Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Kq_GknTa69Vc86EughUXS4OAZuQ.roa
File: Kq_GknTa69Vc86EughUXS4OAZuQ.roa (raw, json)
Hash identifier: 0U3/5d5cH7CW53WYOkSG2XIftsXeDX8zr5BpUjcmpQ4=
Subject key identifier: 2A:AF:C6:92:74:DA:EB:D5:5C:F3:A1:2E:82:15:17:4B:83:80:66:E4
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0195D1C80FBDEB3CA22F065979CE88D768A2
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Kq_GknTa69Vc86EughUXS4OAZuQ.roa
Signing time: Wed 26 Mar 2025 09:28:24 +0000
ROA not before: Wed 26 Mar 2025 09:28:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206576
IP address blocks: 5.181.72.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
83.150.252.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
2a0d:7680::/29 maxlen: 48
2a0d:bf80::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d1:c8:0f:bd:eb:3c:a2:2f:06:59:79:ce:88:d7:68:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Mar 26 09:28:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2aafc69274daebd55cf3a12e8215174b838066e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a0:c2:3a:cc:4c:99:11:1c:af:3f:2e:7b:6d:
32:67:ea:b1:c0:63:5a:81:f0:42:9b:56:25:8f:f0:
b7:95:d2:25:ca:63:ff:b7:09:12:e9:f1:0b:98:2a:
6f:aa:9a:c4:d2:73:15:1c:e4:7f:08:df:d0:18:e2:
d8:bd:02:32:a7:3e:e0:ff:5f:ab:05:9b:91:d0:07:
1b:83:8d:70:a5:ce:a0:62:f1:09:a9:41:26:db:3f:
c0:25:31:46:02:96:36:aa:63:3d:a2:4f:b1:cb:4f:
17:f4:95:37:c7:d9:7f:6a:ba:72:5e:dc:a8:a8:b4:
a0:c7:c7:19:57:61:a0:30:78:51:19:71:ee:f7:8d:
3b:a3:00:6d:6e:13:b5:f3:4d:87:da:f6:c3:66:cf:
b6:90:bb:1f:f9:6c:0b:b2:90:e0:9f:60:d6:fd:cb:
86:55:53:ad:7d:63:99:3e:ec:09:c8:c3:bf:0d:a4:
4e:b0:8a:6f:90:73:0b:5a:a2:70:9f:2e:f4:cd:b7:
33:28:b4:56:2b:e9:50:8e:a6:cb:00:0c:1a:a6:03:
f3:b8:21:a2:e7:cd:5d:1c:8f:a2:5e:e7:dd:f3:83:
ff:9a:09:26:b0:9a:50:7f:5a:5d:96:cc:43:78:e4:
bd:77:5f:2a:2f:51:7c:88:5e:9e:7b:f4:b2:4c:9a:
43:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:AF:C6:92:74:DA:EB:D5:5C:F3:A1:2E:82:15:17:4B:83:80:66:E4
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Kq_GknTa69Vc86EughUXS4OAZuQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.72.0/22
45.137.44.0/22
83.150.252.0/22
185.90.0.0/22
185.182.200.0/23
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/24
185.248.254.0/24
IPv6:
2a0d:7680::/29
2a0d:bf80::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
1e:eb:37:8c:ba:ed:12:64:ad:fe:30:8d:f4:56:b0:5c:d7:21:
42:ed:54:8e:40:2b:c6:fd:fe:65:e3:6f:6a:00:7d:84:18:44:
3d:41:bf:9f:be:37:ca:1c:d3:44:b6:31:8c:50:89:89:bf:38:
3e:26:f7:03:e2:71:8f:d4:f8:c8:8c:0d:03:97:cb:7a:e5:d9:
f7:96:b7:9f:a9:12:fe:65:e0:9e:81:55:7e:69:b0:6f:3e:e6:
eb:ee:61:f9:84:e2:77:8e:fb:53:30:45:e2:39:06:c0:5c:36:
db:b9:04:f1:36:19:de:f4:11:b3:b4:2d:98:5b:1d:d2:09:66:
a5:f1:3f:31:bc:c1:77:68:92:28:8d:24:4a:ca:d9:83:7b:f1:
ba:ac:92:ac:43:a0:45:49:d9:f5:d1:4b:72:09:19:51:7a:03:
4f:61:77:0b:08:15:46:41:b1:24:9a:37:ef:c6:ab:b2:e7:34:
de:6e:95:35:92:2d:c0:03:63:5c:3d:06:de:20:a3:a7:ff:52:
02:c2:5e:92:c4:c4:d2:c4:1c:c6:ce:8e:10:be:30:73:87:3b:
45:12:15:55:fe:62:17:e6:0a:dc:09:99:66:11:54:c1:d5:d9:
4b:fa:2c:e1:9d:26:e7:8e:b3:fd:f3:58:22:87:ff:7e:53:5f:
f0:69:c7:c9
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZXRyA+96zyiLwZZec6I12iiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMzI2MDkyODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWFmYzY5Mjc0ZGFlYmQ1NWNmM2ExMmU4MjE1MTc0YjgzODA2NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqDCOsxMmREcrz8ue20yZ+qxwGNa
gfBCm1Ylj/C3ldIlymP/twkS6fELmCpvqprE0nMVHOR/CN/QGOLYvQIypz7g/1+r
BZuR0Acbg41wpc6gYvEJqUEm2z/AJTFGApY2qmM9ok+xy08X9JU3x9l/arpyXtyo
qLSgx8cZV2GgMHhRGXHu9407owBtbhO1802H2vbDZs+2kLsf+WwLspDgn2DW/cuG
VVOtfWOZPuwJyMO/DaROsIpvkHMLWqJwny70zbczKLRWK+lQjqbLAAwapgPzuCGi
581dHI+iXufd84P/mgkmsJpQf1pdlsxDeOS9d18qL1F8iF6ee/SyTJpDdQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFCqvxpJ02uvVXPOhLoIVF0uDgGbkMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvS3FfR2tuVGE2OVZjODZFdWdoVVhTNE9BWnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBCBAIAATA8AwQCBbVIAwQC
LYksAwQCU5b8AwQCuVoAAwQBubbIAwQCueUEAwQCufaEAwQCuffIAwQAufj8AwQA
ufj+MBsEAgACMBUDBQMqDXaAAwUDKg2/gAMFAyoOocAwDQYJKoZIhvcNAQELBQAD
ggEBAB7rN4y67RJkrf4wjfRWsFzXIULtVI5AK8b9/mXjb2oAfYQYRD1Bv5++N8oc
00S2MYxQiYm/OD4m9wPicY/U+MiMDQOXy3rl2feWt5+pEv5l4J6BVX5psG8+5uvu
YfmE4neO+1MwReI5BsBcNtu5BPE2Gd70EbO0LZhbHdIJZqXxPzG8wXdokiiNJErK
2YN78bqskqxDoEVJ2fXRS3IJGVF6A09hdwsIFUZBsSSaN+/Gq7LnNN5ulTWSLcAD
Y1w9Bt4go6f/UgLCXpLExNLEHMbOjhC+MHOHO0USFVX+YhfmCtwJmWYRVMHV2Uv6
LOGdJueOs/3zWCKH/35TX/Bpx8k=
-----END CERTIFICATE-----
Generated at Tue Apr 22 18:49:26 2025 by rpki-client