Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/LLWSf9aO8GWicoO_TA6uNQUDmQI.roa
File: LLWSf9aO8GWicoO_TA6uNQUDmQI.roa (raw, json)
Hash identifier: Dj1Flohw8fkwtJHzBuGFus2aixHOZXiJJ5HHhXpiXAI=
Subject key identifier: 2C:B5:92:7F:D6:8E:F0:65:A2:72:83:BF:4C:0E:AE:35:05:03:99:02
Certificate issuer: /CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Certificate serial: 0192574EB47FD4FDC2D0CEF323FB0D0D3D4C
Authority key identifier: 57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/LLWSf9aO8GWicoO_TA6uNQUDmQI.roa
Signing time: Fri 04 Oct 2024 11:33:48 +0000
ROA not before: Fri 04 Oct 2024 11:33:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29119
IP address blocks: 5.252.92.0/24 maxlen: 24
5.253.158.0/24 maxlen: 24
62.122.228.0/22 maxlen: 22
62.122.228.0/24 maxlen: 24
62.122.230.0/24 maxlen: 24
62.122.231.0/24 maxlen: 24
185.167.181.0/24 maxlen: 24
185.204.203.0/24 maxlen: 24
185.218.160.0/24 maxlen: 24
185.218.161.0/24 maxlen: 24
185.218.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:57:4e:b4:7f:d4:fd:c2:d0:ce:f3:23:fb:0d:0d:3d:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Validity
Not Before: Oct 4 11:33:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2cb5927fd68ef065a27283bf4c0eae3505039902
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:4a:d9:21:09:4e:28:b3:4d:34:50:57:ff:60:
5b:99:44:1f:42:20:2f:fe:0e:b6:8a:08:32:a9:fd:
67:b0:85:70:7f:e5:74:e1:27:35:7e:1f:f0:92:28:
8c:2e:8a:ce:3c:16:f1:28:04:a8:4b:04:ee:5b:4d:
82:1e:6d:85:eb:33:4c:d9:1c:15:1c:04:ad:5d:3c:
d0:a1:2a:0e:35:3c:ba:45:f2:ec:d9:0b:44:ce:08:
23:85:37:ef:35:21:98:0d:12:5c:99:e3:e5:08:5f:
dc:0d:ca:9c:2a:a3:de:68:cd:bb:e1:29:83:1a:12:
61:15:f6:f2:2a:34:ed:a4:a5:b7:20:cd:d9:3c:f4:
32:55:16:19:4b:f7:65:ea:55:3c:90:96:a1:88:ff:
b2:7f:6c:a1:2f:ec:10:0a:80:1b:1c:a3:e6:fc:a1:
a9:29:fc:83:b3:5f:74:85:0e:1f:b5:e9:0c:7e:dc:
89:ab:50:e2:6f:f2:f7:71:12:53:e3:06:1a:b8:63:
ee:d7:fe:88:34:83:37:2e:31:e5:5e:cf:2e:54:69:
68:53:43:28:d2:27:2e:70:79:4a:95:92:4b:00:7a:
83:ca:24:0f:d1:99:dd:8a:1a:b2:68:de:c0:9b:4e:
d2:94:81:32:e3:b7:78:d4:72:1b:74:79:25:78:bf:
86:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:B5:92:7F:D6:8E:F0:65:A2:72:83:BF:4C:0E:AE:35:05:03:99:02
X509v3 Authority Key Identifier:
keyid:57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/LLWSf9aO8GWicoO_TA6uNQUDmQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.92.0/24
5.253.158.0/24
62.122.228.0/22
185.167.181.0/24
185.204.203.0/24
