Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xeiI2mpm5pGkNTckSMw5C8vZHH0.roa
File: xeiI2mpm5pGkNTckSMw5C8vZHH0.roa (raw, json)
Hash identifier: sgJ4W52wv9HkCtWX1KvY+tIrYOCPtkLhAircoBna9Pk=
Subject key identifier: C5:E8:88:DA:6A:66:E6:91:A4:35:37:24:48:CC:39:0B:CB:D9:1C:7D
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193914B969ACB218727119DD2F439F293A0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xeiI2mpm5pGkNTckSMw5C8vZHH0.roa
Signing time: Wed 04 Dec 2024 10:51:10 +0000
ROA not before: Wed 04 Dec 2024 10:51:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44477
IP address blocks: 62.76.231.0/24 maxlen: 24
62.76.235.0/24 maxlen: 24
193.124.3.0/24 maxlen: 24
193.124.6.0/24 maxlen: 24
193.124.8.0/24 maxlen: 24
193.124.91.0/24 maxlen: 24
193.124.94.0/24 maxlen: 24
193.124.133.0/24 maxlen: 24
193.124.226.0/24 maxlen: 24
194.58.43.0/24 maxlen: 24
194.58.58.0/24 maxlen: 24
194.58.60.0/24 maxlen: 24
194.58.67.0/24 maxlen: 24
194.87.6.0/24 maxlen: 24
194.87.7.0/24 maxlen: 24
194.87.16.0/24 maxlen: 24
194.87.34.0/24 maxlen: 24
194.87.42.0/24 maxlen: 24
194.87.63.0/24 maxlen: 24
194.87.78.0/24 maxlen: 24
194.87.116.0/24 maxlen: 24
194.87.117.0/24 maxlen: 24
194.87.120.0/24 maxlen: 24
194.87.121.0/24 maxlen: 24
194.87.160.0/24 maxlen: 24
194.87.163.0/24 maxlen: 24
194.87.176.0/24 maxlen: 24
194.87.177.0/24 maxlen: 24
194.87.180.0/24 maxlen: 24
194.87.181.0/24 maxlen: 24
194.87.182.0/24 maxlen: 24
194.135.23.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
195.58.55.0/24 maxlen: 24
195.58.56.0/24 maxlen: 24
195.58.59.0/24 maxlen: 24
195.58.62.0/24 maxlen: 24
195.133.12.0/24 maxlen: 24
195.133.19.0/24 maxlen: 24
195.133.58.0/24 maxlen: 24
195.133.80.0/24 maxlen: 24
195.133.82.0/24 maxlen: 24
195.133.195.0/24 maxlen: 24
212.192.0.0/24 maxlen: 24
212.192.7.0/24 maxlen: 24
212.192.10.0/24 maxlen: 24
212.192.30.0/24 maxlen: 24
212.192.210.0/24 maxlen: 24
212.192.211.0/24 maxlen: 24
212.193.10.0/24 maxlen: 24
212.193.15.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:91:4b:96:9a:cb:21:87:27:11:9d:d2:f4:39:f2:93:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 4 10:51:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c5e888da6a66e691a435372448cc390bcbd91c7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:66:cc:ee:be:4d:66:a0:8a:9a:aa:f2:09:33:
7f:b3:bb:f8:bc:11:a4:07:dc:24:e0:48:a3:fc:0f:
e1:3a:21:c2:65:6d:5e:8a:50:fc:46:b2:56:67:2c:
7a:a4:57:d0:b0:88:37:a8:26:cf:36:91:e4:d5:6b:
da:21:9c:17:02:a6:09:c3:d7:6f:3d:cc:b2:14:6f:
a1:70:d8:36:e5:1d:84:64:ca:f8:fb:7a:67:db:2f:
2f:67:88:f4:c7:93:44:4b:99:49:46:ee:0e:c3:2e:
bd:7f:55:20:dc:d7:94:18:cc:65:16:09:d6:59:3f:
5b:7c:df:a0:da:19:af:3d:ef:ef:cd:6e:e9:25:e9:
6a:6c:9f:7e:e5:c9:48:0c:87:ca:d5:f3:05:a2:77:
5a:df:38:e4:50:8e:0c:f3:01:c5:cd:74:37:6d:4a:
29:fa:6f:3a:30:44:24:e6:0a:d7:ce:30:3b:3f:6c:
5a:a4:f0:30:10:14:67:85:42:04:ac:a2:84:9b:a3:
67:a3:74:55:17:56:73:f8:40:8c:fe:0d:48:ef:32:
d2:f2:7b:8e:9e:17:09:1e:3c:47:f9:dc:60:c5:bc:
0e:7b:20:49:11:4b:f6:43:7a:16:bb:9f:19:b2:07:
3c:0a:c4:3c:98:a0:3f:8d:d6:8b:f8:8f:be:43:42:
69:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:E8:88:DA:6A:66:E6:91:A4:35:37:24:48:CC:39:0B:CB:D9:1C:7D
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xeiI2mpm5pGkNTckSMw5C8vZHH0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.231.0/24
