Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5mfEEO9BzFi-ZvWFpaf1hKfjcTI.roa
File: 5mfEEO9BzFi-ZvWFpaf1hKfjcTI.roa (raw, json)
Hash identifier: iSWJPIapG2MKE8RqW3NFRPWM/ctnq2Iy9BL/BnCQCio=
Subject key identifier: E6:67:C4:10:EF:41:CC:58:BE:66:F5:85:A5:A7:F5:84:A7:E3:71:32
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018D649B00E868A27FAC143D681909865F6E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5mfEEO9BzFi-ZvWFpaf1hKfjcTI.roa
Signing time: Thu 01 Feb 2024 12:18:16 +0000
ROA not before: Thu 01 Feb 2024 12:18:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 62.76.227.0/24 maxlen: 24
185.72.10.0/24 maxlen: 24
192.124.183.0/24 maxlen: 24
193.124.5.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
193.124.47.0/24 maxlen: 24
193.124.95.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
193.124.202.0/24 maxlen: 24
193.124.207.0/24 maxlen: 24
194.58.41.0/24 maxlen: 24
194.58.42.0/24 maxlen: 24
194.58.66.0/24 maxlen: 24
194.58.154.0/24 maxlen: 24
194.87.26.0/24 maxlen: 24
194.87.32.0/24 maxlen: 24
194.87.76.0/24 maxlen: 24
194.87.81.0/24 maxlen: 24
194.87.128.0/24 maxlen: 24
194.87.149.0/24 maxlen: 24
194.87.151.0/24 maxlen: 24
194.87.170.0/24 maxlen: 24
194.87.172.0/24 maxlen: 24
194.87.187.0/24 maxlen: 24
194.87.190.0/24 maxlen: 24
194.87.201.0/24 maxlen: 24
194.87.215.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.87.229.0/24 maxlen: 24
194.87.231.0/24 maxlen: 24
194.135.18.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.58.54.0/24 maxlen: 24
195.58.60.0/24 maxlen: 24
195.58.63.0/24 maxlen: 24
195.133.2.0/24 maxlen: 24
195.133.25.0/24 maxlen: 24
195.133.27.0/24 maxlen: 24
195.133.37.0/24 maxlen: 24
195.133.72.0/24 maxlen: 24
195.133.84.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
195.133.192.0/24 maxlen: 24
212.192.1.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
212.193.13.0/24 maxlen: 24
212.193.25.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:64:9b:00:e8:68:a2:7f:ac:14:3d:68:19:09:86:5f:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Feb 1 12:18:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e667c410ef41cc58be66f585a5a7f584a7e37132
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:a7:dd:26:44:63:63:05:0e:20:a3:05:62:a0:
b2:e9:c3:8f:9d:81:88:92:db:09:01:fc:d0:e5:7d:
8d:1a:79:3e:2c:63:46:d2:e3:99:14:cc:bc:e5:f6:
aa:43:1f:a0:5d:57:82:a9:51:31:38:db:c5:6f:7c:
fb:fd:e1:cb:69:48:f0:93:f9:ec:58:d8:0c:81:1d:
54:27:39:40:96:18:29:2b:b1:ae:88:cf:53:42:79:
e5:a7:25:df:1c:26:63:57:96:1d:c1:c4:89:94:de:
79:eb:66:3b:64:55:1d:00:95:44:43:a8:a8:7a:4f:
e3:09:aa:54:33:98:34:e6:44:b9:ba:07:5f:11:c7:
2f:28:30:09:2c:f3:a5:42:0f:f8:7e:09:c5:d3:64:
e5:2d:82:85:77:d6:4d:aa:26:ed:1b:19:14:c1:88:
4b:98:88:22:c6:06:88:92:6f:df:f8:cf:67:44:b9:
58:07:fa:bf:cc:ba:db:a7:03:f1:00:03:68:84:d2:
62:c7:ce:a9:cc:31:ea:b5:0f:c9:12:1d:a9:b8:19:
79:ad:be:0d:fd:00:f1:90:aa:0a:9d:d5:4b:50:dd:
ba:d5:e1:a5:a2:7a:d5:5a:70:77:eb:d5:57:22:20:
81:38:a7:e1:ad:54:bc:60:84:ec:65:a8:cd:8a:a2:
dc:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:67:C4:10:EF:41:CC:58:BE:66:F5:85:A5:A7:F5:84:A7:E3:71:32
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5mfEEO9BzFi-ZvWFpaf1hKfjcTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.227.0/24
