Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/esLHvRcogTTUNTIDha8arScg_5E.roa
File: esLHvRcogTTUNTIDha8arScg_5E.roa (raw, json)
Hash identifier: /JIVmCQu2AWkknhBEUuvzDi1jRQUdpTTQ/CuJDuiaOA=
Subject key identifier: 7A:C2:C7:BD:17:28:81:34:D4:35:32:03:85:AF:1A:AD:27:20:FF:91
Certificate issuer: /CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
Certificate serial: 0189BC1AB564CD7D8A6DBB75FB01ABD2A308
Authority key identifier: 9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/esLHvRcogTTUNTIDha8arScg_5E.roa
Signing time: Thu 03 Aug 2023 15:53:34 +0000
ROA not before: Thu 03 Aug 2023 15:53:34 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20676
IP address blocks: 194.9.127.0/24 maxlen: 24
92.201.128.0/17 maxlen: 17
212.202.0.0/19 maxlen: 19
195.80.192.0/19 maxlen: 19
185.144.188.0/22 maxlen: 22
212.202.0.0/16 maxlen: 16
212.110.192.0/19 maxlen: 19
84.245.128.0/18 maxlen: 18
92.195.0.0/17 maxlen: 17
62.8.168.0/21 maxlen: 21
62.8.176.0/20 maxlen: 20
92.194.0.0/17 maxlen: 17
213.160.0.0/19 maxlen: 19
213.217.64.0/18 maxlen: 18
212.5.16.0/20 maxlen: 20
92.200.128.0/17 maxlen: 17
62.8.128.0/17 maxlen: 17
85.8.132.0/22 maxlen: 22
195.90.0.0/19 maxlen: 19
195.90.8.0/21 maxlen: 21
92.194.128.0/17 maxlen: 17
212.63.32.0/19 maxlen: 19
92.197.130.0/24 maxlen: 24
195.32.128.0/17 maxlen: 17
194.140.96.0/20 maxlen: 20
92.201.0.0/17 maxlen: 17
92.196.128.0/17 maxlen: 17
62.206.164.0/24 maxlen: 24
62.206.165.0/24 maxlen: 24
62.206.166.0/24 maxlen: 24
92.193.0.0/17 maxlen: 17
87.193.0.0/16 maxlen: 16
92.193.128.0/17 maxlen: 17
87.234.0.0/16 maxlen: 16
212.5.0.0/19 maxlen: 19
217.146.128.0/19 maxlen: 19
212.5.8.0/21 maxlen: 21
212.4.160.0/19 maxlen: 19
92.200.0.0/17 maxlen: 17
92.200.0.0/16 maxlen: 16
212.4.176.0/20 maxlen: 20
92.200.0.0/15 maxlen: 15
212.105.192.0/19 maxlen: 19
92.192.0.0/13 maxlen: 13
83.236.0.0/20 maxlen: 20
83.236.0.0/16 maxlen: 16
83.236.16.0/20 maxlen: 20
213.148.129.0/24 maxlen: 24
213.148.130.0/24 maxlen: 24
213.148.128.0/24 maxlen: 24
213.148.128.0/19 maxlen: 19
195.158.160.0/19 maxlen: 19
213.148.133.0/24 maxlen: 24
83.236.32.0/21 maxlen: 21
92.192.0.0/17 maxlen: 17
92.198.192.0/18 maxlen: 18
212.202.40.0/21 maxlen: 21
212.202.48.0/20 maxlen: 20
212.60.192.0/18 maxlen: 18
92.195.128.0/17 maxlen: 17
62.145.0.0/19 maxlen: 19
92.196.0.0/17 maxlen: 17
212.84.224.0/19 maxlen: 19
92.192.128.0/17 maxlen: 17
62.206.0.0/16 maxlen: 16
212.202.168.0/21 maxlen: 21
212.202.176.0/20 maxlen: 20
212.84.208.0/20 maxlen: 20
2001:1a80:800::/48 maxlen: 48
2001:658::/29 maxlen: 29
