Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/6pk_XRGbvzHkwuGwCkG6Bb5laU4.roa
File: 6pk_XRGbvzHkwuGwCkG6Bb5laU4.roa (raw, json)
Hash identifier: nOD1QM+nv/X0/El7nQSQBMA8lfLJJOSMhuOT961KnQU=
Subject key identifier: EA:99:3F:5D:11:9B:BF:31:E4:C2:E1:B0:0A:41:BA:05:BE:65:69:4E
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 01893CE6D7CD132A5F2B36EA372B04B0FA64
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/6pk_XRGbvzHkwuGwCkG6Bb5laU4.roa
Signing time: Sun 09 Jul 2023 23:05:08 +0000
ROA not before: Sun 09 Jul 2023 23:05:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19905
IP address blocks: 78.144.0.0/13 maxlen: 24
213.208.64.0/18 maxlen: 24
193.218.99.0/24 maxlen: 24
217.68.128.0/20 maxlen: 24
212.159.128.0/18 maxlen: 24
81.178.0.0/15 maxlen: 24
92.0.0.0/11 maxlen: 24
195.112.0.0/18 maxlen: 24
84.43.0.0/17 maxlen: 24
79.75.0.0/16 maxlen: 24
62.24.128.0/17 maxlen: 24
212.139.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
80.40.0.0/13 maxlen: 24
88.104.0.0/13 maxlen: 24
212.1.128.0/19 maxlen: 24
81.170.0.0/17 maxlen: 24
91.146.112.0/21 maxlen: 24
82.133.0.0/17 maxlen: 24
145.255.240.0/21 maxlen: 24
87.242.128.0/17 maxlen: 24
185.173.116.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
217.8.0.0/19 maxlen: 24
81.1.64.0/18 maxlen: 24
83.67.0.0/16 maxlen: 24
2.96.0.0/13 maxlen: 24
84.12.0.0/16 maxlen: 24
212.74.96.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
79.76.0.0/14 maxlen: 24
185.175.144.0/22 maxlen: 24
62.3.192.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
81.6.192.0/18 maxlen: 24
194.106.32.0/19 maxlen: 24
89.168.128.0/17 maxlen: 24
81.86.0.0/16 maxlen: 24
62.241.160.0/19 maxlen: 24
195.149.0.0/18 maxlen: 24
185.24.12.0/22 maxlen: 24
213.78.0.0/16 maxlen: 24
195.137.0.0/17 maxlen: 24
79.73.0.0/16 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:3c:e6:d7:cd:13:2a:5f:2b:36:ea:37:2b:04:b0:fa:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Jul 9 23:05:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ea993f5d119bbf31e4c2e1b00a41ba05be65694e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:49:f2:63:23:52:7b:40:40:4a:38:fa:e0:a1:
c9:ec:9e:35:f9:7b:fe:a9:70:c5:22:03:30:61:83:
02:43:a7:13:dc:2e:a5:c4:97:ff:e7:5b:a4:a4:7d:
20:09:9a:b1:1f:f7:f6:7d:4c:d4:6f:15:c4:19:a3:
84:5d:29:5a:13:67:37:cb:4a:8e:a5:13:93:13:8e:
97:22:90:65:27:32:fb:b6:e2:d3:50:ec:29:4a:15:
72:a7:e7:38:f8:87:8b:37:c0:26:40:c4:5e:87:cc:
62:03:a7:bc:d8:5e:c2:7a:ea:2e:26:92:76:88:80:
c0:3b:f7:4d:01:11:d8:22:fa:b7:ae:75:ba:80:e1:
68:cd:21:9e:0d:87:03:ea:c1:bf:48:e5:dc:3b:81:
59:e1:5e:b2:fc:c4:90:98:08:91:7c:b6:db:e9:bf:
e2:85:57:2c:d4:00:5a:d7:1c:9f:29:16:db:8a:93:
7b:5f:5d:62:6f:89:6e:75:11:5b:a9:2e:a6:0f:9d:
42:8b:03:0e:9e:51:ad:b3:c3:93:a3:bc:dd:ec:93:
4b:5d:be:6a:fc:25:23:30:60:5b:1c:3e:5d:d4:dd:
b9:74:77:15:7c:a8:e1:c1:54:b7:a3:5a:12:3d:9f:
6b:c0:2f:62:df:12:04:7c:ac:db:60:d5:bf:64:26:
a5:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:99:3F:5D:11:9B:BF:31:E4:C2:E1:B0:0A:41:BA:05:BE:65:69:4E
