Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Dgl5hp1TWyUuseM7lemK9ur_vvg.roa
File: Dgl5hp1TWyUuseM7lemK9ur_vvg.roa (raw, json)
Hash identifier: hgELEUKYRCnfP2tqKF142NGexnRbIwMjwA+60YAT7lc=
Subject key identifier: 0E:09:79:86:9D:53:5B:25:2E:B1:E3:3B:95:E9:8A:F6:EA:FF:BE:F8
Certificate issuer: /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial: 018EA2B6AEF86E3285CAA31D0B2D5A56924E
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Dgl5hp1TWyUuseM7lemK9ur_vvg.roa
Signing time: Wed 03 Apr 2024 06:47:45 +0000
ROA not before: Wed 03 Apr 2024 06:47:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1136
IP address blocks: 37.251.0.0/17 maxlen: 17
62.131.0.0/16 maxlen: 16
62.251.0.0/17 maxlen: 17
77.160.0.0/13 maxlen: 13
77.168.0.0/14 maxlen: 14
77.172.0.0/16 maxlen: 16
77.173.0.0/16 maxlen: 16
77.174.0.0/16 maxlen: 16
77.175.0.0/16 maxlen: 16
77.175.0.0/17 maxlen: 17
77.175.128.0/17 maxlen: 17
80.60.0.0/15 maxlen: 15
81.204.0.0/14 maxlen: 14
82.136.192.0/18 maxlen: 18
82.168.0.0/14 maxlen: 14
82.168.0.0/15 maxlen: 15
82.168.0.0/17 maxlen: 17
82.168.128.0/18 maxlen: 18
82.168.192.0/19 maxlen: 19
82.168.224.0/19 maxlen: 19
82.169.0.0/18 maxlen: 18
82.169.64.0/19 maxlen: 19
82.169.96.0/19 maxlen: 19
82.169.128.0/19 maxlen: 19
82.169.160.0/19 maxlen: 19
82.169.192.0/18 maxlen: 18
82.170.0.0/16 maxlen: 16
84.80.0.0/16 maxlen: 16
84.82.0.0/15 maxlen: 15
84.84.0.0/14 maxlen: 14
85.113.224.0/19 maxlen: 19
86.80.0.0/13 maxlen: 13
86.88.0.0/15 maxlen: 15
86.90.0.0/16 maxlen: 16
86.92.0.0/14 maxlen: 14
88.159.0.0/16 maxlen: 16
188.142.0.0/17 maxlen: 17
195.240.0.0/16 maxlen: 16
195.240.0.0/17 maxlen: 17
195.240.128.0/18 maxlen: 18
195.240.192.0/18 maxlen: 18
195.241.0.0/16 maxlen: 16
212.123.128.0/18 maxlen: 18
212.182.128.0/18 maxlen: 18
212.238.0.0/16 maxlen: 16
213.10.0.0/16 maxlen: 16
213.84.0.0/16 maxlen: 16
213.197.0.0/18 maxlen: 18
2a02:a400::/25 maxlen: 25
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a2:b6:ae:f8:6e:32:85:ca:a3:1d:0b:2d:5a:56:92:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Validity
Not Before: Apr 3 06:47:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0e0979869d535b252eb1e33b95e98af6eaffbef8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:2c:9e:cb:c9:b7:88:78:3a:9a:40:e7:ea:db:
c8:48:bf:62:50:6e:3f:9e:83:15:7a:31:eb:b5:34:
a3:71:df:e6:7f:84:30:14:e0:04:57:7f:f6:6c:94:
20:d3:f5:30:b4:06:b8:11:ee:12:ee:61:2c:1d:d4:
1b:c4:10:b6:78:22:a4:09:8a:f8:99:93:f6:04:76:
72:90:3a:00:71:25:22:9a:0d:da:2b:33:26:3a:aa:
88:60:05:91:de:f1:69:6b:69:a1:cc:4b:7a:b7:a2:
a9:ad:05:04:a9:fc:08:73:b3:3b:7b:06:e2:0c:2e:
9a:63:26:ba:5e:ea:67:7c:11:9f:58:eb:84:f1:83:
89:9d:a6:ed:f0:d6:d5:a8:5e:b4:4d:a6:13:69:12:
14:f1:10:fb:fc:ef:88:4b:7b:2e:3a:09:0f:c8:ae:
18:69:e6:6f:3f:18:4f:08:b6:23:e3:1e:3a:0a:f1:
4f:68:f6:d1:03:99:47:65:69:c9:88:60:34:9a:12:
ef:11:6d:e7:12:67:e0:ce:22:b0:4c:e0:d5:f2:50:
db:d7:51:ec:65:d8:9f:a1:e1:ba:50:f0:04:38:a5:
8f:c8:30:f4:86:a1:55:87:ea:b1:aa:ed:19:61:8a:
77:e8:96:d3:69:9a:47:5d:f9:54:3b:fa:37:bb:53:
