Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/19Q3b8M_hqxWf1Zjz76JX1veeJg.roa
File: 19Q3b8M_hqxWf1Zjz76JX1veeJg.roa (raw, json)
Hash identifier: 66IPrSm8Pnvru8FTcwwPJUoVVYJdGh2oaptHHovPYJg=
Subject key identifier: D7:D4:37:6F:C3:3F:86:AC:56:7F:56:63:CF:BE:89:5F:5B:DE:78:98
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0194791DD858289AFF2ACB8A3051212544DC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/19Q3b8M_hqxWf1Zjz76JX1veeJg.roa
Signing time: Sat 18 Jan 2025 11:13:06 +0000
ROA not before: Sat 18 Jan 2025 11:13:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 26383
IP address blocks: 62.76.234.0/24 maxlen: 24
62.76.239.0/24 maxlen: 24
185.72.8.0/24 maxlen: 24
192.124.176.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
193.124.22.0/24 maxlen: 24
193.124.41.0/24 maxlen: 24
193.124.46.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.58.34.0/24 maxlen: 24
194.58.38.0/24 maxlen: 24
194.58.39.0/24 maxlen: 24
194.58.40.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.58.45.0/24 maxlen: 24
194.58.46.0/24 maxlen: 24
194.58.59.0/24 maxlen: 24
194.58.66.0/24 maxlen: 24
194.58.68.0/24 maxlen: 24
194.87.10.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
194.87.30.0/24 maxlen: 24
194.87.39.0/24 maxlen: 24
194.87.47.0/24 maxlen: 24
194.87.58.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
194.87.105.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.198.0/24 maxlen: 24
194.87.227.0/24 maxlen: 24
194.87.230.0/24 maxlen: 24
194.87.240.0/24 maxlen: 24
194.87.245.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
195.133.67.0/24 maxlen: 24
195.133.83.0/24 maxlen: 24
195.133.92.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
212.192.215.0/24 maxlen: 24
212.192.221.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
212.193.1.0/24 maxlen: 24
212.193.2.0/24 maxlen: 24
212.193.6.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:79:1d:d8:58:28:9a:ff:2a:cb:8a:30:51:21:25:44:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 18 11:13:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d7d4376fc33f86ac567f5663cfbe895f5bde7898
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:85:81:e7:df:af:2b:05:73:57:ed:4c:55:45:
8b:1c:86:4b:f9:b0:56:0d:2f:ff:96:5b:40:50:96:
ee:c8:e7:58:99:7c:00:ff:fd:68:59:ab:66:42:be:
1f:a8:28:20:eb:d5:21:73:c5:6a:66:23:6f:a1:45:
38:9d:98:45:61:af:43:c7:80:f1:c0:e8:3a:3f:fe:
6d:8c:50:d2:9c:d0:83:a1:6a:31:95:27:b8:6d:dc:
21:75:03:06:98:00:24:15:80:18:b3:8f:d2:30:65:
af:cb:e0:e7:bd:3e:90:4b:ca:e1:b1:2e:1e:53:8c:
74:4c:94:44:ed:c4:27:dc:40:bd:ab:8f:8e:42:95:
45:99:b7:ef:ab:a1:42:b1:f3:8f:33:1b:1e:c8:d1:
f9:1b:7b:dc:d3:97:16:10:84:51:e9:44:94:7b:44:
b6:24:e0:ac:d5:37:84:b8:6a:6d:c7:2e:58:3f:06:
47:5f:79:11:a6:ea:d1:a5:ee:ac:5e:c1:ef:43:af:
f8:f3:34:d0:c0:3f:3a:81:49:f0:fc:63:9f:a0:e2:
da:b6:f8:9d:0c:82:06:22:34:1c:a2:8c:d9:f9:06:
ab:02:2f:b1:98:53:fa:f3:c1:90:fd:fe:a6:7a:30:
0a:12:7f:cf:0b:49:20:4c:8e:3a:2b:11:5d:29:c0:
dd:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:D4:37:6F:C3:3F:86:AC:56:7F:56:63:CF:BE:89:5F:5B:DE:78:98
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/19Q3b8M_hqxWf1Zjz76JX1veeJg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.234.0/24
