Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/cp0gE5jpNrX7nIdlUiuYX6bnQvc.roa
File: cp0gE5jpNrX7nIdlUiuYX6bnQvc.roa (raw, json)
Hash identifier: iIvBJBq8Zqf9eohi0Jyj3xgkcfVFeTX7lCO1jrChOO4=
Subject key identifier: 72:9D:20:13:98:E9:36:B5:FB:9C:87:65:52:2B:98:5F:A6:E7:42:F7
Certificate issuer: /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial: 019A4A82E405F926A23521A1B3C0820D1E49
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/cp0gE5jpNrX7nIdlUiuYX6bnQvc.roa
Signing time: Mon 03 Nov 2025 16:18:03 +0000
ROA not before: Mon 03 Nov 2025 16:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203020
IP address blocks: 45.142.24.0/24 maxlen: 24
91.217.72.0/23 maxlen: 32
103.111.0.0/22 maxlen: 32
103.204.120.0/24 maxlen: 32
103.204.122.0/24 maxlen: 32
103.204.123.0/24 maxlen: 32
109.104.133.0/24 maxlen: 32
109.104.135.0/24 maxlen: 32
109.104.136.0/24 maxlen: 32
109.104.137.0/24 maxlen: 32
185.153.124.0/22 maxlen: 32
185.233.124.0/22 maxlen: 32
194.113.94.0/23 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4a:82:e4:05:f9:26:a2:35:21:a1:b3:c0:82:0d:1e:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
Validity
Not Before: Nov 3 16:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=729d201398e936b5fb9c8765522b985fa6e742f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:60:f7:10:48:45:3c:b9:ab:ea:0d:8a:09:f3:
ed:36:7c:42:43:b5:72:3e:f7:a8:e9:a2:d0:d4:8f:
f9:00:56:b4:f7:d3:9f:a1:b9:4f:de:14:0a:db:34:
8b:9c:17:6a:aa:6a:be:ff:0b:c7:1e:65:42:72:63:
e2:55:bc:dc:8c:de:ad:ab:7d:0c:4c:e4:cf:d0:e8:
4e:74:fb:99:26:3f:6e:80:2f:f7:6e:1b:76:e5:b1:
a2:22:a0:09:ef:d9:2d:62:a3:da:05:bf:fd:3d:95:
fb:d8:c4:e2:40:d2:0c:90:1b:ee:3d:47:e0:48:8a:
9b:ef:63:bd:8f:ba:34:b1:df:de:f4:01:eb:c4:80:
c2:34:ec:7d:0a:88:8c:4c:e5:8b:27:9f:f8:f3:44:
4c:a7:f3:df:9d:76:f2:88:33:27:92:03:c9:99:f6:
32:73:86:f8:e3:33:08:32:cf:f8:db:48:6d:b1:60:
d0:8c:13:8f:3a:38:5f:fe:0e:25:48:f2:16:5a:ac:
12:b2:02:82:33:e1:6d:3e:0a:ce:83:b2:e2:a1:cf:
87:98:8f:3a:97:19:4d:ac:3c:6f:7a:e0:e1:56:45:
4a:1c:23:01:ec:7a:b7:bb:c9:ed:0e:1a:b7:f2:f7:
a1:04:88:c7:83:23:c0:3a:2d:90:48:4b:b1:a5:54:
32:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:9D:20:13:98:E9:36:B5:FB:9C:87:65:52:2B:98:5F:A6:E7:42:F7
X509v3 Authority Key Identifier:
keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/cp0gE5jpNrX7nIdlUiuYX6bnQvc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.142.24.0/24
