Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l5jbh_GEyEtXcdULZDsU4S6rZ7o.roa
File: l5jbh_GEyEtXcdULZDsU4S6rZ7o.roa (raw, json)
Hash identifier: yPWkCUPvAwp/3Yk86aqvWru2dmt7IISx8M/k3JajDqA=
Subject key identifier: 97:98:DB:87:F1:84:C8:4B:57:71:D5:0B:64:3B:14:E1:2E:AB:67:BA
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0190A6CD5A9BE2E056753D37C6B24D009E9D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l5jbh_GEyEtXcdULZDsU4S6rZ7o.roa
Signing time: Fri 12 Jul 2024 11:56:34 +0000
ROA not before: Fri 12 Jul 2024 11:56:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 62.76.233.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
193.124.17.0/24 maxlen: 24
193.124.36.0/24 maxlen: 24
193.124.44.0/24 maxlen: 24
193.124.47.0/24 maxlen: 24
193.124.204.0/24 maxlen: 24
194.58.41.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.58.56.0/23 maxlen: 23
194.58.66.0/24 maxlen: 24
194.58.154.0/24 maxlen: 24
194.58.223.0/24 maxlen: 24
194.87.44.0/24 maxlen: 24
194.87.49.0/24 maxlen: 24
194.87.51.0/24 maxlen: 24
194.87.52.0/24 maxlen: 24
194.87.54.0/24 maxlen: 24
194.87.55.0/24 maxlen: 24
194.87.83.0/24 maxlen: 24
194.87.84.0/24 maxlen: 24
194.87.104.0/24 maxlen: 24
194.87.115.0/24 maxlen: 24
194.87.128.0/24 maxlen: 24
194.87.130.0/24 maxlen: 24
194.87.133.0/24 maxlen: 24
194.87.138.0/24 maxlen: 24
194.87.140.0/24 maxlen: 24
194.87.143.0/24 maxlen: 24
194.87.151.0/24 maxlen: 24
194.87.161.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.187.0/24 maxlen: 24
194.87.190.0/24 maxlen: 24
194.87.200.0/24 maxlen: 24
194.87.202.0/24 maxlen: 24
194.87.208.0/24 maxlen: 24
194.87.215.0/24 maxlen: 24
194.87.220.0/24 maxlen: 24
194.87.221.0/24 maxlen: 24
194.87.226.0/24 maxlen: 24
194.87.233.0/24 maxlen: 24
194.87.250.0/24 maxlen: 24
194.135.38.0/24 maxlen: 24
194.135.105.0/24 maxlen: 24
195.58.34.0/24 maxlen: 24
195.58.36.0/24 maxlen: 24
195.58.37.0/24 maxlen: 24
195.58.38.0/24 maxlen: 24
195.58.63.0/24 maxlen: 24
195.133.8.0/24 maxlen: 24
195.133.9.0/24 maxlen: 24
195.133.15.0/24 maxlen: 24
195.133.18.0/24 maxlen: 24
195.133.21.0/24 maxlen: 24
195.133.25.0/24 maxlen: 24
195.133.27.0/24 maxlen: 24
195.133.39.0/24 maxlen: 24
195.133.50.0/23 maxlen: 23
195.133.63.0/24 maxlen: 24
195.133.73.0/24 maxlen: 24
195.133.81.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
195.133.194.0/24 maxlen: 24
212.192.1.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
212.192.246.0/24 maxlen: 24
212.192.248.0/24 maxlen: 24
212.193.1.0/24 maxlen: 24
212.193.5.0/24 maxlen: 24
212.193.24.0/24 maxlen: 24
212.193.30.0/24 maxlen: 24
