Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qNgmn7_8lzCsqzyITlhaidovoOY.roa
File: qNgmn7_8lzCsqzyITlhaidovoOY.roa (raw, json)
Hash identifier: 1eZpiHXoXvW03QblhXrKD2vUUdC36AygXh69TbaWO0E=
Subject key identifier: A8:D8:26:9F:BF:FC:97:30:AC:AB:3C:88:4E:58:5A:89:DA:2F:A0:E6
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018A89F59E8D80D93F6B234EFA883FB184B9
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qNgmn7_8lzCsqzyITlhaidovoOY.roa
Signing time: Tue 12 Sep 2023 15:14:50 +0000
ROA not before: Tue 12 Sep 2023 15:14:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 88.209.245.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.151.63.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:89:f5:9e:8d:80:d9:3f:6b:23:4e:fa:88:3f:b1:84:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 12 15:14:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a8d8269fbffc9730acab3c884e585a89da2fa0e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:64:11:33:52:af:7d:46:c6:51:6b:20:36:1d:
dc:e6:c6:66:77:69:ae:0c:93:a2:02:75:c3:54:68:
ab:b1:34:97:6f:2f:de:71:84:4d:67:9c:33:06:b3:
a9:8c:a8:8e:21:4c:ec:15:a8:91:1e:4d:61:e6:7d:
6d:01:9b:8b:9f:c6:79:23:ff:08:b2:05:47:56:0b:
f9:12:0d:0c:6b:3c:29:b7:ae:56:3c:df:5e:21:04:
8b:ee:47:bd:b9:e7:b9:0b:1e:2a:07:15:37:13:c6:
54:16:1e:c8:36:27:8b:8a:8d:5a:8a:df:b9:58:11:
75:5d:e9:77:1c:e4:36:cb:13:2e:d0:17:cc:c8:56:
4c:8c:70:ce:32:d2:f9:3e:f9:4d:ae:74:9a:de:92:
c2:1a:3b:e9:2b:de:48:e4:ef:16:79:6f:ca:33:14:
c5:3d:fe:7d:18:90:fe:02:5b:24:b9:54:98:b5:6a:
1e:2a:8c:f2:a5:c2:21:95:2d:93:ed:59:ef:b1:3f:
9e:93:68:6f:69:2e:a5:85:02:74:bb:4a:2b:7a:2f:
38:4f:74:88:35:3a:ad:ca:5a:3f:8b:8a:f0:35:74:
5b:16:c5:1e:fe:11:39:9f:ff:02:c4:90:cc:33:d5:
bc:e8:0e:0d:b1:c3:b4:f8:1b:d8:1b:49:d3:c7:cc:
6a:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:D8:26:9F:BF:FC:97:30:AC:AB:3C:88:4E:58:5A:89:DA:2F:A0:E6
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qNgmn7_8lzCsqzyITlhaidovoOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.169.0/24
77.242.150.0/24
88.151.56.0/23
88.151.63.0/24
88.209.211.0/24
88.209.217.0/24
88.209.245.0/24
178.210.250.0/24
Signature Algorithm: sha256WithRSAEncryption
90:2d:9b:e7:de:dc:52:e4:ba:4a:96:4d:8b:aa:46:a8:31:19:
0c:1d:03:ba:45:4f:8d:a5:a2:d7:a2:e5:73:30:46:92:75:ae:
1f:65:2d:87:46:70:2f:58:68:a4:98:1c:62:a9:e9:6f:54:39:
97:ab:39:3f:fc:00:91:30:cd:a6:97:a4:0e:b5:b4:58:b0:74:
ff:3c:6d:42:88:b8:33:7e:7a:13:e6:11:53:17:8e:36:24:1f:
c8:66:d0:36:4d:61:f2:c9:a0:18:ef:4e:4c:be:b9:ac:49:e0:
18:6e:bd:2c:62:f6:7f:07:07:39:19:e9:19:79:b2:ac:98:b3:
47:71:e4:53:bd:9b:ec:d8:66:ae:03:a2:4d:80:3d:3b:e3:c7:
3f:01:ad:9d:3e:8a:3b:71:a0:02:40:ef:0a:87:84:1c:1d:47:
88:65:ba:17:12:56:eb:d2:03:4d:9f:fb:49:59:a7:37:34:fe:
27:06:e6:83:f1:67:ca:80:07:b1:02:00:63:64:9b:25:23:5a:
07:d0:91:da:e6:44:44:4e:83:5c:81:d8:4b:56:b1:76:91:f4:
ff:87:51:87:05:9c:bb:e0:3d:50:31:f0:48:14:92:29:5e:29:
42:b6:d8:66:e4:35:f9:c7:c9:00:89:59:9c:ab:06:b1:02:9a:
97:0f:b0:e5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYqJ9Z6NgNk/ayNO+og/sYS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTEyMTUxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGQ4MjY5ZmJmZmM5NzMwYWNhYjNjODg0ZTU4NWE4OWRhMmZhMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7mQRM1KvfUbGUWsgNh3c5sZmd2mu
DJOiAnXDVGirsTSXby/ecYRNZ5wzBrOpjKiOIUzsFaiRHk1h5n1tAZuLn8Z5I/8I
sgVHVgv5Eg0Mazwpt65WPN9eIQSL7ke9uee5Cx4qBxU3E8ZUFh7INieLio1ait+5
WBF1Xel3HOQ2yxMu0BfMyFZMjHDOMtL5PvlNrnSa3pLCGjvpK95I5O8WeW/KMxTF
Pf59GJD+AlskuVSYtWoeKozypcIhlS2T7VnvsT+ek2hvaS6lhQJ0u0orei84T3SI
NTqtylo/i4rwNXRbFsUe/hE5n/8CxJDMM9W86A4NscO0+BvYG0nTx8xq/wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKjYJp+//JcwrKs8iE5YWonaL6DmMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcU5nbW43XzhsekNzcXp5SVRsaGFpZG92b09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAAjqpAwQA
TfKWAwQBWJc4AwQAWJc/AwQAWNHTAwQAWNHZAwQAWNH1AwQAstL6MA0GCSqGSIb3
DQEBCwUAA4IBAQCQLZvn3txS5LpKlk2LqkaoMRkMHQO6RU+NpaLXouVzMEaSda4f
ZS2HRnAvWGikmBxiqelvVDmXqzk//ACRMM2ml6QOtbRYsHT/PG1CiLgzfnoT5hFT
F442JB/IZtA2TWHyyaAY705MvrmsSeAYbr0sYvZ/Bwc5GekZebKsmLNHceRTvZvs
2GauA6JNgD0748c/Aa2dPoo7caACQO8Kh4QcHUeIZboXElbr0gNNn/tJWac3NP4n
BuaD8WfKgAexAgBjZJslI1oH0JHa5kREToNcgdhLVrF2kfT/h1GHBZy74D1QMfBI
FJIpXilCtthm5DX5x8kAiVmcqwaxApqXD7Dl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org