Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Pex1ghChPnyRCt0g5-n-EyhGQuM.roa
File: Pex1ghChPnyRCt0g5-n-EyhGQuM.roa (raw, json)
Hash identifier: yHKe8DxHRaWtqAuhIKqqjMbboqmqKN/FTadRzOdRoRw=
Subject key identifier: 3D:EC:75:82:10:A1:3E:7C:91:0A:DD:20:E7:E9:FE:13:28:46:42:E3
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0188A0AFBEDAC6947DA88DAF55101C745E45
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Pex1ghChPnyRCt0g5-n-EyhGQuM.roa
Signing time: Fri 09 Jun 2023 15:04:12 +0000
ROA not before: Fri 09 Jun 2023 15:04:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 88.209.230.0/24 maxlen: 24
92.52.214.0/24 maxlen: 24
88.209.255.0/24 maxlen: 24
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a0:af:be:da:c6:94:7d:a8:8d:af:55:10:1c:74:5e:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jun 9 15:04:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3dec758210a13e7c910add20e7e9fe13284642e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:c8:d4:02:6a:a1:64:45:ca:5d:2e:6b:57:e9:
fa:dd:07:6d:27:56:36:1a:35:b8:16:ef:36:21:5c:
55:93:e1:3e:66:26:35:b3:b6:33:a4:26:05:fc:8d:
39:f9:89:b0:71:76:b7:0a:2c:3c:ca:4d:8b:f0:ba:
22:57:b1:95:47:d8:c1:2c:b9:be:98:9e:1e:20:ab:
bf:44:36:16:9e:ae:57:e8:67:55:5d:c5:d4:e1:56:
b5:e7:92:33:af:38:eb:2c:7d:9e:97:a0:2c:dc:6b:
44:c6:63:a4:ef:3b:5e:a9:c5:6d:98:5f:74:83:b5:
80:25:f3:f5:90:d1:ca:cd:93:97:a5:3d:68:d7:ff:
2d:5c:d1:b7:92:4e:d4:9b:71:45:6e:65:96:53:52:
d1:87:98:2c:6b:20:34:cf:f0:b8:70:16:54:01:bb:
eb:c7:1e:36:9d:c7:4d:51:2c:4f:a6:10:59:a9:e6:
73:00:f2:35:06:38:24:9d:c6:57:84:a4:7a:7c:fa:
25:0e:99:cc:ae:b6:f9:9f:5a:80:89:22:bf:f8:44:
01:fa:e3:a0:08:27:22:41:41:dc:82:0b:ef:5a:0c:
5c:28:d5:d5:de:db:48:25:59:d3:b7:b5:3d:c0:79:
aa:6f:95:6e:84:5b:aa:a4:cf:a2:b3:f0:80:61:5e:
10:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:EC:75:82:10:A1:3E:7C:91:0A:DD:20:E7:E9:FE:13:28:46:42:E3
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Pex1ghChPnyRCt0g5-n-EyhGQuM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.170.0/24
88.209.226.0/24
88.209.230.0/24
88.209.255.0/24
92.52.214.0/24
178.210.248.0/23
178.210.251.0-178.210.252.255
Signature Algorithm: sha256WithRSAEncryption
9d:ea:f9:ab:9d:99:7d:b2:0d:36:32:aa:f8:a8:97:52:53:ab:
cb:24:ad:d9:4c:24:5c:44:ae:4a:ea:4d:0e:73:53:a5:ed:0d:
ea:a4:cf:22:3e:e3:4a:05:cc:db:55:26:ee:fc:46:cd:f5:00:
49:1e:04:bb:e2:27:d3:d7:51:b2:b6:d4:5a:88:4a:57:b2:b6:
3d:97:f3:8f:15:2a:2c:48:94:49:f1:5c:85:63:81:7c:92:dd:
06:9c:5a:a5:16:aa:61:bd:57:f9:9d:11:56:00:29:39:3e:5c:
4c:89:dc:8f:4b:1c:23:3e:56:9f:2c:5a:8d:00:d7:51:fc:77:
57:4b:8e:4f:65:6d:af:bf:50:c1:d1:7a:a1:55:7a:02:ae:c3:
07:1a:a2:55:9c:a0:7c:2d:54:71:84:ed:8a:d0:3e:9b:68:28:
10:23:c2:cf:e8:37:db:44:b7:eb:87:f4:ed:ec:03:57:05:ee:
60:5d:f0:e2:a5:e0:cf:70:d4:6d:9a:ad:21:8a:3f:14:d1:d7:
17:02:8a:48:68:cc:e6:1f:12:54:ca:cb:82:2b:2e:74:d1:61:
f6:c2:b4:5a:79:9c:f2:1e:36:38:0a:f4:58:b8:a2:d4:13:af:
07:62:2f:6e:b6:83:e1:b3:c7:1c:2f:2a:be:66:b9:34:c3:69:
3e:63:8b:d6
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYigr77axpR9qI2vVRAcdF5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjA5MTUwNDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGVjNzU4MjEwYTEzZTdjOTEwYWRkMjBlN2U5ZmUxMzI4NDY0MmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcjUAmqhZEXKXS5rV+n63QdtJ1Y2
GjW4Fu82IVxVk+E+ZiY1s7YzpCYF/I05+YmwcXa3Ciw8yk2L8LoiV7GVR9jBLLm+
mJ4eIKu/RDYWnq5X6GdVXcXU4Va155IzrzjrLH2el6As3GtExmOk7zteqcVtmF90
g7WAJfP1kNHKzZOXpT1o1/8tXNG3kk7Um3FFbmWWU1LRh5gsayA0z/C4cBZUAbvr
xx42ncdNUSxPphBZqeZzAPI1BjgkncZXhKR6fPolDpnMrrb5n1qAiSK/+EQB+uOg
CCciQUHcggvvWgxcKNXV3ttIJVnTt7U9wHmqb5VuhFuqpM+is/CAYV4QcQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFD3sdYIQoT58kQrdIOfp/hMoRkLjMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUGV4MWdoQ2hQbnlSQ3QwZzUtbi1FeWhHUXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAAjqqAwQA
WNHiAwQAWNHmAwQAWNH/AwQAXDTWAwQBstL4MAwDBACy0vsDBACy0vwwDQYJKoZI
hvcNAQELBQADggEBAJ3q+audmX2yDTYyqviol1JTq8skrdlMJFxErkrqTQ5zU6Xt
DeqkzyI+40oFzNtVJu78Rs31AEkeBLviJ9PXUbK21FqISleytj2X848VKixIlEnx
XIVjgXyS3QacWqUWqmG9V/mdEVYAKTk+XEyJ3I9LHCM+Vp8sWo0A11H8d1dLjk9l
ba+/UMHReqFVegKuwwcaolWcoHwtVHGE7YrQPptoKBAjws/oN9tEt+uH9O3sA1cF
7mBd8OKl4M9w1G2arSGKPxTR1xcCikhozOYfElTKy4IrLnTRYfbCtFp5nPIeNjgK
9Fi4otQTrwdiL262g+GzxxwvKr5muTTDaT5ji9Y=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org