Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gTypBSZBo3-x-QrBq9Xj151HEWY.roa
File: gTypBSZBo3-x-QrBq9Xj151HEWY.roa (raw, json)
Hash identifier: rPQQXjeYX8q8XB8we6V9x7qSXaUBlC/aLygK9oANTX4=
Subject key identifier: 81:3C:A9:05:26:41:A3:7F:B1:F9:0A:C1:AB:D5:E3:D7:9D:47:11:66
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018A31B6848AA099F132A79D68B7BD7231A0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gTypBSZBo3-x-QrBq9Xj151HEWY.roa
Signing time: Sat 26 Aug 2023 11:59:19 +0000
ROA not before: Sat 26 Aug 2023 11:59:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15731
IP address blocks: 194.87.1.0/24 maxlen: 24
193.124.16.0/24 maxlen: 24
194.87.11.0/24 maxlen: 24
194.87.12.0/24 maxlen: 24
194.87.24.0/22 maxlen: 24
194.87.26.0/23 maxlen: 23
194.87.34.0/24 maxlen: 24
195.58.36.0/24 maxlen: 24
194.58.47.0/24 maxlen: 24
212.192.241.0/24 maxlen: 24
195.58.54.0/24 maxlen: 24
195.58.58.0/23 maxlen: 23
195.58.62.0/23 maxlen: 23
194.58.67.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.114.0/23 maxlen: 23
194.87.122.0/24 maxlen: 24
193.124.133.0/24 maxlen: 24
194.87.124.0/24 maxlen: 24
194.87.130.0/24 maxlen: 24
194.87.131.0/24 maxlen: 24
195.133.0.0/24 maxlen: 24
194.87.134.0/23 maxlen: 23
195.133.6.0/24 maxlen: 24
195.133.7.0/24 maxlen: 24
194.87.40.0/24 maxlen: 24
194.87.56.0/24 maxlen: 24
194.87.63.0/24 maxlen: 24
194.58.154.0/24 maxlen: 24
193.124.80.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.83.0/24 maxlen: 24
194.87.200.0/24 maxlen: 24
195.133.73.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
195.133.84.0/23 maxlen: 23
194.87.222.0/24 maxlen: 24
194.87.151.0/24 maxlen: 24
192.124.178.0/24 maxlen: 24
195.133.30.0/24 maxlen: 24
194.87.168.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.190.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:31:b6:84:8a:a0:99:f1:32:a7:9d:68:b7:bd:72:31:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Aug 26 11:59:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=813ca9052641a37fb1f90ac1abd5e3d79d471166
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:ed:6e:e1:a1:e7:94:d0:bb:8c:b0:81:e4:a5:
0d:f0:25:e0:0d:48:aa:d4:58:70:1e:b8:df:54:28:
c6:ca:7e:d4:f7:68:e5:d9:c9:ca:be:70:1f:6d:c0:
d7:ec:81:34:1a:ca:48:c6:c9:84:c7:99:08:69:e9:
e4:78:10:8a:8c:93:f2:d8:31:24:76:9f:42:22:b9:
d1:cc:5c:49:92:f0:16:a3:ce:3f:9c:aa:46:26:0f:
ce:e8:29:11:e3:ac:f1:c8:1d:1d:26:9a:14:c7:be:
ce:78:35:60:51:50:64:4c:1e:c6:43:96:a6:86:e7:
cd:82:52:5b:f4:79:5a:b7:62:4e:ff:e0:eb:9b:a5:
20:2b:a3:e8:4a:5f:e2:f3:b6:43:52:6b:d7:36:c4:
07:c8:03:b5:06:3a:2d:1f:94:62:c1:1f:2d:77:f4:
60:ef:17:51:f3:32:f9:bb:8c:5a:5f:49:18:40:03:
ea:d1:8f:2b:61:dc:80:88:66:f9:4f:af:b4:5e:ed:
1b:0b:82:0a:a8:39:d6:87:86:2f:38:11:00:a2:a5:
93:c1:20:ad:4d:08:79:79:e4:be:c7:3b:df:9e:39:
de:8d:f6:9c:84:3f:43:cb:e4:a9:43:9f:9d:a0:1e:
a4:27:74:b7:0e:ea:46:b9:8e:70:a1:25:41:3a:35:
6c:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:3C:A9:05:26:41:A3:7F:B1:F9:0A:C1:AB:D5:E3:D7:9D:47:11:66
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gTypBSZBo3-x-QrBq9Xj151HEWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.178.0/24
