Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xGstghpe52sUaXbJrnFNb0arZLw.roa
File: xGstghpe52sUaXbJrnFNb0arZLw.roa (raw, json)
Hash identifier: 9hGUCWp6MOP+vi32s228eCNVOGUwsGSlRCljall7E30=
Subject key identifier: C4:6B:2D:82:1A:5E:E7:6B:14:69:76:C9:AE:71:4D:6F:46:AB:64:BC
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018A600489BF044403AEE74A95560590D8A9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xGstghpe52sUaXbJrnFNb0arZLw.roa
Signing time: Mon 04 Sep 2023 11:47:04 +0000
ROA not before: Mon 04 Sep 2023 11:47:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15731
IP address blocks: 194.87.1.0/24 maxlen: 24
193.124.16.0/24 maxlen: 24
194.87.11.0/24 maxlen: 24
194.87.12.0/24 maxlen: 24
194.87.16.0/24 maxlen: 24
194.87.24.0/22 maxlen: 24
194.87.26.0/23 maxlen: 23
194.87.108.0/24 maxlen: 24
194.87.114.0/23 maxlen: 23
194.87.122.0/24 maxlen: 24
194.87.124.0/24 maxlen: 24
193.124.133.0/24 maxlen: 24
194.87.130.0/24 maxlen: 24
194.87.131.0/24 maxlen: 24
194.87.134.0/23 maxlen: 23
194.87.133.0/24 maxlen: 24
194.87.40.0/24 maxlen: 24
194.87.56.0/24 maxlen: 24
194.87.63.0/24 maxlen: 24
193.124.80.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.83.0/24 maxlen: 24
195.133.73.0/24 maxlen: 24
195.133.79.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
195.133.84.0/23 maxlen: 23
195.133.26.0/24 maxlen: 24
195.133.30.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
212.193.31.0/24 maxlen: 24
195.58.36.0/24 maxlen: 24
194.58.38.0/24 maxlen: 24
194.58.47.0/24 maxlen: 24
212.192.241.0/24 maxlen: 24
195.58.54.0/24 maxlen: 24
195.58.55.0/24 maxlen: 24
195.58.58.0/23 maxlen: 23
195.58.62.0/23 maxlen: 23
194.58.67.0/24 maxlen: 24
195.133.0.0/24 maxlen: 24
195.133.6.0/24 maxlen: 24
195.133.7.0/24 maxlen: 24
194.58.154.0/24 maxlen: 24
194.87.200.0/24 maxlen: 24
194.87.222.0/24 maxlen: 24
194.87.151.0/24 maxlen: 24
192.124.178.0/24 maxlen: 24
194.87.168.0/24 maxlen: 24
192.124.181.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
192.124.191.0/24 maxlen: 24
194.87.180.0/24 maxlen: 24
194.87.190.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:60:04:89:bf:04:44:03:ae:e7:4a:95:56:05:90:d8:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Sep 4 11:47:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c46b2d821a5ee76b146976c9ae714d6f46ab64bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:1e:af:3b:53:21:30:1a:23:71:88:a3:40:49:
ae:0d:1a:94:34:0b:cd:a7:bd:80:f0:62:75:28:df:
78:53:43:1a:d6:5f:02:73:7c:bd:28:2a:45:38:61:
ba:b7:1a:81:78:8a:da:eb:5d:cb:0c:29:dc:91:41:
0d:58:61:1d:b7:cf:f3:6f:ea:5f:06:dc:4b:da:62:
74:90:25:cf:fe:da:6a:29:c0:0e:50:1b:e3:3b:ff:
0c:06:08:98:19:a3:20:78:0d:66:6e:05:eb:f9:84:
44:34:9b:eb:f7:b7:25:1d:0a:a8:dd:32:83:13:f8:
00:6e:c8:04:81:a9:7a:1c:af:49:2e:32:70:51:e3:
e0:4b:c2:11:54:67:7c:1e:03:fa:84:46:a9:86:b4:
ea:3e:3b:03:6b:c6:73:e4:ce:d0:7e:dd:95:80:b3:
13:95:c4:81:96:b4:80:20:7c:8e:d4:ca:5e:4e:f3:
dd:a5:ba:4b:9f:94:f5:d2:de:06:b2:03:c8:a2:a0:
b5:fc:61:c8:14:7a:8f:a4:61:6a:df:6b:03:88:3c:
ef:bf:f7:24:d6:4f:b1:06:2f:ff:49:36:60:e3:6d:
1d:00:e4:bd:ff:60:71:ad:fb:20:6f:12:c9:a4:92:
ae:ca:85:e7:77:25:6e:39:05:80:26:5c:f6:c6:51:
5e:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:6B:2D:82:1A:5E:E7:6B:14:69:76:C9:AE:71:4D:6F:46:AB:64:BC
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xGstghpe52sUaXbJrnFNb0arZLw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.178.0/24