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:a6:cd:5a:9b:e2:e0:56:75:3d:37:c6:b2:4d:00:9e:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 12 11:56:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9798db87f184c84b5771d50b643b14e12eab67ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:ab:e0:25:8a:b4:41:9d:fe:d1:92:27:c2:75:
1a:c8:e8:08:1f:1b:7d:97:6c:b9:1d:d0:42:b4:1f:
53:2b:6a:c9:e8:78:09:a5:3d:d2:03:04:bd:ad:ec:
f6:80:a7:fe:40:0b:c7:e4:16:06:95:93:d6:5e:05:
bd:ad:62:cc:8b:74:f9:ca:40:f7:70:ab:7c:e8:ab:
11:19:a8:28:b9:b5:e3:8a:b5:d5:b2:bd:e3:d1:13:
00:54:dc:9b:26:05:8b:7a:39:61:95:a3:c1:b8:16:
78:e6:01:22:55:90:76:d1:12:b6:65:98:e3:a4:5f:
ca:8d:ae:a0:cf:ef:8a:a6:a2:05:33:5a:94:9b:cf:
82:50:14:7a:50:13:8a:e8:f0:63:16:c5:4f:0f:16:
c0:2c:79:9a:fd:83:f2:cb:f1:44:87:23:52:13:bf:
3b:11:24:9d:d2:9b:7d:36:74:ab:14:8b:d0:b9:a6:
0f:b4:7a:61:11:26:ca:19:40:5b:f4:dd:bb:df:ae:
1f:9c:96:7b:2d:54:bd:7e:c6:f4:d2:f1:3a:9a:1e:
d1:21:f6:a8:79:01:bf:4a:75:4b:61:41:1c:ce:e0:
31:e7:5e:db:41:53:58:71:cc:ee:9d:47:c9:6e:1b:
a6:a9:53:55:45:13:73:25:fe:98:a8:dd:93:86:cc:
c6:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:98:DB:87:F1:84:C8:4B:57:71:D5:0B:64:3B:14:E1:2E:AB:67:BA
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l5jbh_GEyEtXcdULZDsU4S6rZ7o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.233.0/24
192.124.209.0/24
193.124.17.0/24
193.124.36.0/24
193.124.44.0/24
193.124.47.0/24
193.124.204.0/24
194.58.41.0/24
194.58.44.0/24
194.58.56.0/23
194.58.66.0/24
194.58.154.0/24
194.58.223.0/24
194.87.44.0/24
194.87.49.0/24
194.87.51.0-194.87.52.255
194.87.54.0/23
194.87.83.0-194.87.84.255
194.87.104.0/24
194.87.115.0/24
194.87.128.0/24
194.87.130.0/24
194.87.133.0/24
194.87.138.0/24
194.87.140.0/24
194.87.143.0/24
194.87.151.0/24
194.87.161.0/24
194.87.169.0/24
194.87.187.0/24
194.87.190.0/24
194.87.200.0/24
194.87.202.0/24
194.87.208.0/24
194.87.215.0/24
194.87.220.0/23
194.87.226.0/24
194.87.233.0/24
194.87.250.0/24
194.135.38.0/24
194.135.105.0/24
195.58.34.0/24
195.58.36.0-195.58.38.255
195.58.63.0/24
195.133.8.0/23
195.133.15.0/24
195.133.18.0/24
195.133.21.0/24
195.133.25.0/24
195.133.27.0/24
195.133.39.0/24
195.133.50.0/23
195.133.63.0/24
195.133.73.0/24
195.133.81.0/24
195.133.92.0/23
195.133.194.0/24
212.192.1.0/24
212.192.214.0/24
212.192.223.0/24
212.192.246.0/24
212.192.248.0/24
212.193.1.0/24
212.193.5.0/24
212.193.24.0/24
212.193.30.0/24
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
56:51:6e:d3:08:09:9b:a2:ec:1f:77:ed:0c:2f:1c:cb:16:18:
53:d1:62:50:a8:fb:83:12:98:41:26:c0:6c:4d:01:86:d2:ff:
d6:70:53:5d:8c:f3:95:85:1d:08:ad:a1:3a:77:48:c8:5d:16:
