Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mNGAZQiyhA_RjHpsBJ04MhdcYYc.roa
File: mNGAZQiyhA_RjHpsBJ04MhdcYYc.roa (raw, json)
Hash identifier: UWCF5g7UCi+aCKJQkfJLWLq9C9wkpAbtQuztVXN365o=
Subject key identifier: 98:D1:80:65:08:B2:84:0F:D1:8C:7A:6C:04:9D:38:32:17:5C:61:87
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01939C12B37660A1E310E0DD9D981FD2AF24
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mNGAZQiyhA_RjHpsBJ04MhdcYYc.roa
Signing time: Fri 06 Dec 2024 13:04:51 +0000
ROA not before: Fri 06 Dec 2024 13:04:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 26383
IP address blocks: 62.76.234.0/24 maxlen: 24
62.76.239.0/24 maxlen: 24
185.72.8.0/24 maxlen: 24
192.124.176.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
193.124.22.0/24 maxlen: 24
193.124.41.0/24 maxlen: 24
193.124.46.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.58.34.0/24 maxlen: 24
194.58.38.0/24 maxlen: 24
194.58.39.0/24 maxlen: 24
194.58.40.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.58.45.0/24 maxlen: 24
194.58.46.0/24 maxlen: 24
194.58.59.0/24 maxlen: 24
194.58.66.0/24 maxlen: 24
194.58.68.0/24 maxlen: 24
194.87.10.0/24 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.30.0/24 maxlen: 24
194.87.39.0/24 maxlen: 24
194.87.47.0/24 maxlen: 24
194.87.58.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.198.0/24 maxlen: 24
194.87.227.0/24 maxlen: 24
194.87.230.0/24 maxlen: 24
194.87.245.0/24 maxlen: 24
195.133.67.0/24 maxlen: 24
195.133.92.0/24 maxlen: 24
212.192.12.0/24 maxlen: 24
212.192.13.0/24 maxlen: 24
212.192.15.0/24 maxlen: 24
212.192.215.0/24 maxlen: 24
212.192.221.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
212.193.1.0/24 maxlen: 24
212.193.2.0/24 maxlen: 24
212.193.6.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:9c:12:b3:76:60:a1:e3:10:e0:dd:9d:98:1f:d2:af:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 6 13:04:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=98d1806508b2840fd18c7a6c049d3832175c6187
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:d4:84:5b:7a:cc:d1:b4:ec:71:1b:d0:c1:4e:
65:58:87:2c:97:f8:42:8d:c4:fd:8d:b1:f8:9f:9f:
89:21:d9:27:ec:d8:ef:fb:f3:a2:e6:b4:01:b5:50:
f8:fb:a6:39:c2:a6:37:36:8a:d3:17:98:03:20:ef:
3a:db:cf:92:5b:5a:ae:11:2e:15:18:f2:f7:b2:56:
55:14:f3:04:e0:32:79:bc:23:b7:34:0e:9e:0a:d1:
9b:3e:a5:46:da:43:28:f2:bb:f8:da:90:0b:6b:89:
3c:e3:11:73:98:de:11:43:a2:8f:a3:53:fd:a9:a8:
d9:ed:82:7b:d1:f4:ba:a1:af:04:f0:b8:1a:fb:d8:
c4:c2:84:43:c1:e0:72:2e:4d:df:37:1c:10:1b:41:
e5:d1:c2:42:be:76:b4:9b:75:31:69:f6:18:37:29:
fb:4c:f2:09:2e:2a:4c:d6:00:55:39:96:41:5f:bf:
7b:7d:7e:9f:9c:e4:05:38:91:23:b3:11:da:bd:f6:
44:03:18:c8:e9:0f:ea:3d:c5:7f:07:34:92:50:81:
bb:dd:1b:46:31:59:ef:53:3b:d4:1a:ca:4f:e2:73:
47:59:30:64:9b:16:f6:f0:b9:50:e7:88:ad:e9:d9:
9c:ef:4b:3d:2f:7d:b2:5e:4c:ca:e3:44:7e:e9:e2:
96:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:D1:80:65:08:B2:84:0F:D1:8C:7A:6C:04:9D:38:32:17:5C:61:87
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mNGAZQiyhA_RjHpsBJ04MhdcYYc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.234.0/24