91.217.72.0/23
103.111.0.0/22
103.204.120.0/24
103.204.122.0/23
109.104.133.0/24
109.104.135.0-109.104.137.255
185.153.124.0/22
185.233.124.0/22
194.113.94.0/23
Signature Algorithm: sha256WithRSAEncryption
48:1a:0f:cf:dc:79:37:c7:eb:8d:b8:bb:a0:cb:58:71:ed:65:
1a:41:3d:9b:89:df:cf:49:f1:68:d7:3d:a8:17:ae:22:de:3a:
05:4e:23:00:89:30:93:43:a4:ba:57:09:08:ca:e6:44:c7:8e:
c1:cd:09:52:09:7a:17:92:e4:d3:25:41:c4:00:6e:75:88:79:
e6:29:63:d5:21:1f:dc:89:f0:f2:9e:f8:a8:2a:cf:8c:47:60:
93:2a:fb:bd:b1:f2:f2:08:35:7e:3b:29:de:f2:d8:be:e7:33:
72:15:87:79:b7:f1:ec:9b:1a:5b:71:67:46:e9:3d:5d:97:93:
bd:4d:61:2d:3f:7b:66:03:ff:9f:58:c3:10:4c:9e:60:f9:41:
39:31:0c:f6:5d:43:2d:8a:d5:ac:e8:69:e5:5c:83:21:d4:08:
74:65:28:7a:55:50:5b:3a:a3:61:32:fa:89:70:9e:2d:9a:10:
d4:1b:9b:41:d4:bb:d0:8a:8c:83:17:72:30:d3:54:da:7f:74:
64:40:ce:bd:3a:80:7a:4c:9e:7e:d6:f6:e7:13:ef:b5:54:5c:
b3:68:bf:b3:3b:85:73:ba:f2:d1:65:27:98:cc:13:7d:38:4c:
9a:04:3e:68:81:5b:10:14:99:cd:13:fb:ad:b1:5e:82:8b:0e:
11:27:f3:f2
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZpKguQF+SaiNSGhs8CCDR5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUxMTAzMTYxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjlkMjAxMzk4ZTkzNmI1ZmI5Yzg3NjU1MjJiOTg1ZmE2ZTc0MmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomD3EEhFPLmr6g2KCfPtNnxCQ7Vy
Pveo6aLQ1I/5AFa099OfoblP3hQK2zSLnBdqqmq+/wvHHmVCcmPiVbzcjN6tq30M
TOTP0OhOdPuZJj9ugC/3bht25bGiIqAJ79ktYqPaBb/9PZX72MTiQNIMkBvuPUfg
SIqb72O9j7o0sd/e9AHrxIDCNOx9CoiMTOWLJ5/480RMp/PfnXbyiDMnkgPJmfYy
c4b44zMIMs/420htsWDQjBOPOjhf/g4lSPIWWqwSsgKCM+FtPgrOg7Lioc+HmI86
lxlNrDxveuDhVkVKHCMB7Hq3u8ntDhq38vehBIjHgyPAOi2QSEuxpVQynwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHKdIBOY6Ta1+5yHZVIrmF+m50L3MB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvY3AwZ0U1anBOclg3bklkbFVpdVlYNmJuUXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALY4YAwQB
W9lIAwQCZ28AAwQAZ8x4AwQBZ8x6AwQAbWiFMAwDBABtaIcDBAFtaIgDBAK5mXwD
BAK56XwDBAHCcV4wDQYJKoZIhvcNAQELBQADggEBAEgaD8/ceTfH6424u6DLWHHt
ZRpBPZuJ389J8WjXPagXriLeOgVOIwCJMJNDpLpXCQjK5kTHjsHNCVIJeheS5NMl
QcQAbnWIeeYpY9UhH9yJ8PKe+Kgqz4xHYJMq+72x8vIINX47Kd7y2L7nM3IVh3m3
8eybGltxZ0bpPV2Xk71NYS0/e2YD/59YwxBMnmD5QTkxDPZdQy2K1azoaeVcgyHU
CHRlKHpVUFs6o2Ey+olwni2aENQbm0HUu9CKjIMXcjDTVNp/dGRAzr06gHpMnn7W
9ucT77VUXLNov7M7hXO68tFlJ5jME304TJoEPmiBWxAUmc0T+62xXoKLDhEn8/I=
-----END CERTIFICATE-----
Generated at Wed Nov 5 13:41:26 2025 by rpki-client