Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/5qR_G2EcsgIsg3Al9yKmav6G4vg.roa
File: 5qR_G2EcsgIsg3Al9yKmav6G4vg.roa (raw, json)
Hash identifier: pqSbNbutV5CpSr4sjIX9euK/tApYb1NG5/xV0DKtli4=
Subject key identifier: E6:A4:7F:1B:61:1C:B2:02:2C:83:70:25:F7:22:A6:6A:FE:86:E2:F8
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 01955BF3B98EF7CF615F4AFDA5E7C043B59E
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/5qR_G2EcsgIsg3Al9yKmav6G4vg.roa
Signing time: Mon 03 Mar 2025 12:20:54 +0000
ROA not before: Mon 03 Mar 2025 12:20:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12325
IP address blocks: 37.156.35.0/24 maxlen: 24
77.81.183.0/24 maxlen: 24
84.247.36.0/22 maxlen: 24
85.204.241.0/24 maxlen: 24
86.105.151.0/24 maxlen: 24
86.105.224.0/24 maxlen: 24
86.107.77.0/24 maxlen: 24
86.107.184.0/24 maxlen: 24
86.107.244.0/23 maxlen: 24
89.33.81.0/24 maxlen: 24
89.33.87.0/24 maxlen: 24
89.34.90.0/24 maxlen: 24
89.34.174.0/24 maxlen: 24
89.35.26.0/24 maxlen: 24
89.35.51.0/24 maxlen: 24
89.35.172.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.39.64.0/23 maxlen: 24
89.39.80.0/24 maxlen: 24
89.39.90.0/24 maxlen: 24
89.39.214.0/24 maxlen: 24
89.40.65.0/24 maxlen: 24
89.40.69.0/24 maxlen: 24
89.40.104.0/23 maxlen: 24
89.40.204.0/24 maxlen: 24
89.40.233.0/24 maxlen: 24
89.42.158.0/23 maxlen: 24
92.114.104.0/23 maxlen: 24
93.113.98.0/23 maxlen: 24
93.113.214.0/23 maxlen: 24
93.115.56.0/23 maxlen: 24
93.117.175.0/24 maxlen: 24
94.176.3.0/24 maxlen: 24
176.223.163.0/24 maxlen: 24
176.223.168.0/22 maxlen: 24
188.212.131.0/24 maxlen: 24
188.215.68.0/23 maxlen: 24
188.215.78.0/24 maxlen: 24
188.240.17.0/24 maxlen: 24
188.241.66.0/23 maxlen: 24
188.241.127.0/24 maxlen: 24
188.241.128.0/22 maxlen: 24
188.241.132.0/23 maxlen: 24
188.241.138.0/23 maxlen: 24
188.241.143.0/24 maxlen: 24
188.241.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:5b:f3:b9:8e:f7:cf:61:5f:4a:fd:a5:e7:c0:43:b5:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Mar 3 12:20:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e6a47f1b611cb2022c837025f722a66afe86e2f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:bc:2c:8b:71:fd:95:0e:d6:7c:69:39:e8:3d:
b6:2a:27:f9:ed:31:3c:c8:34:a4:0d:42:67:50:ad:
d9:4c:1e:2e:77:f9:d6:a3:da:c5:7e:14:22:c0:8c:
e7:67:1b:77:06:0a:96:21:c4:3d:53:e2:77:75:59:
32:ec:40:a9:9b:60:89:43:53:05:fd:b8:ca:15:b2:
8e:04:91:9d:ea:2d:54:a4:82:a7:09:a2:f0:19:ff:
cb:b3:3f:39:b4:7a:0b:33:66:3e:d9:56:a1:f4:dd:
22:30:e4:bc:f6:0a:d2:45:69:ae:54:8f:6f:51:94:
cc:76:86:cc:2d:97:9e:a3:98:f7:02:6f:72:3b:7f:
37:0f:dc:c0:34:5c:11:8b:c0:8b:3b:9c:31:92:0f:
23:1a:f1:78:85:d3:c5:b2:2b:d8:d6:44:d5:d4:31:
80:b6:58:72:ae:49:eb:57:c6:fa:fc:da:50:8f:d0:
86:02:d8:41:0f:12:be:89:a5:07:a0:4a:8a:90:12:
fa:61:eb:26:cf:41:af:1f:9b:ef:73:88:be:43:d0:
4c:21:21:f5:75:32:b8:be:56:39:61:6d:c0:3a:18:
47:9c:4a:bf:bb:8a:d2:48:a6:ba:03:7d:4a:48:26:
ff:c4:3f:b9:43:b5:ea:47:4f:4d:3a:45:05:21:dc:
e8:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:A4:7F:1B:61:1C:B2:02:2C:83:70:25:F7:22:A6:6A:FE:86:E2:F8
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/5qR_G2EcsgIsg3Al9yKmav6G4vg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.35.0/24
77.81.183.0/24
84.247.36.0/22