185.218.160.0-185.218.162.255
Signature Algorithm: sha256WithRSAEncryption
9e:cb:4a:0f:56:3e:64:a8:33:ee:bd:81:a4:2c:d1:1c:b1:f2:
57:69:5f:f1:6b:ff:c2:d9:06:f2:d2:84:81:1b:5c:30:5e:45:
93:a2:5d:4e:84:65:ef:3a:02:4b:49:c5:c2:78:b1:d6:ec:0e:
0e:3e:56:1c:4e:72:d7:9e:7e:06:72:dd:e4:44:ec:cc:20:9a:
ad:27:73:42:7f:a2:c1:18:6d:68:e6:fa:16:32:0a:00:46:da:
89:15:21:3f:f1:e6:ed:5b:01:29:82:c7:13:3c:ad:ca:c7:e0:
52:bd:22:c3:49:47:a9:bc:88:74:c0:bb:28:9e:84:a7:d1:6e:
10:ac:16:83:25:96:21:c3:aa:e7:08:15:c9:a0:84:96:49:9e:
e6:05:9c:33:71:0f:02:5b:c2:a6:7d:9d:84:83:57:37:59:b7:
3c:dd:33:91:75:96:6c:79:a3:98:96:6c:11:4f:28:e9:53:4f:
d3:8e:39:03:39:18:e1:3b:6d:8f:55:c5:69:d3:8e:c3:a4:79:
b8:64:1f:bb:9f:e3:ac:f9:1c:71:87:c1:46:11:03:ef:42:11:
ba:7d:2f:aa:db:97:0d:3d:29:54:6e:aa:f5:4a:d5:5e:4d:f0:
29:33:2f:40:a2:6e:ca:99:c4:0b:e9:f2:75:1e:45:e3:5c:7b:
d6:7b:c8:c3
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZJXTrR/1P3C0M7zI/sNDT1MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzAyMWRjZGY0NGI2YWZkZDM4MTA1NDdjNTVhNzliZDFh
OWZhM2IwHhcNMjQxMDA0MTEzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2I1OTI3ZmQ2OGVmMDY1YTI3MjgzYmY0YzBlYWUzNTA1MDM5OTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0rZIQlOKLNNNFBX/2BbmUQfQiAv
/g62iggyqf1nsIVwf+V04Sc1fh/wkiiMLorOPBbxKASoSwTuW02CHm2F6zNM2RwV
HAStXTzQoSoONTy6RfLs2QtEzggjhTfvNSGYDRJcmePlCF/cDcqcKqPeaM274SmD
GhJhFfbyKjTtpKW3IM3ZPPQyVRYZS/dl6lU8kJahiP+yf2yhL+wQCoAbHKPm/KGp
KfyDs190hQ4ftekMftyJq1Dib/L3cRJT4wYauGPu1/6INIM3LjHlXs8uVGloU0Mo
0icucHlKlZJLAHqDyiQP0ZndihqyaN7Am07SlIEy47d41HIbdHkleL+GnwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFCy1kn/WjvBlonKDv0wOrjUFA5kCMB8GA1UdIwQY
MBaAFFdwIdzfRLav3TgQVHxVp5vRqfo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQt
YzkwN2FlMWMyMTFlLzEvTExXU2Y5YU84R1dpY29PX1RBNnVOUVVEbVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQtYzkwN2FlMWMyMTFl
LzEvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQABfxcAwQA
Bf2eAwQCPnrkAwQAuae1AwQAuczLMAwDBAW52qADBAC52qIwDQYJKoZIhvcNAQEL
BQADggEBAJ7LSg9WPmSoM+69gaQs0Ryx8ldpX/Fr/8LZBvLShIEbXDBeRZOiXU6E
Ze86AktJxcJ4sdbsDg4+VhxOcteefgZy3eRE7Mwgmq0nc0J/osEYbWjm+hYyCgBG
2okVIT/x5u1bASmCxxM8rcrH4FK9IsNJR6m8iHTAuyiehKfRbhCsFoMlliHDqucI
FcmghJZJnuYFnDNxDwJbwqZ9nYSDVzdZtzzdM5F1lmx5o5iWbBFPKOlTT9OOOQM5
GOE7bY9VxWnTjsOkebhkH7uf46z5HHGHwUYRA+9CEbp9L6rblw09KVRuqvVK1V5N
8CkzL0CibsqZxAvp8nUeReNce9Z7yMM=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:17:50 2025 by rpki-client