Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6C5VWMABNI-R3t3aGXHRVZTzG2E.roa
File: 6C5VWMABNI-R3t3aGXHRVZTzG2E.roa (raw, json)
Hash identifier: J55YmjFwxDr8UxM/agjlddTWkDP43E8EsYB3ICIE5i0=
Subject key identifier: E8:2E:55:58:C0:01:34:8F:91:DE:DD:DA:19:71:D1:55:94:F3:1B:61
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019385886B9F4C1097A4BB6337A4DBAB753E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6C5VWMABNI-R3t3aGXHRVZTzG2E.roa
Signing time: Mon 02 Dec 2024 04:02:10 +0000
ROA not before: Mon 02 Dec 2024 04:02:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 26383
IP address blocks: 62.76.234.0/24 maxlen: 24
62.76.239.0/24 maxlen: 24
185.72.8.0/24 maxlen: 24
192.124.176.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
193.124.22.0/24 maxlen: 24
193.124.41.0/24 maxlen: 24
193.124.46.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.58.34.0/24 maxlen: 24
194.58.38.0/24 maxlen: 24
194.58.39.0/24 maxlen: 24
194.58.40.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.58.45.0/24 maxlen: 24
194.58.59.0/24 maxlen: 24
194.58.66.0/24 maxlen: 24
194.58.68.0/24 maxlen: 24
194.87.10.0/24 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.30.0/24 maxlen: 24
194.87.39.0/24 maxlen: 24
194.87.47.0/24 maxlen: 24
194.87.58.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.198.0/24 maxlen: 24
194.87.227.0/24 maxlen: 24
194.87.230.0/24 maxlen: 24
194.87.245.0/24 maxlen: 24
195.133.67.0/24 maxlen: 24
195.133.92.0/24 maxlen: 24
212.192.12.0/24 maxlen: 24
212.192.13.0/24 maxlen: 24
212.192.15.0/24 maxlen: 24
212.192.215.0/24 maxlen: 24
212.192.221.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
212.193.1.0/24 maxlen: 24
212.193.2.0/24 maxlen: 24
212.193.6.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:85:88:6b:9f:4c:10:97:a4:bb:63:37:a4:db:ab:75:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 2 04:02:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e82e5558c001348f91deddda1971d15594f31b61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:a5:15:25:97:c7:6f:53:09:6c:fb:da:8f:b4:
90:3f:1f:de:c7:0e:39:d3:79:7a:e2:ea:02:07:a9:
12:e3:8c:ee:a0:48:b0:2e:1c:af:f4:65:af:ce:e6:
5f:5c:92:95:69:76:1d:4a:1f:09:04:66:50:10:5d:
81:ae:0c:2c:28:ce:87:47:29:bc:2b:b4:af:6f:2a:
e6:8c:88:54:12:4d:8b:58:9a:dc:8d:52:f9:dc:43:
6d:46:aa:c3:d2:fb:cc:37:be:0a:64:d8:5d:6f:b3:
46:3e:ed:f6:33:a9:66:84:5b:00:9b:e4:2e:ad:b6:
f6:4c:e4:34:e2:86:b4:7a:cb:bc:b7:47:1a:d5:95:
7d:9f:00:66:d0:68:57:9e:60:f6:dc:ac:0c:50:b1:
1f:3e:69:43:33:58:03:46:82:93:86:a4:2e:19:b4:
ef:ae:68:15:b6:14:5d:c1:dc:2d:49:0f:f7:e5:79:
c5:3c:9d:29:b5:05:e4:bf:93:ad:3b:6d:f8:ef:51:
24:bf:66:91:84:03:66:9c:e0:ca:8c:2b:b2:fd:82:
d5:d0:cb:75:bd:33:55:cb:48:50:c4:87:89:22:f8:
4c:17:03:e6:7d:89:67:08:25:7f:9f:66:02:c6:91:
af:7e:44:18:51:5f:91:53:06:4f:3c:c4:dc:2f:b2:
a5:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:2E:55:58:C0:01:34:8F:91:DE:DD:DA:19:71:D1:55:94:F3:1B:61
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6C5VWMABNI-R3t3aGXHRVZTzG2E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.234.0/24
