Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l4Y8Lwceyh49M96z7SVpv5iLFdg.roa
File: l4Y8Lwceyh49M96z7SVpv5iLFdg.roa (raw, json)
Hash identifier: TK6woA3zv+KSTzSLmq/ps6rTO//l9ZtizNrOA2uyTzc=
Subject key identifier: 97:86:3C:2F:07:1E:CA:1E:3D:33:DE:B3:ED:25:69:BF:98:8B:15:D8
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01890AA07EC5B8E2546C447A17ADF826B7BE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l4Y8Lwceyh49M96z7SVpv5iLFdg.roa
Signing time: Fri 30 Jun 2023 04:47:17 +0000
ROA not before: Fri 30 Jun 2023 04:47:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15731
IP address blocks: 193.124.3.0/24 maxlen: 24
62.76.225.0/24 maxlen: 24
193.124.8.0/24 maxlen: 24
194.87.1.0/24 maxlen: 24
194.87.3.0/24 maxlen: 24
194.87.2.0/24 maxlen: 24
62.76.230.0/23 maxlen: 23
193.124.16.0/24 maxlen: 24
194.87.7.0/24 maxlen: 24
194.87.11.0/24 maxlen: 24
194.87.12.0/24 maxlen: 24
194.87.16.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
194.87.24.0/22 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.26.0/23 maxlen: 23
194.87.37.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.87.36.0/24 maxlen: 24
193.124.124.0/24 maxlen: 24
194.87.114.0/23 maxlen: 23
194.87.122.0/24 maxlen: 24
194.87.124.0/24 maxlen: 24
193.124.133.0/24 maxlen: 24
194.87.130.0/24 maxlen: 24
194.87.131.0/24 maxlen: 24
194.87.134.0/23 maxlen: 23
194.87.133.0/24 maxlen: 24
194.87.43.0/24 maxlen: 24
194.87.56.0/24 maxlen: 24
193.124.80.0/24 maxlen: 24
194.87.78.0/24 maxlen: 24
193.124.90.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.83.0/24 maxlen: 24
195.133.74.0/24 maxlen: 24
195.133.84.0/23 maxlen: 23
195.133.22.0/24 maxlen: 24
195.133.30.0/24 maxlen: 24
195.133.35.0/24 maxlen: 24
195.133.194.0/24 maxlen: 24
195.133.195.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
195.58.36.0/24 maxlen: 24
194.58.42.0/24 maxlen: 24
194.58.47.0/24 maxlen: 24
212.192.241.0/24 maxlen: 24
195.58.54.0/24 maxlen: 24
212.192.244.0/24 maxlen: 24
195.58.58.0/23 maxlen: 23
212.192.247.0/24 maxlen: 24
212.192.248.0/22 maxlen: 22
195.58.62.0/23 maxlen: 23
194.58.223.0/24 maxlen: 24
194.87.200.0/24 maxlen: 24
194.87.202.0/24 maxlen: 24
194.87.204.0/24 maxlen: 24
194.87.222.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
194.87.240.0/24 maxlen: 24
192.124.170.0/24 maxlen: 24
212.192.8.0/24 maxlen: 24
212.192.10.0/24 maxlen: 24
192.124.178.0/24 maxlen: 24
194.87.166.0/24 maxlen: 24
194.87.160.0/24 maxlen: 24
194.87.162.0/24 maxlen: 24
194.87.168.0/24 maxlen: 24
194.87.172.0/24 maxlen: 24
192.124.181.0/24 maxlen: 24
194.87.177.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
192.124.189.0/24 maxlen: 24
192.124.191.0/24 maxlen: 24
