Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/lcaZ2yxC22tys1dcBeD0RVARGWc.roa
File: lcaZ2yxC22tys1dcBeD0RVARGWc.roa (raw, json)
Hash identifier: wgEJRuu2msbzuUumzHVYHqbAx+BABGgSkKqhtWEf380=
Subject key identifier: 95:C6:99:DB:2C:42:DB:6B:72:B3:57:5C:05:E0:F4:45:50:11:19:67
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 0184A0A40F9D8EB2E51BB8EF0747E5B31E5C
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/lcaZ2yxC22tys1dcBeD0RVARGWc.roa
Signing time: Tue 22 Nov 2022 18:40:17 +0000
ROA not before: Tue 22 Nov 2022 18:40:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 197518
IP address blocks: 185.225.20.0/22 maxlen: 22
185.199.212.0/22 maxlen: 24
45.157.208.0/22 maxlen: 22
185.251.228.0/22 maxlen: 24
185.108.204.0/22 maxlen: 22
194.5.64.0/22 maxlen: 22
45.155.252.0/22 maxlen: 24
185.255.200.0/22 maxlen: 22
194.146.92.0/23 maxlen: 23
45.90.16.0/22 maxlen: 22
185.250.24.0/22 maxlen: 24
188.95.248.0/21 maxlen: 21
185.221.24.0/22 maxlen: 22
193.58.144.0/22 maxlen: 22
176.125.250.0/23 maxlen: 23
176.125.248.0/22 maxlen: 22
45.147.224.0/22 maxlen: 22
194.147.16.0/23 maxlen: 23
185.214.108.0/22 maxlen: 22
130.193.104.0/21 maxlen: 21
2a03:680::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:a0:a4:0f:9d:8e:b2:e5:1b:b8:ef:07:47:e5:b3:1e:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Nov 22 18:40:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=95c699db2c42db6b72b3575c05e0f44550111967
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:37:36:60:47:e7:92:3a:3b:49:a3:5a:f9:d0:
da:19:cd:15:25:13:cf:f5:1e:4b:43:4f:00:4c:7c:
7e:22:3b:01:f0:b4:a0:7b:f7:b3:e3:5e:4b:2f:77:
0e:78:fa:47:cc:02:90:54:45:3a:9c:aa:03:e0:70:
5b:e4:41:a5:df:7f:f7:6c:1c:fa:e4:bf:80:9f:84:
74:ac:61:d6:1b:f9:8c:c3:21:ec:de:d7:6a:d2:15:
c1:9d:51:b8:ba:9c:6b:34:f5:4d:aa:08:a4:de:3c:
f3:f7:69:86:dd:1f:90:de:f1:41:b9:a1:73:4e:d7:
3b:ba:7c:de:0a:d0:f9:c8:5c:9f:04:da:93:bb:1b:
5a:20:fa:88:95:fd:e5:9b:a9:45:ad:e8:2d:ec:65:
bc:3a:7c:f9:96:42:ec:8f:91:34:02:cd:b9:78:7d:
1c:e5:b0:ec:3b:f4:79:eb:b3:f1:62:13:eb:55:22:
74:bb:a1:9b:25:b5:b2:55:cf:ec:29:04:dd:d1:7e:
c1:0c:69:f0:d6:ba:49:b3:ba:3d:eb:ba:95:9d:77:
50:80:00:33:2c:dc:e0:d8:0a:01:bf:a9:7e:83:ce:
da:5d:f3:0b:07:0e:76:20:da:ea:ab:9f:6e:a9:ed:
e8:7f:1c:a7:f5:dd:c8:be:14:95:5b:68:e4:ae:27:
54:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:C6:99:DB:2C:42:DB:6B:72:B3:57:5C:05:E0:F4:45:50:11:19:67
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/lcaZ2yxC22tys1dcBeD0RVARGWc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.16.0/22
45.147.224.0/22
45.155.252.0/22
45.157.208.0/22
130.193.104.0/21
176.125.248.0/22
