Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kVBcLcWpek66noG3aFY8a40cBLo.roa
File: kVBcLcWpek66noG3aFY8a40cBLo.roa (raw, json)
Hash identifier: wbDntkE5+UuFif7ALEkEWOtdLkOa5fIJukih7MS6lZ0=
Subject key identifier: 91:50:5C:2D:C5:A9:7A:4E:BA:9E:81:B7:68:56:3C:6B:8D:1C:04:BA
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018A9C969AF0DA0F718E7205874D23374574
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kVBcLcWpek66noG3aFY8a40cBLo.roa
Signing time: Sat 16 Sep 2023 06:03:50 +0000
ROA not before: Sat 16 Sep 2023 06:03:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.245.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
77.242.157.0/24 maxlen: 24
88.151.63.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:9c:96:9a:f0:da:0f:71:8e:72:05:87:4d:23:37:45:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 16 06:03:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91505c2dc5a97a4eba9e81b768563c6b8d1c04ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:68:01:6c:5d:2f:09:93:aa:99:5b:33:a0:78:
8b:ec:4f:e7:98:2d:fd:85:04:2d:30:3a:da:14:8d:
42:42:0d:d5:94:cd:f8:9d:5e:4a:88:74:3e:c0:aa:
ce:ed:ae:0a:20:f5:29:a4:6f:9a:c6:11:ed:79:6f:
b9:42:c2:8c:f6:a2:63:da:74:d2:0a:67:fd:8a:dc:
40:f8:91:73:1b:4d:fc:82:1f:5b:3b:82:b0:fb:cc:
e5:02:c9:59:c1:b4:7b:7a:6d:4f:15:99:a7:1c:81:
d6:ae:88:25:4a:a6:0d:fd:87:25:48:04:74:79:c4:
ab:06:c3:27:a4:c2:2c:a8:eb:43:76:55:6c:37:cf:
d2:b8:0a:16:46:a0:57:95:d6:a2:7f:16:08:a8:82:
55:22:7f:a6:10:a9:bc:63:cc:ac:0d:62:d7:bc:89:
75:9a:5e:58:88:fc:dd:9f:ee:96:53:1b:26:08:9d:
81:19:1d:fc:50:47:3f:40:1c:f4:bd:a7:86:2d:24:
db:e6:b0:54:97:5f:d4:e9:22:bc:85:2c:e3:be:9d:
92:c9:0b:44:cc:ae:05:da:c5:f0:b0:d7:e3:2e:4f:
19:f5:e8:ee:36:0c:04:ec:18:66:03:c6:e0:e1:0a:
29:1c:53:ee:d0:83:f8:b7:3a:99:e1:d2:e6:18:bc:
d4:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:50:5C:2D:C5:A9:7A:4E:BA:9E:81:B7:68:56:3C:6B:8D:1C:04:BA
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kVBcLcWpek66noG3aFY8a40cBLo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.169.0/24
77.242.150.0/24
77.242.157.0-77.242.158.255
88.151.56.0/23
88.151.63.0/24
88.209.211.0/24
88.209.217.0/24
88.209.245.0/24
178.210.228.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:5f:c2:15:b5:a7:b5:2b:f9:86:ca:c2:d4:f6:af:1b:85:ca:
36:a4:3c:33:63:77:18:d2:97:e2:72:e9:d5:62:f9:9b:56:92:
a1:cb:de:71:f1:7b:78:f3:84:d5:c1:8b:81:77:c8:72:ce:c4:
e4:3a:5c:a7:b8:1f:5d:53:e0:f0:49:79:9d:ab:de:84:4b:01:
db:4a:ac:50:de:63:d6:82:7c:61:b4:97:f7:6b:c7:74:d0:66:
d3:df:b5:29:1e:f8:df:7f:0c:fb:92:b3:08:67:07:13:7b:bd:
bb:76:21:79:fe:a2:3a:b5:92:6e:67:4a:d9:c0:31:91:c5:d3:
96:e5:10:ec:f7:a0:75:39:b6:34:df:3c:8c:ee:40:ed:b8:13:
6e:74:92:14:a4:85:00:18:ee:c4:72:f3:8a:41:fd:39:85:cb:
19:d4:2e:cd:c0:4f:cf:6f:3e:11:99:64:52:8c:a8:e9:0a:2e:
be:97:8b:32:35:51:a2:1f:36:52:c9:32:5f:93:2b:a2:b1:d9:
e3:db:bc:ad:1b:1e:9f:1a:3f:99:fd:2e:a9:7d:ac:88:f9:2b:
53:a5:4a:83:f6:64:ed:54:3b:62:86:c0:57:d4:99:7a:90:5e:
bd:76:35:43:a4:a1:af:db:70:93:70:19:15:d3:23:08:a4:9f:
de:4c:39:ab
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYqclprw2g9xjnIFh00jN0V0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTE2MDYwMzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTUwNWMyZGM1YTk3YTRlYmE5ZTgxYjc2ODU2M2M2YjhkMWMwNGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGgBbF0vCZOqmVszoHiL7E/nmC39
hQQtMDraFI1CQg3VlM34nV5KiHQ+wKrO7a4KIPUppG+axhHteW+5QsKM9qJj2nTS
Cmf9itxA+JFzG038gh9bO4Kw+8zlAslZwbR7em1PFZmnHIHWroglSqYN/YclSAR0
ecSrBsMnpMIsqOtDdlVsN8/SuAoWRqBXldaifxYIqIJVIn+mEKm8Y8ysDWLXvIl1
ml5YiPzdn+6WUxsmCJ2BGR38UEc/QBz0vaeGLSTb5rBUl1/U6SK8hSzjvp2SyQtE
zK4F2sXwsNfjLk8Z9ejuNgwE7BhmA8bg4QopHFPu0IP4tzqZ4dLmGLzUOQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJFQXC3FqXpOup6Bt2hWPGuNHAS6MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEva1ZCY0xjV3BlazY2bm9HM2FGWThhNDBjQkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAAjqpAwQA
TfKWMAwDBABN8p0DBABN8p4DBAFYlzgDBABYlz8DBABY0dMDBABY0dkDBABY0fUD
BACy0uQDBACy0vowDQYJKoZIhvcNAQELBQADggEBAKRfwhW1p7Ur+YbKwtT2rxuF
yjakPDNjdxjSl+Jy6dVi+ZtWkqHL3nHxe3jzhNXBi4F3yHLOxOQ6XKe4H11T4PBJ
eZ2r3oRLAdtKrFDeY9aCfGG0l/drx3TQZtPftSke+N9/DPuSswhnBxN7vbt2IXn+
ojq1km5nStnAMZHF05blEOz3oHU5tjTfPIzuQO24E250khSkhQAY7sRy84pB/TmF
yxnULs3AT89vPhGZZFKMqOkKLr6XizI1UaIfNlLJMl+TK6Kx2ePbvK0bHp8aP5n9
Lql9rIj5K1OlSoP2ZO1UO2KGwFfUmXqQXr12NUOkoa/bcJNwGRXTIwikn95MOas=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org