Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6TN24PAYfB8DD1k4fpbdGgzb8K8.roa
File: 6TN24PAYfB8DD1k4fpbdGgzb8K8.roa (raw, json)
Hash identifier: RH5/KVdM6M2oUZbEmV/PMq8RD6Zl/2WUFbTfdVF3w5Y=
Subject key identifier: E9:33:76:E0:F0:18:7C:1F:03:0F:59:38:7E:96:DD:1A:0C:DB:F0:AF
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0189551E8B879B5A4166E8F5AAA28C20C14D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6TN24PAYfB8DD1k4fpbdGgzb8K8.roa
Signing time: Fri 14 Jul 2023 15:56:52 +0000
ROA not before: Fri 14 Jul 2023 15:56:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.210.230.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.195.0/24 maxlen: 24
2.58.168.0/24 maxlen: 24
5.182.113.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:55:1e:8b:87:9b:5a:41:66:e8:f5:aa:a2:8c:20:c1:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 14 15:56:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e93376e0f0187c1f030f59387e96dd1a0cdbf0af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:bc:e2:2a:2f:74:dc:d8:79:04:03:23:ba:b6:
35:17:d9:86:64:eb:75:46:5c:f7:fc:49:e5:da:6a:
09:1b:f3:67:5a:63:35:84:bd:de:11:a8:6a:a1:62:
fd:cf:45:ee:19:12:d8:e3:f5:ea:f0:46:bb:a7:9d:
dd:99:13:40:e0:64:30:9f:d3:0a:cc:63:f7:bd:92:
b3:3c:33:ab:f2:02:e4:02:4e:5c:18:6d:97:05:5f:
98:ce:fd:f3:68:c9:f6:84:b4:17:24:87:5f:75:03:
42:9e:b9:2d:5d:20:3d:af:3d:52:27:f8:68:72:98:
95:3e:3f:08:f5:b4:b8:d6:94:eb:a4:7b:ac:b2:79:
7c:6d:30:f7:dd:12:75:6f:8a:9e:3b:0c:cd:de:e5:
62:c4:53:ed:03:ad:b5:63:5f:9b:51:39:4c:55:23:
fb:92:53:33:6b:8c:b3:9f:14:4a:ea:9d:b1:3b:39:
9c:cf:f7:d4:1e:21:88:10:5a:8c:96:47:99:4a:39:
11:74:0c:95:98:86:88:59:be:0f:c2:28:f8:d1:1b:
88:8e:c9:fe:fc:3d:2a:d1:a7:d9:be:2a:67:85:4c:
60:f5:58:18:0e:f8:5c:74:3b:42:a5:90:34:43:c0:
c0:4f:0a:6a:d6:32:59:7b:ee:81:86:9d:51:28:ad:
de:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:33:76:E0:F0:18:7C:1F:03:0F:59:38:7E:96:DD:1A:0C:DB:F0:AF
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6TN24PAYfB8DD1k4fpbdGgzb8K8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0/24
5.182.113.0/24
88.151.56.0-88.151.58.255
88.209.195.0/24
88.209.211.0/24
88.209.221.0/24
178.210.230.0/24
Signature Algorithm: sha256WithRSAEncryption
60:ce:20:f7:8c:0e:41:e6:fc:cc:67:62:10:9c:5a:84:ae:3c:
e4:06:ce:da:fd:f4:e3:f6:1e:55:02:54:e1:c9:05:86:e0:82:
98:f0:33:32:3a:41:55:0f:59:06:af:93:79:46:9b:bf:e1:11:
53:06:bc:9c:02:81:4a:81:4f:b5:5f:7f:cb:e2:a6:60:66:f0:
46:0d:da:c3:7f:7a:45:92:0b:b4:aa:6d:17:c1:32:95:a4:66:
47:2a:c9:47:6b:db:30:5b:01:2b:20:8a:48:6a:fe:bd:63:de:
e3:48:69:8c:04:e7:f9:02:40:7b:10:9b:d9:a9:ce:9a:4a:80:
c0:e9:0f:06:31:89:7a:16:36:37:5f:a0:20:9f:cf:ba:4d:fc:
8b:c1:5f:d2:19:26:15:5a:b6:6e:6e:ce:29:75:f6:e4:23:07:
40:67:e0:52:3f:41:5f:4e:c7:51:00:1f:29:a6:ee:72:9b:c8:
fa:f3:86:69:5d:8e:2a:04:27:bc:08:cc:28:7b:a1:1d:3c:22:
69:7a:b2:f8:12:f6:84:af:b5:48:71:3a:75:0a:6d:19:8e:0e:
72:cb:1b:b5:09:d4:b2:57:a2:3b:d0:e8:49:ca:a2:b0:19:8c:
c7:d3:54:48:99:ef:26:6a:8d:ff:ba:b3:45:11:20:0a:4c:61:
82:d5:b4:6a
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYlVHouHm1pBZuj1qqKMIMFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzE0MTU1NjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTMzNzZlMGYwMTg3YzFmMDMwZjU5Mzg3ZTk2ZGQxYTBjZGJmMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrziKi903Nh5BAMjurY1F9mGZOt1
Rlz3/Enl2moJG/NnWmM1hL3eEahqoWL9z0XuGRLY4/Xq8Ea7p53dmRNA4GQwn9MK
zGP3vZKzPDOr8gLkAk5cGG2XBV+Yzv3zaMn2hLQXJIdfdQNCnrktXSA9rz1SJ/ho
cpiVPj8I9bS41pTrpHussnl8bTD33RJ1b4qeOwzN3uVixFPtA621Y1+bUTlMVSP7
klMza4yznxRK6p2xOzmcz/fUHiGIEFqMlkeZSjkRdAyVmIaIWb4Pwij40RuIjsn+
/D0q0afZvipnhUxg9VgYDvhcdDtCpZA0Q8DATwpq1jJZe+6Bhp1RKK3eOQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFOkzduDwGHwfAw9ZOH6W3RoM2/CvMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNlROMjRQQVlmQjhERDFrNGZwYmRHZ3piOEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAAjqoAwQA
BbZxMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0d0DBACy0uYwDQYJKoZI
hvcNAQELBQADggEBAGDOIPeMDkHm/MxnYhCcWoSuPOQGztr99OP2HlUCVOHJBYbg
gpjwMzI6QVUPWQavk3lGm7/hEVMGvJwCgUqBT7Vff8vipmBm8EYN2sN/ekWSC7Sq
bRfBMpWkZkcqyUdr2zBbASsgikhq/r1j3uNIaYwE5/kCQHsQm9mpzppKgMDpDwYx
iXoWNjdfoCCfz7pN/IvBX9IZJhVatm5uzil19uQjB0Bn4FI/QV9Ox1EAHymm7nKb
yPrzhmldjioEJ7wIzCh7oR08Iml6svgS9oSvtUhxOnUKbRmODnLLG7UJ1LJXojvQ
6EnKorAZjMfTVEiZ7yZqjf+6s0URIApMYYLVtGo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org