85.204.241.0/24
86.105.151.0/24
86.105.224.0/24
86.107.77.0/24
86.107.184.0/24
86.107.244.0/23
89.33.81.0/24
89.33.87.0/24
89.34.90.0/24
89.34.174.0/24
89.35.26.0/24
89.35.51.0/24
89.35.172.0/24
89.37.142.0/24
89.39.64.0/23
89.39.80.0/24
89.39.90.0/24
89.39.214.0/24
89.40.65.0/24
89.40.69.0/24
89.40.104.0/23
89.40.204.0/24
89.40.233.0/24
89.42.158.0/23
92.114.104.0/23
93.113.98.0/23
93.113.214.0/23
93.115.56.0/23
93.117.175.0/24
94.176.3.0/24
176.223.163.0/24
176.223.168.0/22
188.212.131.0/24
188.215.68.0/23
188.215.78.0/24
188.240.17.0/24
188.241.66.0/23
188.241.127.0-188.241.133.255
188.241.138.0/23
188.241.143.0/24
188.241.213.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:42:5f:b3:a7:27:1b:d7:30:b4:a3:48:7f:bd:55:ad:4b:1f:
42:88:9f:c8:cc:28:d8:81:ad:a1:2c:e5:9b:b9:21:dc:c8:5e:
49:ba:a2:c1:f2:0e:61:41:4f:db:21:b9:55:1e:1a:17:45:5a:
da:e2:90:48:4a:91:c2:c4:cc:4a:74:49:61:f1:a6:6a:a0:a1:
f8:dd:d9:4e:fa:8a:cc:1e:8b:42:2e:62:c0:22:85:b6:ae:da:
ac:79:51:1c:c0:51:90:16:1e:e4:51:50:03:ac:f5:ed:94:32:
cf:63:8e:ef:66:7d:2a:7a:af:7a:78:15:72:48:13:a6:c4:c6:
0c:cb:db:48:d3:d6:af:06:98:28:cb:83:a2:40:37:d6:67:17:
6b:a3:a2:ec:35:29:a0:c5:63:ed:cd:c7:31:fd:be:51:e5:3e:
0a:d3:e6:83:31:d7:f0:74:29:32:35:8c:35:f4:cb:7e:3c:b2:
75:5b:e5:45:59:a2:e9:68:0e:7a:f5:fe:a3:29:42:5e:65:3a:
4a:f6:61:b0:b6:51:da:9d:79:18:f3:05:0a:29:24:ba:fd:04:
46:dc:b7:d2:5b:c9:d6:ee:ac:f5:0e:cb:4b:b1:fc:c1:33:2b:
71:76:26:e2:b1:29:13:89:3f:d7:03:e9:42:ab:f3:49:2f:7e:
58:23:81:51
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgISAZVb87mO989hX0r9pefAQ7WeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMzAzMTIyMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmE0N2YxYjYxMWNiMjAyMmM4MzcwMjVmNzIyYTY2YWZlODZlMmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bwsi3H9lQ7WfGk56D22Kif57TE8
yDSkDUJnUK3ZTB4ud/nWo9rFfhQiwIznZxt3BgqWIcQ9U+J3dVky7ECpm2CJQ1MF
/bjKFbKOBJGd6i1UpIKnCaLwGf/Lsz85tHoLM2Y+2Vah9N0iMOS89grSRWmuVI9v
UZTMdobMLZeeo5j3Am9yO383D9zANFwRi8CLO5wxkg8jGvF4hdPFsivY1kTV1DGA
tlhyrknrV8b6/NpQj9CGAthBDxK+iaUHoEqKkBL6Yesmz0GvH5vvc4i+Q9BMISH1
dTK4vlY5YW3AOhhHnEq/u4rSSKa6A31KSCb/xD+5Q7XqR09NOkUFIdzonQIDAQAB
o4IDHzCCAxswHQYDVR0OBBYEFOakfxthHLICLINwJfcipmr+huL4MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzVxUl9HMkVjc2dJc2czQWw5eUttYXY2RzR2Zy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggExBggrBgEFBQcBBwEB/wSCASAwggEcMIIBGAQCAAEw
ggEQAwQAJZwjAwQATVG3AwQCVPckAwQAVczxAwQAVmmXAwQAVmngAwQAVmtNAwQA
Vmu4AwQBVmv0AwQAWSFRAwQAWSFXAwQAWSJaAwQAWSKuAwQAWSMaAwQAWSMzAwQA
WSOsAwQAWSWOAwQBWSdAAwQAWSdQAwQAWSdaAwQAWSfWAwQAWShBAwQAWShFAwQB
WShoAwQAWSjMAwQAWSjpAwQBWSqeAwQBXHJoAwQBXXFiAwQBXXHWAwQBXXM4AwQA
XXWvAwQAXrADAwQAsN+jAwQCsN+oAwQAvNSDAwQBvNdEAwQAvNdOAwQAvPARAwQB
vPFCMAwDBAC88X8DBAG88YQDBAG88YoDBAC88Y8DBAC88dUwDQYJKoZIhvcNAQEL
BQADggEBAHpCX7OnJxvXMLSjSH+9Va1LH0KIn8jMKNiBraEs5Zu5IdzIXkm6osHy
DmFBT9shuVUeGhdFWtrikEhKkcLEzEp0SWHxpmqgofjd2U76iswei0IuYsAihbau
2qx5URzAUZAWHuRRUAOs9e2UMs9jju9mfSp6r3p4FXJIE6bExgzL20jT1q8GmCjL
g6JAN9ZnF2ujouw1KaDFY+3NxzH9vlHlPgrT5oMx1/B0KTI1jDX0y348snVb5UVZ
ouloDnr1/qMpQl5lOkr2YbC2UdqdeRjzBQopJLr9BEbct9JbydburPUOy0ux/MEz
K3F2JuKxKROJP9cD6UKr80kvflgjgVE=
-----END CERTIFICATE-----
Generated at Sun Jul 27 10:45:36 2025 by rpki-client