Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/QzF4N6Ij2sSDvhdKTUe5PmW6c_8.roa
File: QzF4N6Ij2sSDvhdKTUe5PmW6c_8.roa (raw, json)
Hash identifier: DTdyDt/p6g5Per/9odnaVYKzt8wug/CxzxUQe0ZyPBQ=
Subject key identifier: 43:31:78:37:A2:23:DA:C4:83:BE:17:4A:4D:47:B9:3E:65:BA:73:FF
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0189AC8B68956FF1C74D217E843BD312B9C6
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/QzF4N6Ij2sSDvhdKTUe5PmW6c_8.roa
Signing time: Mon 31 Jul 2023 15:22:44 +0000
ROA not before: Mon 31 Jul 2023 15:22:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.210.231.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.195.0/24 maxlen: 24
77.242.159.0/24 maxlen: 24
2.58.168.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ac:8b:68:95:6f:f1:c7:4d:21:7e:84:3b:d3:12:b9:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 31 15:22:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43317837a223dac483be174a4d47b93e65ba73ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b7:12:8b:b4:c9:9b:42:09:28:11:ed:cb:b3:
df:25:fe:e9:5f:bf:f0:7d:71:2a:ea:99:9f:eb:02:
a1:7e:00:84:5c:e1:ae:e5:22:61:7c:29:7e:0c:f0:
bc:89:38:69:19:e3:85:ca:f7:be:1a:13:fc:d3:5c:
fd:e8:61:ad:c0:9b:7c:a7:55:71:d2:1d:8b:9c:39:
54:92:94:4c:7f:ed:46:c3:45:6a:9e:f9:7d:fe:0b:
da:71:24:68:87:3b:c9:48:fd:ae:84:41:4f:52:4c:
ed:4b:03:ff:46:e3:18:4e:37:b2:74:f4:b9:0c:89:
d2:12:06:53:02:7c:3b:aa:da:05:bb:8d:10:1a:a1:
58:22:30:8d:fb:c4:e5:91:ca:9c:70:83:71:6f:67:
cf:17:d0:f0:99:95:83:e9:a9:42:35:07:4e:d4:a6:
3e:c0:61:81:95:67:6d:5d:e9:7d:6c:c0:ee:ce:ef:
cc:75:ee:6c:82:aa:21:0a:03:a7:51:df:7b:e6:23:
f7:d2:85:d0:c3:cc:e2:db:47:b2:7e:08:65:8b:e3:
91:67:a5:d9:40:09:4a:96:0b:6c:55:ea:b3:68:05:
4c:9d:12:61:b7:4e:05:1a:94:ae:0d:58:00:26:57:
f3:e6:c7:a1:ed:e1:22:59:0a:a1:7b:75:a7:52:03:
e6:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:31:78:37:A2:23:DA:C4:83:BE:17:4A:4D:47:B9:3E:65:BA:73:FF
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/QzF4N6Ij2sSDvhdKTUe5PmW6c_8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0/24
77.242.150.0/24
77.242.159.0/24
88.151.56.0-88.151.58.255
88.209.195.0/24
88.209.211.0/24
88.209.217.0/24
88.209.221.0/24
178.210.230.0/23
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:d2:2f:9b:7a:38:3a:89:ff:27:68:d9:2d:c8:37:7f:a7:67:
d4:b0:31:40:0e:ee:22:a7:71:5e:04:75:70:d7:bc:cd:f2:13:
1a:aa:15:a5:41:90:2c:36:2f:96:bd:24:20:74:a6:28:1e:b3:
20:af:ed:68:35:9e:48:23:3b:8b:cb:a7:4a:a4:6f:10:ff:c5:
a8:51:2c:88:04:43:5b:77:90:1a:b6:19:f6:f6:82:4f:93:7f:
3e:1c:a4:24:99:69:7f:c5:de:bd:f7:34:36:a1:66:8e:8a:da:
ca:47:da:bd:b9:3c:80:34:2c:39:17:0a:e6:e4:14:39:d6:1d:
b1:97:da:d7:8a:f9:36:2c:39:b2:80:1b:f1:01:0f:26:63:74:
86:d6:30:b1:84:eb:67:64:bc:8d:cb:f9:19:ca:cf:26:f1:80:
c7:63:17:c4:93:db:23:21:e8:35:b0:3a:2a:13:79:33:61:f9:
00:a7:2a:67:d7:70:9d:b4:89:0e:99:72:80:e0:58:a2:87:c3:
63:3d:95:d0:a8:f7:15:23:c1:8c:69:b7:fd:47:48:c5:af:18:
7a:ec:5f:0e:40:a8:33:b7:69:20:11:0a:0f:4d:2e:ab:1e:c3:
f8:28:2b:7f:29:52:63:ff:71:e8:fb:2f:0c:46:0f:0f:a0:23:
08:9b:ca:1b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYmsi2iVb/HHTSF+hDvTErnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzMxMTUyMjQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzMxNzgzN2EyMjNkYWM0ODNiZTE3NGE0ZDQ3YjkzZTY1YmE3M2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbcSi7TJm0IJKBHty7PfJf7pX7/w
fXEq6pmf6wKhfgCEXOGu5SJhfCl+DPC8iThpGeOFyve+GhP801z96GGtwJt8p1Vx
0h2LnDlUkpRMf+1Gw0Vqnvl9/gvacSRohzvJSP2uhEFPUkztSwP/RuMYTjeydPS5
DInSEgZTAnw7qtoFu40QGqFYIjCN+8TlkcqccINxb2fPF9DwmZWD6alCNQdO1KY+
wGGBlWdtXel9bMDuzu/Mde5sgqohCgOnUd975iP30oXQw8zi20eyfghli+ORZ6XZ
QAlKlgtsVeqzaAVMnRJht04FGpSuDVgAJlfz5seh7eEiWQqhe3WnUgPmVwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEMxeDeiI9rEg74XSk1HuT5lunP/MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUXpGNE42SWoyc1NEdmhkS1RVZTVQbVc2Y184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAAjqoAwQA
TfKWAwQATfKfMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0dkDBABY0d0D
BAGy0uYDBACy0vowDQYJKoZIhvcNAQELBQADggEBAD7SL5t6ODqJ/ydo2S3IN3+n
Z9SwMUAO7iKncV4EdXDXvM3yExqqFaVBkCw2L5a9JCB0pigesyCv7Wg1nkgjO4vL
p0qkbxD/xahRLIgEQ1t3kBq2Gfb2gk+Tfz4cpCSZaX/F3r33NDahZo6K2spH2r25
PIA0LDkXCubkFDnWHbGX2teK+TYsObKAG/EBDyZjdIbWMLGE62dkvI3L+RnKzybx
gMdjF8ST2yMh6DWwOioTeTNh+QCnKmfXcJ20iQ6ZcoDgWKKHw2M9ldCo9xUjwYxp
t/1HSMWvGHrsXw5AqDO3aSARCg9NLqsew/goK38pUmP/cej7LwxGDw+gIwibyhs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org