Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ODSh2nlcsD4kuMA3QPPfq0p8B6w.roa
File: ODSh2nlcsD4kuMA3QPPfq0p8B6w.roa (raw, json)
Hash identifier: 0l/R37W9z8Ucn63SeaiFOXbgtatxrpgi01Lqv+7CfCc=
Subject key identifier: 38:34:A1:DA:79:5C:B0:3E:24:B8:C0:37:40:F3:DF:AB:4A:7C:07:AC
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 01965DCDF034AAE9D43771AF5999B182D03B
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ODSh2nlcsD4kuMA3QPPfq0p8B6w.roa
Signing time: Tue 22 Apr 2025 14:01:39 +0000
ROA not before: Tue 22 Apr 2025 14:01:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12325
IP address blocks: 46.102.191.0/24 maxlen: 24
77.81.183.0/24 maxlen: 24
86.105.151.0/24 maxlen: 24
86.107.47.0/24 maxlen: 24
86.107.184.0/24 maxlen: 24
86.107.244.0/23 maxlen: 24
89.33.87.0/24 maxlen: 24
89.35.26.0/24 maxlen: 24
89.35.51.0/24 maxlen: 24
89.35.172.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.39.64.0/23 maxlen: 24
89.39.80.0/24 maxlen: 24
89.39.90.0/24 maxlen: 24
89.40.65.0/24 maxlen: 24
89.40.104.0/23 maxlen: 24
89.40.204.0/24 maxlen: 24
89.40.233.0/24 maxlen: 24
89.42.158.0/23 maxlen: 24
92.114.104.0/23 maxlen: 24
93.113.98.0/23 maxlen: 24
93.113.214.0/23 maxlen: 24
94.176.3.0/24 maxlen: 24
94.177.58.0/24 maxlen: 24
176.223.163.0/24 maxlen: 24
188.215.78.0/24 maxlen: 24
188.240.17.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5d:cd:f0:34:aa:e9:d4:37:71:af:59:99:b1:82:d0:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Apr 22 14:01:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3834a1da795cb03e24b8c03740f3dfab4a7c07ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:d5:f9:4a:1d:b0:e0:3b:6c:5c:24:a3:91:2b:
0c:2e:5d:28:96:87:c9:86:20:fa:0c:42:63:a0:e0:
f4:c6:64:bd:80:ae:16:39:19:75:71:7b:20:ee:6a:
c6:79:15:61:4c:b4:7c:b8:ee:54:8d:b5:46:c6:6a:
68:eb:62:c4:9f:b5:17:33:44:e4:c7:bf:2a:ad:cf:
18:aa:a4:93:56:f4:b6:e0:71:64:65:9d:63:14:ef:
cd:0c:0f:21:15:b3:47:6d:5e:0e:74:e0:3d:03:69:
8d:f5:e3:6d:08:8e:19:95:11:bf:e1:bb:9e:bf:88:
23:ee:8b:d3:38:99:cc:08:1f:75:46:bd:06:24:70:
e7:f1:94:b0:fa:e3:e4:e5:cc:ca:52:92:b9:39:8e:
c6:ba:2b:cf:dc:11:ca:41:97:7f:3a:38:bc:b6:f3:
2c:dc:ef:77:70:fd:a0:60:11:e5:35:e8:f0:1f:78:
79:c3:78:7a:ec:84:fc:4a:99:3c:48:d6:38:28:9f:
97:4e:bb:05:7d:7e:06:c6:b2:5b:59:b0:29:b1:e3:
c0:09:2f:ad:da:6d:55:ff:5a:a8:58:39:3a:65:4f:
24:ec:ee:04:8f:03:ac:09:02:cd:27:10:c0:1e:e1:
ab:d3:06:32:44:12:09:bc:f6:50:9e:f9:31:97:99:
c2:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:34:A1:DA:79:5C:B0:3E:24:B8:C0:37:40:F3:DF:AB:4A:7C:07:AC
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ODSh2nlcsD4kuMA3QPPfq0p8B6w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.191.0/24
77.81.183.0/24
86.105.151.0/24
86.107.47.0/24
86.107.184.0/24
86.107.244.0/23
