Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_dXpxTwJEGYZwnt1wUr7ZiA1x5Q.roa
File: _dXpxTwJEGYZwnt1wUr7ZiA1x5Q.roa (raw, json)
Hash identifier: R5xWHsa0Em6ANqMYv9Z9hg+GjO++3J6rmXeAMVieNTc=
Subject key identifier: FD:D5:E9:C5:3C:09:10:66:19:C2:7B:75:C1:4A:FB:66:20:35:C7:94
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 0195433AD1A9648654709D29F74540FE919D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_dXpxTwJEGYZwnt1wUr7ZiA1x5Q.roa
Signing time: Wed 26 Feb 2025 17:08:02 +0000
ROA not before: Wed 26 Feb 2025 17:08:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12325
IP address blocks: 37.156.35.0/24 maxlen: 24
84.247.36.0/22 maxlen: 24
85.204.241.0/24 maxlen: 24
86.105.151.0/24 maxlen: 24
86.105.224.0/24 maxlen: 24
86.107.77.0/24 maxlen: 24
86.107.184.0/24 maxlen: 24
86.107.244.0/23 maxlen: 24
89.33.81.0/24 maxlen: 24
89.33.87.0/24 maxlen: 24
89.34.90.0/24 maxlen: 24
89.34.174.0/24 maxlen: 24
89.35.26.0/24 maxlen: 24
89.35.51.0/24 maxlen: 24
89.35.172.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.39.80.0/24 maxlen: 24
89.39.90.0/24 maxlen: 24
89.39.214.0/24 maxlen: 24
89.39.245.0/24 maxlen: 24
89.40.69.0/24 maxlen: 24
89.40.104.0/23 maxlen: 24
89.40.204.0/24 maxlen: 24
89.40.233.0/24 maxlen: 24
89.42.158.0/23 maxlen: 24
92.114.104.0/23 maxlen: 24
93.113.98.0/23 maxlen: 24
93.113.214.0/23 maxlen: 24
93.115.56.0/23 maxlen: 24
93.117.175.0/24 maxlen: 24
94.176.3.0/24 maxlen: 24
176.223.163.0/24 maxlen: 24
176.223.168.0/22 maxlen: 24
188.212.131.0/24 maxlen: 24
188.215.68.0/23 maxlen: 24
188.215.78.0/24 maxlen: 24
188.241.66.0/23 maxlen: 24
188.241.127.0/24 maxlen: 24
188.241.128.0/22 maxlen: 24
188.241.132.0/23 maxlen: 24
188.241.138.0/23 maxlen: 24
188.241.143.0/24 maxlen: 24
188.241.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:43:3a:d1:a9:64:86:54:70:9d:29:f7:45:40:fe:91:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 26 17:08:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fdd5e9c53c09106619c27b75c14afb662035c794
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:0c:bd:f0:8b:0b:cc:34:ac:05:5b:7e:d5:8c:
91:3e:b9:72:cb:90:3f:0b:25:3e:39:51:60:fc:bf:
6c:f1:d9:cc:2a:2e:f0:7e:c3:28:bd:ac:d8:c6:4e:
44:b8:46:ba:87:10:38:cc:a2:70:11:56:d4:f3:fd:
26:8a:57:7e:f4:ae:80:f7:56:aa:47:e3:a2:12:62:
23:e0:89:a2:d2:14:27:84:46:1b:4d:e4:b7:66:e3:
6e:0e:56:26:be:2d:c5:94:36:ba:d6:bf:2e:f1:4b:
65:70:a8:fb:73:cc:d2:bc:40:84:51:a2:9d:a3:93:
64:9a:d1:98:f2:68:a1:e1:d9:7a:53:9d:1f:eb:d5:
df:af:8c:e8:a2:7c:39:ab:97:be:38:45:55:a5:cf:
3b:33:dc:6b:ab:f3:15:1c:97:01:21:8c:c3:78:7d:
02:31:52:01:bf:f0:25:0d:32:8d:9a:1c:2a:f0:ba:
d6:81:b2:9b:6a:c2:7e:af:4f:a8:1a:f8:99:08:9b:
c9:8c:aa:9c:09:cd:56:b0:66:86:c3:1a:b1:43:33:
2e:a7:14:d7:a4:1b:2a:82:97:f9:15:49:7a:d9:59:
37:28:fa:4f:0a:17:db:6a:45:00:8c:3a:9b:24:f1:
14:27:a9:39:67:cf:61:87:13:64:e1:4b:7b:7e:d7:
98:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:D5:E9:C5:3C:09:10:66:19:C2:7B:75:C1:4A:FB:66:20:35:C7:94
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_dXpxTwJEGYZwnt1wUr7ZiA1x5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.35.0/24
84.247.36.0/22
85.204.241.0/24