62.76.239.0/24
185.72.8.0/24
192.124.176.0/24
192.124.209.0/24
193.124.22.0/24
193.124.41.0/24
193.124.46.0/24
193.124.49.0/24
194.58.34.0/24
194.58.38.0-194.58.40.255
194.58.44.0-194.58.46.255
194.58.59.0/24
194.58.66.0/24
194.58.68.0/24
194.87.10.0/24
194.87.18.0/24
194.87.30.0/24
194.87.39.0/24
194.87.47.0/24
194.87.58.0/24
194.87.82.0/24
194.87.178.0/24
194.87.198.0/24
194.87.227.0/24
194.87.230.0/24
194.87.245.0/24
195.133.67.0/24
195.133.92.0/24
212.192.12.0/23
212.192.15.0/24
212.192.215.0/24
212.192.221.0/24
212.192.223.0/24
212.193.1.0-212.193.2.255
212.193.6.0/24
Signature Algorithm: sha256WithRSAEncryption
29:ec:08:54:3b:02:84:c2:fb:9a:e7:e9:a3:d2:ad:69:fd:0c:
12:9d:1f:ad:fd:b2:c2:f8:04:0e:a4:e0:29:e9:ea:75:3c:ae:
77:cc:4b:a4:61:33:6f:44:ab:16:c2:fc:69:74:31:3c:42:c6:
63:e9:a1:27:0e:9e:43:ba:5e:62:8d:f6:d0:da:59:ea:b9:30:
a4:ed:40:bd:9f:6f:34:00:16:26:6a:a0:ff:83:46:cd:80:d3:
8f:0f:81:26:c0:a3:f1:8b:f2:dd:cb:74:11:f6:c1:a2:66:3c:
10:6e:fa:f0:c3:65:aa:b3:da:19:6f:27:1e:15:d5:fc:03:5b:
11:24:c9:43:a2:1b:cd:bc:8e:7f:4a:f6:e2:b2:aa:33:6d:51:
70:ff:c6:3e:5a:f4:31:38:5c:60:f2:2a:17:bb:98:70:51:c6:
12:b2:be:c8:be:39:9c:fe:2a:2b:40:d6:39:11:3d:c4:ca:cb:
65:78:d7:5a:7d:04:a2:2d:8c:cc:ec:a7:78:b3:7f:27:cb:d2:
dd:f8:38:be:f9:23:dd:2a:fe:be:7b:d8:9d:26:ae:2b:c8:49:
83:e3:7e:99:82:7f:41:fc:8f:d7:c2:28:bb:88:46:cb:9a:36:
01:bd:f3:43:2f:71:17:81:15:3c:97:4b:12:92:58:2d:55:4e:
b7:f0:28:9d
-----BEGIN CERTIFICATE-----
MIIF7TCCBNWgAwIBAgISAZOcErN2YKHjEODdnZgf0q8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjA2MTMwNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQxODA2NTA4YjI4NDBmZDE4YzdhNmMwNDlkMzgzMjE3NWM2MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNSEW3rM0bTscRvQwU5lWIcsl/hC
jcT9jbH4n5+JIdkn7Njv+/Oi5rQBtVD4+6Y5wqY3NorTF5gDIO8628+SW1quES4V
GPL3slZVFPME4DJ5vCO3NA6eCtGbPqVG2kMo8rv42pALa4k84xFzmN4RQ6KPo1P9
qajZ7YJ70fS6oa8E8Lga+9jEwoRDweByLk3fNxwQG0Hl0cJCvna0m3UxafYYNyn7
TPIJLipM1gBVOZZBX797fX6fnOQFOJEjsxHavfZEAxjI6Q/qPcV/BzSSUIG73RtG
MVnvUzvUGspP4nNHWTBkmxb28LlQ54it6dmc70s9L32yXkzK40R+6eKWzQIDAQAB
o4IC+TCCAvUwHQYDVR0OBBYEFJjRgGUIsoQP0Yx6bASdODIXXGGHMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbU5HQVpRaXloQV9Sakhwc0JKMDRNaGRjWVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBDQYIKwYBBQUHAQcBAf8Egf0wgfowgfcEAgABMIHwAwQA
PkzqAwQAPkzvAwQAuUgIAwQAwHywAwQAwHzRAwQAwXwWAwQAwXwpAwQAwXwuAwQA
wXwxAwQAwjoiMAwDBAHCOiYDBADCOigwDAMEAsI6LAMEAMI6LgMEAMI6OwMEAMI6
QgMEAMI6RAMEAMJXCgMEAMJXEgMEAMJXHgMEAMJXJwMEAMJXLwMEAMJXOgMEAMJX
UgMEAMJXsgMEAMJXxgMEAMJX4wMEAMJX5gMEAMJX9QMEAMOFQwMEAMOFXAMEAdTA
DAMEANTADwMEANTA1wMEANTA3QMEANTA3zAMAwQA1MEBAwQA1MECAwQA1MEGMA0G
CSqGSIb3DQEBCwUAA4IBAQAp7AhUOwKEwvua5+mj0q1p/QwSnR+t/bLC+AQOpOAp
6ep1PK53zEukYTNvRKsWwvxpdDE8QsZj6aEnDp5Dul5ijfbQ2lnquTCk7UC9n280
ABYmaqD/g0bNgNOPD4EmwKPxi/Ldy3QR9sGiZjwQbvrww2Wqs9oZbyceFdX8A1sR
JMlDohvNvI5/SvbisqozbVFw/8Y+WvQxOFxg8ioXu5hwUcYSsr7Ivjmc/iorQNY5
ET3EystleNdafQSiLYzM7Kd4s38ny9Ld+Di++SPdKv6+e9idJq4ryEmD436Zgn9B
/I/Xwii7iEbLmjYBvfNDL3EXgRU8l0sSklgtVU638Cid
-----END CERTIFICATE-----
Generated at Sat Apr 19 15:24:43 2025 by rpki-client