Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ymse-rqkWyUYJb3bO4xh_nzMXxU.roa
File: Ymse-rqkWyUYJb3bO4xh_nzMXxU.roa (raw, json)
Hash identifier: n9LcFIaeoB+aQTO3g+sprs7nNlDU1VsEFoOGUHWlkbo=
Subject key identifier: 62:6B:1E:FA:BA:A4:5B:25:18:25:BD:DB:3B:8C:61:FE:7C:CC:5F:15
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018AF031EBEFA6048143A7829FFBB4500D72
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ymse-rqkWyUYJb3bO4xh_nzMXxU.roa
Signing time: Mon 02 Oct 2023 11:41:58 +0000
ROA not before: Mon 02 Oct 2023 11:41:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5065
IP address blocks: 83.137.159.0/24 maxlen: 24
178.210.231.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
88.151.57.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.209.195.0/24 maxlen: 24
77.242.156.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
2.58.168.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:f0:31:eb:ef:a6:04:81:43:a7:82:9f:fb:b4:50:0d:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Oct 2 11:41:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=626b1efabaa45b251825bddb3b8c61fe7ccc5f15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:5b:ff:c6:45:fa:cc:19:fb:fe:da:58:27:0e:
52:ba:0d:77:29:b3:bf:53:7d:f0:0d:e9:be:85:e9:
b6:96:00:34:21:eb:f6:71:b4:f9:dd:7b:46:b2:cf:
81:91:0e:6a:14:28:8d:f8:66:fa:a3:63:c7:0e:16:
72:be:a2:af:58:7c:75:0a:f6:ce:bb:f0:65:d7:e4:
71:1c:8c:2b:74:2c:8b:4e:9e:29:32:ac:d0:78:ed:
18:1e:72:b8:81:e2:0d:31:c1:93:f0:c7:fd:c2:0a:
fe:12:c6:fe:a2:6b:2e:34:b7:0d:67:81:19:40:9b:
91:71:63:3c:e8:10:3d:23:59:21:be:b0:3c:9f:84:
99:07:bc:1c:7a:0b:49:b1:11:3a:0f:ed:ba:e0:48:
78:e5:5a:80:c0:1f:28:8b:b2:79:cd:0f:07:6b:4a:
25:17:51:7c:17:2f:c5:0c:0d:1a:90:c0:94:a6:fa:
5c:c3:d0:1f:e1:d5:10:5b:bf:3c:0d:10:84:bf:e5:
9f:d4:21:62:71:51:16:6e:d9:5a:3c:3b:ce:93:c2:
8e:1b:2d:4b:e7:d8:38:5f:94:05:84:74:bd:85:1a:
95:72:b3:64:8f:1d:16:3c:6e:61:0f:f9:f0:e2:3f:
1f:be:37:4e:40:4f:b1:88:e2:c0:72:ae:26:6c:65:
df:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:6B:1E:FA:BA:A4:5B:25:18:25:BD:DB:3B:8C:61:FE:7C:CC:5F:15
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ymse-rqkWyUYJb3bO4xh_nzMXxU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0-2.58.170.255
77.242.156.0/24
77.242.158.0/24
83.137.159.0/24
88.151.57.0-88.151.58.255
88.209.195.0/24
178.210.230.0/23
Signature Algorithm: sha256WithRSAEncryption
a6:25:78:49:eb:87:5c:34:45:54:f6:b0:69:76:34:95:c5:f0:
db:a6:2f:cf:38:c9:86:d5:da:d5:c9:3e:62:9e:3a:60:81:2c:
5b:75:64:cd:d3:c1:0a:ba:cd:bc:9c:e7:b9:12:a0:37:5f:aa:
2d:15:bc:d2:c8:bc:87:73:fc:9f:35:e4:ec:f9:04:76:5c:08:
ed:a4:11:b1:16:a6:c8:c6:bf:c9:05:ad:ee:59:78:61:43:71:
a5:65:f0:3e:fa:d8:7c:1a:a3:a9:1e:3f:c1:2f:dd:9a:98:0b:
c0:57:41:f3:6b:44:f6:af:59:45:8c:6e:16:9e:23:f2:19:93:
98:83:8b:21:4a:d2:17:9d:76:91:43:bf:13:f1:74:38:f8:80:
e7:fa:24:0e:92:29:03:33:6f:e0:93:1d:a4:78:2c:7f:96:61:
4c:26:0f:e4:f3:f3:86:a4:e6:c8:35:6a:de:f4:e0:38:4a:02:
26:7f:53:c8:05:f2:6c:ab:95:76:d4:39:dc:b6:bc:45:c5:17:
37:df:28:6a:19:ab:10:eb:76:df:80:7e:bd:5f:2a:a8:b5:1c:
65:4c:a9:d8:bb:32:d5:f1:aa:50:51:7e:5b:e7:b7:c7:e5:28:
0e:52:88:91:62:d9:66:1e:2e:9b:b2:b3:cf:b9:7e:8b:36:6f:
e5:2a:ee:26
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYrwMevvpgSBQ6eCn/u0UA1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDAyMTE0MTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjZiMWVmYWJhYTQ1YjI1MTgyNWJkZGIzYjhjNjFmZTdjY2M1ZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA91v/xkX6zBn7/tpYJw5Sug13KbO/
U33wDem+hem2lgA0Iev2cbT53XtGss+BkQ5qFCiN+Gb6o2PHDhZyvqKvWHx1CvbO
u/Bl1+RxHIwrdCyLTp4pMqzQeO0YHnK4geINMcGT8Mf9wgr+Esb+omsuNLcNZ4EZ
QJuRcWM86BA9I1khvrA8n4SZB7wcegtJsRE6D+264Eh45VqAwB8oi7J5zQ8Ha0ol
F1F8Fy/FDA0akMCUpvpcw9Af4dUQW788DRCEv+Wf1CFicVEWbtlaPDvOk8KOGy1L
59g4X5QFhHS9hRqVcrNkjx0WPG5hD/nw4j8fvjdOQE+xiOLAcq4mbGXfDwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFGJrHvq6pFslGCW92zuMYf58zF8VMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWW1zZS1ycWtXeVVZSmIzYk80eGhfbnpNWHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBAMCOqgD
BAACOqoDBABN8pwDBABN8p4DBABTiZ8wDAMEAFiXOQMEAFiXOgMEAFjRwwMEAbLS
5jANBgkqhkiG9w0BAQsFAAOCAQEApiV4SeuHXDRFVPawaXY0lcXw26YvzzjJhtXa
1ck+Yp46YIEsW3VkzdPBCrrNvJznuRKgN1+qLRW80si8h3P8nzXk7PkEdlwI7aQR
sRamyMa/yQWt7ll4YUNxpWXwPvrYfBqjqR4/wS/dmpgLwFdB82tE9q9ZRYxuFp4j
8hmTmIOLIUrSF512kUO/E/F0OPiA5/okDpIpAzNv4JMdpHgsf5ZhTCYP5PPzhqTm
yDVq3vTgOEoCJn9TyAXybKuVdtQ53La8RcUXN98oahmrEOt234B+vV8qqLUcZUyp
2Lsy1fGqUFF+W+e3x+UoDlKIkWLZZh4um7Kzz7l+izZv5SruJg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org