Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/LP1xEqf5VzWekR9UNeGBo27vq4w.roa
File: LP1xEqf5VzWekR9UNeGBo27vq4w.roa (raw, json)
Hash identifier: FpDFarVZQQq/AJvMP7XcpIvbJsfoveTrcf7LvchtjI8=
Subject key identifier: 2C:FD:71:12:A7:F9:57:35:9E:91:1F:54:35:E1:81:A3:6E:EF:AB:8C
Certificate issuer: /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial: 018BCAB0F88EB66EDDCBC350BA8F146A91D1
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/LP1xEqf5VzWekR9UNeGBo27vq4w.roa
Signing time: Mon 13 Nov 2023 21:57:57 +0000
ROA not before: Mon 13 Nov 2023 21:57:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1680
IP address blocks: 212.29.192.0/18 maxlen: 18
176.13.0.0/16 maxlen: 24
212.235.0.0/17 maxlen: 24
89.138.0.0/16 maxlen: 16
207.232.0.0/18 maxlen: 18
62.90.135.0/24 maxlen: 24
212.29.244.0/24 maxlen: 24
147.234.84.0/24 maxlen: 24
147.234.83.0/24 maxlen: 24
147.234.86.0/24 maxlen: 24
147.234.26.0/24 maxlen: 24
147.234.28.0/24 maxlen: 24
147.234.27.0/24 maxlen: 24
147.234.27.0/25 maxlen: 25
147.234.27.128/25 maxlen: 25
82.166.201.128/25 maxlen: 25
147.234.43.0/24 maxlen: 24
212.150.0.0/16 maxlen: 24
176.12.128.0/17 maxlen: 24
194.90.1.0/24 maxlen: 24
62.90.0.0/16 maxlen: 24
194.90.0.0/16 maxlen: 24
46.117.0.0/16 maxlen: 16
212.143.194.0/24 maxlen: 24
46.210.0.0/16 maxlen: 24
93.173.0.0/16 maxlen: 16
199.203.1.0/24 maxlen: 24
199.203.0.0/16 maxlen: 16
89.139.0.0/16 maxlen: 16
82.166.0.0/16 maxlen: 24
199.203.21.0/24 maxlen: 24
85.65.0.0/16 maxlen: 16
46.116.0.0/16 maxlen: 16
212.143.0.0/16 maxlen: 24
147.234.17.0/24 maxlen: 24
199.203.191.0/24 maxlen: 24
147.234.22.0/24 maxlen: 24
80.250.144.0/20 maxlen: 24
95.35.0.0/16 maxlen: 24
82.166.100.0/22 maxlen: 24
82.166.112.0/21 maxlen: 24
192.118.30.0/23 maxlen: 23
192.118.28.0/22 maxlen: 22
192.118.28.0/23 maxlen: 23
93.172.0.0/16 maxlen: 16
62.0.88.0/22 maxlen: 24
62.0.87.0/24 maxlen: 24
62.0.94.0/24 maxlen: 24
62.0.92.0/23 maxlen: 24
109.253.0.0/16 maxlen: 24
62.0.0.0/16 maxlen: 24
85.64.0.0/16 maxlen: 16
217.132.0.0/16 maxlen: 16
109.186.0.0/16 maxlen: 16
85.250.0.0/16 maxlen: 16
62.0.116.0/22 maxlen: 24
62.0.114.0/23 maxlen: 24
62.0.120.0/21 maxlen: 24
62.0.128.0/23 maxlen: 24
2001:4df0::/32 maxlen: 32
2a02:148::/32 maxlen: 32
2a02:149::/32 maxlen: 32
2001:4df2::/32 maxlen: 32
2001:4df3::/32 maxlen: 32