62.76.239.0/24
185.72.8.0/24
192.124.176.0/24
192.124.209.0/24
193.124.22.0/24
193.124.41.0/24
193.124.46.0/24
193.124.49.0/24
194.58.34.0/24
194.58.38.0-194.58.40.255
194.58.44.0/23
194.58.59.0/24
194.58.66.0/24
194.58.68.0/24
194.87.10.0/24
194.87.18.0/24
194.87.30.0/24
194.87.39.0/24
194.87.47.0/24
194.87.58.0/24
194.87.82.0/24
194.87.178.0/24
194.87.198.0/24
194.87.227.0/24
194.87.230.0/24
194.87.245.0/24
195.133.67.0/24
195.133.92.0/24
212.192.12.0/23
212.192.15.0/24
212.192.215.0/24
212.192.221.0/24
212.192.223.0/24
212.193.1.0-212.193.2.255
212.193.6.0/24
Signature Algorithm: sha256WithRSAEncryption
42:8f:9d:00:20:5c:a6:0e:88:60:50:fc:ec:88:8a:f4:97:30:
d4:89:e6:30:89:af:95:c1:35:bf:33:5f:af:54:6b:ed:f2:e2:
b3:6f:f9:fe:66:8d:62:51:c8:f9:f3:e4:e1:79:4e:74:87:16:
40:bf:bb:d7:78:63:88:0d:dd:67:05:0e:49:79:eb:0c:32:7e:
4f:df:8d:17:70:7e:49:4c:3d:31:71:c4:6d:b5:7b:92:b6:ef:
a9:51:ed:b5:63:e5:07:d6:b4:89:a4:e5:5e:60:25:19:ae:43:
f0:89:8b:14:e6:51:75:1f:21:eb:ec:2b:c9:0f:0f:6e:a8:80:
97:dc:a4:4c:48:26:10:79:f4:44:aa:2c:a5:25:3f:c3:76:94:
3f:a5:6a:bb:f9:10:db:b2:0c:ba:7a:e0:5d:e9:ab:5d:14:15:
73:48:e5:94:97:ff:eb:90:18:8d:d1:f9:5d:3b:24:80:7c:00:
64:8c:84:86:ca:eb:38:4a:28:5a:1e:7b:ac:33:7e:0a:36:8f:
8c:72:8a:2b:ab:31:68:6c:ae:ef:bd:0d:49:69:85:66:14:28:
fe:fd:17:a5:f5:62:d1:1b:72:3c:00:bc:db:f5:d2:79:f2:13:
c5:5d:1c:2c:64:84:7a:0a:bf:06:28:85:a2:ba:a4:85:87:7c:
0a:4d:66:d7
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgISAZOFiGufTBCXpLtjN6Tbq3U+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjAyMDQwMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODJlNTU1OGMwMDEzNDhmOTFkZWRkZGExOTcxZDE1NTk0ZjMxYjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKUVJZfHb1MJbPvaj7SQPx/exw45
03l64uoCB6kS44zuoEiwLhyv9GWvzuZfXJKVaXYdSh8JBGZQEF2BrgwsKM6HRym8
K7SvbyrmjIhUEk2LWJrcjVL53ENtRqrD0vvMN74KZNhdb7NGPu32M6lmhFsAm+Qu
rbb2TOQ04oa0esu8t0ca1ZV9nwBm0GhXnmD23KwMULEfPmlDM1gDRoKThqQuGbTv
rmgVthRdwdwtSQ/35XnFPJ0ptQXkv5OtO23471Ekv2aRhANmnODKjCuy/YLV0Mt1
vTNVy0hQxIeJIvhMFwPmfYlnCCV/n2YCxpGvfkQYUV+RUwZPPMTcL7KlFwIDAQAB
o4IC8TCCAu0wHQYDVR0OBBYEFOguVVjAATSPkd7d2hlx0VWU8xthMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNkM1VldNQUJOSS1SM3QzYUdYSFJWWlR6RzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBQYIKwYBBQUHAQcBAf8EgfUwgfIwge8EAgABMIHoAwQA
PkzqAwQAPkzvAwQAuUgIAwQAwHywAwQAwHzRAwQAwXwWAwQAwXwpAwQAwXwuAwQA
wXwxAwQAwjoiMAwDBAHCOiYDBADCOigDBAHCOiwDBADCOjsDBADCOkIDBADCOkQD
BADCVwoDBADCVxIDBADCVx4DBADCVycDBADCVy8DBADCVzoDBADCV1IDBADCV7ID
BADCV8YDBADCV+MDBADCV+YDBADCV/UDBADDhUMDBADDhVwDBAHUwAwDBADUwA8D
BADUwNcDBADUwN0DBADUwN8wDAMEANTBAQMEANTBAgMEANTBBjANBgkqhkiG9w0B
AQsFAAOCAQEAQo+dACBcpg6IYFD87IiK9Jcw1InmMImvlcE1vzNfr1Rr7fLis2/5
/maNYlHI+fPk4XlOdIcWQL+713hjiA3dZwUOSXnrDDJ+T9+NF3B+SUw9MXHEbbV7
krbvqVHttWPlB9a0iaTlXmAlGa5D8ImLFOZRdR8h6+wryQ8PbqiAl9ykTEgmEHn0
RKospSU/w3aUP6Vqu/kQ27IMunrgXemrXRQVc0jllJf/65AYjdH5XTskgHwAZIyE
hsrrOEooWh57rDN+CjaPjHKKK6sxaGyu770NSWmFZhQo/v0XpfVi0RtyPAC82/XS
efITxV0cLGSEegq/BiiForqkhYd8Ck1m1w==
-----END CERTIFICATE-----
Generated at Mon Jun 9 07:06:07 2025 by rpki-client