85:42:eb:f8:95:5a:61:75:62:a4:63:31:dc:8c:f0:4e:af:b0:
e0:5b:77:43:8c:85:ba:2c:bd:4b:d1:7a:e6:8a:c6:78:d9:f4:
2a:77:22:fc:d1:fc:d3:7a:37:76:27:bf:03:1a:77:99:7c:45:
a9:05:56:16:43:b7:02:d4:41:cb:b8:e7:45:20:15:ae:6c:07:
ed:27:28:9c:bd:34:47:a1:72:9a:42:2a:93:e8:62:64:be:4e:
4f:3e:12:bc:cd:f2:65:56:da:6d:05:55:62:75:17:42:7d:49:
09:9e:82:24:df:6e:df:f1:1d:24:ce:aa:2b:8c:b8:f4:e1:0f:
4a:44:5e:3c:da:02:e0:a0:08:e5:cc:63:c3:06:e2:cb:ca:d2:
c8:f7:7a:d1:10:0d:26:82:73:21:ee:7f:39:f2:88:0f:86:53:
b6:46:84:9f:cf:21:d5:9c:95:6e:a6:fc:76:6c:01:70:fe:5d:
b5:5b:6b:f7:57:a6:d7:66:41:a0:eb:15:69:6a:61:26:87:16:
78:02:bc:fa
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgISAZCmzVqb4uBWdT03xrJNAJ6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzEyMTE1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzk4ZGI4N2YxODRjODRiNTc3MWQ1MGI2NDNiMTRlMTJlYWI2N2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqvgJYq0QZ3+0ZInwnUayOgIHxt9
l2y5HdBCtB9TK2rJ6HgJpT3SAwS9rez2gKf+QAvH5BYGlZPWXgW9rWLMi3T5ykD3
cKt86KsRGagoubXjirXVsr3j0RMAVNybJgWLejlhlaPBuBZ45gEiVZB20RK2ZZjj
pF/Kja6gz++KpqIFM1qUm8+CUBR6UBOK6PBjFsVPDxbALHma/YPyy/FEhyNSE787
ESSd0pt9NnSrFIvQuaYPtHphESbKGUBb9N27364fnJZ7LVS9fsb00vE6mh7RIfao
eQG/SnVLYUEczuAx517bQVNYcczunUfJbhumqVNVRRNzJf6YqN2ThszGxQIDAQAB
o4IDxzCCA8MwHQYDVR0OBBYEFJeY24fxhMhLV3HVC2Q7FOEuq2e6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbDVqYmhfR0V5RXRYY2RVTFpEc1U0UzZyWjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB2wYIKwYBBQUHAQcBAf8EggHKMIIBxjCCAawEAgABMIIB
pAMEAD5M6QMEAMB80QMEAMF8EQMEAMF8JAMEAMF8LAMEAMF8LwMEAMF8zAMEAMI6
KQMEAMI6LAMEAcI6OAMEAMI6QgMEAMI6mgMEAMI63wMEAMJXLAMEAMJXMTAMAwQA
wlczAwQAwlc0AwQBwlc2MAwDBADCV1MDBADCV1QDBADCV2gDBADCV3MDBADCV4AD
BADCV4IDBADCV4UDBADCV4oDBADCV4wDBADCV48DBADCV5cDBADCV6EDBADCV6kD
BADCV7sDBADCV74DBADCV8gDBADCV8oDBADCV9ADBADCV9cDBAHCV9wDBADCV+ID
BADCV+kDBADCV/oDBADChyYDBADCh2kDBADDOiIwDAMEAsM6JAMEAMM6JgMEAMM6
PwMEAcOFCAMEAMOFDwMEAMOFEgMEAMOFFQMEAMOFGQMEAMOFGwMEAMOFJwMEAcOF
MgMEAMOFPwMEAMOFSQMEAMOFUQMEAcOFXAMEAMOFwgMEANTAAQMEANTA1gMEANTA
3wMEANTA9gMEANTA+AMEANTBAQMEANTBBQMEANTBGAMEANTBHjAUBAIAAjAOAwUD
KgFXwAMFAyoM/0AwDQYJKoZIhvcNAQELBQADggEBAFZRbtMICZui7B937QwvHMsW
GFPRYlCo+4MSmEEmwGxNAYbS/9ZwU12M85WFHQitoTp3SMhdFoVC6/iVWmF1YqRj
MdyM8E6vsOBbd0OMhbosvUvReuaKxnjZ9Cp3IvzR/NN6N3YnvwMad5l8RakFVhZD
twLUQcu450UgFa5sB+0nKJy9NEehcppCKpPoYmS+Tk8+ErzN8mVW2m0FVWJ1F0J9
SQmegiTfbt/xHSTOqiuMuPThD0pEXjzaAuCgCOXMY8MG4svK0sj3etEQDSaCcyHu
fznyiA+GU7ZGhJ/PIdWclW6m/HZsAXD+XbVba/dXptdmQaDrFWlqYSaHFngCvPo=
-----END CERTIFICATE-----
Generated at Mon Apr 21 04:16:14 2025 by rpki-client