Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XKLqPLcjghV4OXbKA6vr25GHWhA.roa
File: XKLqPLcjghV4OXbKA6vr25GHWhA.roa (raw, json)
Hash identifier: 8JrvUkH/Gqi03ArrY1Ohr/QQqgCUiE8+DlnCo/fRQnA=
Subject key identifier: 5C:A2:EA:3C:B7:23:82:15:78:39:76:CA:03:AB:EB:DB:91:87:5A:10
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01937206371A10D49209BD43B25BD5DD2D2B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XKLqPLcjghV4OXbKA6vr25GHWhA.roa
Signing time: Thu 28 Nov 2024 09:07:10 +0000
ROA not before: Thu 28 Nov 2024 09:07:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 26383
IP address blocks: 62.76.234.0/24 maxlen: 24
62.76.239.0/24 maxlen: 24
185.72.8.0/24 maxlen: 24
192.124.176.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
193.124.22.0/24 maxlen: 24
193.124.41.0/24 maxlen: 24
193.124.46.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.58.34.0/24 maxlen: 24
194.58.38.0/24 maxlen: 24
194.58.39.0/24 maxlen: 24
194.58.40.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.58.45.0/24 maxlen: 24
194.58.59.0/24 maxlen: 24
194.58.66.0/24 maxlen: 24
194.58.68.0/24 maxlen: 24
194.87.10.0/24 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.30.0/24 maxlen: 24
194.87.39.0/24 maxlen: 24
194.87.47.0/24 maxlen: 24
194.87.58.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
194.87.198.0/24 maxlen: 24
194.87.227.0/24 maxlen: 24
194.87.230.0/24 maxlen: 24
194.87.245.0/24 maxlen: 24
195.133.67.0/24 maxlen: 24
195.133.92.0/24 maxlen: 24
212.192.12.0/24 maxlen: 24
212.192.13.0/24 maxlen: 24
212.192.15.0/24 maxlen: 24
212.192.215.0/24 maxlen: 24
212.192.221.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
212.193.1.0/24 maxlen: 24
212.193.2.0/24 maxlen: 24
212.193.6.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:72:06:37:1a:10:d4:92:09:bd:43:b2:5b:d5:dd:2d:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Nov 28 09:07:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5ca2ea3cb7238215783976ca03abebdb91875a10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:9c:ad:d6:53:ad:93:f6:e4:2d:c1:54:5e:ba:
45:f3:01:fb:f0:08:3b:b8:81:2d:31:c2:b7:35:dd:
52:73:29:a1:3e:d6:be:a3:10:04:91:69:80:e5:26:
f4:0d:6e:29:0b:a1:de:58:a6:7f:12:4f:84:52:b1:
37:fd:b5:74:ac:c3:89:0e:9b:cb:91:c6:38:8b:e7:
e9:00:ba:01:89:50:00:16:98:4b:1e:08:a7:9c:e1:
27:d7:a8:eb:ee:b9:d5:80:df:68:eb:93:7b:96:a2:
fe:73:62:44:a3:dc:67:c8:1f:7c:ba:08:eb:23:3e:
08:b3:5c:b1:b9:11:e1:4d:ef:bf:b2:3c:b2:65:48:
17:47:de:5d:7a:dc:2d:f5:90:f9:81:e1:7c:84:2d:
c4:12:8d:0c:b3:2f:6d:8e:31:b7:a3:c9:d4:dd:aa:
73:82:e9:1a:af:4d:d0:24:44:df:05:ba:26:48:d5:
3b:7c:53:36:90:22:1f:50:3f:16:bb:7c:0a:29:11:
d3:a8:b9:05:c4:46:d8:56:6d:bf:e4:56:09:5c:15:
f6:6c:6f:d1:da:e2:31:10:37:b9:d1:3d:4f:ef:26:
91:76:29:8b:7f:6b:dc:d0:b0:8a:b4:e0:c5:43:4d:
d0:70:b8:e5:da:4c:22:aa:28:e9:3a:69:0f:69:9a:
ba:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:A2:EA:3C:B7:23:82:15:78:39:76:CA:03:AB:EB:DB:91:87:5A:10
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XKLqPLcjghV4OXbKA6vr25GHWhA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.234.0/24
