fd:ec:ca:a6:95:ec:52:5b:9f:a5:1b:
9c:da:4e:bb:e1:6d:f7:15:e2:2a:1e:7c:7d:fc:ce:14:4a:b5:
95:43:aa:0a:13:e6:f4:49:95:16:af:93:60:05:81:af:09:e4:
14:de:32:84:fd:74:c2:60:7b:35:6d:09:01:61:01:50:c4:a7:
2e:35:57:5f:fb:6d:54:37:18:10:70:17:38:30:44:4c:4d:04:
1e:48:b6:44:0c:15:44:49:6e:38:4d:6f:fd:97:f9:0e:e8:e2:
5e:c9:68:13:2c:02:11:e5:3a:e8:79:75:6d:52:2a:af:7e:2d:
2d:be:df:9c:f5:f1:0f:c9:b7:11:83:77:94:ba:5a:a5:b3:73:
09:2c:68:ea:c3:a8:5d:07:14:22:30:17:87:72:3d:2b:5c:ea:
4a:88:be:2c:ab:9a:44:94:1b:ff:bd:bd:71:8f:22:f1:fe:38:
d0:09:a6:10:00:a4:e6:91:01:66:70:9c:11:97:d5:cb:19:cd:
fb:2b:30:7e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYnjUsK9tjlB0CvDrTL1qSQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODExMDYzOTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg2YWU2Yjg4MGQ5ZGJhNTIxMDljMjU4MWEzZTY3MmY4ZTk1OTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Okmul7oC7tmTCsPHPKkJCsD2XM7
fyvLIcR0e4di03hLbfZijSWzpKvD+o/kIzw6PmxlqtPcIMBAvt92tpczKwNZ8rCB
ftkVVYbyhzK7NTicOln8jNAB263RH96OKL5p7uaeqjfDT4Ho/IQHMzidfNdYj9xq
kKNJ3l180QvMTtBcqUsE+xap/zC7EJT0qUNGQz6HA61pRsOBr7RhZERT/jcU8cYQ
xx7HqB13381kNyPumLAJpLymhQ4qm2DsX2aeyuISTfqyYMkIjTlf/8Y5sXkk6qmy
HpOyAPchvs6o+Lj7C4xAkd2D77gzTYAMw57ITIbb7DWNY6MR98Yr2rtT6QIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFNSGrmuIDZ26UhCcJYGj5nL46VmeMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMUlhdWE0Z05uYnBTRUp3bGdhUG1jdmpwV1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBABN8p0D
BABN8p4DBABYlz4DBABY0eIDBABY0f0DBABcNNYDBACy0uQDBAGy0vgwDAMEALLS
+wMEALLS/DANBgkqhkiG9w0BAQsFAAOCAQEAECyoPUzeCsKd8AQQKBkvDnb8To+S
/9vRNnDH5h/eXapL0FbyWmQlbn5aQsE3Rn0GWACPMJvfT94RK38kGP3syqaV7FJb
n6UbnNpOu+Ft9xXiKh58ffzOFEq1lUOqChPm9EmVFq+TYAWBrwnkFN4yhP10wmB7
NW0JAWEBUMSnLjVXX/ttVDcYEHAXODBETE0EHki2RAwVREluOE1v/Zf5DujiXslo
EywCEeU66Hl1bVIqr34tLb7fnPXxD8m3EYN3lLpapbNzCSxo6sOoXQcUIjAXh3I9
K1zqSoi+LKuaRJQb/729cY8i8f440AmmEACk5pEBZnCcEZfVyxnN+yswfg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org