2001:1a80:801::/48 maxlen: 48
2001:1a81:7000::/36 maxlen: 40
2001:1a81:5000::/36 maxlen: 40
2001:1a81:6000::/36 maxlen: 40
2001:1a81:7000::/40 maxlen: 48
2001:1a81:1000::/36 maxlen: 40
2001:1a81:3000::/36 maxlen: 40
2001:1a81:6000::/40 maxlen: 48
2001:1a81:1000::/40 maxlen: 48
2001:1a81:2000::/36 maxlen: 40
2001:1a81:3000::/40 maxlen: 48
2001:1a81:4000::/36 maxlen: 40
2001:1a81:5000::/40 maxlen: 48
2001:1a81:2000::/40 maxlen: 48
2001:1a81:4000::/40 maxlen: 48
2001:1a80:802::/48 maxlen: 48
2001:1a80::/29 maxlen: 29
2a09:7100::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:bc:1a:b5:64:cd:7d:8a:6d:bb:75:fb:01:ab:d2:a3:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
Validity
Not Before: Aug 3 15:53:34 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7ac2c7bd17288134d435320385af1aad2720ff91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:b0:bf:dd:b9:98:3a:7b:9d:c5:e4:2b:22:2c:
c4:d5:cb:b7:36:46:31:3e:b1:71:b5:70:a8:ba:9e:
68:ce:33:c4:88:08:38:c0:20:ec:a9:cc:09:be:ff:
22:ad:fd:27:5c:07:d0:95:d9:e6:1d:45:41:c8:31:
68:3d:d0:ea:6d:a1:08:03:12:6d:5e:41:09:de:b6:
87:34:32:0d:ad:c7:1e:fe:06:cb:5c:16:12:68:3a:
35:6c:a2:75:c8:49:a8:1f:27:04:08:f8:3d:67:c3:
d5:84:6d:ee:90:95:f8:c5:ce:ed:20:e5:8f:1c:fe:
33:40:1a:6d:e7:1a:d3:68:da:be:9e:a8:3d:08:c9:
b4:e1:87:10:52:9a:64:67:ef:62:3f:9a:b7:1d:b8:
40:67:5e:a2:be:e8:0f:dc:66:99:49:a5:67:53:55:
19:98:da:a1:7f:b5:82:db:19:26:ce:55:78:c3:97:
96:0e:f3:f3:8a:82:d8:2c:0d:3b:ae:d7:5f:ae:2d:
a6:40:b5:64:12:1c:d5:14:af:89:25:c4:3d:71:a6:
eb:39:8c:ca:9e:34:38:19:a1:c6:0f:46:dc:3d:dc:
8c:46:48:5f:63:a0:90:a4:e8:e4:cf:38:a2:32:56:
d5:e3:77:09:78:93:f8:0c:84:62:97:3c:68:90:d2:
6b:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:C2:C7:BD:17:28:81:34:D4:35:32:03:85:AF:1A:AD:27:20:FF:91
X509v3 Authority Key Identifier:
keyid:9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/esLHvRcogTTUNTIDha8arScg_5E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.8.128.0/17
62.145.0.0/19
62.206.0.0/16
83.236.0.0/16
84.245.128.0/18
85.8.132.0/22
87.193.0.0/16
87.234.0.0/16
92.192.0.0-92.201.255.255
185.144.188.0/22
194.9.127.0/24
194.140.96.0/20
195.32.128.0/17
195.80.192.0/19
195.90.0.0/19
195.158.160.0/19
212.4.160.0/19
212.5.0.0/19
212.60.192.0/18
212.63.32.0/19
212.84.208.0-212.84.255.255
212.105.192.0/19
212.110.192.0/19
212.202.0.0/16
213.148.128.0/19
213.160.0.0/19
213.217.64.0/18
217.146.128.0/19
IPv6:
2001:658::/29
2001:1a80::/29
2a09:7100::/29
Signature Algorithm: sha256WithRSAEncryption
24:e6:b7:bf:9a:d1:36:44:84:27:1d:8f:4b:0c:5b:95:5a:e3:
