Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/D_it_58DNh_g2d3DKwLqcDmSvNs.roa
File: D_it_58DNh_g2d3DKwLqcDmSvNs.roa (raw, json)
Hash identifier: GwtediKxWQ7K8r3f55q5g2MhhzLyH2Egd0/hJkXE/P0=
Subject key identifier: 0F:F8:AD:FF:9F:03:36:1F:E0:D9:DD:C3:2B:02:EA:70:39:92:BC:DB
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 01953C94DA0A825AE2C43B58277B0E0B76BF
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/D_it_58DNh_g2d3DKwLqcDmSvNs.roa
Signing time: Tue 25 Feb 2025 10:09:02 +0000
ROA not before: Tue 25 Feb 2025 10:09:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12325
IP address blocks: 37.156.35.0/24 maxlen: 24
84.247.36.0/22 maxlen: 24
85.204.241.0/24 maxlen: 24
86.105.151.0/24 maxlen: 24
86.105.224.0/24 maxlen: 24
86.107.77.0/24 maxlen: 24
86.107.184.0/24 maxlen: 24
86.107.244.0/23 maxlen: 24
89.33.81.0/24 maxlen: 24
89.33.87.0/24 maxlen: 24
89.34.90.0/24 maxlen: 24
89.34.174.0/24 maxlen: 24
89.35.26.0/24 maxlen: 24
89.35.51.0/24 maxlen: 24
89.35.172.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.39.80.0/24 maxlen: 24
89.39.90.0/24 maxlen: 24
89.39.214.0/24 maxlen: 24
89.39.245.0/24 maxlen: 24
89.40.69.0/24 maxlen: 24
89.40.104.0/23 maxlen: 24
89.40.204.0/24 maxlen: 24
89.40.233.0/24 maxlen: 24
89.42.158.0/23 maxlen: 24
92.114.104.0/23 maxlen: 24
93.113.98.0/23 maxlen: 24
93.113.214.0/23 maxlen: 24
93.115.56.0/23 maxlen: 24
93.117.175.0/24 maxlen: 24
94.176.3.0/24 maxlen: 24
176.223.163.0/24 maxlen: 24
176.223.168.0/22 maxlen: 24
188.212.131.0/24 maxlen: 24
188.215.68.0/23 maxlen: 24
188.241.66.0/23 maxlen: 24
188.241.127.0/24 maxlen: 24
188.241.128.0/22 maxlen: 24
188.241.132.0/23 maxlen: 24
188.241.138.0/23 maxlen: 24
188.241.143.0/24 maxlen: 24
188.241.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:3c:94:da:0a:82:5a:e2:c4:3b:58:27:7b:0e:0b:76:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 25 10:09:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ff8adff9f03361fe0d9ddc32b02ea703992bcdb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:9b:11:86:f2:9b:e0:82:30:f7:a3:7f:f1:9c:
a1:9c:78:ac:81:5b:59:bd:c9:18:f9:fe:3b:95:c3:
19:40:c7:e4:7d:e8:98:59:25:72:ea:b9:1e:d1:21:
e1:b2:92:b4:f6:3e:79:24:e7:d4:6b:09:cf:46:8b:
b2:59:e9:d1:22:31:32:6e:14:cc:75:8a:fc:90:34:
48:a9:7b:55:08:b5:98:a6:8b:28:48:b6:9c:5a:19:
a5:cd:19:2a:3a:1f:df:cc:4f:18:44:c0:89:1d:f0:
e9:91:2b:67:06:65:42:e6:dd:5d:13:b6:30:7a:d7:
7a:a7:cb:0e:3b:d5:79:30:39:61:51:24:80:9c:b5:
1f:89:59:ad:4c:af:b5:4d:d1:9a:50:b6:62:51:f7:
3b:1c:bf:28:ad:c3:45:f9:fc:96:e8:84:09:0e:d7:
71:64:21:73:d0:23:6f:f6:05:d6:05:4e:02:df:8b:
57:77:27:7c:7e:0c:e1:65:1b:e8:bb:e3:e0:d5:f6:
c7:34:ae:f6:0c:cf:20:e6:50:28:ce:7f:7a:34:5e:
c6:08:02:22:22:36:35:ed:9f:0b:92:86:6b:ff:c2:
6a:eb:9f:6a:41:92:49:54:50:48:9d:ee:a0:e5:1a:
8d:16:ee:90:79:1c:f9:1e:1f:94:fd:fd:92:f8:fe:
1d:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:F8:AD:FF:9F:03:36:1F:E0:D9:DD:C3:2B:02:EA:70:39:92:BC:DB
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/D_it_58DNh_g2d3DKwLqcDmSvNs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.35.0/24
84.247.36.0/22
85.204.241.0/24
