Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JidI6bPaiqNIc5oKm-m1UsPUQD8.roa
File: JidI6bPaiqNIc5oKm-m1UsPUQD8.roa (raw, json)
Hash identifier: i3C67GeESc8WLozcUET1Uhjz3dIt4TITxIU8wV64hLI=
Subject key identifier: 26:27:48:E9:B3:DA:8A:A3:48:73:9A:0A:9B:E9:B5:52:C3:D4:40:3F
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01890BBB672127C054716E65B967F4DFFEDB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JidI6bPaiqNIc5oKm-m1UsPUQD8.roa
Signing time: Fri 30 Jun 2023 09:56:18 +0000
ROA not before: Fri 30 Jun 2023 09:56:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15731
IP address blocks: 193.124.3.0/24 maxlen: 24
62.76.225.0/24 maxlen: 24
193.124.8.0/24 maxlen: 24
194.87.1.0/24 maxlen: 24
194.87.3.0/24 maxlen: 24
194.87.2.0/24 maxlen: 24
62.76.230.0/23 maxlen: 23
193.124.16.0/24 maxlen: 24
194.87.7.0/24 maxlen: 24
194.87.11.0/24 maxlen: 24
194.87.12.0/24 maxlen: 24
194.87.16.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
194.87.24.0/22 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.26.0/23 maxlen: 23
194.87.37.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.87.36.0/24 maxlen: 24
193.124.124.0/24 maxlen: 24
194.87.114.0/23 maxlen: 23
194.87.122.0/24 maxlen: 24
194.87.124.0/24 maxlen: 24
193.124.133.0/24 maxlen: 24
194.87.130.0/24 maxlen: 24
194.87.131.0/24 maxlen: 24
194.87.134.0/23 maxlen: 23
194.87.133.0/24 maxlen: 24
194.87.43.0/24 maxlen: 24
194.87.56.0/24 maxlen: 24
193.124.80.0/24 maxlen: 24
194.87.78.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.83.0/24 maxlen: 24
195.133.74.0/24 maxlen: 24
195.133.84.0/23 maxlen: 23
195.133.22.0/24 maxlen: 24
195.133.30.0/24 maxlen: 24
195.133.35.0/24 maxlen: 24
195.133.194.0/24 maxlen: 24
195.133.195.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
195.58.36.0/24 maxlen: 24
194.58.42.0/24 maxlen: 24
194.58.47.0/24 maxlen: 24
212.192.241.0/24 maxlen: 24
195.58.54.0/24 maxlen: 24
212.192.244.0/24 maxlen: 24
195.58.58.0/23 maxlen: 23
212.192.247.0/24 maxlen: 24
212.192.248.0/22 maxlen: 22
195.58.62.0/23 maxlen: 23
194.58.223.0/24 maxlen: 24
194.87.200.0/24 maxlen: 24
194.87.202.0/24 maxlen: 24
194.87.204.0/24 maxlen: 24
194.87.222.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
194.87.240.0/24 maxlen: 24
192.124.170.0/24 maxlen: 24
212.192.8.0/24 maxlen: 24
212.192.10.0/24 maxlen: 24
192.124.178.0/24 maxlen: 24
194.87.166.0/24 maxlen: 24
194.87.160.0/24 maxlen: 24
194.87.162.0/24 maxlen: 24
194.87.168.0/24 maxlen: 24
194.87.172.0/24 maxlen: 24
192.124.181.0/24 maxlen: 24
194.87.177.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
192.124.189.0/24 maxlen: 24
192.124.191.0/24 maxlen: 24
194.87.187.0/24 maxlen: 24