86.105.151.0/24
86.105.224.0/24
86.107.77.0/24
86.107.184.0/24
86.107.244.0/23
89.33.81.0/24
89.33.87.0/24
89.34.90.0/24
89.34.174.0/24
89.35.26.0/24
89.35.51.0/24
89.35.172.0/24
89.37.142.0/24
89.39.80.0/24
89.39.90.0/24
89.39.214.0/24
89.39.245.0/24
89.40.69.0/24
89.40.104.0/23
89.40.204.0/24
89.40.233.0/24
89.42.158.0/23
92.114.104.0/23
93.113.98.0/23
93.113.214.0/23
93.115.56.0/23
93.117.175.0/24
94.176.3.0/24
176.223.163.0/24
176.223.168.0/22
188.212.131.0/24
188.215.68.0/23
188.215.78.0/24
188.241.66.0/23
188.241.127.0-188.241.133.255
188.241.138.0/23
188.241.143.0/24
188.241.213.0/24
Signature Algorithm: sha256WithRSAEncryption
83:2a:f1:74:69:98:54:21:ed:97:07:49:48:d5:a9:b3:c1:1a:
54:6b:6d:b4:f2:f4:00:fc:23:e6:7b:12:f1:2f:93:f4:9c:36:
c2:39:57:7a:43:93:21:ea:ae:a1:a5:db:01:e6:c0:b9:73:cc:
8d:2f:67:1d:87:15:08:3b:2a:84:bf:59:57:aa:31:09:5b:64:
b9:cc:8f:25:e0:a2:60:37:20:7d:3e:24:95:be:56:02:4d:39:
8a:29:e8:0c:8c:37:ca:7e:c5:47:a0:d4:6e:58:9e:2e:ec:16:
dc:c1:30:9d:9f:d0:11:1d:77:24:0b:3e:33:36:ea:d7:ae:c7:
76:51:ba:73:ba:c8:6b:a1:0a:2c:46:77:fb:17:95:99:67:a1:
49:9d:7e:f9:2d:95:50:03:bf:25:0f:ad:aa:98:7e:b0:03:9b:
d5:a1:8e:27:51:75:5b:86:d1:05:2c:fd:a4:b4:dd:03:8f:9b:
9a:ac:ba:a1:c6:4c:38:ce:97:c9:09:4b:f0:42:52:b7:81:c2:
64:2e:56:16:dd:02:3d:e5:53:31:4d:4b:78:99:72:bd:82:bd:
13:d9:6e:ae:52:40:69:b6:16:ce:76:0c:0d:f7:08:6b:b7:b4:
49:9a:14:c9:e4:40:54:73:58:5a:f1:6a:bc:53:cb:d1:b3:20:
b1:07:fb:9d
-----BEGIN CERTIFICATE-----
MIIGADCCBOigAwIBAgISAZVDOtGpZIZUcJ0p90VA/pGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMjI2MTcwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ1ZTljNTNjMDkxMDY2MTljMjdiNzVjMTRhZmI2NjIwMzVjNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwy98IsLzDSsBVt+1YyRPrlyy5A/
CyU+OVFg/L9s8dnMKi7wfsMovazYxk5EuEa6hxA4zKJwEVbU8/0mild+9K6A91aq
R+OiEmIj4Imi0hQnhEYbTeS3ZuNuDlYmvi3FlDa61r8u8UtlcKj7c8zSvECEUaKd
o5NkmtGY8mih4dl6U50f69Xfr4zoonw5q5e+OEVVpc87M9xrq/MVHJcBIYzDeH0C
MVIBv/AlDTKNmhwq8LrWgbKbasJ+r0+oGviZCJvJjKqcCc1WsGaGwxqxQzMupxTX
pBsqgpf5FUl62Vk3KPpPChfbakUAjDqbJPEUJ6k5Z89hhxNk4Ut7fteY+wIDAQAB
o4IDDDCCAwgwHQYDVR0OBBYEFP3V6cU8CRBmGcJ7dcFK+2YgNceUMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL19kWHB4VHdKRUdZWndudDF3VXI3WmlBMXg1US5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggEeBggrBgEFBQcBBwEB/wSCAQ0wggEJMIIBBQQCAAEw
gf4DBAAlnCMDBAJU9yQDBABVzPEDBABWaZcDBABWaeADBABWa00DBABWa7gDBAFW
a/QDBABZIVEDBABZIVcDBABZIloDBABZIq4DBABZIxoDBABZIzMDBABZI6wDBABZ
JY4DBABZJ1ADBABZJ1oDBABZJ9YDBABZJ/UDBABZKEUDBAFZKGgDBABZKMwDBABZ
KOkDBAFZKp4DBAFccmgDBAFdcWIDBAFdcdYDBAFdczgDBABdda8DBABesAMDBACw
36MDBAKw36gDBAC81IMDBAG810QDBAC8104DBAG88UIwDAMEALzxfwMEAbzxhAME
AbzxigMEALzxjwMEALzx1TANBgkqhkiG9w0BAQsFAAOCAQEAgyrxdGmYVCHtlwdJ
SNWps8EaVGtttPL0APwj5nsS8S+T9Jw2wjlXekOTIequoaXbAebAuXPMjS9nHYcV
CDsqhL9ZV6oxCVtkucyPJeCiYDcgfT4klb5WAk05iinoDIw3yn7FR6DUblieLuwW
3MEwnZ/QER13JAs+Mzbq167HdlG6c7rIa6EKLEZ3+xeVmWehSZ1++S2VUAO/JQ+t
qph+sAOb1aGOJ1F1W4bRBSz9pLTdA4+bmqy6ocZMOM6XyQlL8EJSt4HCZC5WFt0C
PeVTMU1LeJlyvYK9E9lurlJAabYWznYMDfcIa7e0SZoUyeRAVHNYWvFqvFPL0bMg
sQf7nQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:02:57 2025 by rpki-client