Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/TbGS_ueAaKZwugibkGboUs9y2oU.roa
File: TbGS_ueAaKZwugibkGboUs9y2oU.roa (raw, json)
Hash identifier: yvxHCLMK5PBqtIusrr52uzuMIZ9OTCmS15dcv1a0R/I=
Subject key identifier: 4D:B1:92:FE:E7:80:68:A6:70:BA:08:9B:90:66:E8:52:CF:72:DA:85
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 01954892E13F174340189DF62AC0F8BF9014
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/TbGS_ueAaKZwugibkGboUs9y2oU.roa
Signing time: Thu 27 Feb 2025 18:02:20 +0000
ROA not before: Thu 27 Feb 2025 18:02:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12325
IP address blocks: 37.156.35.0/24 maxlen: 24
77.81.183.0/24 maxlen: 24
84.247.36.0/22 maxlen: 24
85.204.241.0/24 maxlen: 24
86.105.151.0/24 maxlen: 24
86.105.224.0/24 maxlen: 24
86.107.73.0/24 maxlen: 24
86.107.77.0/24 maxlen: 24
86.107.184.0/24 maxlen: 24
86.107.244.0/23 maxlen: 24
89.33.81.0/24 maxlen: 24
89.33.87.0/24 maxlen: 24
89.34.90.0/24 maxlen: 24
89.34.174.0/24 maxlen: 24
89.35.26.0/24 maxlen: 24
89.35.51.0/24 maxlen: 24
89.35.172.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.39.64.0/23 maxlen: 24
89.39.80.0/24 maxlen: 24
89.39.90.0/24 maxlen: 24
89.39.214.0/24 maxlen: 24
89.39.245.0/24 maxlen: 24
89.40.65.0/24 maxlen: 24
89.40.69.0/24 maxlen: 24
89.40.104.0/23 maxlen: 24
89.40.204.0/24 maxlen: 24
89.40.233.0/24 maxlen: 24
89.42.158.0/23 maxlen: 24
92.114.104.0/23 maxlen: 24
93.113.98.0/23 maxlen: 24
93.113.126.0/24 maxlen: 24
93.113.214.0/23 maxlen: 24
93.115.56.0/23 maxlen: 24
93.117.175.0/24 maxlen: 24
94.176.3.0/24 maxlen: 24
94.176.164.0/23 maxlen: 24
176.223.163.0/24 maxlen: 24
176.223.168.0/22 maxlen: 24
188.212.131.0/24 maxlen: 24
188.214.111.0/24 maxlen: 24
188.215.68.0/23 maxlen: 24
188.215.78.0/24 maxlen: 24
188.240.17.0/24 maxlen: 24
188.241.66.0/23 maxlen: 24
188.241.127.0/24 maxlen: 24
188.241.128.0/22 maxlen: 24
188.241.132.0/23 maxlen: 24
188.241.138.0/23 maxlen: 24
188.241.143.0/24 maxlen: 24
188.241.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:48:92:e1:3f:17:43:40:18:9d:f6:2a:c0:f8:bf:90:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 27 18:02:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4db192fee78068a670ba089b9066e852cf72da85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:b1:3f:89:57:6d:41:92:d1:b8:a7:d1:31:98:
60:78:b3:c0:67:70:04:a5:f1:cc:f5:03:bc:aa:3c:
8a:6e:0c:b9:ad:52:da:83:22:bf:a0:fc:3f:56:1b:
fb:b9:53:8f:57:af:29:33:39:15:a9:f1:58:fd:70:
1a:37:cd:49:73:d6:11:66:b1:2c:7e:33:67:58:0c:
2d:df:51:b3:6b:14:f7:e4:9c:75:65:28:cb:76:b7:
23:7c:e8:62:e7:d5:58:99:e2:23:7a:a1:ee:b7:b5:
90:0f:d8:6e:04:db:94:b6:92:9f:7b:fc:a1:c3:2c:
aa:c6:80:7f:f5:b6:5f:46:ee:79:0b:17:8e:5b:e7:
10:3d:13:33:ec:2c:a2:aa:76:a0:e3:70:13:0c:59:
59:dd:d3:53:cf:dc:02:36:0d:4c:61:ec:3b:bf:0b:
a6:66:91:b1:4e:89:b8:42:d7:f7:c9:7c:b5:37:03:
77:c2:0e:34:25:47:7e:4b:91:33:f9:4c:dd:2b:fd:
5b:9f:c6:09:50:a7:49:a0:a6:c8:c4:c3:6b:fc:25:
39:5c:e4:d0:6a:b2:8a:ac:b4:2f:35:b4:d2:34:2d:
1e:11:da:c9:e9:ef:0e:f7:8b:a5:21:23:5f:4e:b6:
ae:e2:49:6e:ed:69:63:64:57:5c:70:9e:c7:30:92:
84:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:B1:92:FE:E7:80:68:A6:70:BA:08:9B:90:66:E8:52:CF:72:DA:85
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/TbGS_ueAaKZwugibkGboUs9y2oU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.35.0/24
77.81.183.0/24
