Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7nxgnqTe3eCvLE8mWeqUoX5CQ_g.roa
File: 7nxgnqTe3eCvLE8mWeqUoX5CQ_g.roa (raw, json)
Hash identifier: d/dglu9JhBn2BB9GX10O3Jz/0k6HhZSLE5VRTItS/Eg=
Subject key identifier: EE:7C:60:9E:A4:DE:DD:E0:AF:2C:4F:26:59:EA:94:A1:7E:42:43:F8
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0188AE3AD9FFEB97E384357559A19729EF79
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7nxgnqTe3eCvLE8mWeqUoX5CQ_g.roa
Signing time: Mon 12 Jun 2023 06:11:12 +0000
ROA not before: Mon 12 Jun 2023 06:11:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 88.209.230.0/24 maxlen: 24
92.52.214.0/24 maxlen: 24
88.209.245.0/24 maxlen: 24
88.209.255.0/24 maxlen: 24
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/24 maxlen: 24
88.151.56.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:ae:3a:d9:ff:eb:97:e3:84:35:75:59:a1:97:29:ef:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jun 12 06:11:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ee7c609ea4dedde0af2c4f2659ea94a17e4243f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:6f:9c:aa:cd:61:06:64:d4:10:9b:ca:1a:e4:
e6:58:7d:f2:33:b7:12:2e:12:06:83:e2:df:fd:75:
2f:2b:05:db:ab:86:80:33:e1:f9:c7:46:fe:8c:c4:
3a:da:0e:22:3e:63:ac:a3:84:30:2f:91:72:8f:0b:
e0:e1:10:cb:fc:73:98:50:aa:d2:19:f5:e9:e4:63:
46:45:f0:6a:b4:31:44:1b:ac:e8:4d:b0:66:58:4e:
08:bc:24:f6:3e:05:9b:cc:53:37:45:32:59:34:11:
20:7a:0e:9e:05:3a:45:5e:6b:5c:70:03:56:3c:1e:
f5:dd:97:40:eb:60:97:a9:b2:a7:7e:c2:d9:f2:60:
b7:0d:61:ce:15:8d:38:98:bb:39:3c:ef:07:e0:5f:
24:21:39:1e:40:0a:7a:fe:e1:82:de:8e:91:b2:15:
4a:a4:88:e1:8f:c2:b4:e6:c5:14:05:37:6a:7b:e7:
ae:bd:f3:5e:e8:13:35:b5:3b:73:c5:89:de:f5:68:
7f:2e:ff:a2:55:36:7b:38:92:e4:51:26:61:99:31:
1d:83:3a:6c:b0:b1:0e:e9:44:4c:a2:f9:10:73:22:
c7:73:fb:09:18:9f:de:0e:c1:08:31:b9:a3:5c:7c:
fa:bf:2a:09:26:de:fc:f8:52:79:f2:af:81:0c:62:
84:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:7C:60:9E:A4:DE:DD:E0:AF:2C:4F:26:59:EA:94:A1:7E:42:43:F8
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7nxgnqTe3eCvLE8mWeqUoX5CQ_g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.170.0/24
88.151.56.0/24
88.209.226.0/24
88.209.230.0/24
88.209.245.0/24
88.209.255.0/24
92.52.214.0/24
178.210.248.0/23
178.210.251.0-178.210.252.255
Signature Algorithm: sha256WithRSAEncryption
55:c4:3a:46:e2:a8:7c:e8:ee:17:cb:30:b1:66:a5:55:cc:d4:
f1:02:0d:0b:80:66:96:23:9f:fe:aa:1b:df:07:6f:18:f7:c7:
ee:5d:be:50:70:54:85:f1:c9:17:a3:10:d9:c2:69:8b:3f:d8:
48:97:fa:70:2f:38:3b:a5:f4:93:9a:eb:bf:33:51:7a:91:01:
9e:cd:d7:8a:4f:f8:31:89:de:5b:45:55:02:86:66:a9:f9:cc:
2e:70:bf:56:72:ba:18:fc:74:02:48:d6:50:2b:6d:47:cc:85:
bf:73:15:6a:a5:76:2b:65:07:57:57:8f:4f:74:3b:b7:69:aa:
a6:40:43:0f:2d:8a:76:f0:1b:60:7d:f7:d1:d2:5f:6b:47:7c:
d1:85:8e:21:ae:72:b7:6d:4b:a4:7b:aa:26:1f:c3:d6:ba:1c:
e0:ef:e6:c6:16:a3:9a:32:0c:ac:0c:36:08:c2:4b:2e:3e:82:
22:d5:64:39:02:98:bd:2c:99:48:83:71:83:b2:38:eb:96:4a:
d1:dd:c8:57:b5:8f:36:f6:e4:f9:a4:eb:6d:f4:55:a1:f4:61:
a1:94:0d:f0:d3:c5:32:03:33:0e:bc:df:43:56:26:1b:d6:16:
0c:e7:7b:da:53:1e:0a:9a:5e:60:d4:e7:52:08:bf:6e:1a:51:
c2:45:d2:f4
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYiuOtn/65fjhDV1WaGXKe95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjEyMDYxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTdjNjA5ZWE0ZGVkZGUwYWYyYzRmMjY1OWVhOTRhMTdlNDI0M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW+cqs1hBmTUEJvKGuTmWH3yM7cS
LhIGg+Lf/XUvKwXbq4aAM+H5x0b+jMQ62g4iPmOso4QwL5Fyjwvg4RDL/HOYUKrS
GfXp5GNGRfBqtDFEG6zoTbBmWE4IvCT2PgWbzFM3RTJZNBEgeg6eBTpFXmtccANW
PB713ZdA62CXqbKnfsLZ8mC3DWHOFY04mLs5PO8H4F8kITkeQAp6/uGC3o6RshVK
pIjhj8K05sUUBTdqe+euvfNe6BM1tTtzxYne9Wh/Lv+iVTZ7OJLkUSZhmTEdgzps
sLEO6URMovkQcyLHc/sJGJ/eDsEIMbmjXHz6vyoJJt78+FJ58q+BDGKEUQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFO58YJ6k3t3gryxPJlnqlKF+QkP4MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN254Z25xVGUzZUN2TEU4bVdlcVVvWDVDUV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqqAwQA
WJc4AwQAWNHiAwQAWNHmAwQAWNH1AwQAWNH/AwQAXDTWAwQBstL4MAwDBACy0vsD
BACy0vwwDQYJKoZIhvcNAQELBQADggEBAFXEOkbiqHzo7hfLMLFmpVXM1PECDQuA
ZpYjn/6qG98Hbxj3x+5dvlBwVIXxyRejENnCaYs/2EiX+nAvODul9JOa678zUXqR
AZ7N14pP+DGJ3ltFVQKGZqn5zC5wv1Zyuhj8dAJI1lArbUfMhb9zFWqlditlB1dX
j090O7dpqqZAQw8tinbwG2B999HSX2tHfNGFjiGucrdtS6R7qiYfw9a6HODv5sYW
o5oyDKwMNgjCSy4+giLVZDkCmL0smUiDcYOyOOuWStHdyFe1jzb25Pmk6230VaH0
YaGUDfDTxTIDMw6830NWJhvWFgzne9pTHgqaXmDU51IIv24aUcJF0vQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org