67:49:21:0b:6f:ca:27:96:55:f4:e2:34:3f:58:6a:d7:07:c3:
00:fc:00:f5:1f:20:69:7e:0d:ac:4a:0d:04:68:f9:fa:44:b5:
57:20:38:e7:d9:29:bf:7c:ba:86:9b:e0:d5:7c:e1:3b:9d:9b:
a8:44:30:c3:fb:a6:e5:71:db:f0:fd:a2:11:fe:20:05:6a:6b:
ca:89:01:6c:12:cc:b1:10:72:e4:57:a7:2e:db:e8:3d:f7:69:
be:4a:02:e2:27:0c:2e:6c:7f:cc:00:ce:0e:18:6f:92:8e:7e:
d7:83:a2:20:d4:58:10:1d:bb:1d:78:b4:cc:2e:68:58:1f:e3:
ff:ef:61:9b:24:0a:e6:f1:81:79:ff:3f:ca:15:b8:ad:37:c0:
1f:a2:96:fb:b1:ab:cf:cf:b7:69:4f:40:ac:45:90:4c:61:72:
a0:b6:03:23:fb:2c:5e:32:e9:46:bb:6c:a1:15:21:8b:53:ad:
48:7e:b0:1e:c6:32:a3:97:ae:d1:da:58:b0:9b:88:17:ed:26:
bd:e9:47:19:f3:74:b6:48:76:52:59:1d:88:d6:0a:da:f3:da:
6f:d5:62:e7:89:c5:79:c7:fc:e9:70:f4:76:a3:81:5c:a9:b8:
23:ab:07:fb
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAYm8GrVkzX2Kbbt1+wGr0qMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMDY2Y2I4NDg4ZGFlN2U0MjM0YWE3Yzg5MjQzMGRhZDEx
ZmU1YjEwHhcNMjMwODAzMTU1MzM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWMyYzdiZDE3Mjg4MTM0ZDQzNTMyMDM4NWFmMWFhZDI3MjBmZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLC/3bmYOnudxeQrIizE1cu3NkYx
PrFxtXCoup5ozjPEiAg4wCDsqcwJvv8irf0nXAfQldnmHUVByDFoPdDqbaEIAxJt
XkEJ3raHNDINrcce/gbLXBYSaDo1bKJ1yEmoHycECPg9Z8PVhG3ukJX4xc7tIOWP
HP4zQBpt5xrTaNq+nqg9CMm04YcQUppkZ+9iP5q3HbhAZ16ivugP3GaZSaVnU1UZ
mNqhf7WC2xkmzlV4w5eWDvPzioLYLA07rtdfri2mQLVkEhzVFK+JJcQ9cabrOYzK
njQ4GaHGD0bcPdyMRkhfY6CQpOjkzziiMlbV43cJeJP4DIRilzxokNJrkQIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFHrCx70XKIE01DUyA4WvGq0nIP+RMB8GA1UdIwQY
MBaAFJ0GbLhIja5+QjSqfIkkMNrRH+WxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQt
M2VmMDJkNTE0MGI3LzEvZXNMSHZSY29nVFRVTlRJRGhhOGFyU2NnXzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQtM2VmMDJkNTE0MGI3
LzEvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHqBggrBgEFBQcBBwEB/wSB2jCB1zCBtwQCAAEwgbADBAc+
CIADBAU+kQADAwA+zgMDAFPsAwQGVPWAAwQCVQiEAwMAV8EDAwBX6jAKAwMGXMAD
AwFcyAMEArmQvAMEAMIJfwMEBMKMYAMEB8MggAMEBcNQwAMEBcNaAAMEBcOeoAME
BdQEoAMEBdQFAAMEBtQ8wAMEBdQ/IDALAwQE1FTQAwMA1FQDBAXUacADBAXUbsAD
AwDUygMEBdWUgAMEBdWgAAMEBtXZQAMEBdmSgDAbBAIAAjAVAwUDIAEGWAMFAyAB
GoADBQMqCXEAMA0GCSqGSIb3DQEBCwUAA4IBAQAk5re/mtE2RIQnHY9LDFuVWuNn
SSELb8onllX04jQ/WGrXB8MA/AD1HyBpfg2sSg0EaPn6RLVXIDjn2Sm/fLqGm+DV
fOE7nZuoRDDD+6blcdvw/aIR/iAFamvKiQFsEsyxEHLkV6cu2+g992m+SgLiJwwu
bH/MAM4OGG+Sjn7Xg6Ig1FgQHbsdeLTMLmhYH+P/72GbJArm8YF5/z/KFbitN8Af
opb7savPz7dpT0CsRZBMYXKgtgMj+yxeMulGu2yhFSGLU61IfrAexjKjl67R2liw
m4gX7Sa96UcZ83S2SHZSWR2I1gra89pv1WLnicV5x/zpcPR2o4Fcqbgjqwf7
-----END CERTIFICATE-----
Generated at Mon Jun 16 02:12:35 2025 by rpki-client