185.72.10.0/24
192.124.183.0/24
193.124.5.0/24
193.124.7.0/24
193.124.47.0/24
193.124.95.0/24
193.124.200.0/24
193.124.202.0/24
193.124.207.0/24
194.58.41.0-194.58.42.255
194.58.66.0/24
194.58.154.0/24
194.87.26.0/24
194.87.32.0/24
194.87.76.0/24
194.87.81.0/24
194.87.128.0/24
194.87.149.0/24
194.87.151.0/24
194.87.170.0/24
194.87.172.0/24
194.87.187.0/24
194.87.190.0/24
194.87.201.0/24
194.87.215.0/24
194.87.224.0/24
194.87.229.0/24
194.87.231.0/24
194.135.18.0/24
194.135.33.0/24
195.58.54.0/24
195.58.60.0/24
195.58.63.0/24
195.133.2.0/24
195.133.25.0/24
195.133.27.0/24
195.133.37.0/24
195.133.72.0/24
195.133.84.0/23
195.133.192.0/24
212.192.1.0/24
212.192.214.0/24
212.193.13.0/24
212.193.25.0/24
Signature Algorithm: sha256WithRSAEncryption
45:66:1d:76:f0:4e:5b:4a:b4:21:15:62:16:d4:f2:6c:e8:71:
26:fa:43:4e:98:57:a2:a8:e6:39:6a:91:24:d1:43:86:50:91:
aa:18:d7:90:8d:21:ab:d2:63:83:90:31:fd:55:fc:b4:d9:0b:
db:94:a5:00:e0:8b:92:84:ac:d3:9c:49:13:48:a7:15:ea:e7:
46:61:60:51:af:a1:4c:d3:83:61:44:85:82:0a:06:99:27:ce:
7c:4d:3b:e5:ba:2e:5f:b4:3f:f7:36:9a:6a:f4:27:23:3b:72:
63:e3:06:22:f4:fc:e7:dc:d5:04:2c:6c:1f:57:ba:4b:47:e8:
cf:b8:0c:43:99:8e:cb:b1:ed:47:5a:76:29:09:7f:90:7d:a3:
db:bb:2c:0b:e1:20:bf:f2:18:49:36:fc:a4:73:5b:2d:fc:fc:
cf:99:0f:fd:d7:03:58:1b:76:f1:db:c0:65:da:17:11:05:c2:
dd:7f:4b:28:31:a3:33:56:a8:60:11:74:1b:ef:da:83:d4:65:
17:93:c3:a3:06:d7:e5:80:77:b7:c9:7f:32:a4:bc:b7:52:d4:
4d:60:1e:0f:3d:58:32:3b:34:2b:a8:17:d3:a3:64:e3:ea:bf:
45:58:86:af:66:18:ab:dd:08:2d:13:e9:10:d9:65:e1:47:de:
5e:41:2a:8c
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAY1kmwDoaKJ/rBQ9aBkJhl9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjAxMTIxODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjY3YzQxMGVmNDFjYzU4YmU2NmY1ODVhNWE3ZjU4NGE3ZTM3MTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKfdJkRjYwUOIKMFYqCy6cOPnYGI
ktsJAfzQ5X2NGnk+LGNG0uOZFMy85faqQx+gXVeCqVExONvFb3z7/eHLaUjwk/ns
WNgMgR1UJzlAlhgpK7GuiM9TQnnlpyXfHCZjV5YdwcSJlN5562Y7ZFUdAJVEQ6io
ek/jCapUM5g05kS5ugdfEccvKDAJLPOlQg/4fgnF02TlLYKFd9ZNqibtGxkUwYhL
mIgixgaIkm/f+M9nRLlYB/q/zLrbpwPxAANohNJix86pzDHqtQ/JEh2puBl5rb4N
/QDxkKoKndVLUN261eGlonrVWnB369VXIiCBOKfhrVS8YITsZajNiqLcbwIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFOZnxBDvQcxYvmb1haWn9YSn43EyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNW1mRUVPOUJ6RmktWnZXRnBhZjFoS2ZqY1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FgMEAD5M4wMEALlICgMEAMB8twMEAMF8BQMEAMF8BwMEAMF8LwMEAMF8XwMEAMF8
yAMEAMF8ygMEAMF8zzAMAwQAwjopAwQAwjoqAwQAwjpCAwQAwjqaAwQAwlcaAwQA
wlcgAwQAwldMAwQAwldRAwQAwleAAwQAwleVAwQAwleXAwQAwleqAwQAwlesAwQA
wle7AwQAwle+AwQAwlfJAwQAwlfXAwQAwlfgAwQAwlflAwQAwlfnAwQAwocSAwQA
wochAwQAwzo2AwQAwzo8AwQAwzo/AwQAw4UCAwQAw4UZAwQAw4UbAwQAw4UlAwQA
w4VIAwQBw4VUAwQAw4XAAwQA1MABAwQA1MDWAwQA1MENAwQA1MEZMA0GCSqGSIb3
DQEBCwUAA4IBAQBFZh128E5bSrQhFWIW1PJs6HEm+kNOmFeiqOY5apEk0UOGUJGq
GNeQjSGr0mODkDH9Vfy02QvblKUA4IuShKzTnEkTSKcV6udGYWBRr6FM04NhRIWC
CgaZJ858TTvlui5ftD/3Nppq9CcjO3Jj4wYi9Pzn3NUELGwfV7pLR+jPuAxDmY7L
se1HWnYpCX+QfaPbuywL4SC/8hhJNvykc1st/PzPmQ/91wNYG3bx28Bl2hcRBcLd
f0soMaMzVqhgEXQb79qD1GUXk8OjBtflgHe3yX8ypLy3UtRNYB4PPVgyOzQrqBfT
o2Tj6r9FWIavZhir3QgtE+kQ2WXhR95eQSqM
-----END CERTIFICATE-----
Generated at Mon Jun 16 17:17:15 2025 by rpki-client