62.76.239.0/24
185.72.8.0/24
192.124.176.0/24
192.124.209.0/24
193.124.22.0/24
193.124.41.0/24
193.124.46.0/24
193.124.49.0/24
194.58.34.0/24
194.58.38.0-194.58.40.255
194.58.44.0-194.58.46.255
194.58.59.0/24
194.58.66.0/24
194.58.68.0/24
194.87.10.0/24
194.87.17.0-194.87.18.255
194.87.23.0/24
194.87.30.0/24
194.87.39.0/24
194.87.47.0/24
194.87.58.0/24
194.87.73.0/24
194.87.82.0/24
194.87.105.0/24
194.87.108.0/24
194.87.178.0/24
194.87.198.0/24
194.87.227.0/24
194.87.230.0/24
194.87.240.0/24
194.87.245.0/24
195.133.55.0/24
195.133.67.0/24
195.133.83.0/24
195.133.92.0/24
212.192.214.0/23
212.192.221.0/24
212.192.223.0/24
212.193.1.0-212.193.2.255
212.193.6.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:78:8f:f4:c1:85:d4:c0:d7:a5:eb:52:b2:9f:6c:e0:eb:a7:
2a:c3:e2:ed:9c:2d:da:5c:3b:c2:3b:fa:92:b6:4e:4e:15:b1:
a2:ce:2f:86:0c:cc:5b:a2:24:2d:8e:f1:51:5a:37:3c:bf:13:
f7:54:43:d9:93:be:47:86:2e:59:05:52:93:80:61:d2:34:15:
c3:cf:f9:11:a1:b4:ba:b3:40:45:93:38:c0:9f:7c:e5:e8:7b:
25:85:64:20:0d:a0:93:0e:fe:e7:46:ab:19:8c:23:54:15:e8:
9d:ef:b3:6f:00:f3:d3:90:12:11:ed:9c:2b:fb:f6:48:3e:ca:
dd:8e:eb:af:99:19:0c:6c:aa:fb:b3:c6:86:d1:04:2b:69:4a:
f8:67:02:66:9c:af:bd:fe:5f:26:3f:b2:3b:2a:eb:1b:b9:54:
b6:ba:a8:34:e5:83:51:a2:b7:34:9d:be:97:3d:7b:07:c4:88:
8c:ea:3b:c1:8f:f4:99:b8:7a:75:0e:e9:e1:15:f9:33:f8:4c:
fd:e0:a0:17:a8:15:0b:c6:17:e7:87:b2:f9:59:26:bd:98:0a:
8e:4f:fd:9f:68:79:e8:70:cc:73:c7:6e:42:66:e2:3f:1f:ce:
2d:92:8f:15:9a:1b:f4:a0:d3:78:44:d3:86:c9:c0:b9:a8:a1:
82:8a:b0:1d
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAZR5HdhYKJr/KsuKMFEhJUTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTE4MTExMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Q0Mzc2ZmMzM2Y4NmFjNTY3ZjU2NjNjZmJlODk1ZjViZGU3ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYWB59+vKwVzV+1MVUWLHIZL+bBW
DS//lltAUJbuyOdYmXwA//1oWatmQr4fqCgg69Uhc8VqZiNvoUU4nZhFYa9Dx4Dx
wOg6P/5tjFDSnNCDoWoxlSe4bdwhdQMGmAAkFYAYs4/SMGWvy+DnvT6QS8rhsS4e
U4x0TJRE7cQn3EC9q4+OQpVFmbfvq6FCsfOPMxseyNH5G3vc05cWEIRR6USUe0S2
JOCs1TeEuGptxy5YPwZHX3kRpurRpe6sXsHvQ6/48zTQwD86gUnw/GOfoOLatvid
DIIGIjQcoozZ+QarAi+xmFP688GQ/f6mejAKEn/PC0kgTI46KxFdKcDduQIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFNfUN2/DP4asVn9WY8++iV9b3niYMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMTlRM2I4TV9ocXhXZjFaano3NkpYMXZlZUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FgMEAD5M6gMEAD5M7wMEALlICAMEAMB8sAMEAMB80QMEAMF8FgMEAMF8KQMEAMF8
LgMEAMF8MQMEAMI6IjAMAwQBwjomAwQAwjooMAwDBALCOiwDBADCOi4DBADCOjsD
BADCOkIDBADCOkQDBADCVwowDAMEAMJXEQMEAMJXEgMEAMJXFwMEAMJXHgMEAMJX
JwMEAMJXLwMEAMJXOgMEAMJXSQMEAMJXUgMEAMJXaQMEAMJXbAMEAMJXsgMEAMJX
xgMEAMJX4wMEAMJX5gMEAMJX8AMEAMJX9QMEAMOFNwMEAMOFQwMEAMOFUwMEAMOF
XAMEAdTA1gMEANTA3QMEANTA3zAMAwQA1MEBAwQA1MECAwQA1MEGMA0GCSqGSIb3
DQEBCwUAA4IBAQANeI/0wYXUwNel61Kyn2zg66cqw+LtnC3aXDvCO/qStk5OFbGi
zi+GDMxboiQtjvFRWjc8vxP3VEPZk75Hhi5ZBVKTgGHSNBXDz/kRobS6s0BFkzjA
n3zl6HslhWQgDaCTDv7nRqsZjCNUFeid77NvAPPTkBIR7Zwr+/ZIPsrdjuuvmRkM
bKr7s8aG0QQraUr4ZwJmnK+9/l8mP7I7KusbuVS2uqg05YNRorc0nb6XPXsHxIiM
6jvBj/SZuHp1DunhFfkz+Ez94KAXqBULxhfnh7L5WSa9mAqOT/2faHnocMxzx25C
ZuI/H84tko8Vmhv0oNN4RNOGycC5qKGCirAd
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:14:35 2025 by rpki-client