Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/LSz5ntOIFpR8b5Gat4Cf1btv8VU.roa
File: LSz5ntOIFpR8b5Gat4Cf1btv8VU.roa (raw, json)
Hash identifier: R+zP7Q1+I91lu7BUGnkZqR/ElHkDvailZXCOtzbnXN4=
Subject key identifier: 2D:2C:F9:9E:D3:88:16:94:7C:6F:91:9A:B7:80:9F:D5:BB:6F:F1:55
Certificate issuer: /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial: 02E3C987
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/LSz5ntOIFpR8b5Gat4Cf1btv8VU.roa
Signing time: Sun 15 May 2022 10:43:40 +0000
ROA not before: Sun 15 May 2022 10:43:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12975
IP address blocks: 199.204.215.0/24 maxlen: 24
176.65.12.0/22 maxlen: 22
194.169.123.0/24 maxlen: 24
147.189.176.0/20 maxlen: 20
94.26.112.0/20 maxlen: 20
82.205.0.0/17 maxlen: 21
82.205.0.0/20 maxlen: 20
217.66.233.0/24 maxlen: 24
199.250.128.0/19 maxlen: 21
217.66.237.0/24 maxlen: 24
217.66.234.0/23 maxlen: 23
86.107.16.0/22 maxlen: 22
188.209.208.0/22 maxlen: 22
87.252.108.0/22 maxlen: 22
188.215.100.0/22 maxlen: 22
82.205.96.0/20 maxlen: 20
82.205.104.0/21 maxlen: 21
89.239.32.0/20 maxlen: 20
82.205.16.0/20 maxlen: 20
37.8.0.0/17 maxlen: 20
37.8.0.0/20 maxlen: 20
37.8.16.0/20 maxlen: 20
82.205.27.0/24 maxlen: 24
85.184.240.0/22 maxlen: 22
212.33.96.0/19 maxlen: 20
37.8.32.0/20 maxlen: 20
185.171.132.0/22 maxlen: 22
37.8.48.0/20 maxlen: 20
82.102.240.0/20 maxlen: 20
185.40.192.0/22 maxlen: 22
185.138.132.0/22 maxlen: 22
185.90.242.0/24 maxlen: 24
82.205.120.0/21 maxlen: 21
82.102.192.0/20 maxlen: 20
82.102.192.0/18 maxlen: 24
82.102.208.0/21 maxlen: 21
82.102.218.0/23 maxlen: 23
82.102.224.0/20 maxlen: 20
82.102.220.0/22 maxlen: 22
212.106.64.0/19 maxlen: 20
217.78.60.0/22 maxlen: 22
217.21.2.0/24 maxlen: 24
217.21.0.0/20 maxlen: 24
85.113.96.0/19 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 48482695 (0x2e3c987)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Validity
Not Before: May 15 10:43:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2d2cf99ed38816947c6f919ab7809fd5bb6ff155
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:36:76:1e:0b:21:c1:09:7d:43:6b:99:7f:34:
c2:3b:ff:2d:db:bb:22:b8:d7:d9:c8:5b:4d:c2:90:
18:75:06:12:7e:32:29:c6:7c:ec:3c:7f:10:13:ed:
0e:bf:f8:09:2a:ed:bb:0f:a3:7a:96:5c:33:19:5b:
7d:d9:4b:d0:28:93:9e:3e:7e:ed:e5:36:3e:65:a9:
c8:3c:6f:cd:d0:4e:b4:f5:8d:67:25:aa:02:d7:7d:
66:9d:dc:da:10:d8:f7:fc:96:a3:b8:52:e4:18:73:
ac:03:c6:23:3c:8d:37:de:a7:eb:03:d0:08:3d:81:
d6:b7:d0:04:71:2b:1d:73:ad:10:9f:25:02:c3:f2:
00:d6:29:44:98:ce:da:b0:aa:c9:4e:16:1c:6b:94:
e3:5b:25:04:86:5d:ee:09:24:63:f7:ad:b7:9b:51:
40:ed:a7:9f:68:2b:64:81:fb:5d:02:76:a7:3d:6a:
55:b1:f2:ac:2e:12:da:12:4b:42:f6:51:6f:63:48:
c2:fb:b6:f3:1a:b0:65:9b:42:81:d4:5b:1e:90:78:
cc:44:11:6e:da:e1:ba:30:19:02:c6:72:d5:37:88:
a2:87:fc:7f:0d:c1:fc:86:25:64:94:8d:dc:b2:19:
d5:05:0f:5e:62:6c:5b:2f:e4:d2:d5:c1:fb:0c:90:
fd:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:2C:F9:9E:D3:88:16:94:7C:6F:91:9A:B7:80:9F:D5:BB:6F:F1:55
X509v3 Authority Key Identifier:
keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/LSz5ntOIFpR8b5Gat4Cf1btv8VU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.8.0.0/17
82.102.192.0/18
82.205.0.0/17