185.108.204.0/22
185.199.212.0/22
185.214.108.0/22
185.221.24.0/22
185.225.20.0/22
185.250.24.0/22
185.251.228.0/22
185.255.200.0/22
188.95.248.0/21
193.58.144.0/22
194.5.64.0/22
194.146.92.0/23
194.147.16.0/23
IPv6:
2a03:680::/32
Signature Algorithm: sha256WithRSAEncryption
39:cd:a5:cd:f3:a3:fa:97:e7:68:29:11:1f:e9:13:d0:31:9b:
d2:e5:81:fc:9b:98:12:8a:8c:89:d1:32:dc:c7:13:18:59:4e:
cd:b2:7b:65:11:8f:3e:05:90:50:dc:6f:5b:45:fd:7f:5a:a7:
5a:17:f2:e4:c9:1f:b8:63:98:37:78:a8:0c:6a:cb:55:ad:0e:
66:ad:ab:37:21:eb:8b:33:fd:a7:4e:68:9a:b8:86:79:13:a7:
4e:c0:da:37:6c:39:95:51:05:7a:e9:73:d7:24:30:71:11:f1:
49:83:1c:01:1c:02:ff:1e:94:55:11:43:97:cf:9b:71:7a:4c:
3d:11:33:75:5f:d3:dd:42:78:ec:2d:4f:75:be:22:e5:67:ca:
00:d1:df:fb:e5:91:df:fb:b3:71:a0:43:d5:93:e6:3b:b0:c6:
ec:e6:47:6e:07:8e:59:bd:74:3c:cb:75:93:26:26:bc:52:09:
8a:72:2a:c3:5a:d0:8f:7a:18:c3:83:6e:35:5b:04:9e:c0:01:
79:37:0d:30:8b:20:fa:bb:2d:18:9a:1d:8e:13:4b:53:e4:7f:
2b:e2:32:5c:fb:83:69:67:1b:1f:33:c3:a2:cb:04:57:b2:fb:
25:2b:1d:5f:db:ae:7c:93:49:7a:74:1d:d7:99:5f:5d:90:cc:
9f:56:34:9a
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYSgpA+djrLlG7jvB0flsx5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjIxMTIyMTg0MDE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWM2OTlkYjJjNDJkYjZiNzJiMzU3NWMwNWUwZjQ0NTUwMTExOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijc2YEfnkjo7SaNa+dDaGc0VJRPP
9R5LQ08ATHx+IjsB8LSge/ez415LL3cOePpHzAKQVEU6nKoD4HBb5EGl33/3bBz6
5L+An4R0rGHWG/mMwyHs3tdq0hXBnVG4upxrNPVNqgik3jzz92mG3R+Q3vFBuaFz
Ttc7unzeCtD5yFyfBNqTuxtaIPqIlf3lm6lFregt7GW8Onz5lkLsj5E0As25eH0c
5bDsO/R567PxYhPrVSJ0u6GbJbWyVc/sKQTd0X7BDGnw1rpJs7o967qVnXdQgAAz
LNzg2AoBv6l+g87aXfMLBw52INrqq59uqe3ofxyn9d3IvhSVW2jkridUdQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFJXGmdssQttrcrNXXAXg9EVQERlnMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvbGNhWjJ5eEMyMnR5czFkY0JlRDBSVkFSR1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGcBggrBgEFBQcBBwEB/wSBjDCBiTB4BAIAATByAwQCLVoQ
AwQCLZPgAwQCLZv8AwQCLZ3QAwQDgsFoAwQCsH34AwQCuWzMAwQCucfUAwQCudZs
AwQCud0YAwQCueEUAwQCufoYAwQCufvkAwQCuf/IAwQDvF/4AwQCwTqQAwQCwgVA
AwQBwpJcAwQBwpMQMA0EAgACMAcDBQAqAwaAMA0GCSqGSIb3DQEBCwUAA4IBAQA5
zaXN86P6l+doKREf6RPQMZvS5YH8m5gSioyJ0TLcxxMYWU7NsntlEY8+BZBQ3G9b
Rf1/WqdaF/LkyR+4Y5g3eKgMastVrQ5mras3IeuLM/2nTmiauIZ5E6dOwNo3bDmV
UQV66XPXJDBxEfFJgxwBHAL/HpRVEUOXz5txekw9ETN1X9PdQnjsLU91viLlZ8oA
0d/75ZHf+7NxoEPVk+Y7sMbs5kduB45ZvXQ8y3WTJia8UgmKcirDWtCPehjDg241
WwSewAF5Nw0wiyD6uy0Ymh2OE0tT5H8r4jJc+4NpZxsfM8OiywRXsvslKx1f2658
k0l6dB3XmV9dkMyfVjSa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:13 2024 by rpki-client on console-fra.rpki-client.org