193.124.16.0/24
193.124.80.0/24
193.124.133.0/24
193.124.200.0/24
194.58.47.0/24
194.58.67.0/24
194.58.154.0/24
194.87.1.0/24
194.87.11.0-194.87.12.255
194.87.24.0/22
194.87.34.0/24
194.87.40.0/24
194.87.56.0/24
194.87.63.0/24
194.87.73.0/24
194.87.83.0/24
194.87.108.0/24
194.87.114.0/23
194.87.122.0/24
194.87.124.0/24
194.87.130.0/23
194.87.134.0/23
194.87.151.0/24
194.87.168.0/24
194.87.179.0/24
194.87.190.0/24
194.87.200.0/24
194.87.222.0/24
195.58.36.0/24
195.58.54.0/24
195.58.58.0/23
195.58.62.0/23
195.133.0.0/24
195.133.6.0/23
195.133.30.0/24
195.133.73.0/24
195.133.84.0/23
212.192.241.0/24
Signature Algorithm: sha256WithRSAEncryption
26:2b:86:6a:2e:75:b8:fe:b5:91:69:2b:21:92:d3:fd:a5:67:
08:d9:75:7e:c3:4a:f3:53:c0:e8:e3:42:78:d1:d6:c7:f4:9f:
32:50:68:1a:76:1f:74:5c:67:d6:ba:01:c1:59:dd:bf:ac:66:
b3:7c:86:53:20:c0:b6:a5:d5:2a:cb:f5:3e:b9:b9:4b:79:70:
0c:12:cd:25:b0:ba:b7:7f:6e:80:59:4a:eb:0d:25:f0:9a:86:
47:1f:0a:2b:28:f9:a2:84:9f:d0:1a:a8:7d:3e:10:d7:2f:ee:
ae:6a:1b:78:11:4b:2b:11:bb:01:e4:10:0f:77:43:8a:06:68:
e5:fa:a9:ea:65:f1:45:a7:77:1c:ea:6d:cf:4c:51:b4:97:a9:
74:f4:c0:5a:c7:75:2d:c4:ca:28:3f:7b:6b:4a:9a:b7:b6:f8:
cf:a8:cb:04:b3:27:ab:86:29:2f:87:d5:79:3f:65:ea:aa:a9:
d7:39:05:7c:26:bc:f2:29:8c:37:c2:48:18:33:0f:fd:42:95:
ac:dd:46:e6:bd:7c:71:ad:80:f2:6c:bd:92:ae:10:4e:6c:bc:
49:17:38:7b:a4:09:7e:77:56:6b:16:fb:09:ae:01:5f:33:5c:
5e:ed:77:4e:e4:8b:bc:9b:af:b1:3a:dd:af:3f:6c:ff:ce:9e:
57:e2:e5:44
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgISAYoxtoSKoJnxMqedaLe9cjGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODI2MTE1OTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTNjYTkwNTI2NDFhMzdmYjFmOTBhYzFhYmQ1ZTNkNzlkNDcxMTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnO1u4aHnlNC7jLCB5KUN8CXgDUiq
1FhwHrjfVCjGyn7U92jl2cnKvnAfbcDX7IE0GspIxsmEx5kIaenkeBCKjJPy2DEk
dp9CIrnRzFxJkvAWo84/nKpGJg/O6CkR46zxyB0dJpoUx77OeDVgUVBkTB7GQ5am
hufNglJb9Hlat2JO/+Drm6UgK6PoSl/i87ZDUmvXNsQHyAO1BjotH5RiwR8td/Rg
7xdR8zL5u4xaX0kYQAPq0Y8rYdyAiGb5T6+0Xu0bC4IKqDnWh4YvOBEAoqWTwSCt
TQh5eeS+xzvfnjnejfachD9Dy+SpQ5+doB6kJ3S3DupGuY5woSVBOjVsHQIDAQAB
o4IC+zCCAvcwHQYDVR0OBBYEFIE8qQUmQaN/sfkKwavV49edRxFmMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZ1R5cEJTWkJvMy14LVFyQnE5WGoxNTFIRVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBDwYIKwYBBQUHAQcBAf8Egf8wgfwwgfkEAgABMIHyAwQA
wHyyAwQAwXwQAwQAwXxQAwQAwXyFAwQAwXzIAwQAwjovAwQAwjpDAwQAwjqaAwQA
wlcBMAwDBADCVwsDBADCVwwDBALCVxgDBADCVyIDBADCVygDBADCVzgDBADCVz8D
BADCV0kDBADCV1MDBADCV2wDBAHCV3IDBADCV3oDBADCV3wDBAHCV4IDBAHCV4YD
BADCV5cDBADCV6gDBADCV7MDBADCV74DBADCV8gDBADCV94DBADDOiQDBADDOjYD
BAHDOjoDBAHDOj4DBADDhQADBAHDhQYDBADDhR4DBADDhUkDBAHDhVQDBADUwPEw
DQYJKoZIhvcNAQELBQADggEBACYrhmoudbj+tZFpKyGS0/2lZwjZdX7DSvNTwOjj
QnjR1sf0nzJQaBp2H3RcZ9a6AcFZ3b+sZrN8hlMgwLal1SrL9T65uUt5cAwSzSWw
urd/boBZSusNJfCahkcfCiso+aKEn9AaqH0+ENcv7q5qG3gRSysRuwHkEA93Q4oG
aOX6qepl8UWndxzqbc9MUbSXqXT0wFrHdS3Eyig/e2tKmre2+M+oywSzJ6uGKS+H
1Xk/Zeqqqdc5BXwmvPIpjDfCSBgzD/1ClazdRua9fHGtgPJsvZKuEE5svEkXOHuk
CX53VmsW+wmuAV8zXF7td07ki7ybr7E63a8/bP/Onlfi5UQ=
-----END CERTIFICATE-----
Generated at Mon Jun 16 15:49:33 2025 by rpki-client