2a02:148::/29 maxlen: 32
2a02:14b::/32 maxlen: 32
2a02:14f::/32 maxlen: 32
2001:4df7::/32 maxlen: 32
2a02:14e::/32 maxlen: 32
2001:4df6::/32 maxlen: 32
2001:4df5::/32 maxlen: 32
2a02:14c::/32 maxlen: 32
2001:4df0::/29 maxlen: 32
2001:4df1::/32 maxlen: 32
2a02:14a::/32 maxlen: 32
2001:4df4::/32 maxlen: 32
2a02:14d::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ca:b0:f8:8e:b6:6e:dd:cb:c3:50:ba:8f:14:6a:91:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Validity
Not Before: Nov 13 21:57:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2cfd7112a7f957359e911f5435e181a36eefab8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:c2:63:81:d9:c1:4d:dd:38:f3:71:59:68:73:
3c:b7:18:29:1b:e1:ae:24:5e:e6:45:7c:fe:32:80:
0d:84:1f:bc:f2:ab:df:e3:4e:10:7e:f5:1a:65:84:
3e:4b:4e:1d:aa:7d:d0:0d:a6:59:99:f3:bb:62:54:
b9:73:5c:17:1a:23:b8:ff:56:0d:94:4e:62:b8:d9:
fb:c4:bd:3e:9e:85:05:aa:6b:cb:3f:95:2e:28:09:
7c:06:17:8e:16:4f:0c:6c:71:f1:92:d6:82:92:a9:
fb:2c:29:e8:f5:09:0f:24:d7:f4:99:f9:78:03:08:
a8:82:21:6b:de:2c:c1:3b:c2:a3:13:88:1e:7b:48:
c4:a2:71:ad:a3:4d:fe:a9:1d:5a:54:de:21:db:7b:
7c:22:c6:77:6c:d4:7e:9f:61:f0:de:6c:6c:6f:24:
ea:6a:88:88:8a:41:e0:ec:25:f5:9d:f5:aa:2e:07:
0e:79:bd:e4:ca:d4:1d:70:27:c3:bf:e0:ec:3c:3c:
fc:99:8d:8e:2a:29:c3:67:8b:d8:9d:55:a1:87:1a:
ef:9a:17:43:aa:f9:9c:ff:07:3c:14:93:a1:79:26:
1b:62:5d:15:14:8c:5e:0d:12:f3:0c:ce:ad:8a:1e:
35:f4:17:2e:e5:56:69:5b:15:0b:12:55:ed:fc:66:
af:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:FD:71:12:A7:F9:57:35:9E:91:1F:54:35:E1:81:A3:6E:EF:AB:8C
X509v3 Authority Key Identifier:
keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/LP1xEqf5VzWekR9UNeGBo27vq4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.116.0.0/15
46.210.0.0/16
62.0.0.0/16
62.90.0.0/16
80.250.144.0/20
82.166.0.0/16
85.64.0.0/15
85.250.0.0/16
89.138.0.0/15
93.172.0.0/15
95.35.0.0/16
109.186.0.0/16
109.253.0.0/16
147.234.17.0/24
147.234.22.0/24
147.234.26.0-147.234.28.255
147.234.43.0/24
147.234.83.0-147.234.84.255
147.234.86.0/24
176.12.128.0-176.13.255.255
192.118.28.0/22
194.90.0.0/16
199.203.0.0/16
207.232.0.0/18
212.29.192.0/18
212.143.0.0/16
212.150.0.0/16
212.235.0.0/17
217.132.0.0/16
IPv6:
2001:4df0::/29
2a02:148::/29
Signature Algorithm: sha256WithRSAEncryption
66:27:3e:af:ca:fb:04:a6:bd:87:2c:2e:34:14:10:22:91:32:
bd:06:95:ed:eb:30:a1:82:51:6c:a0:92:db:d5:0b:dc:3a:c0:
2e:67:25:7a:7f:d6:1e:0b:4b:1e:bd:33:d2:9c:85:e6:25:f2:
6c:f3:e9:7e:a1:7c:46:02:83:88:7f:a8:62:18:9b:4c:6d:37:
3c:db:67:85:7d:5b:2e:b3:c2:27:9d:37:f7:33:35:8d:69:1b:
1f:a5:e5:b5:35:c9:e2:6c:9f:b1:42:46:9b:e9:28:95:35:01:
72:47:e8:ac:43:4a:7a:9d:7f:74:b7:6d:35:86:ae:d9:3a:1f:
65:c1:0d:63:d3:45:7b:83:9b:14:c3:f9:2c:fa:26:ec:da:5f:
91:86:27:88:fd:33:f3:77:3c:30:c6:f6:5e:90:da:b0:90:4a:
95:7b:98:4e:77:2b:8f:c0:a4:c0:b4:74:e2:de:72:70:d5:b8:
09:1d:58:5a:ed:41:ed:9f:e9:7c:2d:b3:b8:77:b8:77:d9:90:
c5:69:8c:29:c2:24:7d:28:45:fe:63:dd:53:54:7c:b0:4f:58:
71:db:7e:29:5f:0b:da:7a:3b:9b:cd:67:55:62:25:50:26:35:
f7:93:a1:29:5e:dd:de:c2:b2:da:d2:d0:36:e6:8e:ee:8d:1c:
72:e0:2a:1f
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAYvKsPiOtm7dy8NQuo8UapHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjMxMTEzMjE1NzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2ZkNzExMmE3Zjk1NzM1OWU5MTFmNTQzNWUxODFhMzZlZWZhYjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMJjgdnBTd0483FZaHM8txgpG+Gu
JF7mRXz+MoANhB+88qvf404QfvUaZYQ+S04dqn3QDaZZmfO7YlS5c1wXGiO4/1YN
lE5iuNn7xL0+noUFqmvLP5UuKAl8BheOFk8MbHHxktaCkqn7LCno9QkPJNf0mfl4
AwiogiFr3izBO8KjE4gee0jEonGto03+qR1aVN4h23t8IsZ3bNR+n2Hw3mxsbyTq
aoiIikHg7CX1nfWqLgcOeb3kytQdcCfDv+DsPDz8mY2OKinDZ4vYnVWhhxrvmhdD
qvmc/wc8FJOheSYbYl0VFIxeDRLzDM6tih419Bcu5VZpWxULElXt/GavSQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFCz9cRKn+Vc1npEfVDXhgaNu76uMMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvTFAxeEVxZjVWeldla1I5VU5lR0JvMjd2cTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCBuwQCAAEwgbQDAwEu
dAMDAC7SAwMAPgADAwA+WgMEBFD6kAMDAFKmAwMBVUADAwBV+gMDAVmKAwMBXawD
AwBfIwMDAG26AwMAbf0DBACT6hEDBACT6hYwDAMEAZPqGgMEAJPqHAMEAJPqKzAM
AwQAk+pTAwQAk+pUAwQAk+pWMAsDBAewDIADAwGwDAMEAsB2HAMDAMJaAwMAx8sD
BAbP6AADBAbUHcADAwDUjwMDANSWAwQH1OsAAwMA2YQwFAQCAAIwDgMFAyABTfAD
BQMqAgFIMA0GCSqGSIb3DQEBCwUAA4IBAQBmJz6vyvsEpr2HLC40FBAikTK9BpXt
6zChglFsoJLb1QvcOsAuZyV6f9YeC0sevTPSnIXmJfJs8+l+oXxGAoOIf6hiGJtM
bTc822eFfVsus8InnTf3MzWNaRsfpeW1NcnibJ+xQkab6SiVNQFyR+isQ0p6nX90
t201hq7ZOh9lwQ1j00V7g5sUw/ks+ibs2l+RhieI/TPzdzwwxvZekNqwkEqVe5hO
dyuPwKTAtHTi3nJw1bgJHVha7UHtn+l8LbO4d7h32ZDFaYwpwiR9KEX+Y91TVHyw
T1hx234pXwvaejubzWdVYiVQJjX3k6EpXt3ewrLa0tA25o7ujRxy4Cof
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:19 2025 by rpki-client