85.113.96.0/19
85.184.240.0/22
86.107.16.0/22
87.252.108.0/22
89.239.32.0/20
94.26.112.0/20
147.189.176.0/20
176.65.12.0/22
185.40.192.0/22
185.90.242.0/24
185.138.132.0/22
185.171.132.0/22
188.209.208.0/22
188.215.100.0/22
194.169.123.0/24
199.204.215.0/24
199.250.128.0/19
212.33.96.0/19
212.106.64.0/19
217.21.0.0/20
217.66.233.0-217.66.235.255
217.66.237.0/24
217.78.60.0/22
Signature Algorithm: sha256WithRSAEncryption
55:13:16:4f:d0:f3:26:ad:a3:31:56:fe:94:c3:45:ae:a8:f2:
a4:0e:e1:69:af:e6:ad:ce:3a:1c:dc:f8:e8:80:84:1d:e5:d5:
c7:35:69:a0:b6:44:48:f1:14:19:c1:a3:fb:6c:0e:8c:07:a3:
fb:de:d9:0d:ce:54:a6:d8:f5:15:ef:03:49:d2:20:b5:e5:78:
57:cc:d9:f7:54:af:9f:97:aa:fe:b2:57:1e:50:fb:dd:03:27:
65:80:ad:58:2f:a0:87:6b:09:8e:d8:c5:37:4e:de:54:41:01:
61:2a:a8:98:82:4f:98:83:d5:0a:21:89:7f:62:b5:0d:06:53:
93:88:9b:b7:72:94:60:74:a7:85:6b:3b:61:6b:0a:cc:55:66:
13:d9:09:c7:ec:b8:3e:7c:02:c5:1a:1f:98:bb:6e:7c:8a:eb:
ec:62:6d:d9:96:e8:c3:4c:90:c1:3a:3c:05:a1:ec:64:67:a1:
fe:4c:e2:4f:34:ad:77:1d:52:88:93:8a:c5:38:b5:dc:5d:d1:
c2:13:d8:e5:c5:f5:99:7a:6d:65:b4:e7:14:bf:45:09:d1:90:
89:01:92:25:63:85:ef:24:df:5c:2f:18:6f:bb:72:4c:c3:f9:
f5:67:1d:bc:7a:9f:c2:ff:07:81:f8:fb:9d:7f:10:0c:e5:b0:
43:ba:b4:be
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIEAuPJhzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
YzNhNjMzZWYyYzA4MjUxYTU4NjAzNTYyZTU2YWE2ZWZhOTNlYzI1MB4XDTIyMDUx
NTEwNDM0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmQyY2Y5OWVkMzg4
MTY5NDdjNmY5MTlhYjc4MDlmZDViYjZmZjE1NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJc2dh4LIcEJfUNrmX80wjv/Ldu7IrjX2chbTcKQGHUGEn4y
KcZ87Dx/EBPtDr/4CSrtuw+jepZcMxlbfdlL0CiTnj5+7eU2PmWpyDxvzdBOtPWN
ZyWqAtd9Zp3c2hDY9/yWo7hS5BhzrAPGIzyNN96n6wPQCD2B1rfQBHErHXOtEJ8l
AsPyANYpRJjO2rCqyU4WHGuU41slBIZd7gkkY/ett5tRQO2nn2grZIH7XQJ2pz1q
VbHyrC4S2hJLQvZRb2NIwvu28xqwZZtCgdRbHpB4zEQRbtrhujAZAsZy1TeIoof8
fw3B/IYlZJSN3LIZ1QUPXmJsWy/k0tXB+wyQ/dkCAwEAAaOCAqwwggKoMB0GA1Ud
DgQWBBQtLPme04gWlHxvkZq3gJ/Vu2/xVTAfBgNVHSMEGDAWgBTsOmM+8sCCUaWG
A1YuVqpu+pPsJTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdEcGpQdkxBZ2xHbGhnTldMbGFxYnZxVDdDVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDQvYzFiMWYwLTIzNGYtNDVkNS04NTk1LWY3YzJjMmE5MWJjMi8x
L0xTejVudE9JRnBSOGI1R2F0NENmMWJ0djhWVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQv
YzFiMWYwLTIzNGYtNDVkNS04NTk1LWY3YzJjMmE5MWJjMi8xLzdEcGpQdkxBZ2xH
bGhnTldMbGFxYnZxVDdDVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
wQYIKwYBBQUHAQcBAf8EgbEwga4wgasEAgABMIGkAwQHJQgAAwQGUmbAAwQHUs0A
AwQFVXFgAwQCVbjwAwQCVmsQAwQCV/xsAwQEWe8gAwQEXhpwAwQEk72wAwQCsEEM
AwQCuSjAAwQAuVryAwQCuYqEAwQCuauEAwQCvNHQAwQCvNdkAwQAwql7AwQAx8zX
AwQFx/qAAwQF1CFgAwQF1GpAAwQE2RUAMAwDBADZQukDBALZQugDBADZQu0DBALZ
TjwwDQYJKoZIhvcNAQELBQADggEBAFUTFk/Q8yatozFW/pTDRa6o8qQO4Wmv5q3O
Ohzc+OiAhB3l1cc1aaC2REjxFBnBo/tsDowHo/ve2Q3OVKbY9RXvA0nSILXleFfM
2fdUr5+Xqv6yVx5Q+90DJ2WArVgvoIdrCY7YxTdO3lRBAWEqqJiCT5iD1QohiX9i
tQ0GU5OIm7dylGB0p4VrO2FrCsxVZhPZCcfsuD58AsUaH5i7bnyK6+xibdmW6MNM
kME6PAWh7GRnof5M4k80rXcdUoiTisU4tdxd0cIT2OXF9Zl6bWW05xS/RQnRkIkB
kiVjhe8k31wvGG+7ckzD+fVnHbx6n8L/B4H4+51/EAzlsEO6tL4=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:26 2023 by rpki-client on console-ams.rpki-client.org