86.105.151.0/24
86.105.224.0/24
86.107.77.0/24
86.107.184.0/24
86.107.244.0/23
89.33.81.0/24
89.33.87.0/24
89.34.90.0/24
89.34.174.0/24
89.35.26.0/24
89.35.51.0/24
89.35.172.0/24
89.37.142.0/24
89.39.80.0/24
89.39.90.0/24
89.39.214.0/24
89.39.245.0/24
89.40.69.0/24
89.40.104.0/23
89.40.204.0/24
89.40.233.0/24
89.42.158.0/23
92.114.104.0/23
93.113.98.0/23
93.113.214.0/23
93.115.56.0/23
93.117.175.0/24
94.176.3.0/24
176.223.163.0/24
176.223.168.0/22
188.212.131.0/24
188.215.68.0/23
188.241.66.0/23
188.241.127.0-188.241.133.255
188.241.138.0/23
188.241.143.0/24
188.241.213.0/24
Signature Algorithm: sha256WithRSAEncryption
28:f8:55:2f:35:b4:95:74:69:df:55:98:e9:c8:39:9c:53:d6:
95:5b:52:1d:f8:3b:a1:ba:f7:f0:5a:9f:b3:5e:62:f7:d2:2a:
23:99:e5:98:0e:33:a7:4f:24:c6:6c:51:bd:56:74:d0:df:b4:
78:6b:8b:36:d2:0a:60:d2:04:c9:de:97:b0:fe:c1:5b:4c:ef:
9d:18:4d:64:b4:46:41:71:2c:1e:3e:80:ee:48:c7:29:91:b2:
4f:e6:03:8a:d7:00:02:ba:6b:f2:35:90:f2:15:f1:f7:0e:17:
d6:81:25:bd:7b:c3:50:9f:8f:5b:f2:35:5d:be:6b:ce:9f:18:
9e:3d:6e:52:a6:bb:5b:f5:23:3d:b2:46:01:3e:03:37:eb:0d:
49:13:40:05:39:e2:bc:a9:98:fb:04:8f:a7:d8:6b:44:e4:a6:
12:8a:fe:03:92:d7:96:44:1a:6a:91:96:91:80:ae:d9:7c:a0:
84:15:d1:4d:da:28:f6:c0:ed:a5:32:23:af:d5:e4:36:6b:bc:
46:14:c2:f8:28:21:99:54:ba:54:11:3f:a1:9c:fa:5d:28:fb:
db:8a:c0:5e:f8:de:9b:e9:fc:f9:6d:fa:a2:13:13:23:e8:6e:
c1:bc:0a:6a:de:5d:f1:3d:25:0f:34:cb:bf:9b:2a:31:f7:88:
93:5f:45:de
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgISAZU8lNoKglrixDtYJ3sOC3a/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMjI1MTAwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY4YWRmZjlmMDMzNjFmZTBkOWRkYzMyYjAyZWE3MDM5OTJiY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJsRhvKb4IIw96N/8ZyhnHisgVtZ
vckY+f47lcMZQMfkfeiYWSVy6rke0SHhspK09j55JOfUawnPRouyWenRIjEybhTM
dYr8kDRIqXtVCLWYposoSLacWhmlzRkqOh/fzE8YRMCJHfDpkStnBmVC5t1dE7Yw
etd6p8sOO9V5MDlhUSSAnLUfiVmtTK+1TdGaULZiUfc7HL8orcNF+fyW6IQJDtdx
ZCFz0CNv9gXWBU4C34tXdyd8fgzhZRvou+Pg1fbHNK72DM8g5lAozn96NF7GCAIi
IjY17Z8LkoZr/8Jq659qQZJJVFBIne6g5RqNFu6QeRz5Hh+U/f2S+P4ddQIDAQAB
o4IDBTCCAwEwHQYDVR0OBBYEFA/4rf+fAzYf4NndwysC6nA5krzbMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0RfaXRfNThETmhfZzJkM0RLd0xxY0RtU3ZOcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggEXBggrBgEFBQcBBwEB/wSCAQYwggECMIH/BAIAATCB
+AMEACWcIwMEAlT3JAMEAFXM8QMEAFZplwMEAFZp4AMEAFZrTQMEAFZruAMEAVZr
9AMEAFkhUQMEAFkhVwMEAFkiWgMEAFkirgMEAFkjGgMEAFkjMwMEAFkjrAMEAFkl
jgMEAFknUAMEAFknWgMEAFkn1gMEAFkn9QMEAFkoRQMEAVkoaAMEAFkozAMEAFko
6QMEAVkqngMEAVxyaAMEAV1xYgMEAV1x1gMEAV1zOAMEAF11rwMEAF6wAwMEALDf
owMEArDfqAMEALzUgwMEAbzXRAMEAbzxQjAMAwQAvPF/AwQBvPGEAwQBvPGKAwQA
vPGPAwQAvPHVMA0GCSqGSIb3DQEBCwUAA4IBAQAo+FUvNbSVdGnfVZjpyDmcU9aV
W1Id+DuhuvfwWp+zXmL30iojmeWYDjOnTyTGbFG9VnTQ37R4a4s20gpg0gTJ3pew
/sFbTO+dGE1ktEZBcSwePoDuSMcpkbJP5gOK1wACumvyNZDyFfH3DhfWgSW9e8NQ
n49b8jVdvmvOnxiePW5Sprtb9SM9skYBPgM36w1JE0AFOeK8qZj7BI+n2GtE5KYS
iv4DkteWRBpqkZaRgK7ZfKCEFdFN2ij2wO2lMiOv1eQ2a7xGFML4KCGZVLpUET+h
nPpdKPvbisBe+N6b6fz5bfqiExMj6G7BvApq3l3xPSUPNMu/myox94iTX0Xe
-----END CERTIFICATE-----
Generated at Sun Jul 27 08:01:47 2025 by rpki-client