89.33.87.0/24
89.35.26.0/24
89.35.51.0/24
89.35.172.0/24
89.37.142.0/24
89.39.64.0/23
89.39.80.0/24
89.39.90.0/24
89.40.65.0/24
89.40.104.0/23
89.40.204.0/24
89.40.233.0/24
89.42.158.0/23
92.114.104.0/23
93.113.98.0/23
93.113.214.0/23
94.176.3.0/24
94.177.58.0/24
176.223.163.0/24
188.215.78.0/24
188.240.17.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:a8:df:14:f0:ff:21:bf:68:a1:fd:3d:07:d4:d4:9f:7b:2e:
14:ab:70:a5:39:7a:d8:eb:44:38:72:8b:79:d8:3d:e7:92:b5:
1e:86:64:11:8b:91:57:43:2b:75:b0:8f:47:a1:6b:af:63:a7:
0e:88:a7:fe:d3:a1:59:17:2c:78:6b:d2:92:51:30:b6:64:6d:
6f:b8:fe:ec:d2:ba:57:03:23:3c:56:8e:14:8a:ae:5e:ee:96:
46:0d:1d:96:7e:d9:16:6b:25:33:4f:c5:4e:e1:a6:c3:32:3c:
30:cd:14:7c:cf:03:7b:b7:82:f4:a0:0a:63:8c:12:63:25:0f:
3b:42:a8:83:10:68:60:1c:e2:b3:60:7a:7d:6c:c5:14:dd:d8:
28:b5:ad:a6:3a:1d:c1:7b:27:93:a0:d4:f4:4e:15:b2:3a:81:
2b:ba:3b:93:72:85:35:e8:06:90:75:fa:a2:68:fc:2c:5b:03:
b3:37:82:75:4c:1e:cf:f9:28:eb:9d:20:e0:41:99:14:0e:b6:
a0:5d:d0:73:b7:eb:b4:cb:af:67:a4:40:7d:76:09:ae:d3:c7:
34:ec:8c:b8:ab:98:f2:85:d8:03:f4:78:1e:6c:c8:18:98:ff:
66:ad:c7:c0:52:34:ba:4b:f3:25:09:31:6e:8d:52:35:ba:a4:
0d:07:0b:9b
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAZZdzfA0qunUN3GvWZmxgtA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwNDIyMTQwMTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM0YTFkYTc5NWNiMDNlMjRiOGMwMzc0MGYzZGZhYjRhN2MwN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNX5Sh2w4DtsXCSjkSsMLl0olofJ
hiD6DEJjoOD0xmS9gK4WORl1cXsg7mrGeRVhTLR8uO5UjbVGxmpo62LEn7UXM0Tk
x78qrc8YqqSTVvS24HFkZZ1jFO/NDA8hFbNHbV4OdOA9A2mN9eNtCI4ZlRG/4bue
v4gj7ovTOJnMCB91Rr0GJHDn8ZSw+uPk5czKUpK5OY7GuivP3BHKQZd/Oji8tvMs
3O93cP2gYBHlNejwH3h5w3h67IT8Spk8SNY4KJ+XTrsFfX4GxrJbWbApsePACS+t
2m1V/1qoWDk6ZU8k7O4EjwOsCQLNJxDAHuGr0wYyRBIJvPZQnvkxl5nCZQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFDg0odp5XLA+JLjAN0Dz36tKfAesMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL09EU2gybmxjc0Q0a3VNQTNRUFBmcTBwOEI2dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgb8GCCsGAQUFBwEHAQH/BIGvMIGsMIGpBAIAATCBogME
AC5mvwMEAE1RtwMEAFZplwMEAFZrLwMEAFZruAMEAVZr9AMEAFkhVwMEAFkjGgME
AFkjMwMEAFkjrAMEAFkljgMEAVknQAMEAFknUAMEAFknWgMEAFkoQQMEAVkoaAME
AFkozAMEAFko6QMEAVkqngMEAVxyaAMEAV1xYgMEAV1x1gMEAF6wAwMEAF6xOgME
ALDfowMEALzXTgMEALzwETANBgkqhkiG9w0BAQsFAAOCAQEAo6jfFPD/Ib9oof09
B9TUn3suFKtwpTl62OtEOHKLedg955K1HoZkEYuRV0MrdbCPR6Frr2OnDoin/tOh
WRcseGvSklEwtmRtb7j+7NK6VwMjPFaOFIquXu6WRg0dln7ZFmslM0/FTuGmwzI8
MM0UfM8De7eC9KAKY4wSYyUPO0KogxBoYBzis2B6fWzFFN3YKLWtpjodwXsnk6DU
9E4VsjqBK7o7k3KFNegGkHX6omj8LFsDszeCdUwez/ko650g4EGZFA62oF3Qc7fr
tMuvZ6RAfXYJrtPHNOyMuKuY8oXYA/R4HmzIGJj/Zq3HwFI0ukvzJQkxbo1SNbqk
DQcLmw==
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:26:07 2025 by rpki-client