Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RD2nbnqE5uwqzOiXdyGtRltRj30.roa
File: RD2nbnqE5uwqzOiXdyGtRltRj30.roa (raw, json)
Hash identifier: hudU0SNRA+SiRgUDXs1lGMsT8opCbjaXybTragNG1SU=
Subject key identifier: 44:3D:A7:6E:7A:84:E6:EC:2A:CC:E8:97:77:21:AD:46:5B:51:8F:7D
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018A40A93274FCF4E150EA2677D9F8B64657
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RD2nbnqE5uwqzOiXdyGtRltRj30.roa
Signing time: Tue 29 Aug 2023 09:39:04 +0000
ROA not before: Tue 29 Aug 2023 09:39:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.245.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.57.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.63.0/24 maxlen: 24
77.242.159.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:40:a9:32:74:fc:f4:e1:50:ea:26:77:d9:f8:b6:46:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Aug 29 09:39:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=443da76e7a84e6ec2acce8977721ad465b518f7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:31:81:d8:9e:09:8f:b4:f7:9f:9c:97:aa:4c:
34:54:16:ee:e7:77:60:3b:dd:30:0f:14:50:e7:c7:
4a:c5:0f:61:17:4c:ab:a1:eb:26:81:04:f5:29:04:
cf:24:f9:7a:75:9b:6a:da:e6:52:d1:77:10:ea:89:
23:51:cb:52:0c:dd:f9:41:a8:56:c8:2b:12:25:e2:
70:29:38:d9:02:3b:b9:f7:5a:46:b2:56:90:35:cd:
d5:61:51:8a:91:08:a2:18:8e:81:4c:b1:77:22:31:
63:8a:91:c8:a8:88:3b:d6:8b:92:5a:25:d3:e3:4c:
dc:a2:23:a8:86:33:ec:29:3a:1e:94:b9:d8:e2:e7:
0f:a4:26:71:cb:14:17:c5:4e:cf:e5:cb:f4:ee:b9:
cb:24:fc:b0:5a:df:cd:97:ac:01:f7:57:f6:06:8a:
b0:aa:d0:ed:ef:82:a5:fc:99:91:5e:b0:eb:c7:28:
44:32:b9:3c:17:a5:37:d8:51:c0:05:c7:58:1c:87:
08:a6:96:7f:20:5b:4e:87:b5:8d:82:73:25:60:c4:
e1:8c:a6:20:2b:71:f8:08:dd:6b:59:f3:dc:89:9b:
c2:22:39:dd:b9:1f:ca:68:ef:36:93:f8:11:b5:25:
6d:3d:0b:f8:51:f0:48:d7:b0:bf:4e:cc:2a:8a:bd:
a3:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:3D:A7:6E:7A:84:E6:EC:2A:CC:E8:97:77:21:AD:46:5B:51:8F:7D
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RD2nbnqE5uwqzOiXdyGtRltRj30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.170.0/24
77.242.150.0/24
77.242.159.0/24
88.151.56.0-88.151.58.255
88.151.63.0/24
88.209.211.0/24
88.209.217.0/24
88.209.245.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
68:99:07:b1:8c:3d:e8:9d:55:1b:10:25:42:a9:87:ea:e8:f5:
bb:ef:fc:fa:fe:c5:8c:f9:b1:ee:8f:52:69:f5:8a:6d:23:6d:
38:2f:38:8d:15:c7:ae:39:53:73:2a:50:19:2a:5e:05:a7:ea:
f2:1c:2f:27:85:1e:98:c7:c3:ff:c8:7d:f1:d8:54:28:1e:dc:
81:d6:e0:49:14:42:d4:b7:ff:50:e7:b4:c0:05:a3:e9:b3:40:
04:c7:74:58:16:96:f3:c9:32:d3:8d:88:ee:75:a8:f1:67:30:
66:cf:23:f9:4e:eb:f0:d6:02:e3:0d:96:08:40:d6:f8:c4:8d:
3e:92:6c:73:39:48:d5:d6:5e:92:be:0a:21:74:39:f0:ad:70:
de:41:d0:b6:0c:b2:8a:a6:12:18:88:4e:e3:2d:a2:94:02:40:
65:3d:75:45:aa:a6:fa:8e:33:ff:8f:71:45:b6:2d:fd:fe:f7:
50:b0:00:54:d3:d0:c3:0a:2c:c9:90:ff:e0:78:b8:5d:49:f5:
77:ee:e1:87:05:cf:b9:1f:1b:4e:14:e4:7d:7f:c4:18:88:4a:
62:bf:a9:5a:1f:df:81:e8:8f:ed:3a:a1:b7:ed:f1:99:87:1b:
2e:cb:a5:bd:98:eb:3f:a8:8c:c2:12:89:e1:1e:06:1a:05:7b:
02:c5:87:4c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYpAqTJ0/PThUOomd9n4tkZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODI5MDkzOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDNkYTc2ZTdhODRlNmVjMmFjY2U4OTc3NzIxYWQ0NjViNTE4ZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTGB2J4Jj7T3n5yXqkw0VBbu53dg
O90wDxRQ58dKxQ9hF0yroesmgQT1KQTPJPl6dZtq2uZS0XcQ6okjUctSDN35QahW
yCsSJeJwKTjZAju591pGslaQNc3VYVGKkQiiGI6BTLF3IjFjipHIqIg71ouSWiXT
40zcoiOohjPsKToelLnY4ucPpCZxyxQXxU7P5cv07rnLJPywWt/Nl6wB91f2Boqw
qtDt74Kl/JmRXrDrxyhEMrk8F6U32FHABcdYHIcIppZ/IFtOh7WNgnMlYMThjKYg
K3H4CN1rWfPciZvCIjnduR/KaO82k/gRtSVtPQv4UfBI17C/Tswqir2jmwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFEQ9p256hObsKszol3chrUZbUY99MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUkQybmJucUU1dXdxek9pWGR5R3RSbHRSajMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqqAwQA
TfKWAwQATfKfMAwDBANYlzgDBABYlzoDBABYlz8DBABY0dMDBABY0dkDBABY0fUD
BACy0vowDQYJKoZIhvcNAQELBQADggEBAGiZB7GMPeidVRsQJUKph+ro9bvv/Pr+
xYz5se6PUmn1im0jbTgvOI0Vx645U3MqUBkqXgWn6vIcLyeFHpjHw//IffHYVCge
3IHW4EkUQtS3/1DntMAFo+mzQATHdFgWlvPJMtONiO51qPFnMGbPI/lO6/DWAuMN
lghA1vjEjT6SbHM5SNXWXpK+CiF0OfCtcN5B0LYMsoqmEhiITuMtopQCQGU9dUWq
pvqOM/+PcUW2Lf3+91CwAFTT0MMKLMmQ/+B4uF1J9Xfu4YcFz7kfG04U5H1/xBiI
SmK/qVof34Hoj+06obft8ZmHGy7Lpb2Y6z+ojMISieEeBhoFewLFh0w=
-----END CERTIFICATE-----
Generated at Sat Apr 19 07:20:34 2025 by rpki-client