Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XBtg-fwB8jJWyrAqh_HxGG90zFI.roa
File: XBtg-fwB8jJWyrAqh_HxGG90zFI.roa (raw, json)
Hash identifier: IzM+D94PRBEsZ5TJw5B/rhURZaTxK+0P33l/Xbw/BIY=
Subject key identifier: 5C:1B:60:F9:FC:01:F2:32:56:CA:B0:2A:87:F1:F1:18:6F:74:CC:52
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0190A6CD5B58AA26B270A53BFF087BBEA287
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XBtg-fwB8jJWyrAqh_HxGG90zFI.roa
Signing time: Fri 12 Jul 2024 11:56:34 +0000
ROA not before: Fri 12 Jul 2024 11:56:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44559
IP address blocks: 62.76.227.0/24 maxlen: 24
185.72.10.0/24 maxlen: 24
192.124.180.0/24 maxlen: 24
192.124.181.0/24 maxlen: 24
192.124.182.0/24 maxlen: 24
192.124.183.0/24 maxlen: 24
192.124.188.0/24 maxlen: 24
192.124.190.0/24 maxlen: 24
193.124.4.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.87.24.0/24 maxlen: 24
194.87.26.0/24 maxlen: 24
194.87.27.0/24 maxlen: 24
194.87.33.0/24 maxlen: 24
194.87.76.0/24 maxlen: 24
194.87.90.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.87.229.0/24 maxlen: 24
194.87.231.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.14.0/24 maxlen: 24
195.133.31.0/24 maxlen: 24
195.133.35.0/24 maxlen: 24
195.133.56.0/24 maxlen: 24
195.133.57.0/24 maxlen: 24
195.133.60.0/24 maxlen: 24
195.133.61.0/24 maxlen: 24
195.133.62.0/24 maxlen: 24
195.133.94.0/24 maxlen: 24
212.192.8.0/24 maxlen: 24
212.192.215.0/24 maxlen: 24
212.192.217.0/24 maxlen: 24
212.192.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:a6:cd:5b:58:aa:26:b2:70:a5:3b:ff:08:7b:be:a2:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 12 11:56:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c1b60f9fc01f23256cab02a87f1f1186f74cc52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:ba:62:00:2b:99:d9:07:5c:de:bb:c0:90:6c:
40:ca:7a:5e:ff:10:3b:7c:5d:ee:82:48:65:5f:32:
c5:b9:df:e6:8f:73:be:e2:ea:78:a1:fb:a3:7f:7c:
e1:68:46:db:47:b0:28:1a:50:4c:a7:74:cf:2e:18:
cf:a7:97:df:16:be:03:f5:7c:65:f8:4e:45:80:a8:
66:c9:ba:1a:dd:0a:c3:af:dd:96:86:76:be:19:52:
5f:df:46:48:d4:e1:04:d3:0a:54:74:93:cc:14:e4:
6b:12:fd:7a:98:f7:29:12:0e:4e:83:ac:f5:ff:a5:
45:7d:ef:81:60:54:91:32:23:10:3b:64:bb:a5:79:
0b:83:74:82:9e:35:63:18:bd:5e:a8:d3:26:60:95:
41:f4:aa:ab:d7:4b:4c:2a:8c:7f:b7:8c:c5:65:da:
08:77:e0:8f:88:f3:86:b5:b6:a6:3e:a2:cf:96:33:
41:61:d8:40:17:1e:50:23:07:45:c9:5c:46:df:0c:
a9:bf:62:db:3f:b7:5d:81:61:55:23:2b:66:3c:e6:
68:64:58:53:9f:e7:dc:53:16:61:d3:4c:39:15:6c:
6f:b7:a8:59:a1:42:f7:dc:a8:8c:81:63:9d:43:6e:
1f:03:61:17:ac:f8:9a:f8:e1:5c:e8:d5:4f:e7:46:
be:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:1B:60:F9:FC:01:F2:32:56:CA:B0:2A:87:F1:F1:18:6F:74:CC:52
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XBtg-fwB8jJWyrAqh_HxGG90zFI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.227.0/24
