Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/20S5LfX9sdV4SlSiQ5DdtOq0nvk.roa
File: 20S5LfX9sdV4SlSiQ5DdtOq0nvk.roa (raw, json)
Hash identifier: GS9MljCffwyXG1vS9MeLUjh/0wmopHECMnNj7px2bpU=
Subject key identifier: DB:44:B9:2D:F5:FD:B1:D5:78:4A:54:A2:43:90:DD:B4:EA:B4:9E:F9
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018AB72A9ADFB987890BDC50D87AD51FB6F5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/20S5LfX9sdV4SlSiQ5DdtOq0nvk.roa
Signing time: Thu 21 Sep 2023 09:55:37 +0000
ROA not before: Thu 21 Sep 2023 09:55:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.210.228.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.63.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b7:2a:9a:df:b9:87:89:0b:dc:50:d8:7a:d5:1f:b6:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 21 09:55:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=db44b92df5fdb1d5784a54a24390ddb4eab49ef9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:43:b1:b1:4c:b4:84:a9:52:6d:9f:75:5a:60:
79:58:4f:2b:6e:81:bd:ab:bb:24:33:c9:7f:b7:e5:
d8:9e:ff:23:00:40:cf:bf:c9:7e:a0:67:a1:20:1d:
f7:41:9d:be:54:b2:23:0a:0b:15:fd:53:a8:0e:85:
0b:8f:f9:33:ef:c1:c6:29:66:15:66:66:4b:3d:7e:
2a:0b:a2:18:9e:3a:32:bc:1f:34:76:c3:78:5d:e9:
20:f8:14:76:27:37:3e:c0:4a:fd:61:65:bc:ca:c6:
ad:b3:86:68:b5:56:44:df:5c:50:e9:22:f6:fd:cb:
f3:e4:62:a8:12:2a:14:21:a5:53:d3:07:28:30:09:
04:e4:5a:6f:27:50:96:7c:c7:7d:93:ff:6d:4b:8e:
a6:7f:08:03:7d:d8:77:8c:66:27:f1:ba:1b:67:44:
65:14:3a:0d:c4:c8:7c:36:0c:32:e4:a7:ca:93:0b:
d8:6b:20:58:cc:a9:d0:d8:75:17:ed:8f:e8:02:f9:
88:84:16:e1:28:80:ca:27:3d:75:3e:74:df:2d:77:
67:c0:70:65:c8:44:c2:8f:ee:55:07:fd:af:25:6d:
f4:90:43:9e:e4:34:f4:ef:7b:5d:0e:6e:6b:78:8d:
8b:4f:51:00:46:cd:25:e6:ef:3c:a4:b7:e4:73:af:
95:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:44:B9:2D:F5:FD:B1:D5:78:4A:54:A2:43:90:DD:B4:EA:B4:9E:F9
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/20S5LfX9sdV4SlSiQ5DdtOq0nvk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.169.0/24
77.242.150.0/24
77.242.158.0/24
88.151.56.0/23
88.151.63.0/24
88.209.211.0/24
88.209.217.0/24
178.210.228.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
ba:a6:c3:1e:08:81:e0:04:84:24:91:63:c5:18:ac:6d:21:31:
bb:a2:38:7e:cb:04:6d:b8:7d:74:c6:2f:12:29:4e:05:60:14:
56:b3:f7:8f:f8:bf:62:90:10:92:cb:17:e2:94:b5:a2:70:22:
b6:28:7d:af:0f:ff:a4:45:eb:7e:ee:43:7d:a9:f7:77:7e:0c:
62:ba:83:31:8d:84:3a:09:c0:de:de:77:cd:05:80:13:8b:71:
19:0b:b8:74:a8:67:14:f3:22:4d:db:56:76:bf:e3:02:cc:29:
92:48:f9:36:4e:5e:2a:e0:27:a8:4f:c0:7c:ff:37:a1:90:00:
2f:48:d3:9f:42:ab:be:8d:bf:69:5e:86:bf:22:1f:1e:83:d7:
1d:a4:9a:d6:2d:61:f9:b4:fb:77:a5:f6:1c:e4:34:38:a6:da:
5e:d6:d2:1f:35:e4:a8:a0:6d:12:90:c6:ec:cc:fb:25:3c:89:
99:f8:48:ed:32:b9:e5:4b:03:c5:ab:fa:af:29:09:12:0c:f6:
98:ca:0c:ac:0e:1b:ef:10:a1:1a:3c:d0:db:7b:21:63:49:30:
10:c5:c7:14:1f:94:ae:1f:77:9d:99:01:84:15:2d:98:7b:ad:
a7:d2:e9:ad:fd:bc:7f:f9:a6:20:b0:f4:e7:e6:4a:e8:89:c3:
0a:03:00:20
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYq3KprfuYeJC9xQ2HrVH7b1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTIxMDk1NTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQ0YjkyZGY1ZmRiMWQ1Nzg0YTU0YTI0MzkwZGRiNGVhYjQ5ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0OxsUy0hKlSbZ91WmB5WE8rboG9
q7skM8l/t+XYnv8jAEDPv8l+oGehIB33QZ2+VLIjCgsV/VOoDoULj/kz78HGKWYV
ZmZLPX4qC6IYnjoyvB80dsN4Xekg+BR2Jzc+wEr9YWW8ysats4ZotVZE31xQ6SL2
/cvz5GKoEioUIaVT0wcoMAkE5FpvJ1CWfMd9k/9tS46mfwgDfdh3jGYn8bobZ0Rl
FDoNxMh8Ngwy5KfKkwvYayBYzKnQ2HUX7Y/oAvmIhBbhKIDKJz11PnTfLXdnwHBl
yETCj+5VB/2vJW30kEOe5DT073tdDm5reI2LT1EARs0l5u88pLfkc6+VnQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNtEuS31/bHVeEpUokOQ3bTqtJ75MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMjBTNUxmWDlzZFY0U2xTaVE1RGR0T3EwbnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAjqpAwQA
TfKWAwQATfKeAwQBWJc4AwQAWJc/AwQAWNHTAwQAWNHZAwQAstLkAwQAstL6MA0G
CSqGSIb3DQEBCwUAA4IBAQC6psMeCIHgBIQkkWPFGKxtITG7ojh+ywRtuH10xi8S
KU4FYBRWs/eP+L9ikBCSyxfilLWicCK2KH2vD/+kRet+7kN9qfd3fgxiuoMxjYQ6
CcDe3nfNBYATi3EZC7h0qGcU8yJN21Z2v+MCzCmSSPk2Tl4q4CeoT8B8/zehkAAv
SNOfQqu+jb9pXoa/Ih8eg9cdpJrWLWH5tPt3pfYc5DQ4ptpe1tIfNeSooG0SkMbs
zPslPImZ+EjtMrnlSwPFq/qvKQkSDPaYygysDhvvEKEaPNDbeyFjSTAQxccUH5Su
H3edmQGEFS2Ye62n0umt/bx/+aYgsPTn5kroicMKAwAg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org