0b:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:09:79:86:9D:53:5B:25:2E:B1:E3:3B:95:E9:8A:F6:EA:FF:BE:F8
X509v3 Authority Key Identifier:
keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Dgl5hp1TWyUuseM7lemK9ur_vvg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.251.0.0/17
62.131.0.0/16
62.251.0.0/17
77.160.0.0/12
80.60.0.0/15
81.204.0.0/14
82.136.192.0/18
82.168.0.0/14
84.80.0.0/16
84.82.0.0-84.87.255.255
85.113.224.0/19
86.80.0.0-86.90.255.255
86.92.0.0/14
88.159.0.0/16
188.142.0.0/17
195.240.0.0/15
212.123.128.0/18
212.182.128.0/18
212.238.0.0/16
213.10.0.0/16
213.84.0.0/16
213.197.0.0/18
IPv6:
2a02:a400::/25
Signature Algorithm: sha256WithRSAEncryption
02:d1:45:02:7c:84:b1:b2:e0:e0:b7:7c:d7:a7:aa:7a:80:43:
07:a5:48:29:44:f0:de:b6:28:b4:c2:4c:82:2f:fd:59:4d:5e:
9d:8f:1a:4c:df:78:df:9e:c2:c5:a1:e7:19:ee:e1:e7:33:a1:
f4:b6:a5:d3:f1:fe:4c:b1:36:f7:0c:4e:2c:34:e4:61:ae:f0:
9e:89:12:d9:39:07:64:b4:2c:59:24:05:f5:36:81:1d:7a:32:
21:7c:73:25:67:ba:53:40:da:ba:8f:ef:cb:b7:cd:93:0b:d1:
b9:23:33:38:7e:82:97:f3:ee:3c:00:e4:30:72:51:58:c2:ed:
15:0c:7b:26:44:dc:46:a2:68:3b:72:29:37:8a:9e:0f:83:8f:
7d:42:a2:94:f2:42:b7:ed:e6:e7:42:8d:e2:5d:0f:bc:f1:84:
45:a2:26:80:a0:f7:b6:ab:76:8a:e7:12:f0:e4:ed:d8:95:9f:
31:df:c3:13:be:d4:ca:79:3c:2d:0e:0a:a3:4e:e8:6b:be:b8:
6c:09:8f:29:5f:42:fc:16:4d:7b:ad:c0:31:ac:59:4b:ef:09:
c8:ce:77:58:d5:bb:6a:fb:ca:8f:80:3c:ba:67:e8:95:85:77:
ed:84:1a:72:5a:a2:90:4a:75:2f:ab:aa:c2:33:54:c1:b1:18:
14:e4:32:51
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAY6itq74bjKFyqMdCy1aVpJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwNDAzMDY0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTA5Nzk4NjlkNTM1YjI1MmViMWUzM2I5NWU5OGFmNmVhZmZiZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSyey8m3iHg6mkDn6tvISL9iUG4/
noMVejHrtTSjcd/mf4QwFOAEV3/2bJQg0/UwtAa4Ee4S7mEsHdQbxBC2eCKkCYr4
mZP2BHZykDoAcSUimg3aKzMmOqqIYAWR3vFpa2mhzEt6t6KprQUEqfwIc7M7ewbi
DC6aYya6XupnfBGfWOuE8YOJnabt8NbVqF60TaYTaRIU8RD7/O+IS3suOgkPyK4Y
aeZvPxhPCLYj4x46CvFPaPbRA5lHZWnJiGA0mhLvEW3nEmfgziKwTODV8lDb11Hs
ZdifoeG6UPAEOKWPyDD0hqFVh+qxqu0ZYYp36JbTaZpHXflUO/o3u1MLCwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFA4JeYadU1slLrHjO5Xpivbq/774MB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvRGdsNWhwMVRXeVV1c2VNN2xlbUs5dXJfdnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGwBggrBgEFBQcBBwEB/wSBoDCBnTCBiwQCAAEwgYQDBAcl
+wADAwA+gwMEBz77AAMDBE2gAwMBUDwDAwJRzAMEBlKIwAMDAlKoAwMAVFAwCgMD
AVRSAwMDVFADBAVVceAwCgMDBFZQAwMAVloDAwJWXAMDAFifAwQHvI4AAwMBw/AD
BAbUe4ADBAbUtoADAwDU7gMDANUKAwMA1VQDBAbVxQAwDQQCAAIwBwMFByoCpAAw
DQYJKoZIhvcNAQELBQADggEBAALRRQJ8hLGy4OC3fNenqnqAQwelSClE8N62KLTC
TIIv/VlNXp2PGkzfeN+ewsWh5xnu4eczofS2pdPx/kyxNvcMTiw05GGu8J6JEtk5
B2S0LFkkBfU2gR16MiF8cyVnulNA2rqP78u3zZML0bkjMzh+gpfz7jwA5DByUVjC
7RUMeyZE3EaiaDtyKTeKng+Dj31CopTyQrft5udCjeJdD7zxhEWiJoCg97ardorn
EvDk7diVnzHfwxO+1Mp5PC0OCqNO6Gu+uGwJjylfQvwWTXutwDGsWUvvCcjOd1jV
u2r7yo+APLpn6JWFd+2EGnJaopBKdS+rqsIzVMGxGBTkMlE=
-----END CERTIFICATE-----
Generated at Mon Jun 16 00:05:32 2025 by rpki-client