194.87.187.0/24 maxlen: 24
194.87.190.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
193.124.204.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:0a:a0:7e:c5:b8:e2:54:6c:44:7a:17:ad:f8:26:b7:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jun 30 04:47:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=97863c2f071eca1e3d33deb3ed2569bf988b15d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:1f:ca:97:f1:ae:04:5f:05:c9:34:e0:03:2a:
34:78:20:5a:1a:73:a7:56:24:17:d5:d5:06:71:7e:
a1:8a:d4:cd:3d:3a:51:86:5f:b7:86:38:e5:15:ee:
fb:c4:7e:ad:2f:1e:15:8c:53:54:d4:a7:28:54:bc:
ec:e7:0c:fe:f3:a2:ad:19:9a:61:97:69:e5:eb:14:
34:6a:2a:eb:de:0d:a4:07:a9:e4:00:0d:bf:79:78:
0d:a0:b9:2b:6d:e1:c1:ac:db:01:46:be:ad:6b:41:
72:69:a4:60:c5:bf:25:31:ae:3b:27:f5:7b:6e:94:
46:3a:c1:2c:14:9c:24:cc:b3:e7:a4:f7:4c:b4:18:
1e:0f:57:28:c7:40:a3:97:34:d1:f3:d4:11:b9:1a:
48:12:33:b8:fb:45:60:ad:67:6e:ed:ba:ac:88:b2:
3b:b5:35:cc:36:39:d8:5c:d2:e4:28:1b:1e:71:58:
f8:bb:e6:47:9b:b9:c9:53:33:ec:54:2a:5e:85:c0:
e5:d0:a9:6c:ef:d9:ce:54:db:0d:ef:ca:be:cf:04:
c9:d7:35:8d:cc:f4:ae:2b:40:92:8c:8a:21:09:0d:
76:5c:5d:fa:2d:bc:57:2b:b5:86:96:d3:23:4b:9d:
70:f9:c3:90:ab:d8:5b:36:e9:c6:09:f2:41:56:5f:
bb:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:86:3C:2F:07:1E:CA:1E:3D:33:DE:B3:ED:25:69:BF:98:8B:15:D8
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l4Y8Lwceyh49M96z7SVpv5iLFdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.225.0/24
62.76.230.0/23
192.124.170.0/24
192.124.178.0/24
192.124.181.0/24
192.124.189.0/24
192.124.191.0/24
193.124.3.0/24
193.124.8.0/24
193.124.16.0/24
193.124.49.0/24
193.124.80.0/24
193.124.90.0/24
193.124.124.0/24
193.124.133.0/24
193.124.200.0/24
193.124.204.0/24
194.58.42.0/24
194.58.47.0/24
194.58.223.0/24
194.87.1.0-194.87.3.255
194.87.7.0/24
194.87.11.0-194.87.12.255
194.87.16.0/24
194.87.18.0/24
194.87.23.0-194.87.27.255
194.87.36.0/23
194.87.43.0/24
194.87.56.0/24
194.87.73.0/24
194.87.78.0/24
194.87.83.0/24
194.87.114.0/23
194.87.122.0/24
194.87.124.0/24
194.87.130.0/23
194.87.133.0-194.87.135.255
194.87.160.0/24
194.87.162.0/24
194.87.166.0/24
194.87.168.0/24
194.87.172.0/24
194.87.177.0-194.87.179.255
194.87.187.0/24
194.87.190.0/24
194.87.200.0/24
194.87.202.0/24
194.87.204.0/24
194.87.222.0/24
194.87.240.0/24
194.135.24.0/24
194.135.46.0/24
195.58.36.0/24
195.58.54.0/24
195.58.58.0/23
195.58.62.0/23
195.133.22.0/24
195.133.30.0/24
195.133.35.0/24
195.133.74.0/24
195.133.84.0/23
195.133.194.0/23
212.192.8.0/24
212.192.10.0/24
212.192.223.0/24
212.192.241.0/24
212.192.244.0/24
212.192.247.0-212.192.251.255
Signature Algorithm: sha256WithRSAEncryption
37:ff:e9:fe:ae:99:d6:1b:d7:01:b0:ee:02:4c:db:47:86:34:
d0:ce:03:49:e4:ca:55:d7:a5:f9:dc:ea:d3:e4:d3:4d:98:6d:
af:f2:cf:e6:f3:66:e9:34:81:19:47:12:ce:37:7d:4e:64:37:
a6:88:49:fc:f1:62:85:cc:ee:5e:0a:c7:2d:15:ce:43:49:9b:
c9:b2:75:dc:ca:5c:95:49:ad:ee:06:a2:76:c1:e2:08:61:ba:
ca:5b:aa:cf:91:d3:78:fd:e5:af:eb:ca:1d:77:d7:1b:80:a1:
03:31:56:45:fd:55:2f:bd:bb:10:c2:05:f3:f7:59:b2:0f:20:
0a:49:aa:ce:78:dd:20:cd:46:f2:cb:47:75:21:0c:3d:b1:f5:
7c:06:bc:f1:7f:43:5a:d1:e1:28:e0:e6:ac:38:b3:7f:64:6c:
a5:2e:26:d2:be:20:49:66:0a:12:13:5d:55:19:8b:6a:d7:53:
dd:04:5e:a8:cb:b9:58:ea:c2:d2:c1:ba:0a:4b:f0:3b:44:92:
95:25:1a:ed:21:d8:06:bc:1f:8b:6a:cf:86:2b:6b:84:32:9c:
07:8b:0d:f9:35:69:3e:3f:4b:1c:31:ab:b5:19:43:1b:0f:f8:
a7:1a:9f:34:a4:b3:20:5c:b4:d8:c4:e9:f9:f0:a1:56:2a:22:
72:b3:40:11
-----BEGIN CERTIFICATE-----
MIIGyTCCBbGgAwIBAgISAYkKoH7FuOJUbER6F634Jre+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjMwMDQ0NzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzg2M2MyZjA3MWVjYTFlM2QzM2RlYjNlZDI1NjliZjk4OGIxNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR/Kl/GuBF8FyTTgAyo0eCBaGnOn
ViQX1dUGcX6hitTNPTpRhl+3hjjlFe77xH6tLx4VjFNU1KcoVLzs5wz+86KtGZph
l2nl6xQ0airr3g2kB6nkAA2/eXgNoLkrbeHBrNsBRr6ta0FyaaRgxb8lMa47J/V7
bpRGOsEsFJwkzLPnpPdMtBgeD1cox0CjlzTR89QRuRpIEjO4+0VgrWdu7bqsiLI7
tTXMNjnYXNLkKBsecVj4u+ZHm7nJUzPsVCpehcDl0Kls79nOVNsN78q+zwTJ1zWN
zPSuK0CSjIohCQ12XF36LbxXK7WGltMjS51w+cOQq9hbNunGCfJBVl+7qwIDAQAB
o4ID1TCCA9EwHQYDVR0OBBYEFJeGPC8HHsoePTPes+0lab+YixXYMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbDRZOEx3Y2V5aDQ5TTk2ejdTVnB2NWlMRmRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB6QYIKwYBBQUHAQcBAf8EggHYMIIB1DCCAdAEAgABMIIB
yAMEAD5M4QMEAT5M5gMEAMB8qgMEAMB8sgMEAMB8tQMEAMB8vQMEAMB8vwMEAMF8
AwMEAMF8CAMEAMF8EAMEAMF8MQMEAMF8UAMEAMF8WgMEAMF8fAMEAMF8hQMEAMF8
yAMEAMF8zAMEAMI6KgMEAMI6LwMEAMI63zAMAwQAwlcBAwQCwlcAAwQAwlcHMAwD
BADCVwsDBADCVwwDBADCVxADBADCVxIwDAMEAMJXFwMEAsJXGAMEAcJXJAMEAMJX
KwMEAMJXOAMEAMJXSQMEAMJXTgMEAMJXUwMEAcJXcgMEAMJXegMEAMJXfAMEAcJX
gjAMAwQAwleFAwQDwleAAwQAwlegAwQAwleiAwQAwlemAwQAwleoAwQAwlesMAwD
BADCV7EDBALCV7ADBADCV7sDBADCV74DBADCV8gDBADCV8oDBADCV8wDBADCV94D
BADCV/ADBADChxgDBADChy4DBADDOiQDBADDOjYDBAHDOjoDBAHDOj4DBADDhRYD
BADDhR4DBADDhSMDBADDhUoDBAHDhVQDBAHDhcIDBADUwAgDBADUwAoDBADUwN8D
BADUwPEDBADUwPQwDAMEANTA9wMEAtTA+DANBgkqhkiG9w0BAQsFAAOCAQEAN//p
/q6Z1hvXAbDuAkzbR4Y00M4DSeTKVdel+dzq0+TTTZhtr/LP5vNm6TSBGUcSzjd9
TmQ3pohJ/PFihczuXgrHLRXOQ0mbybJ13MpclUmt7gaidsHiCGG6yluqz5HTeP3l
r+vKHXfXG4ChAzFWRf1VL727EMIF8/dZsg8gCkmqznjdIM1G8stHdSEMPbH1fAa8
8X9DWtHhKODmrDizf2RspS4m0r4gSWYKEhNdVRmLatdT3QReqMu5WOrC0sG6Ckvw
O0SSlSUa7SHYBrwfi2rPhitrhDKcB4sN+TVpPj9LHDGrtRlDGw/4pxqfNKSzIFy0
2MTp+fChVioicrNAEQ==
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:04:40 2025 by rpki-client