Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/c43KFdfix2a3BSiQzUOH9fpT0Ik.roa
File: c43KFdfix2a3BSiQzUOH9fpT0Ik.roa (raw, json)
Hash identifier: OGruVxwelq/i3wEeoFqvSTt2IqQNb7vvCYv72wOONTo=
Subject key identifier: 73:8D:CA:15:D7:E2:C7:66:B7:05:28:90:CD:43:87:F5:FA:53:D0:89
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018A8321E960D86FE1CBB8818951B27701FF
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/c43KFdfix2a3BSiQzUOH9fpT0Ik.roa
Signing time: Mon 11 Sep 2023 07:25:52 +0000
ROA not before: Mon 11 Sep 2023 07:25:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.245.0/24 maxlen: 24
88.209.249.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.63.0/24 maxlen: 24
77.242.159.0/24 maxlen: 24
88.209.201.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:83:21:e9:60:d8:6f:e1:cb:b8:81:89:51:b2:77:01:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 11 07:25:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=738dca15d7e2c766b7052890cd4387f5fa53d089
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:71:f9:03:da:bc:d7:ce:cb:a7:ad:4e:2f:11:
2c:d0:cb:2a:51:1a:2a:ae:08:82:ac:0c:7b:a0:08:
d1:57:4a:f6:9f:4d:c5:bd:b6:9b:60:c4:fd:fb:9a:
03:44:30:36:15:c3:11:bf:37:77:31:46:df:5a:84:
42:63:20:99:b4:31:cc:6c:1f:d8:cc:e0:d5:df:fa:
7b:88:03:a4:2d:15:48:9d:d7:ef:e6:b3:f0:0a:9e:
ba:3b:29:41:f9:cc:d9:42:51:c4:e6:3f:b6:50:1d:
3b:bf:36:10:fb:51:f9:d5:e5:4f:79:81:38:a8:01:
7e:f9:a6:e6:5d:0d:44:18:a8:d2:c9:49:e9:a1:13:
e1:89:09:3d:d7:df:2c:b0:c0:f0:a3:c0:fe:03:70:
fa:d6:5e:12:d4:34:7a:98:d0:de:1d:2a:ff:5e:c8:
24:4b:16:b1:3d:02:ca:e7:bb:5e:40:13:fd:65:63:
49:e9:1b:a8:90:e0:51:96:7b:b9:d6:a0:b3:af:46:
2f:3e:d1:fc:31:b1:00:c3:15:c2:fc:fe:ea:a4:5e:
c8:71:a0:12:4f:47:ed:85:b7:bb:75:26:b2:a1:6b:
9b:58:b3:21:ec:cf:fb:5d:4b:a0:8f:2a:6a:2e:65:
88:27:2b:0f:27:ef:f8:cd:15:eb:60:6f:d4:8a:aa:
72:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:8D:CA:15:D7:E2:C7:66:B7:05:28:90:CD:43:87:F5:FA:53:D0:89
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/c43KFdfix2a3BSiQzUOH9fpT0Ik.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.169.0/24
77.242.150.0/24
77.242.159.0/24
88.151.56.0/23
88.151.63.0/24
88.209.201.0/24
88.209.211.0/24
88.209.217.0/24
88.209.245.0/24
88.209.249.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:ab:d8:42:eb:40:c9:81:e4:61:fe:ae:76:0a:0d:9c:81:4d:
51:38:d0:ca:89:ef:be:52:5c:96:97:65:67:f0:a9:7d:95:2b:
bc:64:35:a1:c7:72:eb:92:d9:82:0b:dd:60:82:e3:b9:de:fb:
74:be:15:53:bf:67:dd:12:d9:32:aa:fb:8d:84:d3:ae:ad:6b:
97:da:ae:08:da:6c:f9:56:a2:80:aa:5c:6d:92:2f:e9:be:31:
6c:72:04:fd:35:6d:91:7f:c8:31:71:4d:ca:eb:73:e3:77:b8:
37:83:06:5d:90:2d:b2:0a:4f:82:80:7a:7b:cb:d4:5a:49:c9:
99:24:1a:33:b0:e1:57:8c:88:14:e7:f3:24:1a:a1:a2:67:52:
09:68:3b:fe:f5:60:69:fe:a0:e0:11:bb:97:17:f5:03:35:08:
4d:d2:ab:55:c5:48:df:7c:a0:52:69:c2:a8:2e:59:71:b3:22:
6d:79:1a:53:e5:90:a3:42:dc:b4:1d:c7:df:c4:09:40:3b:25:
44:a7:fd:dd:e2:d9:0f:e4:c2:22:fb:1e:10:c3:24:22:d8:b9:
30:51:9d:47:71:60:42:74:c0:8a:8d:8e:4e:8a:47:0e:3c:1c:
5c:5c:7a:a1:4c:85:0f:41:b4:20:3d:2d:8e:81:4e:91:a6:c3:
3a:51:b6:37
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYqDIelg2G/hy7iBiVGydwH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTExMDcyNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzhkY2ExNWQ3ZTJjNzY2YjcwNTI4OTBjZDQzODdmNWZhNTNkMDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXH5A9q8187Lp61OLxEs0MsqURoq
rgiCrAx7oAjRV0r2n03FvbabYMT9+5oDRDA2FcMRvzd3MUbfWoRCYyCZtDHMbB/Y
zODV3/p7iAOkLRVIndfv5rPwCp66OylB+czZQlHE5j+2UB07vzYQ+1H51eVPeYE4
qAF++abmXQ1EGKjSyUnpoRPhiQk9198ssMDwo8D+A3D61l4S1DR6mNDeHSr/Xsgk
SxaxPQLK57teQBP9ZWNJ6RuokOBRlnu51qCzr0YvPtH8MbEAwxXC/P7qpF7IcaAS
T0fthbe7dSayoWubWLMh7M/7XUugjypqLmWIJysPJ+/4zRXrYG/Uiqpy7wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFHONyhXX4sdmtwUokM1Dh/X6U9CJMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYzQzS0ZkZml4MmEzQlNpUXpVT0g5ZnBUMElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAAjqpAwQA
TfKWAwQATfKfAwQBWJc4AwQAWJc/AwQAWNHJAwQAWNHTAwQAWNHZAwQAWNH1AwQA
WNH5AwQAstL6MA0GCSqGSIb3DQEBCwUAA4IBAQCkq9hC60DJgeRh/q52Cg2cgU1R
ONDKie++UlyWl2Vn8Kl9lSu8ZDWhx3LrktmCC91gguO53vt0vhVTv2fdEtkyqvuN
hNOurWuX2q4I2mz5VqKAqlxtki/pvjFscgT9NW2Rf8gxcU3K63Pjd7g3gwZdkC2y
Ck+CgHp7y9RaScmZJBozsOFXjIgU5/MkGqGiZ1IJaDv+9WBp/qDgEbuXF/UDNQhN
0qtVxUjffKBSacKoLllxsyJteRpT5ZCjQty0HcffxAlAOyVEp/3d4tkP5MIi+x4Q
wyQi2LkwUZ1HcWBCdMCKjY5OikcOPBxcXHqhTIUPQbQgPS2OgU6RpsM6UbY3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org