Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/GN8y3Q_a6stf6aQIciFyWgDLDVs.roa
File: GN8y3Q_a6stf6aQIciFyWgDLDVs.roa (raw, json)
Hash identifier: a91NtdCZG8YpkoZySt5t9KmaPdiSAefwQ7sPdGfnqTM=
Subject key identifier: 18:DF:32:DD:0F:DA:EA:CB:5F:E9:A4:08:72:21:72:5A:00:CB:0D:5B
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 01948E73E1515BEC0EF9D3D283ADF90AD2A0
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/GN8y3Q_a6stf6aQIciFyWgDLDVs.roa
Signing time: Wed 22 Jan 2025 14:39:06 +0000
ROA not before: Wed 22 Jan 2025 14:39:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8399
IP address blocks: 37.97.64.0/19 maxlen: 19
37.97.69.0/24 maxlen: 24
37.97.70.0/24 maxlen: 24
37.97.80.0/23 maxlen: 23
37.97.96.0/20 maxlen: 20
37.139.120.0/21 maxlen: 21
65.39.64.0/19 maxlen: 19
80.251.96.0/20 maxlen: 20
81.93.0.0/19 maxlen: 19
88.213.224.0/19 maxlen: 19
109.235.232.0/21 maxlen: 21
109.235.232.0/24 maxlen: 24
109.235.233.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
157.143.128.0/17 maxlen: 17
178.157.16.0/20 maxlen: 20
178.157.32.0/20 maxlen: 20
178.174.96.0/20 maxlen: 23
178.255.160.0/21 maxlen: 21
185.6.92.0/22 maxlen: 22
185.8.252.0/22 maxlen: 22
185.24.140.0/22 maxlen: 22
185.32.208.0/22 maxlen: 22
185.42.176.0/22 maxlen: 22
185.65.248.0/22 maxlen: 22
185.76.216.0/22 maxlen: 22
185.218.208.0/22 maxlen: 22
185.249.20.0/22 maxlen: 22
195.135.0.0/17 maxlen: 17
195.135.0.0/18 maxlen: 18
195.135.12.0/23 maxlen: 23
195.135.48.0/20 maxlen: 20
195.135.48.0/24 maxlen: 24
217.74.96.0/20 maxlen: 20
217.181.128.0/17 maxlen: 17
2a02:6e8::/32 maxlen: 32
2a02:c440::/29 maxlen: 29
2a05:5cc0::/29 maxlen: 29
2a0b:e3c0::/29 maxlen: 29
2a0c:600::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8e:73:e1:51:5b:ec:0e:f9:d3:d2:83:ad:f9:0a:d2:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Jan 22 14:39:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=18df32dd0fdaeacb5fe9a4087221725a00cb0d5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:4c:86:fe:dd:fe:ac:18:78:af:44:8c:0f:93:
fa:bd:5b:3b:3a:5b:d9:2d:c3:24:da:70:e3:42:db:
7e:e8:7a:22:24:2c:a9:34:03:cc:f2:a4:46:b9:81:
86:f4:c2:18:e1:3c:21:15:c4:52:0b:f7:c8:1b:4a:
63:cd:3e:5a:38:ce:d0:9d:82:0d:ca:2a:d7:eb:b5:
9c:84:3e:26:75:35:d0:83:e0:c2:c1:ec:0a:c0:62:
a8:0d:fb:36:77:90:e0:ed:fa:ea:9f:37:75:a7:3c:
62:23:f0:23:ec:00:2f:00:32:4f:64:3d:81:f5:fc:
8d:6b:fa:4e:cb:fb:71:d2:b4:fe:c5:64:68:35:f8:
d5:a7:39:47:14:5f:a1:ee:f2:53:f7:ae:aa:33:05:
3d:cf:c4:42:0a:9b:c6:53:0a:6f:e1:f1:af:05:24:
46:5b:0b:f1:d8:22:8a:f9:de:8e:a2:22:36:e8:fc:
62:85:84:e0:3b:80:04:89:56:97:4a:4d:a7:f8:3e:
b0:25:b1:25:f4:49:0f:e8:b8:f9:21:ac:54:d0:b7:
a3:3d:56:2d:ac:97:7a:73:1f:e7:3f:20:a3:ef:be:
6c:72:ea:17:a2:03:35:3d:b3:5d:be:f8:ac:e8:59:
bb:a5:b6:56:c4:02:e3:fc:fb:ab:e8:04:b8:42:99:
3b:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:DF:32:DD:0F:DA:EA:CB:5F:E9:A4:08:72:21:72:5A:00:CB:0D:5B
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/GN8y3Q_a6stf6aQIciFyWgDLDVs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.64.0-37.97.111.255
