Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lH9SkwTf66B4dmHlurG6bMJ7z_k.roa
File: lH9SkwTf66B4dmHlurG6bMJ7z_k.roa (raw, json)
Hash identifier: IOe9jyOhHKDx+18ydvxTMoEwZ79wyHTHSrDbaVFz/Iw=
Subject key identifier: 94:7F:52:93:04:DF:EB:A0:78:76:61:E5:BA:B1:BA:6C:C2:7B:CF:F9
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 0196433F4BBF4FB42B4EFB29ED5B7D2BD572
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lH9SkwTf66B4dmHlurG6bMJ7z_k.roa
Signing time: Thu 17 Apr 2025 10:15:43 +0000
ROA not before: Thu 17 Apr 2025 10:15:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12325
IP address blocks: 46.102.191.0/24 maxlen: 24
77.81.183.0/24 maxlen: 24
84.247.36.0/22 maxlen: 24
86.105.151.0/24 maxlen: 24
86.107.47.0/24 maxlen: 24
86.107.184.0/24 maxlen: 24
86.107.244.0/23 maxlen: 24
89.33.87.0/24 maxlen: 24
89.34.90.0/24 maxlen: 24
89.34.174.0/24 maxlen: 24
89.35.26.0/24 maxlen: 24
89.35.51.0/24 maxlen: 24
89.35.172.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.39.64.0/23 maxlen: 24
89.39.80.0/24 maxlen: 24
89.39.90.0/24 maxlen: 24
89.40.65.0/24 maxlen: 24
89.40.69.0/24 maxlen: 24
89.40.104.0/23 maxlen: 24
89.40.204.0/24 maxlen: 24
89.40.233.0/24 maxlen: 24
89.42.158.0/23 maxlen: 24
92.114.104.0/23 maxlen: 24
93.113.98.0/23 maxlen: 24
93.113.214.0/23 maxlen: 24
93.117.175.0/24 maxlen: 24
94.176.3.0/24 maxlen: 24
94.177.58.0/24 maxlen: 24
176.223.163.0/24 maxlen: 24
188.215.78.0/24 maxlen: 24
188.240.17.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:43:3f:4b:bf:4f:b4:2b:4e:fb:29:ed:5b:7d:2b:d5:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Apr 17 10:15:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=947f529304dfeba0787661e5bab1ba6cc27bcff9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:2e:74:8e:ef:b1:7c:e6:04:42:54:cc:55:7f:
6c:2b:0d:15:ee:6f:d6:d1:56:b9:0e:64:b3:90:ed:
d7:83:55:db:40:02:73:5c:62:18:bf:48:92:ec:e8:
63:f7:5d:52:7c:a6:52:0f:d3:93:fe:dd:2c:1a:d1:
d6:4c:47:5b:bb:79:7c:84:06:8c:5d:c9:eb:ce:ed:
ab:d0:2a:53:66:c5:8d:15:ec:50:dc:01:71:0b:3e:
ea:82:43:e2:92:53:ce:a3:13:6b:e3:41:ee:a5:21:
04:d2:58:e9:ef:a3:fc:e0:e8:5c:b6:a8:39:89:e9:
b6:04:59:99:38:d7:d6:2b:31:01:88:c5:36:1a:66:
65:c9:b5:11:80:92:73:f2:91:58:cd:8b:13:3a:ba:
5c:68:f8:d8:02:e7:ab:48:04:7c:d3:61:62:64:d7:
cd:4d:01:bb:73:8f:6d:23:43:40:01:c2:5e:71:b3:
85:b0:bf:3f:eb:9d:41:13:7b:3a:84:a5:90:ab:66:
69:85:74:17:7a:9c:ee:f2:76:3c:af:31:e0:8b:ea:
86:f5:39:4d:8c:94:d7:30:28:df:fd:21:85:16:61:
2e:ca:7a:b4:0d:bc:a2:5d:d0:6c:c4:33:df:54:d6:
a9:9d:e6:3a:fd:6f:36:28:6c:8e:ac:2c:c1:de:f4:
49:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:7F:52:93:04:DF:EB:A0:78:76:61:E5:BA:B1:BA:6C:C2:7B:CF:F9
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lH9SkwTf66B4dmHlurG6bMJ7z_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.191.0/24
77.81.183.0/24
84.247.36.0/22
86.105.151.0/24
86.107.47.0/24
