Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/48a5uos_AV5Ukb_CBwIosi0N0Us.roa
File: 48a5uos_AV5Ukb_CBwIosi0N0Us.roa (raw, json)
Hash identifier: 8OZU/KTQmWC6uTzGFPsmnTHFONnWNaP5K/PTgBLTFkA=
Subject key identifier: E3:C6:B9:BA:8B:3F:01:5E:54:91:BF:C2:07:02:28:B2:2D:0D:D1:4B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01945102484F9BC054228799B235ADAAE3AD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/48a5uos_AV5Ukb_CBwIosi0N0Us.roa
Signing time: Fri 10 Jan 2025 16:18:11 +0000
ROA not before: Fri 10 Jan 2025 16:18:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 26383
IP address blocks: 62.76.234.0/24 maxlen: 24
62.76.239.0/24 maxlen: 24
185.72.8.0/24 maxlen: 24
192.124.176.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
193.124.22.0/24 maxlen: 24
193.124.41.0/24 maxlen: 24
193.124.46.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.58.34.0/24 maxlen: 24
194.58.38.0/24 maxlen: 24
194.58.39.0/24 maxlen: 24
194.58.40.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.58.45.0/24 maxlen: 24
194.58.46.0/24 maxlen: 24
194.58.59.0/24 maxlen: 24
194.58.66.0/24 maxlen: 24
194.58.68.0/24 maxlen: 24
194.87.10.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
194.87.30.0/24 maxlen: 24
194.87.39.0/24 maxlen: 24
194.87.47.0/24 maxlen: 24
194.87.58.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
194.87.105.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.198.0/24 maxlen: 24
194.87.227.0/24 maxlen: 24
194.87.230.0/24 maxlen: 24
194.87.240.0/24 maxlen: 24
194.87.245.0/24 maxlen: 24
195.133.67.0/24 maxlen: 24
195.133.83.0/24 maxlen: 24
195.133.92.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
212.192.215.0/24 maxlen: 24
212.192.221.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
212.193.1.0/24 maxlen: 24
212.193.2.0/24 maxlen: 24
212.193.6.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:51:02:48:4f:9b:c0:54:22:87:99:b2:35:ad:aa:e3:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 10 16:18:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e3c6b9ba8b3f015e5491bfc2070228b22d0dd14b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:55:0c:03:fd:f7:d7:90:7f:da:13:fc:5b:f6:
af:f5:9a:f0:19:ed:82:66:0f:99:98:74:23:25:47:
b1:97:44:f2:98:05:5d:c6:38:4c:b7:22:0d:48:95:
8e:2b:07:0f:bf:c5:1d:13:8c:09:91:a0:36:b9:a0:
10:d6:b6:ab:0c:44:51:80:ff:06:f3:d7:2e:9b:de:
93:68:50:e8:b6:34:b7:fb:1c:15:35:a6:38:dc:db:
b9:ac:d0:a5:f9:ee:d9:bc:17:b4:d1:8d:74:44:72:
09:97:d1:5f:43:dc:b0:2f:86:42:3a:7c:44:39:34:
88:3d:89:95:df:52:1f:e3:54:c4:9e:96:6d:8c:0c:
87:e1:ab:0e:57:30:b3:01:d0:a8:63:42:53:5d:9a:
f3:7b:70:d3:fa:f1:11:81:a8:2d:a4:6b:bb:bd:3f:
37:5c:cb:d6:0a:ad:51:e2:65:26:b6:c4:bf:6b:bf:
21:e5:88:94:99:67:50:17:b5:51:02:d0:e7:7f:88:
42:5b:d2:67:7a:71:e1:af:08:bf:95:91:5d:71:dc:
92:77:e2:cc:6d:e0:80:11:90:e4:80:cb:eb:fa:30:
06:87:ba:f5:ab:76:a2:ab:cd:c2:67:74:44:48:5c:
cf:01:61:2b:0e:87:51:cb:f8:99:97:f4:ca:6a:94:
c4:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:C6:B9:BA:8B:3F:01:5E:54:91:BF:C2:07:02:28:B2:2D:0D:D1:4B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/48a5uos_AV5Ukb_CBwIosi0N0Us.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.234.0/24
62.76.239.0/24