37.139.120.0/21
65.39.64.0/19
80.251.96.0/20
81.93.0.0/19
88.213.224.0/19
109.235.232.0/21
157.143.128.0/17
178.157.16.0-178.157.47.255
178.174.96.0/20
178.255.160.0/21
185.6.92.0/22
185.8.252.0/22
185.24.140.0/22
185.32.208.0/22
185.42.176.0/22
185.65.248.0/22
185.76.216.0/22
185.218.208.0/22
185.249.20.0/22
195.135.0.0/17
217.74.96.0/20
217.181.128.0/17
IPv6:
2a02:6e8::/32
2a02:c440::/29
2a05:5cc0::/29
2a0b:e3c0::/29
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
9f:77:6e:1f:81:c2:8e:08:b9:68:82:9a:ef:ac:33:fa:90:c8:
07:8c:e4:b1:d7:6e:ff:54:f2:6e:94:15:6d:43:a6:b8:1b:6e:
70:8c:58:ad:66:43:c9:4e:a1:a8:20:cc:b5:0c:0a:48:af:aa:
52:b2:7f:b3:1f:1b:5f:dd:bd:6d:cd:74:93:ee:37:28:41:86:
25:50:19:73:89:73:10:71:02:b8:70:83:9e:15:41:77:58:bd:
f1:39:c7:9d:d5:8c:d1:5d:67:4b:ff:8c:da:37:e0:c7:f9:10:
39:d4:04:95:6d:cc:5e:f9:02:60:45:be:1f:80:90:e9:4d:a3:
d8:39:e1:52:52:70:91:ea:75:e6:57:e7:87:ef:c8:10:89:4e:
8e:d4:ff:3e:a4:9a:b0:4a:78:48:39:6f:05:4d:d9:92:28:55:
bc:93:30:6f:6c:be:02:b7:7a:b6:5d:db:7e:b2:e2:57:b8:db:
22:50:e3:fa:73:cb:b7:f8:dd:f9:b2:29:f7:cd:d4:87:03:b1:
c1:f7:64:b7:1e:11:d9:29:89:35:9b:ae:dc:52:25:e6:b6:3d:
8f:d6:aa:e0:5b:df:fc:19:62:28:15:a3:bf:da:6f:fe:85:94:
b0:67:2a:f3:98:72:38:0d:e0:08:b3:b7:59:78:23:be:a4:66:
96:3e:d0:a7
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAZSOc+FRW+wO+dPSg635CtKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMTIyMTQzOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRmMzJkZDBmZGFlYWNiNWZlOWE0MDg3MjIxNzI1YTAwY2IwZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UyG/t3+rBh4r0SMD5P6vVs7OlvZ
LcMk2nDjQtt+6HoiJCypNAPM8qRGuYGG9MIY4TwhFcRSC/fIG0pjzT5aOM7QnYIN
yirX67WchD4mdTXQg+DCwewKwGKoDfs2d5Dg7frqnzd1pzxiI/Aj7AAvADJPZD2B
9fyNa/pOy/tx0rT+xWRoNfjVpzlHFF+h7vJT966qMwU9z8RCCpvGUwpv4fGvBSRG
Wwvx2CKK+d6OoiI26PxihYTgO4AEiVaXSk2n+D6wJbEl9EkP6Lj5IaxU0LejPVYt
rJd6cx/nPyCj775scuoXogM1PbNdvvis6Fm7pbZWxALj/Pur6AS4Qpk7sQIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFBjfMt0P2urLX+mkCHIhcloAyw1bMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvR044eTNRX2E2c3RmNmFRSWNpRnlXZ0RMRFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHiBggrBgEFBQcBBwEB/wSB0jCBzzCBoQQCAAEwgZowDAME
BiVhQAMEBCVhYAMEAyWLeAMEBUEnQAMEBFD7YAMEBVFdAAMEBVjV4AMEA23r6AME
B52PgDAMAwQEsp0QAwQEsp0gAwQEsq5gAwQDsv+gAwQCuQZcAwQCuQj8AwQCuRiM
AwQCuSDQAwQCuSqwAwQCuUH4AwQCuUzYAwQCudrQAwQCufkUAwQHw4cAAwQE2Upg
AwQH2bWAMCkEAgACMCMDBQAqAgboAwUDKgLEQAMFAyoFXMADBQMqC+PAAwUDKgwG
ADANBgkqhkiG9w0BAQsFAAOCAQEAn3duH4HCjgi5aIKa76wz+pDIB4zksddu/1Ty
bpQVbUOmuBtucIxYrWZDyU6hqCDMtQwKSK+qUrJ/sx8bX929bc10k+43KEGGJVAZ
c4lzEHECuHCDnhVBd1i98TnHndWM0V1nS/+M2jfgx/kQOdQElW3MXvkCYEW+H4CQ
6U2j2DnhUlJwkep15lfnh+/IEIlOjtT/PqSasEp4SDlvBU3ZkihVvJMwb2y+Ard6
tl3bfrLiV7jbIlDj+nPLt/jd+bIp983UhwOxwfdktx4R2SmJNZuu3FIl5rY9j9aq
4Fvf/BliKBWjv9pv/oWUsGcq85hyOA3gCLO3WXgjvqRmlj7Qpw==
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:13:22 2025 by rpki-client