192.124.181.0/24
192.124.191.0/24
193.124.16.0/24
193.124.80.0/24
193.124.133.0/24
193.124.200.0/24
194.58.38.0/24
194.58.47.0/24
194.58.67.0/24
194.58.154.0/24
194.87.1.0/24
194.87.11.0-194.87.12.255
194.87.16.0/24
194.87.24.0/22
194.87.40.0/24
194.87.56.0/24
194.87.63.0/24
194.87.73.0/24
194.87.83.0/24
194.87.108.0/24
194.87.114.0/23
194.87.122.0/24
194.87.124.0/24
194.87.130.0/23
194.87.133.0-194.87.135.255
194.87.151.0/24
194.87.168.0/24
194.87.179.0-194.87.180.255
194.87.190.0/24
194.87.200.0/24
194.87.222.0/24
195.58.36.0/24
195.58.54.0/23
195.58.58.0/23
195.58.62.0/23
195.133.0.0/24
195.133.6.0/23
195.133.26.0/24
195.133.30.0/24
195.133.40.0/23
195.133.73.0/24
195.133.79.0/24
195.133.84.0/23
212.192.241.0/24
212.193.31.0/24
Signature Algorithm: sha256WithRSAEncryption
74:98:f0:e0:93:b8:9f:f0:24:d8:ef:58:9d:b1:0b:13:67:c6:
22:98:d7:7c:37:0d:f0:01:3f:51:56:0c:c5:70:d2:18:cd:6d:
d1:29:68:52:b6:77:3f:61:a0:4a:f9:0d:da:fa:31:07:14:6e:
12:46:c8:4b:b1:cd:22:e3:4c:b9:50:1d:19:13:61:2a:19:61:
54:d5:da:47:70:e0:7d:e0:68:ad:49:09:f5:fd:f9:6f:2b:7c:
28:8f:51:b9:5b:a0:10:00:bf:50:79:89:ff:cf:f1:13:3b:79:
04:86:71:5d:d0:99:12:fc:f8:06:cc:50:97:55:0c:43:60:f3:
c3:87:d9:61:b5:e9:47:5a:f2:15:5a:d4:a6:12:d1:9c:52:da:
cb:64:20:67:70:43:9e:88:85:46:c2:3a:34:e1:e0:6c:7d:42:
1d:fc:ab:f4:9c:b4:be:af:d8:13:f2:20:8c:09:7d:0c:54:77:
dd:2d:d7:d4:5f:56:ee:6a:87:c2:af:d0:3b:be:35:70:38:4b:
31:61:35:8c:80:5e:4f:b9:71:a9:b0:08:c5:37:35:40:c7:41:
12:09:5b:19:c5:cf:85:a4:b2:9b:b3:12:b8:18:05:62:e3:4d:
e2:fd:90:b5:69:72:87:84:01:6c:12:09:44:26:15:b2:d3:70:
e0:52:41:aa
-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgISAYpgBIm/BEQDrudKlVYFkNipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTA0MTE0NzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDZiMmQ4MjFhNWVlNzZiMTQ2OTc2YzlhZTcxNGQ2ZjQ2YWI2NGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhh6vO1MhMBojcYijQEmuDRqUNAvN
p72A8GJ1KN94U0Ma1l8Cc3y9KCpFOGG6txqBeIra613LDCnckUENWGEdt8/zb+pf
BtxL2mJ0kCXP/tpqKcAOUBvjO/8MBgiYGaMgeA1mbgXr+YRENJvr97clHQqo3TKD
E/gAbsgEgal6HK9JLjJwUePgS8IRVGd8HgP6hEaphrTqPjsDa8Zz5M7Qft2VgLMT
lcSBlrSAIHyO1MpeTvPdpbpLn5T10t4GsgPIoqC1/GHIFHqPpGFq32sDiDzvv/ck
1k+xBi//STZg420dAOS9/2BxrfsgbxLJpJKuyoXndyVuOQWAJlz2xlFeZQIDAQAB
o4IDOTCCAzUwHQYDVR0OBBYEFMRrLYIaXudrFGl2ya5xTW9Gq2S8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveEdzdGdocGU1MnNVYVhiSnJuRk5iMGFyWkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTQYIKwYBBQUHAQcBAf8EggE8MIIBODCCATQEAgABMIIB
LAMEAMB8sgMEAMB8tQMEAMB8vwMEAMF8EAMEAMF8UAMEAMF8hQMEAMF8yAMEAMI6
JgMEAMI6LwMEAMI6QwMEAMI6mgMEAMJXATAMAwQAwlcLAwQAwlcMAwQAwlcQAwQC
wlcYAwQAwlcoAwQAwlc4AwQAwlc/AwQAwldJAwQAwldTAwQAwldsAwQBwldyAwQA
wld6AwQAwld8AwQBwleCMAwDBADCV4UDBAPCV4ADBADCV5cDBADCV6gwDAMEAMJX
swMEAMJXtAMEAMJXvgMEAMJXyAMEAMJX3gMEAMM6JAMEAcM6NgMEAcM6OgMEAcM6
PgMEAMOFAAMEAcOFBgMEAMOFGgMEAMOFHgMEAcOFKAMEAMOFSQMEAMOFTwMEAcOF
VAMEANTA8QMEANTBHzANBgkqhkiG9w0BAQsFAAOCAQEAdJjw4JO4n/Ak2O9YnbEL
E2fGIpjXfDcN8AE/UVYMxXDSGM1t0SloUrZ3P2GgSvkN2voxBxRuEkbIS7HNIuNM
uVAdGRNhKhlhVNXaR3DgfeBorUkJ9f35byt8KI9RuVugEAC/UHmJ/8/xEzt5BIZx
XdCZEvz4BsxQl1UMQ2Dzw4fZYbXpR1ryFVrUphLRnFLay2QgZ3BDnoiFRsI6NOHg
bH1CHfyr9Jy0vq/YE/IgjAl9DFR33S3X1F9W7mqHwq/QO741cDhLMWE1jIBeT7lx
qbAIxTc1QMdBEglbGcXPhaSym7MSuBgFYuNN4v2QtWlyh4QBbBIJRCYVstNw4FJB
qg==
-----END CERTIFICATE-----
Generated at Mon Jun 16 10:43:46 2025 by rpki-client