Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NHi3Tm8lrRZirT_QjiQJ5rz_tLQ.roa
File: NHi3Tm8lrRZirT_QjiQJ5rz_tLQ.roa (raw, json)
Hash identifier: YHC1vUeEGcrdDI3MFxWu0BnO6/cK8WXg6az85EWGcmY=
Subject key identifier: 34:78:B7:4E:6F:25:AD:16:62:AD:3F:D0:8E:24:09:E6:BC:FF:B4:B4
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0188E9AE55C13CAF9B478544FAFC19763855
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NHi3Tm8lrRZirT_QjiQJ5rz_tLQ.roa
Signing time: Fri 23 Jun 2023 19:14:56 +0000
ROA not before: Fri 23 Jun 2023 19:14:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 174
IP address blocks: 88.209.245.0/24 maxlen: 24
88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
88.151.56.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
77.242.157.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:e9:ae:55:c1:3c:af:9b:47:85:44:fa:fc:19:76:38:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jun 23 19:14:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3478b74e6f25ad1662ad3fd08e2409e6bcffb4b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:78:8b:e5:35:58:57:f7:0d:66:52:b7:bd:9d:
67:91:cc:68:c2:86:7a:d1:bc:82:ad:43:43:b1:b0:
75:f6:86:03:e2:88:a9:03:cb:fc:28:c4:a2:02:7c:
e8:6b:ea:30:68:c2:6f:57:6f:49:f9:8f:c1:e9:23:
0e:7d:6d:fd:60:e3:b0:68:e7:63:13:5d:b2:59:60:
3b:fd:45:31:51:21:f2:4d:f9:4a:74:1b:87:28:eb:
84:ec:4f:7e:07:77:66:39:29:49:1d:09:8a:af:c2:
88:97:2e:f7:45:15:07:70:aa:e9:79:9d:1f:8a:f7:
c8:00:87:f3:4d:4e:61:0e:21:06:3e:39:22:4b:ba:
d8:0e:ab:77:bc:0e:71:31:ff:92:f6:19:6c:a8:9f:
7e:b7:fc:d8:2c:d2:7e:8d:b1:89:5e:17:8c:d1:12:
d8:08:4b:30:fc:d7:bb:7c:8d:32:5b:48:f0:df:7f:
3e:22:52:65:32:21:6b:3c:d4:43:fe:7d:a3:f5:e6:
c2:7a:40:51:a3:b7:ba:7f:a2:96:20:bb:a2:6c:41:
21:53:6d:98:8a:e5:28:78:80:a9:48:3d:3a:dd:af:
fb:1d:62:f9:e4:a7:9a:ed:35:1b:b6:03:42:40:1b:
6b:e4:9a:a9:dc:05:aa:86:c8:ef:f1:ac:1c:f0:98:
de:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:78:B7:4E:6F:25:AD:16:62:AD:3F:D0:8E:24:09:E6:BC:FF:B4:B4
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NHi3Tm8lrRZirT_QjiQJ5rz_tLQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.170.0/24
77.242.157.0-77.242.158.255
88.151.56.0/24
88.151.62.0/24
88.209.245.0/24
88.209.253.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
95:3e:6c:d9:67:cf:82:a1:44:2f:bb:5a:cf:b2:a2:af:76:9b:
c5:f8:17:da:fa:55:18:07:67:d1:d9:2f:5a:5b:a0:4b:36:f3:
d6:6f:5b:18:47:4a:ba:70:d2:84:f3:e5:5a:3f:dc:d1:fa:55:
f0:b2:7c:a3:d4:ac:fa:f6:4f:d5:46:6f:9b:73:2f:8c:75:a1:
ba:ae:0e:97:ee:c1:c6:52:bb:f7:9f:0a:ba:f2:9f:ca:29:af:
6e:cf:02:2b:f4:8f:29:fa:6a:1d:b4:bf:66:7e:7d:90:1f:55:
6c:b8:26:77:4b:f9:ef:f1:e0:d4:ea:b6:1b:cc:99:83:88:49:
77:e6:33:b5:38:5f:2d:e4:e1:44:18:21:7e:17:01:f6:40:cf:
c2:4f:f3:06:84:5c:e8:a7:bc:31:25:d5:7f:ec:98:a7:f6:48:
db:c6:c2:ef:7a:fe:b5:c2:31:13:49:2e:e8:d3:79:6c:2f:77:
b7:f6:6f:77:b4:6e:f8:1d:20:4f:b2:1e:06:71:0e:d9:f6:98:
78:92:4a:a6:f4:eb:b5:37:3b:28:21:0f:c0:32:27:b4:fe:54:
9e:49:39:4c:42:36:ab:89:44:b1:94:4f:9d:8c:83:32:17:fc:
64:e7:01:ea:c3:81:a1:d6:43:dd:31:60:dc:19:b8:d4:fe:21:
bf:e7:6a:52
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYjprlXBPK+bR4VE+vwZdjhVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjIzMTkxNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDc4Yjc0ZTZmMjVhZDE2NjJhZDNmZDA4ZTI0MDllNmJjZmZiNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3iL5TVYV/cNZlK3vZ1nkcxowoZ6
0byCrUNDsbB19oYD4oipA8v8KMSiAnzoa+owaMJvV29J+Y/B6SMOfW39YOOwaOdj
E12yWWA7/UUxUSHyTflKdBuHKOuE7E9+B3dmOSlJHQmKr8KIly73RRUHcKrpeZ0f
ivfIAIfzTU5hDiEGPjkiS7rYDqt3vA5xMf+S9hlsqJ9+t/zYLNJ+jbGJXheM0RLY
CEsw/Ne7fI0yW0jw338+IlJlMiFrPNRD/n2j9ebCekBRo7e6f6KWILuibEEhU22Y
iuUoeICpSD063a/7HWL55Kea7TUbtgNCQBtr5Jqp3AWqhsjv8awc8JjeYQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDR4t05vJa0WYq0/0I4kCea8/7S0MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTkhpM1RtOGxyUlppclRfUWppUUo1cnpfdExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAAjqqMAwD
BABN8p0DBABN8p4DBABYlzgDBABYlz4DBABY0fUDBABY0f0DBACy0uQwDQYJKoZI
hvcNAQELBQADggEBAJU+bNlnz4KhRC+7Ws+yoq92m8X4F9r6VRgHZ9HZL1pboEs2
89ZvWxhHSrpw0oTz5Vo/3NH6VfCyfKPUrPr2T9VGb5tzL4x1obquDpfuwcZSu/ef
Crryn8opr27PAiv0jyn6ah20v2Z+fZAfVWy4JndL+e/x4NTqthvMmYOISXfmM7U4
Xy3k4UQYIX4XAfZAz8JP8waEXOinvDEl1X/smKf2SNvGwu96/rXCMRNJLujTeWwv
d7f2b3e0bvgdIE+yHgZxDtn2mHiSSqb067U3OyghD8AyJ7T+VJ5JOUxCNquJRLGU
T52MgzIX/GTnAerDgaHWQ90xYNwZuNT+Ib/nalI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org