Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RteSql-YRaHe9uU_A4c-yne83kg.roa
File: RteSql-YRaHe9uU_A4c-yne83kg.roa (raw, json)
Hash identifier: x7/DDRv7PgVupwqLTWxHNlnxYfSARLOiBwcQcUYxMrw=
Subject key identifier: 46:D7:92:AA:5F:98:45:A1:DE:F6:E5:3F:03:87:3E:CA:77:BC:DE:48
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 019514F962E9A545E0DE744979C0BB58F16A
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RteSql-YRaHe9uU_A4c-yne83kg.roa
Signing time: Mon 17 Feb 2025 17:34:02 +0000
ROA not before: Mon 17 Feb 2025 17:34:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12325
IP address blocks: 37.156.35.0/24 maxlen: 24
84.247.36.0/22 maxlen: 24
85.204.241.0/24 maxlen: 24
86.105.151.0/24 maxlen: 24
86.105.224.0/24 maxlen: 24
86.107.77.0/24 maxlen: 24
86.107.184.0/24 maxlen: 24
86.107.244.0/23 maxlen: 24
89.33.81.0/24 maxlen: 24
89.33.87.0/24 maxlen: 24
89.34.90.0/24 maxlen: 24
89.34.174.0/24 maxlen: 24
89.35.26.0/24 maxlen: 24
89.35.51.0/24 maxlen: 24
89.35.172.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.39.80.0/24 maxlen: 24
89.39.90.0/24 maxlen: 24
89.39.214.0/24 maxlen: 24
89.39.245.0/24 maxlen: 24
89.40.69.0/24 maxlen: 24
89.40.204.0/24 maxlen: 24
89.42.158.0/23 maxlen: 24
92.114.104.0/23 maxlen: 24
93.113.98.0/23 maxlen: 24
93.113.214.0/23 maxlen: 24
93.115.56.0/23 maxlen: 24
93.117.175.0/24 maxlen: 24
94.176.3.0/24 maxlen: 24
176.223.163.0/24 maxlen: 24
176.223.168.0/22 maxlen: 24
188.212.131.0/24 maxlen: 24
188.215.68.0/23 maxlen: 24
188.241.66.0/23 maxlen: 24
188.241.127.0/24 maxlen: 24
188.241.128.0/22 maxlen: 24
188.241.132.0/23 maxlen: 24
188.241.138.0/23 maxlen: 24
188.241.143.0/24 maxlen: 24
188.241.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:14:f9:62:e9:a5:45:e0:de:74:49:79:c0:bb:58:f1:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 17 17:34:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=46d792aa5f9845a1def6e53f03873eca77bcde48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:c7:27:59:a5:f2:10:ca:f8:00:82:5f:06:8f:
d3:e4:fb:6f:22:9a:70:e9:35:20:9f:3a:cf:e7:85:
72:28:50:3d:2a:83:11:3c:6f:ce:94:a2:12:8c:56:
b5:8c:f3:b3:a2:05:a3:9a:1c:09:80:25:53:ec:9f:
5d:23:38:1c:2f:12:65:a8:9c:c2:76:96:a1:b3:ef:
5a:33:07:0f:fd:f5:9e:5d:d1:0c:80:c5:92:7e:83:
57:06:2e:96:5e:2a:21:68:c2:bb:34:36:47:6f:16:
48:2d:d8:fb:25:f9:89:57:d6:99:8f:91:05:d6:9e:
b0:1a:d8:18:a1:06:cc:57:62:4c:f5:ff:23:83:44:
bb:bb:60:76:13:86:19:81:9a:30:2c:62:94:77:53:
be:f9:a0:fe:df:72:4e:e1:54:f5:21:5c:32:40:67:
45:5f:88:6a:58:cc:f7:fb:c9:4a:bf:3b:5f:bc:e6:
f5:da:a9:c5:e7:36:3e:b5:44:84:33:2b:43:c9:59:
d6:56:09:39:c1:36:83:40:0a:ef:25:df:c2:cd:64:
1a:ad:f5:25:d8:1a:b0:7c:f2:78:50:bd:1f:bf:22:
c7:f6:63:54:99:47:4b:c6:77:ad:cc:0a:3c:62:26:
b0:cb:2a:90:48:e2:ba:44:74:cb:4b:54:ec:c8:a3:
86:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:D7:92:AA:5F:98:45:A1:DE:F6:E5:3F:03:87:3E:CA:77:BC:DE:48
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RteSql-YRaHe9uU_A4c-yne83kg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.35.0/24
84.247.36.0/22
85.204.241.0/24
86.105.151.0/24
