Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1uW1LrSMjnEozpC2ZaTjx5HE-RQ.roa
File: 1uW1LrSMjnEozpC2ZaTjx5HE-RQ.roa (raw, json)
Hash identifier: Ufsl3uGzGbL8lczhagp95S5zMIO0At0UTJKOqc2xHAc=
Subject key identifier: D6:E5:B5:2E:B4:8C:8E:71:28:CE:90:B6:65:A4:E3:C7:91:C4:F9:14
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0186930A15B7977F9CA82B461C629B5AF5F0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1uW1LrSMjnEozpC2ZaTjx5HE-RQ.roa
Signing time: Mon 27 Feb 2023 13:22:36 +0000
ROA not before: Mon 27 Feb 2023 13:22:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2118
IP address blocks: 212.193.12.0/24 maxlen: 24
193.124.8.0/24 maxlen: 24
194.87.22.0/24 maxlen: 24
194.87.27.0/24 maxlen: 24
194.58.42.0/24 maxlen: 24
194.58.46.0/23 maxlen: 24
194.58.45.0/24 maxlen: 24
195.58.50.0/24 maxlen: 24
195.58.52.0/22 maxlen: 22
195.58.58.0/24 maxlen: 24
195.58.56.0/21 maxlen: 24
195.58.59.0/24 maxlen: 24
195.58.61.0/24 maxlen: 24
195.58.62.0/24 maxlen: 24
212.193.0.0/24 maxlen: 24
194.87.115.0/24 maxlen: 24
194.87.116.0/24 maxlen: 24
194.87.118.0/24 maxlen: 24
194.87.114.0/24 maxlen: 24
194.87.123.0/24 maxlen: 24
193.124.133.0/24 maxlen: 24
194.87.126.0/24 maxlen: 24
194.87.138.0/23 maxlen: 23
194.87.136.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
194.87.208.0/23 maxlen: 24
194.87.222.0/23 maxlen: 24
194.87.233.0/24 maxlen: 24
195.133.94.0/24 maxlen: 24
212.192.0.0/23 maxlen: 24
192.124.172.0/24 maxlen: 24
194.87.165.0/24 maxlen: 24
194.87.171.0/24 maxlen: 24
192.124.182.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
193.124.203.0/24 maxlen: 24
194.87.198.0/24 maxlen: 24
195.133.193.0/24 maxlen: 24
195.133.195.0/24 maxlen: 24
212.192.208.0/23 maxlen: 24
212.192.211.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:93:0a:15:b7:97:7f:9c:a8:2b:46:1c:62:9b:5a:f5:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Feb 27 13:22:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d6e5b52eb48c8e7128ce90b665a4e3c791c4f914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:57:2e:26:68:3b:dc:37:a5:d9:36:62:11:b0:
cd:fc:71:5f:06:fa:2b:df:39:3f:98:5e:34:2e:42:
89:70:38:fa:f7:27:ad:54:81:df:cd:1b:67:dd:e4:
64:3b:fc:12:d0:b9:35:6c:04:b0:7c:96:b0:af:bb:
86:ca:bd:50:18:a8:aa:c6:0d:04:76:f2:e6:0e:f5:
8a:0a:2e:84:de:4d:7f:d1:8c:b5:e4:e5:74:37:af:
a8:fa:e6:d6:62:6b:a6:aa:7c:7f:f0:76:67:f6:ae:
0f:2e:b8:9b:f5:24:a1:67:a1:62:bf:ec:84:3d:88:
29:64:79:1d:51:36:88:b7:b8:69:58:13:f1:8e:09:
1f:cb:c9:15:be:0c:e9:2d:28:02:37:e0:e1:7f:b5:
0c:5f:11:45:98:d3:b0:c5:7c:41:c5:31:f3:c9:b9:
5e:d4:be:9d:63:d0:74:c5:54:87:f8:56:33:db:aa:
2c:b4:60:fb:9f:29:0e:e1:21:1c:13:2e:e6:84:6b:
52:92:87:6a:5f:8f:7b:43:ea:3f:e1:87:80:59:23:
7d:e6:7e:d9:fa:90:f5:06:a2:2f:0c:a2:3f:47:5e:
13:ae:2f:55:de:e1:4d:02:ab:30:7f:7f:46:16:30:
bc:42:9f:3e:da:1c:35:09:ab:22:d3:5a:e1:55:4f:
43:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:E5:B5:2E:B4:8C:8E:71:28:CE:90:B6:65:A4:E3:C7:91:C4:F9:14
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1uW1LrSMjnEozpC2ZaTjx5HE-RQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.172.0/24