84.247.36.0/22
85.204.241.0/24
86.105.151.0/24
86.105.224.0/24
86.107.73.0/24
86.107.77.0/24
86.107.184.0/24
86.107.244.0/23
89.33.81.0/24
89.33.87.0/24
89.34.90.0/24
89.34.174.0/24
89.35.26.0/24
89.35.51.0/24
89.35.172.0/24
89.37.142.0/24
89.39.64.0/23
89.39.80.0/24
89.39.90.0/24
89.39.214.0/24
89.39.245.0/24
89.40.65.0/24
89.40.69.0/24
89.40.104.0/23
89.40.204.0/24
89.40.233.0/24
89.42.158.0/23
92.114.104.0/23
93.113.98.0/23
93.113.126.0/24
93.113.214.0/23
93.115.56.0/23
93.117.175.0/24
94.176.3.0/24
94.176.164.0/23
176.223.163.0/24
176.223.168.0/22
188.212.131.0/24
188.214.111.0/24
188.215.68.0/23
188.215.78.0/24
188.240.17.0/24
188.241.66.0/23
188.241.127.0-188.241.133.255
188.241.138.0/23
188.241.143.0/24
188.241.213.0/24
Signature Algorithm: sha256WithRSAEncryption
be:e5:1b:03:f8:34:c5:2b:91:a3:dd:39:f3:9c:e7:60:32:57:
60:8e:05:df:ea:3e:fb:eb:37:b5:c4:aa:ac:43:cf:a8:d7:8a:
53:75:34:4d:b4:d0:04:75:fa:8f:ba:e4:78:d2:e8:85:6e:45:
fc:cf:a0:ad:09:34:0f:0d:88:88:3f:a6:0c:0e:59:44:3a:b5:
16:7a:af:f8:94:f3:fd:90:61:80:40:46:eb:8a:33:04:e4:5f:
18:1c:6e:d0:07:eb:96:77:2f:46:a2:75:30:5e:a1:79:34:3e:
fa:36:32:29:af:2e:56:5b:54:73:ab:7a:b2:cf:a9:9c:cf:cc:
9d:4b:2f:27:fc:30:6b:ee:ae:1f:35:4c:9e:0e:e1:1a:9a:bb:
32:80:b7:e9:87:42:9e:f9:98:e7:af:26:27:11:24:cc:eb:4e:
6e:b6:04:a4:c1:7c:43:3f:67:c3:c3:5b:29:21:46:b6:2b:0c:
80:84:5f:ab:e5:21:0a:b0:0c:05:34:52:db:29:da:43:d4:a4:
b4:36:d0:c3:6d:c1:bf:0b:b4:f1:92:b2:77:bc:d3:27:fe:c0:
a5:7a:0d:de:4f:6a:8c:d4:79:ab:e7:e5:6b:da:77:7e:43:cb:
c3:8b:1c:6c:15:aa:8f:e1:4b:8f:1c:60:84:c8:43:62:0b:33:
f7:d7:fc:47
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgISAZVIkuE/F0NAGJ32KsD4v5AUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMjI3MTgwMjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGIxOTJmZWU3ODA2OGE2NzBiYTA4OWI5MDY2ZTg1MmNmNzJkYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67E/iVdtQZLRuKfRMZhgeLPAZ3AE
pfHM9QO8qjyKbgy5rVLagyK/oPw/Vhv7uVOPV68pMzkVqfFY/XAaN81Jc9YRZrEs
fjNnWAwt31GzaxT35Jx1ZSjLdrcjfOhi59VYmeIjeqHut7WQD9huBNuUtpKfe/yh
wyyqxoB/9bZfRu55CxeOW+cQPRMz7Cyiqnag43ATDFlZ3dNTz9wCNg1MYew7vwum
ZpGxTom4Qtf3yXy1NwN3wg40JUd+S5Ez+UzdK/1bn8YJUKdJoKbIxMNr/CU5XOTQ
arKKrLQvNbTSNC0eEdrJ6e8O94ulISNfTrau4klu7WljZFdccJ7HMJKEPwIDAQAB
o4IDPTCCAzkwHQYDVR0OBBYEFE2xkv7ngGimcLoIm5Bm6FLPctqFMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1RiR1NfdWVBYUtad3VnaWJrR2JvVXM5eTJvVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggFPBggrBgEFBQcBBwEB/wSCAT4wggE6MIIBNgQCAAEw
ggEuAwQAJZwjAwQATVG3AwQCVPckAwQAVczxAwQAVmmXAwQAVmngAwQAVmtJAwQA
VmtNAwQAVmu4AwQBVmv0AwQAWSFRAwQAWSFXAwQAWSJaAwQAWSKuAwQAWSMaAwQA
WSMzAwQAWSOsAwQAWSWOAwQBWSdAAwQAWSdQAwQAWSdaAwQAWSfWAwQAWSf1AwQA
WShBAwQAWShFAwQBWShoAwQAWSjMAwQAWSjpAwQBWSqeAwQBXHJoAwQBXXFiAwQA
XXF+AwQBXXHWAwQBXXM4AwQAXXWvAwQAXrADAwQBXrCkAwQAsN+jAwQCsN+oAwQA
vNSDAwQAvNZvAwQBvNdEAwQAvNdOAwQAvPARAwQBvPFCMAwDBAC88X8DBAG88YQD
BAG88YoDBAC88Y8DBAC88dUwDQYJKoZIhvcNAQELBQADggEBAL7lGwP4NMUrkaPd
OfOc52AyV2COBd/qPvvrN7XEqqxDz6jXilN1NE200AR1+o+65HjS6IVuRfzPoK0J
NA8NiIg/pgwOWUQ6tRZ6r/iU8/2QYYBARuuKMwTkXxgcbtAH65Z3L0aidTBeoXk0
Pvo2MimvLlZbVHOrerLPqZzPzJ1LLyf8MGvurh81TJ4O4RqauzKAt+mHQp75mOev
JicRJMzrTm62BKTBfEM/Z8PDWykhRrYrDICEX6vlIQqwDAU0Utsp2kPUpLQ20MNt
wb8LtPGSsne80yf+wKV6Dd5PaozUeavn5Wvad35Dy8OLHGwVqo/hS48cYITIQ2IL
M/fX/Ec=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:15:03 2025 by rpki-client