86.107.184.0/24
86.107.244.0/23
89.33.87.0/24
89.34.90.0/24
89.34.174.0/24
89.35.26.0/24
89.35.51.0/24
89.35.172.0/24
89.37.142.0/24
89.39.64.0/23
89.39.80.0/24
89.39.90.0/24
89.40.65.0/24
89.40.69.0/24
89.40.104.0/23
89.40.204.0/24
89.40.233.0/24
89.42.158.0/23
92.114.104.0/23
93.113.98.0/23
93.113.214.0/23
93.117.175.0/24
94.176.3.0/24
94.177.58.0/24
176.223.163.0/24
188.215.78.0/24
188.240.17.0/24
Signature Algorithm: sha256WithRSAEncryption
41:29:bc:00:c6:10:f0:0c:d6:a2:c5:bf:47:f0:aa:2c:8a:4c:
84:bf:37:5c:55:20:d5:37:83:cf:80:5e:97:91:45:e3:df:3e:
71:9d:8f:2f:01:3d:3d:10:8d:c2:9d:70:63:ec:0f:1a:0c:e2:
fc:f3:ac:f3:ea:81:7f:b2:50:88:f5:6a:f5:5c:4c:a5:6b:c5:
2f:a7:45:61:70:c6:d3:e6:a3:31:13:63:20:bb:1d:45:f2:c4:
2c:6b:cf:1f:1b:1c:bd:fc:e0:bc:bb:83:e1:ad:82:06:5f:ed:
d3:a1:37:68:e5:5a:3e:c0:28:c7:bc:a6:d6:89:78:9e:10:f1:
9a:98:ac:af:67:bf:77:60:9b:ed:f5:39:ed:c3:5d:07:20:b7:
73:89:e6:34:c4:52:11:cb:4e:49:6b:df:9b:cf:09:d0:c3:98:
62:aa:6b:d4:d5:90:17:c4:cc:ed:c5:41:59:32:21:aa:35:b1:
06:ce:85:21:4a:b0:8c:a5:d7:ab:d9:2e:d2:c0:2a:5f:05:26:
1b:87:c3:3c:57:c1:b5:a6:ea:80:25:85:04:7d:da:11:0d:56:
f5:97:b2:75:91:92:2e:ea:2e:5d:78:18:a0:91:1e:c6:c7:d7:
07:f9:02:61:a2:ef:7c:7f:b2:bd:42:91:44:e2:c6:28:46:fb:
ec:18:33:ef
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZZDP0u/T7QrTvsp7Vt9K9VyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwNDE3MTAxNTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDdmNTI5MzA0ZGZlYmEwNzg3NjYxZTViYWIxYmE2Y2MyN2JjZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAui50ju+xfOYEQlTMVX9sKw0V7m/W
0Va5DmSzkO3Xg1XbQAJzXGIYv0iS7Ohj911SfKZSD9OT/t0sGtHWTEdbu3l8hAaM
Xcnrzu2r0CpTZsWNFexQ3AFxCz7qgkPiklPOoxNr40HupSEE0ljp76P84Ohctqg5
iem2BFmZONfWKzEBiMU2GmZlybURgJJz8pFYzYsTOrpcaPjYAuerSAR802FiZNfN
TQG7c49tI0NAAcJecbOFsL8/651BE3s6hKWQq2ZphXQXepzu8nY8rzHgi+qG9TlN
jJTXMCjf/SGFFmEuynq0DbyiXdBsxDPfVNapneY6/W82KGyOrCzB3vRJNQIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFJR/UpME3+ugeHZh5bqxumzCe8/5MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2xIOVNrd1RmNjZCNGRtSGx1ckc2Yk1KN3pfay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgd0GCCsGAQUFBwEHAQH/BIHNMIHKMIHHBAIAATCBwAME
AC5mvwMEAE1RtwMEAlT3JAMEAFZplwMEAFZrLwMEAFZruAMEAVZr9AMEAFkhVwME
AFkiWgMEAFkirgMEAFkjGgMEAFkjMwMEAFkjrAMEAFkljgMEAVknQAMEAFknUAME
AFknWgMEAFkoQQMEAFkoRQMEAVkoaAMEAFkozAMEAFko6QMEAVkqngMEAVxyaAME
AV1xYgMEAV1x1gMEAF11rwMEAF6wAwMEAF6xOgMEALDfowMEALzXTgMEALzwETAN
BgkqhkiG9w0BAQsFAAOCAQEAQSm8AMYQ8AzWosW/R/CqLIpMhL83XFUg1TeDz4Be
l5FF498+cZ2PLwE9PRCNwp1wY+wPGgzi/POs8+qBf7JQiPVq9VxMpWvFL6dFYXDG
0+ajMRNjILsdRfLELGvPHxscvfzgvLuD4a2CBl/t06E3aOVaPsAox7ym1ol4nhDx
mpisr2e/d2Cb7fU57cNdByC3c4nmNMRSEctOSWvfm88J0MOYYqpr1NWQF8TM7cVB
WTIhqjWxBs6FIUqwjKXXq9ku0sAqXwUmG4fDPFfBtabqgCWFBH3aEQ1W9ZeydZGS
LuouXXgYoJEexsfXB/kCYaLvfH+yvUKRROLGKEb77Bgz7w==
-----END CERTIFICATE-----
Generated at Sun Jul 27 08:01:44 2025 by rpki-client