Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eIekxu4YzzYSBM-r1IbVtR43pVQ.roa
File: eIekxu4YzzYSBM-r1IbVtR43pVQ.roa (raw, json)
Hash identifier: 786r/vRTyicr7m5LiE9yQaIHak0AF99UyswW1ig8H5U=
Subject key identifier: 78:87:A4:C6:EE:18:CF:36:12:04:CF:AB:D4:86:D5:B5:1E:37:A5:54
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018A40AEAF814DA819126755F9240ABE95DC
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eIekxu4YzzYSBM-r1IbVtR43pVQ.roa
Signing time: Tue 29 Aug 2023 09:45:04 +0000
ROA not before: Tue 29 Aug 2023 09:45:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.245.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.63.0/24 maxlen: 24
77.242.159.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:40:ae:af:81:4d:a8:19:12:67:55:f9:24:0a:be:95:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Aug 29 09:45:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7887a4c6ee18cf361204cfabd486d5b51e37a554
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:21:f9:df:0d:7c:e9:f0:c7:5f:60:3b:72:00:
e4:c5:80:73:a9:e3:60:6e:4b:71:37:27:13:77:8e:
f2:db:72:79:55:82:9e:6e:02:02:fd:71:0a:97:43:
73:24:e5:14:ec:82:a5:66:3b:b0:f5:d5:05:0a:c4:
ca:c3:15:58:a0:11:d6:8a:59:b4:da:83:0a:66:44:
17:1c:39:72:6a:77:58:0d:f6:06:66:e4:20:ce:04:
73:f3:13:75:a7:4e:19:60:3b:8b:cf:17:f8:0e:55:
0c:68:26:00:16:08:a7:e5:d4:c1:32:89:6b:a9:79:
01:05:91:06:a5:3f:94:4d:0c:be:60:2d:ba:fc:53:
9b:1b:5d:b1:8c:eb:1f:99:e5:72:72:8b:99:54:ab:
1d:78:67:ee:40:9a:4a:54:e8:42:88:4a:57:28:cd:
0f:de:cc:e7:6a:f5:66:bb:ac:4b:b6:e9:57:f5:32:
dc:ad:e1:22:e8:17:6f:57:97:e6:62:7f:c6:2f:a7:
3d:29:ac:b3:7c:df:58:e6:13:c9:51:12:70:b8:d3:
64:fc:ad:ab:ca:f6:66:e9:66:96:3b:f9:bb:96:5e:
7b:b6:2a:5d:52:6e:49:09:57:d8:49:ce:27:74:76:
ad:77:72:af:02:bc:11:c0:82:ef:a6:e8:53:a2:ad:
53:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:87:A4:C6:EE:18:CF:36:12:04:CF:AB:D4:86:D5:B5:1E:37:A5:54
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eIekxu4YzzYSBM-r1IbVtR43pVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
77.242.159.0/24
88.151.56.0/23
88.151.63.0/24
88.209.211.0/24
88.209.217.0/24
88.209.245.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:27:b2:95:6a:fb:6c:23:1c:89:77:2a:ab:03:b9:5b:cd:16:
3f:74:2c:1f:07:cb:fe:00:7c:08:2f:df:ac:00:3c:bf:d3:0e:
13:70:4f:06:5a:ac:e5:8d:6d:be:90:24:fe:86:3a:90:ea:0d:
75:1b:dc:ca:c4:fa:61:f0:42:b0:28:90:ee:da:d6:c2:17:29:
86:fe:7f:5e:67:8e:7f:e8:fa:8d:90:be:d6:f2:b1:ee:75:5b:
a0:ee:bd:c8:e1:3c:74:99:7f:87:cc:40:05:e6:a9:6a:fc:08:
e9:47:74:bb:ab:7d:41:f4:ca:87:53:8f:7f:f0:0a:dc:4c:74:
f2:e8:4e:57:de:8c:cf:25:91:e8:ec:15:aa:5e:d5:9e:70:08:
0e:9e:1d:89:a4:59:45:a9:e6:49:44:4a:51:80:62:d1:f4:28:
e4:b0:3a:d0:32:64:0c:ca:c9:a9:df:ec:9b:bc:9c:45:0b:4d:
ab:57:b8:fb:4b:9f:e9:92:ed:ba:1a:ea:ad:50:77:c3:d5:32:
9d:e8:7a:14:c5:77:25:00:36:56:85:47:d0:49:b4:4e:93:88:
62:83:64:fe:16:61:7a:04:43:80:6a:03:db:81:c7:4e:cf:24:
49:02:8b:fd:b2:ac:d0:af:20:af:aa:45:6b:3a:fc:fc:82:97:
c5:b0:c8:c7
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYpArq+BTagZEmdV+SQKvpXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODI5MDk0NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODg3YTRjNmVlMThjZjM2MTIwNGNmYWJkNDg2ZDViNTFlMzdhNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iH53w186fDHX2A7cgDkxYBzqeNg
bktxNycTd47y23J5VYKebgIC/XEKl0NzJOUU7IKlZjuw9dUFCsTKwxVYoBHWilm0
2oMKZkQXHDlyandYDfYGZuQgzgRz8xN1p04ZYDuLzxf4DlUMaCYAFgin5dTBMolr
qXkBBZEGpT+UTQy+YC26/FObG12xjOsfmeVycouZVKsdeGfuQJpKVOhCiEpXKM0P
3sznavVmu6xLtulX9TLcreEi6BdvV5fmYn/GL6c9KayzfN9Y5hPJURJwuNNk/K2r
yvZm6WaWO/m7ll57tipdUm5JCVfYSc4ndHatd3KvArwRwILvpuhToq1TswIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHiHpMbuGM82EgTPq9SG1bUeN6VUMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZUlla3h1NFl6ellTQk0tcjFJYlZ0UjQzcFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATfKWAwQA
TfKfAwQBWJc4AwQAWJc/AwQAWNHTAwQAWNHZAwQAWNH1AwQAstL6MA0GCSqGSIb3
DQEBCwUAA4IBAQA7J7KVavtsIxyJdyqrA7lbzRY/dCwfB8v+AHwIL9+sADy/0w4T
cE8GWqzljW2+kCT+hjqQ6g11G9zKxPph8EKwKJDu2tbCFymG/n9eZ45/6PqNkL7W
8rHudVug7r3I4Tx0mX+HzEAF5qlq/AjpR3S7q31B9MqHU49/8ArcTHTy6E5X3ozP
JZHo7BWqXtWecAgOnh2JpFlFqeZJREpRgGLR9CjksDrQMmQMysmp3+ybvJxFC02r
V7j7S5/pku26GuqtUHfD1TKd6HoUxXclADZWhUfQSbROk4hig2T+FmF6BEOAagPb
gcdOzyRJAov9sqzQryCvqkVrOvz8gpfFsMjH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org