Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/2OUkEagdmYlfnjQ4LbXP15qJP_4.roa
File: 2OUkEagdmYlfnjQ4LbXP15qJP_4.roa (raw, json)
Hash identifier: aqxR/J1Kl0gH7tfMzKeCtwswJyebEwiA/G38BXwIr50=
Subject key identifier: D8:E5:24:11:A8:1D:99:89:5F:9E:34:38:2D:B5:CF:D7:9A:89:3F:FE
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0189DE1002A5123484929E01CAE027E8D3AA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/2OUkEagdmYlfnjQ4LbXP15qJP_4.roa
Signing time: Thu 10 Aug 2023 06:08:58 +0000
ROA not before: Thu 10 Aug 2023 06:08:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 83.137.158.0/24 maxlen: 24
83.137.159.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.209.195.0/24 maxlen: 24
77.242.156.0/24 maxlen: 24
77.242.159.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.216.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.63.0/24 maxlen: 24
2.58.168.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:de:10:02:a5:12:34:84:92:9e:01:ca:e0:27:e8:d3:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Aug 10 06:08:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8e52411a81d99895f9e34382db5cfd79a893ffe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:fa:48:8e:e7:f1:f7:9e:50:69:9c:93:be:d8:
6e:f1:f0:96:80:d5:bf:da:97:9d:20:94:a2:5d:56:
f1:80:09:a9:5a:6b:99:6f:4d:24:ed:e3:2c:dc:06:
6c:e8:da:6a:23:31:7d:ea:a0:ec:d9:c2:ee:28:71:
dd:95:d0:54:7d:67:08:eb:3b:a1:06:7e:b0:0f:0f:
7f:55:15:2b:97:b1:c8:41:b9:9f:e8:20:f1:3a:09:
0d:0a:83:96:81:89:c8:81:1c:a9:60:fa:d6:74:90:
92:39:f7:a5:22:49:94:f9:12:b2:d7:37:9b:22:60:
7d:c6:54:65:aa:2e:5a:9f:c7:8f:0b:50:a3:3f:36:
80:db:6b:ae:62:49:23:ef:95:a7:b5:d9:e1:1a:73:
d6:6f:8a:6f:5e:d6:48:19:e2:e3:4d:25:6a:d5:a7:
dd:ce:ed:8f:39:60:dd:ae:0a:fc:7a:96:12:cb:d2:
8b:51:98:d4:d5:e7:ba:da:ca:81:61:d5:7a:b2:51:
47:28:7d:ae:f8:29:a5:61:b2:54:bf:a2:cf:e7:ca:
ea:0a:b9:0b:7a:13:84:96:d9:d9:a8:17:76:f5:9a:
7c:f1:b9:ba:5f:13:d3:a2:c0:5d:2b:a3:18:c8:ef:
b3:f9:a1:80:f4:6d:1c:4c:d6:76:fa:2f:af:a1:7e:
dc:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:E5:24:11:A8:1D:99:89:5F:9E:34:38:2D:B5:CF:D7:9A:89:3F:FE
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/2OUkEagdmYlfnjQ4LbXP15qJP_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0/24
2.58.170.0/24
77.242.150.0/24
77.242.156.0/24
77.242.159.0/24
83.137.158.0/23
88.151.56.0-88.151.58.255
88.151.63.0/24
88.209.195.0/24
88.209.211.0/24
88.209.216.0/23
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
42:ba:58:6a:7c:98:33:42:48:8a:94:99:42:56:f0:48:c7:6c:
0c:f6:5e:60:c7:6b:f7:cb:cf:5d:07:8d:1d:ce:b3:1e:94:51:
8a:ec:17:64:41:1b:cd:ce:b5:fc:41:80:64:4b:bb:0c:b5:28:
78:7a:41:db:74:39:2d:32:a3:c5:56:b8:ab:df:04:25:03:3f:
c1:dc:41:37:fa:b5:13:f8:e5:fc:d2:f1:17:47:7d:35:f8:3f:
be:0c:d4:f4:15:c0:16:52:3e:eb:ce:a9:79:f9:c5:e9:5d:e3:
3f:71:1e:42:c5:89:37:4b:72:d3:f1:03:de:51:56:64:c0:8b:
c0:23:65:40:82:67:28:4b:d0:e3:8e:fc:2b:81:ff:19:d1:e9:
47:d7:d0:63:97:0d:50:53:05:71:8f:d7:06:ed:02:2c:6b:31:
fb:bf:90:22:b2:30:f8:a0:57:83:7a:c8:d7:45:6c:56:b5:f7:
70:be:27:3f:2a:82:fc:82:35:9d:02:4f:bc:ec:02:32:a2:a5:
ab:cd:c9:1d:3c:89:40:22:7c:87:2f:71:16:b9:fa:d9:15:29:
ec:b8:89:e4:f9:67:bb:81:23:7b:ae:e6:7f:9b:2e:9a:09:15:
44:e8:a8:f0:dc:84:6a:71:3d:c8:04:51:50:50:d2:86:46:bd:
da:ce:ae:fb
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYneEAKlEjSEkp4ByuAn6NOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODEwMDYwODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGU1MjQxMWE4MWQ5OTg5NWY5ZTM0MzgyZGI1Y2ZkNzlhODkzZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/pIjufx955QaZyTvthu8fCWgNW/
2pedIJSiXVbxgAmpWmuZb00k7eMs3AZs6NpqIzF96qDs2cLuKHHdldBUfWcI6zuh
Bn6wDw9/VRUrl7HIQbmf6CDxOgkNCoOWgYnIgRypYPrWdJCSOfelIkmU+RKy1zeb
ImB9xlRlqi5an8ePC1CjPzaA22uuYkkj75WntdnhGnPWb4pvXtZIGeLjTSVq1afd
zu2POWDdrgr8epYSy9KLUZjU1ee62sqBYdV6slFHKH2u+CmlYbJUv6LP58rqCrkL
ehOEltnZqBd29Zp88bm6XxPTosBdK6MYyO+z+aGA9G0cTNZ2+i+voX7cbwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFNjlJBGoHZmJX540OC21z9eaiT/+MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMk9Va0VhZ2RtWWxmbmpRNExiWFAxNXFKUF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAAjqoAwQA
AjqqAwQATfKWAwQATfKcAwQATfKfAwQBU4meMAwDBANYlzgDBABYlzoDBABYlz8D
BABY0cMDBABY0dMDBAFY0dgDBACy0vowDQYJKoZIhvcNAQELBQADggEBAEK6WGp8
mDNCSIqUmUJW8EjHbAz2XmDHa/fLz10HjR3Osx6UUYrsF2RBG83OtfxBgGRLuwy1
KHh6Qdt0OS0yo8VWuKvfBCUDP8HcQTf6tRP45fzS8RdHfTX4P74M1PQVwBZSPuvO
qXn5xeld4z9xHkLFiTdLctPxA95RVmTAi8AjZUCCZyhL0OOO/CuB/xnR6UfX0GOX
DVBTBXGP1wbtAixrMfu/kCKyMPigV4N6yNdFbFa193C+Jz8qgvyCNZ0CT7zsAjKi
pavNyR08iUAifIcvcRa5+tkVKey4ieT5Z7uBI3uu5n+bLpoJFUToqPDchGpxPcgE
UVBQ0oZGvdrOrvs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:26 2024 by rpki-client on console-fra.rpki-client.org