62.76.235.0/24
193.124.3.0/24
193.124.6.0/24
193.124.8.0/24
193.124.91.0/24
193.124.94.0/24
193.124.133.0/24
193.124.226.0/24
194.58.43.0/24
194.58.58.0/24
194.58.60.0/24
194.58.67.0/24
194.87.6.0/23
194.87.16.0/24
194.87.34.0/24
194.87.42.0/24
194.87.63.0/24
194.87.78.0/24
194.87.116.0/23
194.87.120.0/23
194.87.160.0/24
194.87.163.0/24
194.87.176.0/23
194.87.180.0-194.87.182.255
194.135.23.0-194.135.24.255
195.58.55.0-195.58.56.255
195.58.59.0/24
195.58.62.0/24
195.133.12.0/24
195.133.19.0/24
195.133.58.0/24
195.133.80.0/24
195.133.82.0/24
195.133.195.0/24
212.192.0.0/24
212.192.7.0/24
212.192.10.0/24
212.192.30.0/24
212.192.210.0/23
212.193.10.0/24
212.193.15.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:3f:b6:a0:dd:e3:9d:6f:1d:c4:e1:dc:00:f0:c5:77:7c:9b:
7a:66:41:eb:e1:c7:e9:2a:d1:cb:10:fd:63:58:83:de:c6:0b:
b8:af:ad:cb:a5:d8:27:d6:94:4a:67:98:d6:12:c1:07:59:20:
2d:99:89:54:f0:35:da:3c:0a:10:ff:15:b5:d9:f0:f0:84:f8:
6a:56:b7:aa:00:94:8f:aa:d3:13:cf:e4:fd:1b:cb:ed:13:ae:
68:0e:0d:9d:82:4a:5f:41:75:13:4a:e3:86:01:60:59:20:f6:
5e:aa:0f:a5:58:17:4e:ae:d4:94:0f:b8:18:cf:20:08:82:7c:
31:ba:15:06:69:4d:48:22:de:f7:a1:d6:06:f7:6c:cf:e4:e3:
69:fa:cf:56:31:04:0a:8f:d0:28:a4:07:d1:1b:f3:8f:7f:19:
e3:1b:b4:97:6b:47:85:76:0a:f4:b8:f3:6d:30:03:23:34:96:
c6:54:ad:9b:bd:92:5d:b0:7c:fb:de:ee:80:df:c7:be:85:52:
96:8b:46:6d:ca:52:55:e5:1f:58:60:ba:24:d3:c5:be:50:a7:
89:33:a3:9d:b0:70:14:e8:55:f1:ec:fa:1c:e8:05:77:81:48:
ec:ed:59:0b:0d:d2:d6:72:77:8c:c4:ca:ba:44:07:d7:e7:c4:
93:eb:61:0f
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgISAZORS5aayyGHJxGd0vQ58pOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjA0MTA1MTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU4ODhkYTZhNjZlNjkxYTQzNTM3MjQ0OGNjMzkwYmNiZDkxYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mbM7r5NZqCKmqryCTN/s7v4vBGk
B9wk4Eij/A/hOiHCZW1eilD8RrJWZyx6pFfQsIg3qCbPNpHk1WvaIZwXAqYJw9dv
PcyyFG+hcNg25R2EZMr4+3pn2y8vZ4j0x5NES5lJRu4Owy69f1Ug3NeUGMxlFgnW
WT9bfN+g2hmvPe/vzW7pJelqbJ9+5clIDIfK1fMFonda3zjkUI4M8wHFzXQ3bUop
+m86MEQk5grXzjA7P2xapPAwEBRnhUIErKKEm6Nno3RVF1Zz+ECM/g1I7zLS8nuO
nhcJHjxH+dxgxbwOeyBJEUv2Q3oWu58Zsgc8CsQ8mKA/jdaL+I++Q0JpDwIDAQAB
o4IDITCCAx0wHQYDVR0OBBYEFMXoiNpqZuaRpDU3JEjMOQvL2Rx9MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveGVpSTJtcG01cEdrTlRja1NNdzVDOHZaSEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNQYIKwYBBQUHAQcBAf8EggEkMIIBIDCCARwEAgABMIIB
FAMEAD5M5wMEAD5M6wMEAMF8AwMEAMF8BgMEAMF8CAMEAMF8WwMEAMF8XgMEAMF8
hQMEAMF84gMEAMI6KwMEAMI6OgMEAMI6PAMEAMI6QwMEAcJXBgMEAMJXEAMEAMJX
IgMEAMJXKgMEAMJXPwMEAMJXTgMEAcJXdAMEAcJXeAMEAMJXoAMEAMJXowMEAcJX
sDAMAwQCwle0AwQAwle2MAwDBADChxcDBADChxgwDAMEAMM6NwMEAMM6OAMEAMM6
OwMEAMM6PgMEAMOFDAMEAMOFEwMEAMOFOgMEAMOFUAMEAMOFUgMEAMOFwwMEANTA
AAMEANTABwMEANTACgMEANTAHgMEAdTA0gMEANTBCgMEANTBDzANBgkqhkiG9w0B
AQsFAAOCAQEAaj+2oN3jnW8dxOHcAPDFd3ybemZB6+HH6SrRyxD9Y1iD3sYLuK+t
y6XYJ9aUSmeY1hLBB1kgLZmJVPA12jwKEP8Vtdnw8IT4ala3qgCUj6rTE8/k/RvL
7ROuaA4NnYJKX0F1E0rjhgFgWSD2XqoPpVgXTq7UlA+4GM8gCIJ8MboVBmlNSCLe
96HWBvdsz+TjafrPVjEECo/QKKQH0Rvzj38Z4xu0l2tHhXYK9LjzbTADIzSWxlSt
m72SXbB8+97ugN/HvoVSlotGbcpSVeUfWGC6JNPFvlCniTOjnbBwFOhV8ez6HOgF
d4FI7O1ZCw3S1nJ3jMTKukQH1+fEk+thDw==
-----END CERTIFICATE-----
Generated at Sun Jun 8 08:53:37 2025 by rpki-client