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/6pk_XRGbvzHkwuGwCkG6Bb5laU4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.73.0.0/16
79.75.0.0-79.79.255.255
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.12.0.0/16
84.43.0.0/17
87.242.128.0/17
88.104.0.0/13
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
145.255.240.0/21
185.24.12.0/22
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
78:ec:21:dd:a3:13:21:d0:99:fe:6f:48:6b:3c:75:01:44:34:
87:5d:a1:a0:c2:78:d6:a4:65:fb:9d:ee:72:08:c9:f9:22:98:
61:23:d3:fa:76:14:6d:12:61:eb:e6:7b:de:e5:e6:64:56:5f:
80:20:c8:35:ee:59:b5:b2:66:e2:f3:e0:c5:23:61:b0:73:c6:
bc:be:35:b0:b7:fe:ea:65:a7:34:22:f6:01:b0:8f:e2:b7:87:
d5:81:7f:cb:d4:22:16:fa:7e:f1:1f:6e:de:d8:9c:1b:38:79:
15:3d:7a:1d:e5:f7:0c:e5:14:68:41:1c:24:c1:32:6c:dc:8e:
8f:6e:3c:76:65:96:69:ac:06:37:08:d8:3b:19:39:22:4e:2d:
67:96:0b:d8:f8:ac:5c:85:e9:94:e1:af:8b:9e:a8:8d:7d:69:
01:33:5b:4e:32:19:bb:01:79:fb:93:53:05:ae:dc:13:20:38:
2f:fc:f3:2c:90:ea:7d:7e:db:a6:f8:59:31:6f:60:44:0b:3d:
f7:4a:ed:57:fb:8c:e6:99:fe:6b:0c:3c:f4:3b:0a:aa:b3:02:
c3:f1:b3:e1:fd:1f:d2:55:29:55:d5:95:c6:c7:dc:39:a0:8f:
56:04:cc:a9:e6:a9:86:17:33:b7:0a:2f:99:fe:97:85:87:9e:
b4:96:84:8f
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAYk85tfNEypfKzbqNysEsPpkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMwNzA5MjMwNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTk5M2Y1ZDExOWJiZjMxZTRjMmUxYjAwYTQxYmEwNWJlNjU2OTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00nyYyNSe0BASjj64KHJ7J41+Xv+
qXDFIgMwYYMCQ6cT3C6lxJf/51ukpH0gCZqxH/f2fUzUbxXEGaOEXSlaE2c3y0qO
pROTE46XIpBlJzL7tuLTUOwpShVyp+c4+IeLN8AmQMReh8xiA6e82F7CeuouJpJ2
iIDAO/dNARHYIvq3rnW6gOFozSGeDYcD6sG/SOXcO4FZ4V6y/MSQmAiRfLbb6b/i
hVcs1ABa1xyfKRbbipN7X11ib4ludRFbqS6mD51CiwMOnlGts8OTo7zd7JNLXb5q
/CUjMGBbHD5d1N25dHcVfKjhwVS3o1oSPZ9rwC9i3xIEfKzbYNW/ZCal+QIDAQAB
o4IDFjCCAxIwHQYDVR0OBBYEFOqZP10Rm78x5MLhsApBugW+ZWlOMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvNnBrX1hSR2J2ekhrd3VHd0NrRzZCYjVsYVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKgYIKwYBBQUHAQcBAf8EggEZMIIBFTCCAREEAgABMIIB
CQMDAwJgAwQGPgPAAwQHPhiAAwQFPvGgAwMDTpADAwBPSTAKAwMAT0sDAwRPQAMD
A1AoAwQGUQFAAwQGUQbAAwMAUVYDBAdRqgADAwFRsgMEB1KFAAMDAFNDAwMAVAwD
BAdUKwADBAdX8oADAwNYaAMEB1mogAMDAlnwAwQDW5JwAwMFXAADBAOR//ADBAK5
GAwDBAK5cNQwDAMEArmtdAMEArmteAMEArmvMAMEArmvkAMEAMHaYwMEBcJqIAME
BcL34AMEBsNwAAMEB8OJAAMEBsOVAAMEBdQBgAMEBdRDYAMEBdRKYAMDANSLAwQG
1J+AAwMA1U4DBAbV0EADBAXZCAADBATZRIAwDQYJKoZIhvcNAQELBQADggEBAHjs
Id2jEyHQmf5vSGs8dQFENIddoaDCeNakZfud7nIIyfkimGEj0/p2FG0SYevme97l
5mRWX4AgyDXuWbWyZuLz4MUjYbBzxry+NbC3/uplpzQi9gGwj+K3h9WBf8vUIhb6
fvEfbt7YnBs4eRU9eh3l9wzlFGhBHCTBMmzcjo9uPHZllmmsBjcI2DsZOSJOLWeW
C9j4rFyF6ZThr4ueqI19aQEzW04yGbsBefuTUwWu3BMgOC/88yyQ6n1+26b4WTFv
YEQLPfdK7Vf7jOaZ/msMPPQ7CqqzAsPxs+H9H9JVKVXVlcbH3Dmgj1YEzKnmqYYX
M7cKL5n+l4WHnrSWhI8=
-----END CERTIFICATE-----
Generated at Sun Jun 15 11:46:01 2025 by rpki-client