86.105.224.0/24
86.107.77.0/24
86.107.184.0/24
86.107.244.0/23
89.33.81.0/24
89.33.87.0/24
89.34.90.0/24
89.34.174.0/24
89.35.26.0/24
89.35.51.0/24
89.35.172.0/24
89.37.142.0/24
89.39.80.0/24
89.39.90.0/24
89.39.214.0/24
89.39.245.0/24
89.40.69.0/24
89.40.204.0/24
89.42.158.0/23
92.114.104.0/23
93.113.98.0/23
93.113.214.0/23
93.115.56.0/23
93.117.175.0/24
94.176.3.0/24
176.223.163.0/24
176.223.168.0/22
188.212.131.0/24
188.215.68.0/23
188.241.66.0/23
188.241.127.0-188.241.133.255
188.241.138.0/23
188.241.143.0/24
188.241.213.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:b9:0f:76:1c:18:3b:2d:34:bf:37:c2:4c:2a:90:97:56:a5:
b4:36:e9:7d:c7:05:2d:dc:c6:a3:64:ce:d9:0b:ab:f7:6c:dc:
6a:99:c3:f8:bd:dd:7e:b2:82:e7:ee:36:b0:1d:46:02:70:b7:
27:47:8a:ba:63:f1:ff:2e:52:5e:d1:6e:00:81:37:45:1b:4f:
5b:f6:46:cc:68:2c:ee:40:c2:ce:fe:40:51:b6:67:cb:fd:16:
a2:fb:bf:e8:8c:0b:b8:a2:cb:31:dd:dc:c6:1c:91:cf:d4:e6:
4f:58:38:12:f9:b5:8d:0d:02:e0:80:12:bd:5f:2d:19:ee:6c:
a0:98:9d:87:bb:69:3a:1c:2e:9b:48:60:5c:cc:bc:94:1b:16:
39:b2:a8:ef:69:4a:f7:e9:0c:74:08:89:33:3e:86:2a:11:b2:
75:57:5a:c5:29:c4:fa:bc:2e:bd:78:f5:d0:41:32:ef:ad:49:
42:16:81:49:4d:5c:87:bd:9f:79:b8:97:e8:48:78:e0:09:77:
95:70:c5:26:f5:1d:27:b3:c0:15:31:e1:76:b4:d8:61:c5:09:
05:03:10:3c:13:81:21:c6:95:62:90:c6:35:63:f9:1a:5e:10:
65:e8:f7:20:03:d1:24:92:41:9f:eb:d8:b0:8a:bf:06:50:e3:
4d:f4:ce:6a
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAZUU+WLppUXg3nRJecC7WPFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMjE3MTczNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmQ3OTJhYTVmOTg0NWExZGVmNmU1M2YwMzg3M2VjYTc3YmNkZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvscnWaXyEMr4AIJfBo/T5PtvIppw
6TUgnzrP54VyKFA9KoMRPG/OlKISjFa1jPOzogWjmhwJgCVT7J9dIzgcLxJlqJzC
dpahs+9aMwcP/fWeXdEMgMWSfoNXBi6WXiohaMK7NDZHbxZILdj7JfmJV9aZj5EF
1p6wGtgYoQbMV2JM9f8jg0S7u2B2E4YZgZowLGKUd1O++aD+33JO4VT1IVwyQGdF
X4hqWMz3+8lKvztfvOb12qnF5zY+tUSEMytDyVnWVgk5wTaDQArvJd/CzWQarfUl
2BqwfPJ4UL0fvyLH9mNUmUdLxnetzAo8YiawyyqQSOK6RHTLS1TsyKOGbwIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFEbXkqpfmEWh3vblPwOHPsp3vN5IMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1J0ZVNxbC1ZUmFIZTl1VV9BNGMteW5lODNrZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggEJBggrBgEFBQcBBwEB/wSB+TCB9jCB8wQCAAEwgewD
BAAlnCMDBAJU9yQDBABVzPEDBABWaZcDBABWaeADBABWa00DBABWa7gDBAFWa/QD
BABZIVEDBABZIVcDBABZIloDBABZIq4DBABZIxoDBABZIzMDBABZI6wDBABZJY4D
BABZJ1ADBABZJ1oDBABZJ9YDBABZJ/UDBABZKEUDBABZKMwDBAFZKp4DBAFccmgD
BAFdcWIDBAFdcdYDBAFdczgDBABdda8DBABesAMDBACw36MDBAKw36gDBAC81IMD
BAG810QDBAG88UIwDAMEALzxfwMEAbzxhAMEAbzxigMEALzxjwMEALzx1TANBgkq
hkiG9w0BAQsFAAOCAQEADbkPdhwYOy00vzfCTCqQl1altDbpfccFLdzGo2TO2Qur
92zcapnD+L3dfrKC5+42sB1GAnC3J0eKumPx/y5SXtFuAIE3RRtPW/ZGzGgs7kDC
zv5AUbZny/0Wovu/6IwLuKLLMd3cxhyRz9TmT1g4Evm1jQ0C4IASvV8tGe5soJid
h7tpOhwum0hgXMy8lBsWObKo72lK9+kMdAiJMz6GKhGydVdaxSnE+rwuvXj10EEy
761JQhaBSU1ch72febiX6Eh44Al3lXDFJvUdJ7PAFTHhdrTYYcUJBQMQPBOBIcaV
YpDGNWP5Gl4QZej3IAPRJJJBn+vYsIq/BlDjTfTOag==
-----END CERTIFICATE-----
Generated at Sun Jul 27 08:01:48 2025 by rpki-client