Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/PniCzbruDMjRZwIFwe_Bf76cEmE.roa
File: PniCzbruDMjRZwIFwe_Bf76cEmE.roa (raw, json)
Hash identifier: 5DppaqO6IXzL2MvE82df1wl4Vn2ooqIt1QptQFw3S8o=
Subject key identifier: 3E:78:82:CD:BA:EE:0C:C8:D1:67:02:05:C1:EF:C1:7F:BE:9C:12:61
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018A842D36B95E7178916B0C911F0C283155
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/PniCzbruDMjRZwIFwe_Bf76cEmE.roa
Signing time: Mon 11 Sep 2023 12:17:50 +0000
ROA not before: Mon 11 Sep 2023 12:17:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.245.0/24 maxlen: 24
88.209.249.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.63.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:84:2d:36:b9:5e:71:78:91:6b:0c:91:1f:0c:28:31:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 11 12:17:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e7882cdbaee0cc8d1670205c1efc17fbe9c1261
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:81:07:b8:7f:57:5b:92:dd:49:57:36:c7:49:
db:1a:b4:47:c0:33:6b:83:0b:df:5f:0e:ed:52:9d:
02:79:ed:65:f0:a4:49:e8:32:18:e2:bb:15:0b:e9:
d1:8d:f2:b2:0c:43:a5:0a:d5:3d:2b:04:b7:20:fb:
4a:da:55:76:2d:b2:21:cc:52:b0:af:d9:90:16:6c:
e7:5e:fc:3e:f0:5a:d6:ce:de:33:2a:78:97:93:9a:
d0:95:8b:48:75:89:6e:84:af:7b:16:69:3f:f7:db:
d0:0b:f8:72:15:b4:99:65:57:7e:1e:d8:41:95:7a:
a6:9f:c0:8d:73:0f:60:74:76:3c:e1:38:22:3d:81:
a7:7d:70:d9:56:dd:68:b8:ff:71:d0:5e:00:d5:eb:
7e:8f:40:66:19:d4:f0:75:cc:d1:77:1f:41:3d:2a:
42:b4:7f:4a:1d:6b:81:50:03:a1:aa:e6:e4:8e:cf:
78:54:50:12:0c:7d:e8:17:5c:82:55:2b:ba:9a:d8:
77:b1:25:ef:1c:d1:e6:29:b2:c5:16:13:ab:14:97:
ff:50:a1:6f:47:8d:e0:09:de:5d:60:43:09:6a:57:
dd:2a:e9:52:24:0d:c6:ed:25:28:50:d3:c6:39:b4:
af:5f:fb:bf:cf:c2:a3:e8:93:86:ad:fd:98:58:34:
a7:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:78:82:CD:BA:EE:0C:C8:D1:67:02:05:C1:EF:C1:7F:BE:9C:12:61
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/PniCzbruDMjRZwIFwe_Bf76cEmE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.169.0/24
77.242.150.0/24
88.151.56.0/23
88.151.63.0/24
88.209.211.0/24
88.209.217.0/24
88.209.245.0/24
88.209.249.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:ba:31:50:27:78:3d:7f:ba:f4:7b:24:ae:3c:74:a1:9d:ad:
2b:c4:af:b3:b8:38:19:b1:5f:d9:c1:d4:47:d7:ae:77:21:45:
79:21:c3:d2:e1:1d:e7:5c:23:16:b2:8f:41:a3:e0:f7:8f:07:
4c:54:71:a1:80:64:80:68:b5:d7:84:36:65:0a:dd:d9:1e:c5:
b6:2b:57:ad:82:19:20:99:21:d3:22:01:b6:63:56:00:76:91:
d7:97:66:2c:43:bf:e3:31:18:bb:c8:f6:99:8c:8c:36:6e:53:
03:bc:b3:92:1c:76:d5:38:6c:a9:b5:ee:15:6f:a8:a5:0e:2a:
28:69:4c:94:8a:cf:17:fe:4e:05:8c:b6:bc:5b:0b:57:bb:09:
c8:ba:2f:7e:2e:73:fe:02:f8:15:9a:84:26:23:29:a5:fa:7e:
ea:8c:57:9b:1b:54:96:bd:25:5d:ce:ce:cf:f1:9f:0f:18:fa:
ad:df:66:fd:60:0b:cc:fb:e0:d2:ba:b6:92:1e:ac:fe:d4:a9:
3b:83:aa:2c:94:27:24:60:c7:c0:12:4e:a9:22:71:f4:84:b4:
7f:cb:d4:9e:0e:20:15:24:ff:e9:c6:be:40:cf:6d:04:9b:61:
b4:96:99:d5:a6:0b:94:17:ad:80:85:2b:1a:13:2c:02:f6:f6:
2d:38:73:53
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYqELTa5XnF4kWsMkR8MKDFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTExMTIxNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc4ODJjZGJhZWUwY2M4ZDE2NzAyMDVjMWVmYzE3ZmJlOWMxMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4EHuH9XW5LdSVc2x0nbGrRHwDNr
gwvfXw7tUp0Cee1l8KRJ6DIY4rsVC+nRjfKyDEOlCtU9KwS3IPtK2lV2LbIhzFKw
r9mQFmznXvw+8FrWzt4zKniXk5rQlYtIdYluhK97Fmk/99vQC/hyFbSZZVd+HthB
lXqmn8CNcw9gdHY84TgiPYGnfXDZVt1ouP9x0F4A1et+j0BmGdTwdczRdx9BPSpC
tH9KHWuBUAOhqubkjs94VFASDH3oF1yCVSu6mth3sSXvHNHmKbLFFhOrFJf/UKFv
R43gCd5dYEMJalfdKulSJA3G7SUoUNPGObSvX/u/z8Kj6JOGrf2YWDSnAwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFD54gs267gzI0WcCBcHvwX++nBJhMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUG5pQ3picnVETWpSWndJRndlX0JmNzZjRW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAjqpAwQA
TfKWAwQBWJc4AwQAWJc/AwQAWNHTAwQAWNHZAwQAWNH1AwQAWNH5AwQAstL6MA0G
CSqGSIb3DQEBCwUAA4IBAQBuujFQJ3g9f7r0eySuPHShna0rxK+zuDgZsV/ZwdRH
1653IUV5IcPS4R3nXCMWso9Bo+D3jwdMVHGhgGSAaLXXhDZlCt3ZHsW2K1etghkg
mSHTIgG2Y1YAdpHXl2YsQ7/jMRi7yPaZjIw2blMDvLOSHHbVOGypte4Vb6ilDioo
aUyUis8X/k4FjLa8WwtXuwnIui9+LnP+AvgVmoQmIyml+n7qjFebG1SWvSVdzs7P
8Z8PGPqt32b9YAvM++DSuraSHqz+1Kk7g6oslCckYMfAEk6pInH0hLR/y9SeDiAV
JP/pxr5Az20Em2G0lpnVpguUF62AhSsaEywC9vYtOHNT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org