62.76.239.0/24
185.72.8.0/24
192.124.176.0/24
192.124.209.0/24
193.124.22.0/24
193.124.41.0/24
193.124.46.0/24
193.124.49.0/24
194.58.34.0/24
194.58.38.0-194.58.40.255
194.58.44.0/23
194.58.59.0/24
194.58.66.0/24
194.58.68.0/24
194.87.10.0/24
194.87.18.0/24
194.87.30.0/24
194.87.39.0/24
194.87.47.0/24
194.87.58.0/24
194.87.82.0/24
194.87.198.0/24
194.87.227.0/24
194.87.230.0/24
194.87.245.0/24
195.133.67.0/24
195.133.92.0/24
212.192.12.0/23
212.192.15.0/24
212.192.215.0/24
212.192.221.0/24
212.192.223.0/24
212.193.1.0-212.193.2.255
212.193.6.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:85:6d:96:e9:a6:e0:12:4d:34:3f:aa:45:90:32:b4:73:fc:
07:51:9b:af:a3:86:e3:62:cb:18:37:fc:3e:e6:95:97:8b:e1:
d4:d9:e1:f8:57:03:15:1c:a5:97:aa:03:cc:4f:38:4d:25:ec:
7c:fb:a7:6c:94:05:57:c5:22:09:c9:3f:1b:06:6f:64:ae:ac:
48:af:7a:fa:2d:ea:01:ec:4b:a8:eb:12:8c:75:c9:81:33:40:
16:e5:d0:86:01:5f:ed:89:73:41:be:89:15:97:da:b3:d5:f5:
70:af:e1:b7:f4:3e:f5:48:84:02:33:c1:bc:c0:8b:85:79:34:
5b:c9:fc:29:40:83:98:56:2b:ee:0b:0b:d0:90:cb:c6:f1:12:
e5:d6:a5:41:34:91:f4:3f:ac:0d:74:fa:ae:cb:cd:69:08:6f:
73:f3:1f:45:99:fa:07:9c:09:6e:2d:4f:2d:8d:e2:b0:23:f4:
0c:a6:25:b9:3d:c8:f0:2e:0a:89:82:89:ac:3e:c6:31:81:e5:
3d:ab:c1:1b:4f:ab:24:e6:85:17:0d:2a:8f:f8:6b:fb:24:d7:
80:05:8e:0a:b6:19:37:d7:c5:2a:94:fe:a4:0b:30:5a:9d:f3:
65:75:84:17:42:16:ba:a5:f4:5f:dd:be:7e:20:d9:97:88:0a:
74:d1:f8:f5
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAZNyBjcaENSSCb1DslvV3S0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMTI4MDkwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2EyZWEzY2I3MjM4MjE1NzgzOTc2Y2EwM2FiZWJkYjkxODc1YTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5yt1lOtk/bkLcFUXrpF8wH78Ag7
uIEtMcK3Nd1ScymhPta+oxAEkWmA5Sb0DW4pC6HeWKZ/Ek+EUrE3/bV0rMOJDpvL
kcY4i+fpALoBiVAAFphLHginnOEn16jr7rnVgN9o65N7lqL+c2JEo9xnyB98ugjr
Iz4Is1yxuRHhTe+/sjyyZUgXR95detwt9ZD5geF8hC3EEo0Msy9tjjG3o8nU3apz
gukar03QJETfBbomSNU7fFM2kCIfUD8Wu3wKKRHTqLkFxEbYVm2/5FYJXBX2bG/R
2uIxEDe50T1P7yaRdimLf2vc0LCKtODFQ03QcLjl2kwiqijpOmkPaZq6MwIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFFyi6jy3I4IVeDl2ygOr69uRh1oQMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWEtMcVBMY2pnaFY0T1hiS0E2dnIyNUdIV2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB6QQCAAEwgeIDBAA+
TOoDBAA+TO8DBAC5SAgDBADAfLADBADAfNEDBADBfBYDBADBfCkDBADBfC4DBADB
fDEDBADCOiIwDAMEAcI6JgMEAMI6KAMEAcI6LAMEAMI6OwMEAMI6QgMEAMI6RAME
AMJXCgMEAMJXEgMEAMJXHgMEAMJXJwMEAMJXLwMEAMJXOgMEAMJXUgMEAMJXxgME
AMJX4wMEAMJX5gMEAMJX9QMEAMOFQwMEAMOFXAMEAdTADAMEANTADwMEANTA1wME
ANTA3QMEANTA3zAMAwQA1MEBAwQA1MECAwQA1MEGMA0GCSqGSIb3DQEBCwUAA4IB
AQAPhW2W6abgEk00P6pFkDK0c/wHUZuvo4bjYssYN/w+5pWXi+HU2eH4VwMVHKWX
qgPMTzhNJex8+6dslAVXxSIJyT8bBm9krqxIr3r6LeoB7Euo6xKMdcmBM0AW5dCG
AV/tiXNBvokVl9qz1fVwr+G39D71SIQCM8G8wIuFeTRbyfwpQIOYVivuCwvQkMvG
8RLl1qVBNJH0P6wNdPquy81pCG9z8x9FmfoHnAluLU8tjeKwI/QMpiW5PcjwLgqJ
gomsPsYxgeU9q8EbT6sk5oUXDSqP+Gv7JNeABY4Kthk318UqlP6kCzBanfNldYQX
Qha6pfRf3b5+INmXiAp00fj1
-----END CERTIFICATE-----
Generated at Sun Jun 8 08:50:36 2025 by rpki-client