Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eidc8QqkefPgpjmcwKaNTMQnAME.roa
File: eidc8QqkefPgpjmcwKaNTMQnAME.roa (raw, json)
Hash identifier: D4bTQX2aycQpT0oS9KHqhEeeXDkJmjZZHUjDwmtmKdw=
Subject key identifier: 7A:27:5C:F1:0A:A4:79:F3:E0:A6:39:9C:C0:A6:8D:4C:C4:27:00:C1
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01892642DD206AB6CFD539EA4B01F31B5F52
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eidc8QqkefPgpjmcwKaNTMQnAME.roa
Signing time: Wed 05 Jul 2023 13:34:23 +0000
ROA not before: Wed 05 Jul 2023 13:34:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 88.209.245.0/24 maxlen: 24
88.209.253.0/24 maxlen: 24
178.210.228.0/24 maxlen: 24
178.210.252.0/24 maxlen: 24
88.151.56.0/24 maxlen: 24
77.242.157.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
88.151.62.0/24 maxlen: 24
2.58.170.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:26:42:dd:20:6a:b6:cf:d5:39:ea:4b:01:f3:1b:5f:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 5 13:34:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7a275cf10aa479f3e0a6399cc0a68d4cc42700c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fd:f9:ae:a0:a1:c0:09:01:55:8b:63:b8:06:
04:f6:ee:38:f9:e2:bf:5e:a9:31:c7:5d:3e:bb:25:
3e:43:9d:0b:cc:42:2e:23:93:26:31:04:85:19:b1:
74:7e:e0:ca:fc:0b:8a:d4:aa:b0:a9:95:4b:24:94:
aa:ca:a2:f3:0e:47:ca:3d:8a:68:73:da:bf:39:c1:
3c:c7:b3:86:1a:84:40:49:84:f2:ee:bb:1a:b9:34:
dd:17:5e:7b:c0:25:65:c8:81:49:65:5a:b3:cd:c0:
87:48:e4:55:43:9e:36:ab:05:52:6f:cd:fc:05:9c:
27:da:06:9a:8a:30:45:0c:c4:2e:f5:6f:71:de:a2:
a0:14:af:d0:50:76:83:ca:5d:6d:55:a3:5d:0f:f5:
ca:ca:5d:04:5c:24:5b:13:34:88:50:c0:ef:69:41:
85:47:a0:3b:30:64:4d:ea:81:99:d2:6e:70:59:34:
d3:dd:2f:db:bf:2a:4f:c4:e2:28:04:1f:82:1d:0b:
99:23:2e:f0:3e:f8:a9:a1:7f:98:df:de:5f:2c:7a:
01:86:5c:0f:3e:d5:a8:0a:20:84:4a:4a:1b:7e:56:
e6:84:00:23:a7:5c:b0:77:b4:f8:99:e9:cb:30:9c:
1f:9b:75:42:b7:9e:ad:39:9c:9c:a6:f0:f5:8d:67:
0b:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:27:5C:F1:0A:A4:79:F3:E0:A6:39:9C:C0:A6:8D:4C:C4:27:00:C1
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eidc8QqkefPgpjmcwKaNTMQnAME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.170.0/24
77.242.157.0-77.242.158.255
88.151.56.0/24
88.151.62.0/24
88.209.226.0/24
88.209.245.0/24
88.209.253.0/24
178.210.228.0/24
178.210.252.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:35:42:9d:75:20:a4:75:ba:1f:2a:3a:5c:51:e0:96:8d:f1:
dd:aa:1e:65:76:58:4a:4a:27:41:bd:9a:12:58:11:89:cb:02:
6d:d1:28:79:80:ce:7f:85:37:73:8a:e0:f8:30:d5:a0:01:9e:
e6:f7:15:19:51:bd:11:58:78:9c:fd:3c:35:2f:37:e2:01:a0:
1a:39:f8:15:c1:3a:63:8e:9e:65:7c:26:9b:13:93:0f:14:18:
71:82:e6:6f:3a:8e:e5:c8:1a:ef:a9:0b:24:17:4b:f4:c2:19:
1c:4b:77:9d:6d:45:4d:8d:f7:f7:db:b8:3e:06:67:5a:4d:5a:
c8:2f:51:88:2b:28:12:f7:6e:ce:f0:4d:17:7e:8a:17:35:b3:
9b:01:a9:f4:84:3f:6b:44:83:07:c2:81:5d:e0:75:95:8b:27:
2b:7c:9b:e7:34:c0:cc:1c:fc:49:16:74:99:61:d2:68:6a:75:
04:99:20:10:e6:40:63:b1:3d:15:5c:a8:1b:f7:91:4d:00:fb:
27:54:ca:a1:42:72:37:22:fa:2e:a3:c8:b6:ff:1a:11:77:4c:
b1:28:30:0e:80:e8:bc:83:cc:de:62:40:78:16:dc:53:10:82:
d8:96:c9:a0:4a:33:f9:d1:0b:e9:b5:61:e3:23:6c:0c:7e:f7:
7c:e5:5e:a1
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYkmQt0garbP1TnqSwHzG19SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzA1MTMzNDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTI3NWNmMTBhYTQ3OWYzZTBhNjM5OWNjMGE2OGQ0Y2M0MjcwMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv35rqChwAkBVYtjuAYE9u44+eK/
Xqkxx10+uyU+Q50LzEIuI5MmMQSFGbF0fuDK/AuK1KqwqZVLJJSqyqLzDkfKPYpo
c9q/OcE8x7OGGoRASYTy7rsauTTdF157wCVlyIFJZVqzzcCHSORVQ542qwVSb838
BZwn2gaaijBFDMQu9W9x3qKgFK/QUHaDyl1tVaNdD/XKyl0EXCRbEzSIUMDvaUGF
R6A7MGRN6oGZ0m5wWTTT3S/bvypPxOIoBB+CHQuZIy7wPvipoX+Y395fLHoBhlwP
PtWoCiCESkobflbmhAAjp1ywd7T4menLMJwfm3VCt56tOZycpvD1jWcLwwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHonXPEKpHnz4KY5nMCmjUzEJwDBMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZWlkYzhRcWtlZlBncGptY3dLYU5UTVFuQU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqqMAwD
BABN8p0DBABN8p4DBABYlzgDBABYlz4DBABY0eIDBABY0fUDBABY0f0DBACy0uQD
BACy0vwwDQYJKoZIhvcNAQELBQADggEBAG81Qp11IKR1uh8qOlxR4JaN8d2qHmV2
WEpKJ0G9mhJYEYnLAm3RKHmAzn+FN3OK4Pgw1aABnub3FRlRvRFYeJz9PDUvN+IB
oBo5+BXBOmOOnmV8JpsTkw8UGHGC5m86juXIGu+pCyQXS/TCGRxLd51tRU2N9/fb
uD4GZ1pNWsgvUYgrKBL3bs7wTRd+ihc1s5sBqfSEP2tEgwfCgV3gdZWLJyt8m+c0
wMwc/EkWdJlh0mhqdQSZIBDmQGOxPRVcqBv3kU0A+ydUyqFCcjci+i6jyLb/GhF3
TLEoMA6A6LyDzN5iQHgW3FMQgtiWyaBKM/nRC+m1YeMjbAx+93zlXqE=
-----END CERTIFICATE-----
Generated at Sun May 11 22:23:58 2025 by rpki-client