192.124.182.0/24
193.124.8.0/24
193.124.133.0/24
193.124.203.0/24
194.58.42.0/24
194.58.45.0-194.58.47.255
194.87.22.0/24
194.87.27.0/24
194.87.82.0/24
194.87.114.0-194.87.116.255
194.87.118.0/24
194.87.123.0/24
194.87.126.0/24
194.87.136.0/24
194.87.138.0/23
194.87.165.0/24
194.87.171.0/24
194.87.198.0/24
194.87.208.0/23
194.87.222.0/23
194.87.233.0/24
195.58.50.0/24
195.58.52.0-195.58.63.255
195.133.55.0/24
195.133.94.0/24
195.133.193.0/24
195.133.195.0/24
212.192.0.0/23
212.192.208.0/23
212.192.211.0/24
212.193.0.0/24
212.193.12.0/24
Signature Algorithm: sha256WithRSAEncryption
12:f5:de:9a:4f:91:20:c1:73:1b:96:5a:11:cd:08:43:d9:c3:
69:c9:7a:67:d2:0a:5e:b1:76:ab:22:86:8d:8b:bc:41:76:4f:
ae:88:bf:9c:ce:cb:97:55:50:8f:7f:29:38:b3:03:ba:92:39:
de:da:5d:5d:3e:dc:2e:5b:4e:c2:53:c1:c5:f5:82:40:fe:2d:
f6:0b:5a:18:6e:85:52:14:38:37:df:c4:07:5e:9b:b9:a4:76:
b9:f2:11:80:46:10:2c:2c:40:3a:65:de:af:8d:84:90:1e:03:
b4:39:5e:b7:fb:79:77:15:c6:a2:42:dd:98:bc:ec:05:ae:c5:
40:2b:90:37:2e:f3:a4:49:66:8c:48:a3:00:3d:3d:10:12:b3:
4d:31:fb:3e:d7:42:75:76:27:9b:02:71:3a:b8:69:58:03:71:
a1:ec:3d:94:25:43:1d:a3:6c:6c:70:86:d7:34:50:ef:4c:10:
e7:b6:3f:9a:8c:af:67:fd:50:f7:ab:81:09:40:b7:03:b0:31:
1c:c4:7f:d5:5e:6f:4c:02:81:4d:04:62:71:1f:aa:53:9a:73:
31:05:41:82:48:db:e8:f5:a9:8b:fb:43:7e:34:27:56:49:90:
1a:43:31:45:f0:5c:7a:51:bf:14:16:25:c8:6c:c4:99:2c:52:
fd:9d:c0:e7
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgISAYaTChW3l3+cqCtGHGKbWvXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMjI3MTMyMjM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmU1YjUyZWI0OGM4ZTcxMjhjZTkwYjY2NWE0ZTNjNzkxYzRmOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1cuJmg73Del2TZiEbDN/HFfBvor
3zk/mF40LkKJcDj69yetVIHfzRtn3eRkO/wS0Lk1bASwfJawr7uGyr1QGKiqxg0E
dvLmDvWKCi6E3k1/0Yy15OV0N6+o+ubWYmumqnx/8HZn9q4PLrib9SShZ6Fiv+yE
PYgpZHkdUTaIt7hpWBPxjgkfy8kVvgzpLSgCN+Dhf7UMXxFFmNOwxXxBxTHzyble
1L6dY9B0xVSH+FYz26ostGD7nykO4SEcEy7mhGtSkodqX497Q+o/4YeAWSN95n7Z
+pD1BqIvDKI/R14Tri9V3uFNAqswf39GFjC8Qp8+2hw1Casi01rhVU9DswIDAQAB
o4IC5jCCAuIwHQYDVR0OBBYEFNbltS60jI5xKM6QtmWk48eRxPkUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMXVXMUxyU01qbkVvenBDMlphVGp4NUhFLVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH7BggrBgEFBQcBBwEB/wSB6zCB6DCB5QQCAAEwgd4DBADA
fKwDBADAfLYDBADBfAgDBADBfIUDBADBfMsDBADCOiowDAMEAMI6LQMEBMI6IAME
AMJXFgMEAMJXGwMEAMJXUjAMAwQBwldyAwQAwld0AwQAwld2AwQAwld7AwQAwld+
AwQAwleIAwQBwleKAwQAwlelAwQAwlerAwQAwlfGAwQBwlfQAwQBwlfeAwQAwlfp
AwQAwzoyMAwDBALDOjQDBAbDOgADBADDhTcDBADDhV4DBADDhcEDBADDhcMDBAHU
wAADBAHUwNADBADUwNMDBADUwQADBADUwQwwDQYJKoZIhvcNAQELBQADggEBABL1
3ppPkSDBcxuWWhHNCEPZw2nJemfSCl6xdqsiho2LvEF2T66Iv5zOy5dVUI9/KTiz
A7qSOd7aXV0+3C5bTsJTwcX1gkD+LfYLWhhuhVIUODffxAdem7mkdrnyEYBGECws
QDpl3q+NhJAeA7Q5Xrf7eXcVxqJC3Zi87AWuxUArkDcu86RJZoxIowA9PRASs00x
+z7XQnV2J5sCcTq4aVgDcaHsPZQlQx2jbGxwhtc0UO9MEOe2P5qMr2f9UPergQlA
twOwMRzEf9Veb0wCgU0EYnEfqlOaczEFQYJI2+j1qYv7Q340J1ZJkBpDMUXwXHpR
vxQWJchsxJksUv2dwOc=
-----END CERTIFICATE-----
Generated at Wed Jun 18 06:39:34 2025 by rpki-client