Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Lwo_ILs1CohqFv5kAjcw8gVTCSs.roa
File: Lwo_ILs1CohqFv5kAjcw8gVTCSs.roa (raw, json)
Hash identifier: Wb4pEUJxqGKcuzpEShb/PSalhEnIUOVrxBRBFp8+BDk=
Subject key identifier: 2F:0A:3F:20:BB:35:0A:88:6A:16:FE:64:02:37:30:F2:05:53:09:2B
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018BB854A6E5D63A9FF3073A7A9CB2B086D1
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Lwo_ILs1CohqFv5kAjcw8gVTCSs.roa
Signing time: Fri 10 Nov 2023 08:23:57 +0000
ROA not before: Fri 10 Nov 2023 08:23:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 92.52.214.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
178.210.228.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.211.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:b8:54:a6:e5:d6:3a:9f:f3:07:3a:7a:9c:b2:b0:86:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Nov 10 08:23:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2f0a3f20bb350a886a16fe64023730f20553092b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:1a:76:f6:6d:57:75:50:a9:c4:7a:0f:6d:d0:
26:9a:ea:18:e4:b5:8e:b6:fa:08:09:f7:6a:45:cc:
3b:70:6b:f6:bf:ba:c7:80:ac:dc:24:07:c0:5e:93:
ff:d0:26:26:e5:61:69:2d:b0:1a:42:22:0b:08:79:
1e:de:32:59:6c:4f:fa:1e:cf:39:49:78:1f:ab:e8:
c1:93:3d:60:97:6f:ab:1e:bc:c3:84:a7:bf:dd:49:
65:1c:d2:5b:53:c8:83:68:7d:b4:a2:b4:59:d1:f9:
31:b5:72:f9:d7:23:5e:b5:92:e7:83:71:e0:8f:d1:
f2:d8:64:8b:2b:80:e3:f8:ce:82:6b:4c:d8:1a:34:
37:23:d5:a6:25:11:39:e5:41:0a:f4:9f:a8:59:56:
9a:42:46:e2:f4:55:72:d9:17:d7:d9:ee:92:76:b4:
34:af:5d:1d:b0:a0:69:4f:e9:90:26:85:87:5e:53:
d3:bd:b8:c3:b6:a7:17:3d:62:76:93:d6:76:25:f9:
6d:36:28:3b:58:64:0d:cb:25:a4:4b:4e:d3:26:72:
2d:6c:ff:ee:dd:2b:ab:98:02:c7:d7:f4:07:d0:a5:
88:6e:ee:f7:44:4c:99:53:c0:5f:0e:c3:11:b8:ad:
33:96:9e:9c:b9:40:34:42:fd:40:b7:4b:60:ec:cf:
09:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:0A:3F:20:BB:35:0A:88:6A:16:FE:64:02:37:30:F2:05:53:09:2B
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Lwo_ILs1CohqFv5kAjcw8gVTCSs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.209.211.0/24
88.209.217.0/24
88.209.226.0/24
88.209.232.0/22
92.52.214.0/24
178.210.228.0/24
Signature Algorithm: sha256WithRSAEncryption
37:f9:10:7e:7c:41:5d:ce:27:6c:16:71:7b:3e:2c:2e:b5:7c:
86:ac:75:45:db:0d:18:45:df:fa:8e:6f:58:cf:d8:aa:65:4a:
a5:84:96:5c:71:33:b8:ca:e9:6e:bf:a6:66:4b:ed:d5:5b:bd:
18:37:b0:7e:b5:19:5f:89:86:05:4e:e2:7c:09:f4:d1:33:b2:
25:b6:98:bd:0d:c4:60:6d:35:7d:b5:4a:4d:82:d2:48:0f:90:
a2:5e:41:36:a3:db:89:cc:79:01:d0:f9:0d:81:3e:00:3a:f8:
76:1f:0a:f4:65:2f:df:89:e3:7f:f1:79:e8:80:70:8f:ae:c5:
44:6b:72:eb:d0:bc:f3:7c:e9:09:c4:ef:0a:45:b5:1d:bc:31:
b2:26:57:66:ba:96:af:32:24:f6:70:82:7d:40:ae:39:01:e6:
1b:f3:b7:39:c6:52:8e:7c:eb:59:67:6a:47:b3:34:82:62:83:
ab:7b:03:6e:e2:01:01:28:9a:72:21:89:46:27:62:c1:d6:ea:
ae:e7:fa:15:33:13:19:38:e2:a7:b1:de:24:9b:21:13:04:8b:
f5:e5:21:1a:89:36:8c:c0:c5:b0:ed:a0:37:8a:58:0c:6b:7e:
c3:07:68:2f:99:e6:fb:0e:03:99:4d:f7:f8:a9:c8:49:a1:74:
f8:fc:cc:d4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYu4VKbl1jqf8wc6epyysIbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMTEwMDgyMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjBhM2YyMGJiMzUwYTg4NmExNmZlNjQwMjM3MzBmMjA1NTMwOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxp29m1XdVCpxHoPbdAmmuoY5LWO
tvoICfdqRcw7cGv2v7rHgKzcJAfAXpP/0CYm5WFpLbAaQiILCHke3jJZbE/6Hs85
SXgfq+jBkz1gl2+rHrzDhKe/3UllHNJbU8iDaH20orRZ0fkxtXL51yNetZLng3Hg
j9Hy2GSLK4Dj+M6Ca0zYGjQ3I9WmJRE55UEK9J+oWVaaQkbi9FVy2RfX2e6SdrQ0
r10dsKBpT+mQJoWHXlPTvbjDtqcXPWJ2k9Z2JfltNig7WGQNyyWkS07TJnItbP/u
3SurmALH1/QH0KWIbu73REyZU8BfDsMRuK0zlp6cuUA0Qv1At0tg7M8JPQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFC8KPyC7NQqIahb+ZAI3MPIFUwkrMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTHdvX0lMczFDb2hxRnY1a0FqY3c4Z1ZUQ1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATfKWAwQB
WJc4AwQAWNHTAwQAWNHZAwQAWNHiAwQCWNHoAwQAXDTWAwQAstLkMA0GCSqGSIb3
DQEBCwUAA4IBAQA3+RB+fEFdzidsFnF7PiwutXyGrHVF2w0YRd/6jm9Yz9iqZUql
hJZccTO4yuluv6ZmS+3VW70YN7B+tRlfiYYFTuJ8CfTRM7Iltpi9DcRgbTV9tUpN
gtJID5CiXkE2o9uJzHkB0PkNgT4AOvh2Hwr0ZS/fieN/8XnogHCPrsVEa3Lr0Lzz
fOkJxO8KRbUdvDGyJldmupavMiT2cIJ9QK45AeYb87c5xlKOfOtZZ2pHszSCYoOr
ewNu4gEBKJpyIYlGJ2LB1uqu5/oVMxMZOOKnsd4kmyETBIv15SEaiTaMwMWw7aA3
ilgMa37DB2gvmeb7DgOZTff4qchJoXT4/MzU
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org