Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qh1XajEdRIzsWrIyd8sBjGQ12_U.roa
File: qh1XajEdRIzsWrIyd8sBjGQ12_U.roa (raw, json)
Hash identifier: ejgLgnuoe9bNYCVNA7y4Y0QoK2DurKVs6Ql5HN1RTdU=
Subject key identifier: AA:1D:57:6A:31:1D:44:8C:EC:5A:B2:32:77:CB:01:8C:64:35:DB:F5
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018962AC6032F4BFAB1BB20F61B88AE19758
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qh1XajEdRIzsWrIyd8sBjGQ12_U.roa
Signing time: Mon 17 Jul 2023 07:06:51 +0000
ROA not before: Mon 17 Jul 2023 07:06:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.210.226.0/24 maxlen: 24
178.210.230.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.195.0/24 maxlen: 24
2.58.168.0/24 maxlen: 24
5.182.113.0/24 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:62:ac:60:32:f4:bf:ab:1b:b2:0f:61:b8:8a:e1:97:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 17 07:06:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aa1d576a311d448cec5ab23277cb018c6435dbf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:e8:91:7e:e0:ed:33:00:78:5b:95:20:f5:fe:
6d:83:6a:19:8b:44:4b:2b:a4:2a:fc:4b:5c:11:4d:
44:91:ad:09:97:6b:62:a9:d4:62:04:b8:b0:83:13:
ff:95:e2:44:ad:cc:d5:38:67:aa:5e:a2:71:65:4a:
33:54:a6:b7:6f:b1:8e:5f:46:e8:f6:1d:27:96:5c:
7d:05:f1:72:f5:1b:ad:61:59:16:0e:d8:47:fc:35:
5f:70:99:1c:61:51:21:a8:0b:a2:66:db:a5:28:25:
96:73:dc:fc:bc:cd:6c:b1:c5:b3:7d:bf:a4:2e:d6:
d6:9d:33:17:76:6d:c5:26:00:65:0b:9b:70:42:3a:
f8:24:59:64:bf:52:cb:3c:48:34:15:d1:74:00:d8:
f6:bc:80:94:5e:0f:eb:de:7f:2f:95:a4:e7:41:90:
f9:df:08:c4:e0:b7:02:ad:63:75:8b:9a:5d:30:fc:
07:2b:5e:8c:69:9f:96:36:e7:0e:c0:28:3f:c8:12:
68:a5:94:d9:24:23:f7:ae:c0:0d:9a:30:71:71:32:
27:0a:e1:5d:75:2c:76:c4:55:13:03:d2:22:ae:00:
ee:06:83:a4:e4:7d:7f:4b:69:f6:73:05:51:f2:a8:
72:c0:1a:2e:37:6b:b8:a1:c6:fb:6e:58:56:1c:fe:
4c:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:1D:57:6A:31:1D:44:8C:EC:5A:B2:32:77:CB:01:8C:64:35:DB:F5
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qh1XajEdRIzsWrIyd8sBjGQ12_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0/24
5.182.113.0/24
77.242.150.0/24
88.151.56.0-88.151.58.255
88.209.195.0/24
88.209.211.0/24
88.209.221.0/24
178.210.226.0/24
178.210.230.0/24
Signature Algorithm: sha256WithRSAEncryption
57:a0:d2:b7:3d:e9:0f:ff:6b:69:f0:6a:40:e3:93:39:94:0a:
ae:d0:63:74:6c:d6:93:2e:d5:91:12:34:23:0a:9a:c0:b1:3e:
59:40:23:36:46:d1:40:27:4d:99:6b:3d:1b:a8:02:e7:fc:6f:
fd:8e:d0:11:e4:e0:1a:d8:00:d2:62:3f:60:40:35:df:f9:bf:
e9:32:26:53:5f:a3:2f:49:34:b7:92:10:c4:7f:a5:42:cb:97:
19:d5:5b:e0:c5:60:1d:aa:30:98:57:03:89:d0:a7:c5:29:34:
61:19:57:34:87:4d:87:62:32:61:90:80:32:8b:6f:1c:81:4b:
67:cb:a2:99:6a:c5:9a:ab:45:8e:4a:c8:aa:df:af:05:23:39:
a3:5b:ba:03:25:02:5b:8f:ca:99:32:68:c2:7e:f7:9d:98:8c:
5f:f8:10:69:d5:a7:a4:a6:b6:a7:ba:f8:71:87:5e:b3:a3:89:
7b:f9:f3:dd:af:a8:12:d8:ca:48:98:fc:ca:75:45:62:fe:3d:
b7:50:88:f0:ab:90:46:a3:89:96:12:d6:77:29:47:c1:8e:6a:
06:dc:04:59:d6:ef:06:77:07:05:89:9b:b8:d7:fe:97:ce:07:
b9:33:d3:19:05:46:88:fa:5f:29:15:1e:d5:95:60:20:a2:9c:
28:9a:ed:18
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYlirGAy9L+rG7IPYbiK4ZdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzE3MDcwNjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFkNTc2YTMxMWQ0NDhjZWM1YWIyMzI3N2NiMDE4YzY0MzVkYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OiRfuDtMwB4W5Ug9f5tg2oZi0RL
K6Qq/EtcEU1Eka0Jl2tiqdRiBLiwgxP/leJErczVOGeqXqJxZUozVKa3b7GOX0bo
9h0nllx9BfFy9RutYVkWDthH/DVfcJkcYVEhqAuiZtulKCWWc9z8vM1sscWzfb+k
LtbWnTMXdm3FJgBlC5twQjr4JFlkv1LLPEg0FdF0ANj2vICUXg/r3n8vlaTnQZD5
3wjE4LcCrWN1i5pdMPwHK16MaZ+WNucOwCg/yBJopZTZJCP3rsANmjBxcTInCuFd
dSx2xFUTA9IirgDuBoOk5H1/S2n2cwVR8qhywBouN2u4ocb7blhWHP5MIwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKodV2oxHUSM7FqyMnfLAYxkNdv1MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcWgxWGFqRWRSSXpzV3JJeWQ4c0JqR1ExMl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqoAwQA
BbZxAwQATfKWMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0d0DBACy0uID
BACy0uYwDQYJKoZIhvcNAQELBQADggEBAFeg0rc96Q//a2nwakDjkzmUCq7QY3Rs
1pMu1ZESNCMKmsCxPllAIzZG0UAnTZlrPRuoAuf8b/2O0BHk4BrYANJiP2BANd/5
v+kyJlNfoy9JNLeSEMR/pULLlxnVW+DFYB2qMJhXA4nQp8UpNGEZVzSHTYdiMmGQ
gDKLbxyBS2fLoplqxZqrRY5KyKrfrwUjOaNbugMlAluPypkyaMJ+952YjF/4EGnV
p6Smtqe6+HGHXrOjiXv5892vqBLYykiY/Mp1RWL+PbdQiPCrkEajiZYS1ncpR8GO
agbcBFnW7wZ3BwWJm7jX/pfOB7kz0xkFRoj6XykVHtWVYCCinCia7Rg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org