194.87.190.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
193.124.204.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:0b:bb:67:21:27:c0:54:71:6e:65:b9:67:f4:df:fe:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jun 30 09:56:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=262748e9b3da8aa348739a0a9be9b552c3d4403f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:bf:93:7b:8d:df:7a:d0:80:98:7a:64:22:cb:
99:f6:1f:aa:fe:20:b1:b3:59:89:53:83:cf:6f:5f:
43:93:14:e4:6d:d9:6b:b4:88:49:3e:49:62:10:ad:
d4:fe:b7:d8:a6:f8:26:78:bf:40:f8:90:88:60:3f:
fa:46:bb:cd:2e:c6:11:cf:22:19:27:1e:58:13:cc:
c6:43:3c:c1:6e:e9:8a:59:0d:dc:73:f0:d9:23:de:
c1:0a:be:82:8a:f9:d9:88:84:27:1f:71:b9:10:d2:
22:1e:59:a1:51:68:41:dd:5f:5d:59:c9:32:93:e5:
6e:97:ab:37:1f:f8:5e:48:a7:5f:71:c5:09:5f:15:
e4:52:b8:4a:0b:3f:99:6e:e4:c6:d2:44:56:7d:49:
bc:69:21:28:55:bd:0e:b9:b9:2f:27:30:b3:a4:28:
a4:1a:1b:f6:4d:49:f0:87:ae:f3:24:55:53:83:c9:
01:d7:b7:bc:b5:91:fb:0f:da:3a:67:cd:a4:c7:ee:
8a:07:2f:f1:6c:8f:c2:f2:0d:19:f0:7f:d1:2c:93:
99:a9:98:fb:7a:cc:e4:03:94:89:25:aa:b9:62:70:
b9:d4:04:27:51:02:09:79:59:2d:d5:16:86:83:28:
87:f2:c3:1b:f8:8d:c1:4d:66:07:a2:e5:e7:fe:fa:
53:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:27:48:E9:B3:DA:8A:A3:48:73:9A:0A:9B:E9:B5:52:C3:D4:40:3F
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JidI6bPaiqNIc5oKm-m1UsPUQD8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.225.0/24
62.76.230.0/23
192.124.170.0/24
192.124.178.0/24
192.124.181.0/24
192.124.189.0/24
192.124.191.0/24
193.124.3.0/24
193.124.8.0/24
193.124.16.0/24
193.124.49.0/24
193.124.80.0/24
193.124.124.0/24
193.124.133.0/24
193.124.200.0/24
193.124.204.0/24
194.58.42.0/24
194.58.47.0/24
194.58.223.0/24
194.87.1.0-194.87.3.255
194.87.7.0/24
194.87.11.0-194.87.12.255
194.87.16.0/24
194.87.18.0/24
194.87.23.0-194.87.27.255
194.87.36.0/23
194.87.43.0/24
194.87.56.0/24
194.87.73.0/24
194.87.78.0/24
194.87.83.0/24
194.87.114.0/23
194.87.122.0/24
194.87.124.0/24
194.87.130.0/23
194.87.133.0-194.87.135.255
194.87.160.0/24
194.87.162.0/24
194.87.166.0/24
194.87.168.0/24
194.87.172.0/24
194.87.177.0-194.87.179.255
194.87.187.0/24
194.87.190.0/24
194.87.200.0/24
194.87.202.0/24
194.87.204.0/24
194.87.222.0/24
194.87.240.0/24
194.135.24.0/24
194.135.46.0/24
195.58.36.0/24
195.58.54.0/24
195.58.58.0/23
195.58.62.0/23
195.133.22.0/24
195.133.30.0/24
195.133.35.0/24
195.133.74.0/24
195.133.84.0/23
195.133.194.0/23
212.192.8.0/24
212.192.10.0/24
212.192.223.0/24
212.192.241.0/24
212.192.244.0/24
212.192.247.0-212.192.251.255
Signature Algorithm: sha256WithRSAEncryption
06:75:f8:aa:d2:0e:31:15:b2:69:93:34:55:eb:3e:c1:7b:b1:
16:2a:c0:15:22:eb:5f:17:58:d0:9e:0a:a8:ac:76:49:14:0d:
d3:21:dd:97:82:09:87:9c:f0:44:50:1d:d9:cd:42:17:ad:bd:
9b:30:ae:10:52:74:63:7d:bf:c2:a1:16:2e:10:63:a7:4f:80:
8c:8c:d4:37:83:24:43:20:5c:9d:b6:0c:dd:98:d5:70:b8:af:
0c:91:b2:4b:65:fd:50:1e:0f:af:66:fe:91:e6:1f:a3:39:96:
f0:38:dc:e7:43:bf:06:e3:e4:9a:96:64:45:1d:bf:f7:c7:99:
74:13:73:15:3e:90:50:fd:63:6b:f1:3d:9c:85:dc:23:b7:01:
1f:45:a3:5b:fc:4a:5a:78:74:76:71:d5:e2:22:da:bd:79:eb:
91:9d:6b:65:45:f1:bc:ae:43:a8:a9:5c:e7:e4:d6:53:3d:fd:
03:74:0b:74:d8:40:f0:9c:b1:d1:e1:97:b1:3c:95:0a:bf:2d:
c1:e5:f7:a0:52:74:c7:70:b1:fa:da:a0:63:40:83:a4:fc:e0:
e1:07:6a:c8:a6:69:09:91:a1:7a:cf:f3:45:2c:f8:ed:74:5a:
d7:08:b1:28:5e:a1:cb:81:cd:16:0c:e3:b5:a3:90:0e:b1:5d:
46:1c:46:37
-----BEGIN CERTIFICATE-----
MIIGwzCCBaugAwIBAgISAYkLu2chJ8BUcW5luWf03/7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjMwMDk1NjE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjI3NDhlOWIzZGE4YWEzNDg3MzlhMGE5YmU5YjU1MmMzZDQ0MDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4L+Te43fetCAmHpkIsuZ9h+q/iCx
s1mJU4PPb19DkxTkbdlrtIhJPkliEK3U/rfYpvgmeL9A+JCIYD/6RrvNLsYRzyIZ
Jx5YE8zGQzzBbumKWQ3cc/DZI97BCr6CivnZiIQnH3G5ENIiHlmhUWhB3V9dWcky
k+Vul6s3H/heSKdfccUJXxXkUrhKCz+ZbuTG0kRWfUm8aSEoVb0OubkvJzCzpCik
Ghv2TUnwh67zJFVTg8kB17e8tZH7D9o6Z82kx+6KBy/xbI/C8g0Z8H/RLJOZqZj7
eszkA5SJJaq5YnC51AQnUQIJeVkt1RaGgyiH8sMb+I3BTWYHouXn/vpTyQIDAQAB
o4IDzzCCA8swHQYDVR0OBBYEFCYnSOmz2oqjSHOaCpvptVLD1EA/MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSmlkSTZiUGFpcU5JYzVvS20tbTFVc1BVUUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB4wYIKwYBBQUHAQcBAf8EggHSMIIBzjCCAcoEAgABMIIB
wgMEAD5M4QMEAT5M5gMEAMB8qgMEAMB8sgMEAMB8tQMEAMB8vQMEAMB8vwMEAMF8
AwMEAMF8CAMEAMF8EAMEAMF8MQMEAMF8UAMEAMF8fAMEAMF8hQMEAMF8yAMEAMF8
zAMEAMI6KgMEAMI6LwMEAMI63zAMAwQAwlcBAwQCwlcAAwQAwlcHMAwDBADCVwsD
BADCVwwDBADCVxADBADCVxIwDAMEAMJXFwMEAsJXGAMEAcJXJAMEAMJXKwMEAMJX
OAMEAMJXSQMEAMJXTgMEAMJXUwMEAcJXcgMEAMJXegMEAMJXfAMEAcJXgjAMAwQA
wleFAwQDwleAAwQAwlegAwQAwleiAwQAwlemAwQAwleoAwQAwlesMAwDBADCV7ED
BALCV7ADBADCV7sDBADCV74DBADCV8gDBADCV8oDBADCV8wDBADCV94DBADCV/AD
BADChxgDBADChy4DBADDOiQDBADDOjYDBAHDOjoDBAHDOj4DBADDhRYDBADDhR4D
BADDhSMDBADDhUoDBAHDhVQDBAHDhcIDBADUwAgDBADUwAoDBADUwN8DBADUwPED
BADUwPQwDAMEANTA9wMEAtTA+DANBgkqhkiG9w0BAQsFAAOCAQEABnX4qtIOMRWy
aZM0Ves+wXuxFirAFSLrXxdY0J4KqKx2SRQN0yHdl4IJh5zwRFAd2c1CF629mzCu
EFJ0Y32/wqEWLhBjp0+AjIzUN4MkQyBcnbYM3ZjVcLivDJGyS2X9UB4Pr2b+keYf
ozmW8Djc50O/BuPkmpZkRR2/98eZdBNzFT6QUP1ja/E9nIXcI7cBH0WjW/xKWnh0
dnHV4iLavXnrkZ1rZUXxvK5DqKlc5+TWUz39A3QLdNhA8Jyx0eGXsTyVCr8tweX3
oFJ0x3Cx+tqgY0CDpPzg4QdqyKZpCZGhes/zRSz47XRa1wixKF6hy4HNFgzjtaOQ
DrFdRhxGNw==
-----END CERTIFICATE-----
Generated at Sun Jun 8 16:44:51 2025 by rpki-client