Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/LsCYYglMtUNzvH2dcoIByRdXlqA.roa
File: LsCYYglMtUNzvH2dcoIByRdXlqA.roa (raw, json)
Hash identifier: 15YoOLl4vLZXDNrNqaaWOOFL3i9kOj/FuLiriSg3fc8=
Subject key identifier: 2E:C0:98:62:09:4C:B5:43:73:BC:7D:9D:72:82:01:C9:17:57:96:A0
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 0DB958E4
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/LsCYYglMtUNzvH2dcoIByRdXlqA.roa
Signing time: Thu 21 Apr 2022 00:08:25 +0000
ROA not before: Thu 21 Apr 2022 00:08:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8399
IP address blocks: 37.97.64.0/19 maxlen: 19
185.24.140.0/22 maxlen: 22
88.213.224.0/19 maxlen: 19
37.97.69.0/24 maxlen: 24
37.97.70.0/24 maxlen: 24
217.181.128.0/17 maxlen: 17
37.97.80.0/23 maxlen: 23
185.6.92.0/22 maxlen: 22
178.255.160.0/21 maxlen: 21
37.97.96.0/20 maxlen: 20
195.135.0.0/17 maxlen: 17
217.74.96.0/20 maxlen: 20
195.135.0.0/18 maxlen: 18
185.65.248.0/22 maxlen: 22
157.143.128.0/17 maxlen: 17
81.93.0.0/19 maxlen: 19
217.181.250.0/23 maxlen: 23
109.235.232.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
185.32.208.0/22 maxlen: 22
80.251.96.0/20 maxlen: 20
178.157.16.0/20 maxlen: 20
195.135.48.0/24 maxlen: 24
178.157.32.0/20 maxlen: 20
65.39.64.0/19 maxlen: 19
185.8.252.0/22 maxlen: 22
185.42.176.0/22 maxlen: 22
2a0c:600::/29 maxlen: 29
2a02:c440::/29 maxlen: 29
2a02:6e8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 230250724 (0xdb958e4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Apr 21 00:08:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2ec09862094cb54373bc7d9d728201c9175796a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:57:b4:cd:48:21:37:7c:46:b8:6f:b3:de:6c:
1b:82:dd:be:c3:06:77:ed:e3:df:4d:10:db:c5:02:
a2:d0:64:34:56:fc:a9:88:1d:8f:a4:73:52:95:a0:
38:c3:e8:c9:fa:77:f5:b4:8f:69:42:76:e9:7c:e8:
3d:ea:d6:ab:6f:99:cd:22:e7:98:75:10:4b:66:3c:
24:04:17:74:09:e5:94:44:3c:1b:47:7c:94:f2:d8:
28:a9:6d:c8:f3:71:2b:3c:b9:ff:e9:3f:4c:7a:0c:
af:e6:86:ac:49:70:29:7d:8e:05:13:c9:f4:b9:2c:
05:b6:cf:e3:75:a6:b2:42:bb:7f:83:ba:90:4a:39:
c2:c4:26:b0:e7:0e:12:47:32:6f:f5:64:d1:d1:b0:
ff:cf:d3:0f:cc:a5:5a:89:ed:e7:8a:1b:9a:79:a5:
eb:f5:0e:ea:69:52:6e:46:2a:12:d5:a2:9c:cd:13:
6d:3f:7e:58:02:c6:b0:a8:79:f2:7a:94:c6:28:77:
0b:dd:30:e4:63:f0:40:9f:a0:ce:75:b2:9a:d8:fb:
09:e9:5a:42:67:f4:0f:92:0b:68:ea:da:82:40:98:
94:6e:0f:67:7c:19:81:b5:44:df:5f:ad:6a:2c:27:
37:6c:21:ca:82:18:8b:59:af:1f:ab:20:6c:00:c8:
8c:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:C0:98:62:09:4C:B5:43:73:BC:7D:9D:72:82:01:C9:17:57:96:A0
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/LsCYYglMtUNzvH2dcoIByRdXlqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.64.0-37.97.111.255
65.39.64.0/19
80.251.96.0/20
81.93.0.0/19
88.213.224.0/19
109.235.232.0/24
109.235.239.0/24
157.143.128.0/17
178.157.16.0-178.157.47.255
178.255.160.0/21
185.6.92.0/22
185.8.252.0/22
185.24.140.0/22