185.72.8.0/24
192.124.176.0/24
192.124.209.0/24
193.124.22.0/24
193.124.41.0/24
193.124.46.0/24
193.124.49.0/24
194.58.34.0/24
194.58.38.0-194.58.40.255
194.58.44.0-194.58.46.255
194.58.59.0/24
194.58.66.0/24
194.58.68.0/24
194.87.10.0/24
194.87.17.0-194.87.18.255
194.87.23.0/24
194.87.30.0/24
194.87.39.0/24
194.87.47.0/24
194.87.58.0/24
194.87.73.0/24
194.87.82.0/24
194.87.105.0/24
194.87.108.0/24
194.87.178.0/24
194.87.198.0/24
194.87.227.0/24
194.87.230.0/24
194.87.240.0/24
194.87.245.0/24
195.133.67.0/24
195.133.83.0/24
195.133.92.0/24
212.192.214.0/23
212.192.221.0/24
212.192.223.0/24
212.193.1.0-212.193.2.255
212.193.6.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:d7:40:d8:b4:29:97:25:7a:0a:9b:47:58:83:91:5b:65:00:
04:01:86:fc:f3:5f:ae:9f:9f:70:29:6e:e0:cf:96:73:6f:e8:
3c:68:02:d4:d3:c9:a4:d6:24:fe:40:ce:39:d7:c7:af:75:10:
94:74:be:4d:1b:d2:37:9c:a2:9f:63:4e:1e:74:a8:33:61:61:
a6:1b:1f:66:da:29:e7:76:c3:5d:f1:0d:82:a3:6b:82:e1:2b:
ea:88:f1:be:09:86:10:b9:95:ca:d7:44:49:6e:5a:1b:80:6a:
c6:c0:5e:11:3b:3c:51:2c:80:4d:f7:bd:84:99:ad:c2:16:db:
f4:21:a1:b0:07:a6:2c:4e:5c:fc:4c:93:ba:9d:22:f6:2e:a5:
33:3e:44:43:f1:d4:0d:b0:80:36:e7:f8:64:26:a3:dd:3d:24:
d8:3f:41:e5:3e:30:0b:ec:cd:41:b7:75:72:46:a3:2c:1f:a4:
34:5d:ea:ae:4e:c6:a2:bb:bb:55:a3:38:81:dc:01:3b:eb:aa:
c0:6a:05:fb:df:72:6b:72:0b:65:6f:ef:17:66:f4:77:f1:81:
f0:be:3f:e1:6a:ca:48:97:75:2f:93:b7:44:c6:2c:9d:e8:9f:
e3:39:bb:dc:f1:fa:d1:d6:72:4a:44:28:5a:6f:04:a0:74:43:
41:7f:f0:49
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgISAZRRAkhPm8BUIoeZsjWtquOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTEwMTYxODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M2YjliYThiM2YwMTVlNTQ5MWJmYzIwNzAyMjhiMjJkMGRkMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVUMA/3315B/2hP8W/av9ZrwGe2C
Zg+ZmHQjJUexl0TymAVdxjhMtyINSJWOKwcPv8UdE4wJkaA2uaAQ1rarDERRgP8G
89cum96TaFDotjS3+xwVNaY43Nu5rNCl+e7ZvBe00Y10RHIJl9FfQ9ywL4ZCOnxE
OTSIPYmV31If41TEnpZtjAyH4asOVzCzAdCoY0JTXZrze3DT+vERgagtpGu7vT83
XMvWCq1R4mUmtsS/a78h5YiUmWdQF7VRAtDnf4hCW9JnenHhrwi/lZFdcdySd+LM
beCAEZDkgMvr+jAGh7r1q3aiq83CZ3RESFzPAWErDodRy/iZl/TKapTEewIDAQAB
o4IDHTCCAxkwHQYDVR0OBBYEFOPGubqLPwFeVJG/wgcCKLItDdFLMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNDhhNXVvc19BVjVVa2JfQ0J3SW9zaTBOMFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMQYIKwYBBQUHAQcBAf8EggEgMIIBHDCCARgEAgABMIIB
EAMEAD5M6gMEAD5M7wMEALlICAMEAMB8sAMEAMB80QMEAMF8FgMEAMF8KQMEAMF8
LgMEAMF8MQMEAMI6IjAMAwQBwjomAwQAwjooMAwDBALCOiwDBADCOi4DBADCOjsD
BADCOkIDBADCOkQDBADCVwowDAMEAMJXEQMEAMJXEgMEAMJXFwMEAMJXHgMEAMJX
JwMEAMJXLwMEAMJXOgMEAMJXSQMEAMJXUgMEAMJXaQMEAMJXbAMEAMJXsgMEAMJX
xgMEAMJX4wMEAMJX5gMEAMJX8AMEAMJX9QMEAMOFQwMEAMOFUwMEAMOFXAMEAdTA
1gMEANTA3QMEANTA3zAMAwQA1MEBAwQA1MECAwQA1MEGMA0GCSqGSIb3DQEBCwUA
A4IBAQAK10DYtCmXJXoKm0dYg5FbZQAEAYb881+un59wKW7gz5Zzb+g8aALU08mk
1iT+QM4518evdRCUdL5NG9I3nKKfY04edKgzYWGmGx9m2inndsNd8Q2Co2uC4Svq
iPG+CYYQuZXK10RJblobgGrGwF4ROzxRLIBN972Ema3CFtv0IaGwB6YsTlz8TJO6
nSL2LqUzPkRD8dQNsIA25/hkJqPdPSTYP0HlPjAL7M1Bt3VyRqMsH6Q0XequTsai
u7tVoziB3AE766rAagX733Jrcgtlb+8XZvR38YHwvj/haspIl3Uvk7dExiyd6J/j
Obvc8frR1nJKRChabwSgdENBf/BJ
-----END CERTIFICATE-----
Generated at Mon Apr 21 05:29:51 2025 by rpki-client