185.72.10.0/24
192.124.180.0/22
192.124.188.0/24
192.124.190.0/24
193.124.4.0/24
194.58.155.0/24
194.87.24.0/24
194.87.26.0/23
194.87.33.0/24
194.87.76.0/24
194.87.90.0/24
194.87.178.0/24
194.87.224.0/24
194.87.229.0/24
194.87.231.0/24
194.135.33.0/24
195.133.14.0/24
195.133.31.0/24
195.133.35.0/24
195.133.56.0/23
195.133.60.0-195.133.62.255
195.133.94.0/24
212.192.8.0/24
212.192.215.0/24
212.192.217.0/24
212.192.242.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:3a:61:a7:a2:31:78:29:8c:8d:5f:8c:6b:9a:ba:19:6f:80:
68:ba:b2:1c:66:e8:6d:07:fe:75:16:02:5a:8a:17:75:aa:14:
4f:b3:24:65:17:69:a2:a8:4e:6b:81:6c:5b:90:63:c0:a1:91:
43:2a:bd:b9:71:ea:c8:88:67:34:16:f0:60:2c:d7:75:ec:a5:
9c:47:ae:a8:7f:08:fb:cc:37:6a:8c:0b:1d:4c:72:1e:8e:47:
1f:ac:41:0e:fe:9c:02:62:fc:f1:3b:2b:4c:80:d8:f3:5e:b0:
1b:cf:ec:da:5b:56:9e:5a:56:e0:f5:30:90:41:54:9c:9f:22:
02:5c:80:4f:b8:e2:c9:07:06:3e:e7:7b:7a:d8:69:ce:d2:32:
ec:a4:99:df:06:32:62:54:50:54:40:4e:83:d1:4e:07:33:eb:
98:7e:13:69:ea:5b:d1:d1:1e:8b:ba:f5:fb:2b:13:27:66:fd:
f8:e0:b6:59:71:a4:3b:74:c0:f0:5c:b7:da:2e:13:82:13:4f:
a9:43:de:26:72:b6:76:b0:a2:ce:1f:79:31:0c:61:82:78:ea:
c6:c6:17:6c:6b:ea:d9:e5:c2:e1:d3:70:4e:21:0e:f9:e2:ee:
83:89:83:06:4a:3c:09:30:54:f3:7f:e4:ea:a3:14:89:bb:27:
b5:3e:9d:f5
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAZCmzVtYqiaycKU7/wh7vqKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzEyMTE1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFiNjBmOWZjMDFmMjMyNTZjYWIwMmE4N2YxZjExODZmNzRjYzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67piACuZ2Qdc3rvAkGxAynpe/xA7
fF3ugkhlXzLFud/mj3O+4up4ofujf3zhaEbbR7AoGlBMp3TPLhjPp5ffFr4D9Xxl
+E5FgKhmyboa3QrDr92Whna+GVJf30ZI1OEE0wpUdJPMFORrEv16mPcpEg5Og6z1
/6VFfe+BYFSRMiMQO2S7pXkLg3SCnjVjGL1eqNMmYJVB9Kqr10tMKox/t4zFZdoI
d+CPiPOGtbamPqLPljNBYdhAFx5QIwdFyVxG3wypv2LbP7ddgWFVIytmPOZoZFhT
n+fcUxZh00w5FWxvt6hZoUL33KiMgWOdQ24fA2EXrPia+OFc6NVP50a+fQIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFFwbYPn8AfIyVsqwKofx8RhvdMxSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWEJ0Zy1md0I4akpXeXJBcWhfSHhHRzkwekZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAA+
TOMDBAC5SAoDBALAfLQDBADAfLwDBADAfL4DBADBfAQDBADCOpsDBADCVxgDBAHC
VxoDBADCVyEDBADCV0wDBADCV1oDBADCV7IDBADCV+ADBADCV+UDBADCV+cDBADC
hyEDBADDhQ4DBADDhR8DBADDhSMDBAHDhTgwDAMEAsOFPAMEAMOFPgMEAMOFXgME
ANTACAMEANTA1wMEANTA2QMEANTA8jANBgkqhkiG9w0BAQsFAAOCAQEAOjphp6Ix
eCmMjV+Ma5q6GW+AaLqyHGbobQf+dRYCWooXdaoUT7MkZRdpoqhOa4FsW5BjwKGR
Qyq9uXHqyIhnNBbwYCzXdeylnEeuqH8I+8w3aowLHUxyHo5HH6xBDv6cAmL88Tsr
TIDY816wG8/s2ltWnlpW4PUwkEFUnJ8iAlyAT7jiyQcGPud7ethpztIy7KSZ3wYy
YlRQVEBOg9FOBzPrmH4Taepb0dEei7r1+ysTJ2b9+OC2WXGkO3TA8Fy32i4TghNP
qUPeJnK2drCizh95MQxhgnjqxsYXbGvq2eXC4dNwTiEO+eLug4mDBko8CTBU83/k
6qMUibsntT6d9Q==
-----END CERTIFICATE-----
Generated at Tue Jun 17 15:05:17 2025 by rpki-client