185.32.208.0/22
185.42.176.0/22
185.65.248.0/22
195.135.0.0/17
217.74.96.0/20
217.181.128.0/17
IPv6:
2a02:6e8::/32
2a02:c440::/29
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
1c:42:1e:1a:34:63:d1:68:bc:8b:e1:99:f4:a0:16:5b:9d:a9:
91:fb:dc:29:85:51:e1:10:e1:61:67:f6:8f:c9:d7:79:13:23:
c7:82:cc:4d:a6:10:9f:b7:e0:66:bc:aa:0b:d0:b0:29:8d:66:
97:e3:88:db:22:e4:e0:5a:1b:64:ae:7b:d3:e9:d2:e4:df:d2:
75:01:10:11:4a:3f:8e:e0:86:8a:e1:2a:47:7f:7e:6a:e7:55:
35:ca:7f:bb:60:31:75:02:96:60:4d:66:fe:ce:91:f5:d8:ec:
e2:57:f8:61:7b:11:8f:c1:9f:61:98:16:64:8c:17:d8:a2:6e:
34:4f:22:30:22:a1:37:97:26:d6:1b:07:dd:9a:3e:b3:98:c7:
bc:4d:56:40:ee:54:9a:aa:e1:63:21:a6:8d:cb:d8:48:57:ad:
2e:a0:22:9a:f6:8e:f3:18:87:52:4f:54:cd:56:e4:46:dd:a6:
f4:3b:e5:0a:43:cd:44:fa:b6:d7:88:43:a4:84:9e:ec:c5:71:
e7:bf:de:0d:e4:4f:12:a0:46:fa:f5:b2:46:82:7d:21:a2:e0:
3f:ea:c0:f1:1d:98:00:7f:9f:27:35:3d:63:e5:d8:da:7b:48:
de:d2:e6:36:78:89:91:28:a9:09:c0:2c:6a:56:7f:9e:fe:48:
a5:c9:ac:f6
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIEDblY5DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MTQ3OWI4M2M1MjBkNzg0NDQ1YzI0ODI4YmFiNjMzZjBkNzAyY2YzMB4XDTIyMDQy
MTAwMDgyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmVjMDk4NjIwOTRj
YjU0MzczYmM3ZDlkNzI4MjAxYzkxNzU3OTZhMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZXtM1IITd8Rrhvs95sG4LdvsMGd+3j300Q28UCotBkNFb8
qYgdj6RzUpWgOMPoyfp39bSPaUJ26XzoPerWq2+ZzSLnmHUQS2Y8JAQXdAnllEQ8
G0d8lPLYKKltyPNxKzy5/+k/THoMr+aGrElwKX2OBRPJ9LksBbbP43WmskK7f4O6
kEo5wsQmsOcOEkcyb/Vk0dGw/8/TD8ylWont54obmnml6/UO6mlSbkYqEtWinM0T
bT9+WALGsKh58nqUxih3C90w5GPwQJ+gznWymtj7CelaQmf0D5ILaOragkCYlG4P
Z3wZgbVE31+taiwnN2whyoIYi1mvH6sgbADIjJcCAwEAAaOCAqcwggKjMB0GA1Ud
DgQWBBQuwJhiCUy1Q3O8fZ1yggHJF1eWoDAfBgNVHSMEGDAWgBTxR5uDxSDXhERc
JIKLq2M/DXAs8zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhVZWJnOFVnMTRSRVhDU0NpNnRqUHcxd0xQTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvYTk3ZTIxLWI1ZmUtNGE1Ni1hOThhLWJkZDRhZjVmMzVkMS8x
L0xzQ1lZZ2xNdFVOenZIMmRjb0lCeVJkWGxxQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
YTk3ZTIxLWI1ZmUtNGE1Ni1hOThhLWJkZDRhZjVmMzVkMS8xLzhVZWJnOFVnMTRS
RVhDU0NpNnRqUHcxd0xQTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
vAYIKwYBBQUHAQcBAf8EgawwgakwgYkEAgABMIGCMAwDBAYlYUADBAQlYWADBAVB
J0ADBARQ+2ADBAVRXQADBAVY1eADBABt6+gDBABt6+8DBAedj4AwDAMEBLKdEAME
BLKdIAMEA7L/oAMEArkGXAMEArkI/AMEArkYjAMEArkg0AMEArkqsAMEArlB+AME
B8OHAAMEBNlKYAMEB9m1gDAbBAIAAjAVAwUAKgIG6AMFAyoCxEADBQMqDAYAMA0G
CSqGSIb3DQEBCwUAA4IBAQAcQh4aNGPRaLyL4Zn0oBZbnamR+9wphVHhEOFhZ/aP
ydd5EyPHgsxNphCft+BmvKoL0LApjWaX44jbIuTgWhtkrnvT6dLk39J1ARARSj+O
4IaK4SpHf35q51U1yn+7YDF1ApZgTWb+zpH12OziV/hhexGPwZ9hmBZkjBfYom40
TyIwIqE3lybWGwfdmj6zmMe8TVZA7lSaquFjIaaNy9hIV60uoCKa9o7zGIdST1TN
VuRG3ab0O+UKQ81E+rbXiEOkhJ7sxXHnv94N5E8SoEb69bJGgn0houA/6sDxHZgA
f58nNT1j5djae0je0uY2eImRKKkJwCxqVn+e/kilyaz2
-----END CERTIFICATE-----
Generated at Sun Apr 20 18:58:05 2025 by rpki-client