Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/P2_d35PgGDczCI3Dh-1LwuYsh-w.roa
File: P2_d35PgGDczCI3Dh-1LwuYsh-w.roa (raw, json)
Hash identifier: YkEXT0zdS/UDyG+e69QPN3DcdaSVy63g3t2IwB6oY5U=
Subject key identifier: 3F:6F:DD:DF:93:E0:18:37:33:08:8D:C3:87:ED:4B:C2:E6:2C:87:EC
Certificate issuer: /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial: 0197A7D4A4D5A0B372DC3F390E686514286C
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/P2_d35PgGDczCI3Dh-1LwuYsh-w.roa
Signing time: Wed 25 Jun 2025 16:03:40 +0000
ROA not before: Wed 25 Jun 2025 16:03:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34549
IP address blocks: 5.1.64.0/19 maxlen: 32
5.1.64.0/20 maxlen: 32
5.1.64.0/24 maxlen: 32
5.1.65.0/24 maxlen: 32
5.1.66.0/24 maxlen: 32
5.1.67.0/24 maxlen: 32
5.1.70.0/24 maxlen: 32
5.1.72.0/24 maxlen: 32
5.1.73.0/24 maxlen: 32
5.1.75.0/24 maxlen: 24
5.1.76.0/24 maxlen: 32
5.1.79.0/24 maxlen: 24
5.1.82.0/24 maxlen: 32
5.1.84.0/24 maxlen: 32
5.1.85.0/24 maxlen: 32
5.1.86.0/24 maxlen: 32
5.1.87.0/24 maxlen: 32
5.1.89.0/24 maxlen: 32
5.1.90.0/24 maxlen: 32
5.1.91.0/24 maxlen: 32
5.1.93.0/24 maxlen: 32
5.1.94.0/23 maxlen: 32
5.1.94.0/24 maxlen: 32
31.47.232.0/21 maxlen: 32
31.47.232.0/22 maxlen: 32
31.47.236.0/23 maxlen: 32
31.47.239.0/24 maxlen: 32
45.155.248.0/22 maxlen: 22
80.77.16.0/20 maxlen: 32
80.77.16.0/24 maxlen: 32
80.77.31.254/32 maxlen: 32
83.243.40.0/21 maxlen: 32
83.243.41.0/24 maxlen: 24
83.243.44.0/24 maxlen: 32
83.243.45.0/24 maxlen: 32
83.243.45.114/32 maxlen: 32
83.243.46.0/24 maxlen: 32
83.243.46.83/32 maxlen: 32
83.243.47.0/24 maxlen: 32
94.247.40.0/21 maxlen: 32
94.247.45.0/24 maxlen: 32
94.247.46.0/24 maxlen: 32
178.251.224.0/21 maxlen: 21
178.251.224.0/22 maxlen: 32
178.251.225.0/24 maxlen: 32
178.251.228.0/23 maxlen: 32
178.251.229.0/24 maxlen: 32
178.251.230.0/23 maxlen: 32
178.251.230.0/24 maxlen: 32
185.37.144.0/22 maxlen: 32
185.37.144.0/24 maxlen: 24
185.37.145.0/24 maxlen: 32
185.37.147.0/24 maxlen: 32
185.44.104.0/22 maxlen: 32
185.44.106.0/24 maxlen: 32
185.44.107.0/24 maxlen: 32
185.90.160.0/23 maxlen: 32
185.90.160.0/24 maxlen: 32
185.90.161.0/24 maxlen: 32
185.90.163.0/24 maxlen: 32
185.150.96.0/22 maxlen: 32
195.10.195.0/24 maxlen: 32
2a00:f820::/29 maxlen: 29
2a01:360::/29 maxlen: 29
2a01:360::/32 maxlen: 32
2a07:6fc0::/29 maxlen: 48
2a07:6fc0:452::/48 maxlen: 48
2a0f:b80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a7:d4:a4:d5:a0:b3:72:dc:3f:39:0e:68:65:14:28:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Validity
Not Before: Jun 25 16:03:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f6fdddf93e0183733088dc387ed4bc2e62c87ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:fe:51:50:cc:c0:79:11:bd:b2:77:f9:0b:67:
24:e2:dc:fc:6e:32:ef:69:93:17:7f:c9:17:ca:15:
e0:42:8e:73:12:a9:ba:85:71:ac:a1:6d:02:88:03:
d4:9c:fc:f3:a4:f3:d3:7a:8d:02:e8:65:62:86:bf:
8a:64:b2:d9:5b:05:64:aa:21:8c:89:a4:9f:99:25:
7d:b2:13:ff:04:2d:b0:d0:42:4e:c6:3c:c8:0a:5e:
03:11:e1:49:de:61:a4:61:da:b9:cc:5b:fc:f9:3a:
90:0e:cc:df:32:49:e5:e7:8a:82:58:ba:68:b7:1c:
e2:d0:64:12:c9:a3:f9:fa:5a:14:cb:a9:42:0b:33:
c4:9e:85:91:f6:38:f9:14:13:02:a6:59:fd:2d:17:
8e:97:2d:77:fa:fd:94:72:aa:2f:c1:46:5c:09:be:
67:0c:49:be:e1:05:e2:bb:f1:cc:3b:aa:55:9d:4a:
e6:a5:f8:7d:04:26:09:48:07:45:69:83:1c:f9:9e:
49:88:ff:bc:03:33:5c:4c:86:e6:46:99:e7:1c:e8:
65:3e:6e:e4:a6:4d:ea:e6:85:08:2e:7b:6f:a8:a2:
99:99:7d:e6:a4:50:2a:62:04:0d:66:82:47:47:dc:
2a:e4:d1:88:f7:c7:76:e8:e8:f6:bd:75:2a:a6:cb:
0c:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:6F:DD:DF:93:E0:18:37:33:08:8D:C3:87:ED:4B:C2:E6:2C:87:EC
X509v3 Authority Key Identifier:
keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/P2_d35PgGDczCI3Dh-1LwuYsh-w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.64.0/19
31.47.232.0/21
45.155.248.0/22
80.77.16.0/20
83.243.40.0/21
94.247.40.0/21
178.251.224.0/21
185.37.144.0/22
185.44.104.0/22
185.90.160.0/23
185.90.163.0/24
185.150.96.0/22
195.10.195.0/24
IPv6:
2a00:f820::/29
2a01:360::/29
2a07:6fc0::/29
2a0f:b80::/29
Signature Algorithm: sha256WithRSAEncryption
07:80:30:af:cc:a0:a2:43:fa:94:59:29:15:06:3a:f3:ee:bc:
4f:00:b0:83:b1:18:21:67:f9:7d:1c:0b:9f:7b:af:80:ca:f8:
7b:44:a3:99:42:a0:8b:5e:6b:0a:1e:cf:d0:6d:90:80:09:68:
7a:61:ca:fa:30:0e:34:ab:a0:8f:f2:ab:ec:7a:1e:10:a2:78:
09:f9:2f:64:51:66:08:92:fd:76:79:1c:86:48:ba:46:d6:21:
ce:0f:95:ca:3f:47:88:d9:34:76:40:9c:09:bb:c1:ed:6b:04:
b8:af:90:2f:44:19:7e:bc:9b:b7:74:33:f5:87:e3:37:e5:aa:
d0:06:0b:68:c4:84:3d:65:59:05:fd:a2:78:38:32:6f:f1:c9:
9d:cc:24:41:4d:93:c1:e1:34:00:ee:60:bd:b7:ef:1f:e4:ee:
f0:10:69:a2:71:5a:c5:a6:c6:cc:d3:d8:96:87:7a:56:c1:45:
d3:d6:1a:45:e8:63:a1:4a:e6:1f:51:9f:82:f3:7a:b3:be:bd:
e9:32:2d:10:6b:66:a9:8f:72:7a:aa:e5:87:c6:b2:05:df:d9:
97:49:ae:a8:8f:a5:96:5d:25:f1:00:b8:93:24:a7:b3:f5:86:
9f:d3:51:36:24:ae:4b:92:31:f5:79:61:3e:7e:35:07:d5:fd:
30:5c:0f:e3
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZen1KTVoLNy3D85DmhlFChsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwNjI1MTYwMzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZmZGRkZjkzZTAxODM3MzMwODhkYzM4N2VkNGJjMmU2MmM4N2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP5RUMzAeRG9snf5C2ck4tz8bjLv
aZMXf8kXyhXgQo5zEqm6hXGsoW0CiAPUnPzzpPPTeo0C6GVihr+KZLLZWwVkqiGM
iaSfmSV9shP/BC2w0EJOxjzICl4DEeFJ3mGkYdq5zFv8+TqQDszfMknl54qCWLpo
txzi0GQSyaP5+loUy6lCCzPEnoWR9jj5FBMCpln9LReOly13+v2UcqovwUZcCb5n
DEm+4QXiu/HMO6pVnUrmpfh9BCYJSAdFaYMc+Z5JiP+8AzNcTIbmRpnnHOhlPm7k
pk3q5oUILntvqKKZmX3mpFAqYgQNZoJHR9wq5NGI98d26Oj2vXUqpssMfwIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFD9v3d+T4Bg3MwiNw4ftS8LmLIfsMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvUDJfZDM1UGdHRGN6Q0kzRGgtMUx3dVlzaC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHowVAQCAAEwTgMEBQUBQAME
Ax8v6AMEAi2b+AMEBFBNEAMEA1PzKAMEA173KAMEA7L74AMEArklkAMEArksaAME
AblaoAMEALlaowMEArmWYAMEAMMKwzAiBAIAAjAcAwUDKgD4IAMFAyoBA2ADBQMq
B2/AAwUDKg8LgDANBgkqhkiG9w0BAQsFAAOCAQEAB4Awr8ygokP6lFkpFQY68+68
TwCwg7EYIWf5fRwLn3uvgMr4e0SjmUKgi15rCh7P0G2QgAloemHK+jAONKugj/Kr
7HoeEKJ4CfkvZFFmCJL9dnkchki6RtYhzg+Vyj9HiNk0dkCcCbvB7WsEuK+QL0QZ
frybt3Qz9YfjN+Wq0AYLaMSEPWVZBf2ieDgyb/HJncwkQU2TweE0AO5gvbfvH+Tu
8BBponFaxabGzNPYlod6VsFF09YaRehjoUrmH1GfgvN6s7696TItEGtmqY9yeqrl
h8ayBd/Zl0muqI+lll0l8QC4kySns/WGn9NRNiSuS5Ix9XlhPn41B9X9MFwP4w==
-----END CERTIFICATE-----
Generated at Fri Jul 25 15:18:55 2025 by rpki-client