Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/CDpdNKGGCblggAA4355CU3lA2lk.roa
File: CDpdNKGGCblggAA4355CU3lA2lk.roa (raw, json)
Hash identifier: XEfYbzjojpDXVx8OUdjtSmncSFajlFBkksZUaJmxIJA=
Subject key identifier: 08:3A:5D:34:A1:86:09:B9:60:80:00:38:DF:9E:42:53:79:40:DA:59
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 019B0A3AE1E545E7E21A86AEBDC66EAEA4E9
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/CDpdNKGGCblggAA4355CU3lA2lk.roa
Signing time: Wed 10 Dec 2025 21:46:29 +0000
ROA not before: Wed 10 Dec 2025 21:46:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
79.77.0.0/16 maxlen: 24
79.78.0.0/15 maxlen: 24
80.40.0.0/13 maxlen: 24
81.1.64.0/18 maxlen: 24
81.6.192.0/18 maxlen: 24
81.86.0.0/16 maxlen: 24
81.170.0.0/17 maxlen: 24
81.178.0.0/15 maxlen: 24
82.133.0.0/17 maxlen: 24
83.67.0.0/16 maxlen: 24
84.43.0.0/17 maxlen: 24
87.242.128.0/17 maxlen: 24
89.168.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.10.0.0/15 maxlen: 24
92.12.0.0/14 maxlen: 24
92.16.0.0/12 maxlen: 24
145.255.240.0/21 maxlen: 24
185.24.12.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
194.106.32.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
195.112.0.0/18 maxlen: 24
195.137.0.0/17 maxlen: 24
195.149.0.0/18 maxlen: 24
212.1.128.0/19 maxlen: 24
212.67.96.0/19 maxlen: 24
212.74.96.0/19 maxlen: 24
212.139.0.0/16 maxlen: 24
212.159.128.0/18 maxlen: 24
213.78.0.0/16 maxlen: 24
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:0a:3a:e1:e5:45:e7:e2:1a:86:ae:bd:c6:6e:ae:a4:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Dec 10 21:46:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=083a5d34a18609b960800038df9e42537940da59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:8d:5f:2a:32:e1:dc:bf:b8:7b:b7:f7:6d:29:
f5:51:f5:ea:5b:1e:59:f0:b8:1c:58:df:43:83:5c:
b8:e7:7b:09:a4:a4:9c:eb:6b:53:9d:96:90:fd:2b:
61:43:7f:48:82:3d:0d:fd:d3:00:a3:a7:8d:4c:70:
04:8b:e6:40:84:18:8f:7c:7f:73:8a:e2:7e:03:87:
6f:9e:b0:31:05:f7:5a:eb:97:d9:95:f2:05:b8:a8:
1e:f9:0f:c4:d9:f6:98:76:1c:0e:c8:ec:a0:34:4a:
8c:67:36:d9:96:d2:fa:b2:79:7b:f9:66:0f:7e:ab:
6f:90:11:21:e6:7e:ad:0a:ac:49:8f:27:44:2f:59:
f0:22:3b:ca:df:58:ff:1a:c2:02:49:c4:13:59:34:
6a:cd:8e:e4:30:97:cc:fc:87:18:74:97:f0:3c:9f:
d8:0e:ea:92:71:80:7b:fa:0f:13:6d:e5:52:27:e1:
2f:f8:30:76:b8:dc:6a:5a:e6:10:91:0c:65:12:b6:
db:02:1f:85:f0:f2:ca:c1:d6:9e:b6:8a:7a:e7:6d:
ff:db:9a:0d:9c:33:bf:41:5b:98:31:79:58:26:48:
aa:94:2a:cc:de:72:8c:ec:df:c6:d6:37:3b:bc:49:
24:40:0d:cd:29:c3:2e:94:1a:60:11:0c:5a:36:70:
5b:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:3A:5D:34:A1:86:09:B9:60:80:00:38:DF:9E:42:53:79:40:DA:59
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/CDpdNKGGCblggAA4355CU3lA2lk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.77.0.0-79.79.255.255
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.43.0.0/17
87.242.128.0/17
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.10.0.0-92.31.255.255
145.255.240.0/21
185.24.12.0/22
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
1a:17:8b:22:22:6a:95:e5:0e:b2:c0:15:84:aa:1f:97:0e:e8:
c4:ec:13:b9:cb:14:a1:2d:d2:70:c6:54:3d:15:2a:81:c5:bc:
9b:0f:e1:31:55:1a:a3:0b:44:f3:a5:bf:82:a4:1b:dd:6c:96:
8d:42:7a:ee:5b:e3:6d:e7:13:0a:33:0e:1c:7c:20:30:a8:bf:
14:6e:48:eb:51:82:c2:3e:05:23:44:f3:eb:1f:09:b1:51:4a:
eb:e8:8a:9f:c2:6f:73:8f:10:58:7f:35:49:0f:18:c5:b9:c1:
02:fc:eb:30:29:4e:29:fc:e6:ef:ba:3b:ff:67:38:34:f7:e1:
43:a8:24:24:67:66:e2:7f:10:a1:00:d0:49:e8:c4:5e:d2:eb:
f9:32:e0:71:4b:e7:ae:1f:75:ad:2d:fe:9f:2a:bd:7f:3d:e4:
fd:23:b4:8b:ec:1d:9a:1b:5e:cb:de:01:6a:4e:50:71:fe:cc:
d6:d1:9b:91:76:3e:54:15:84:d0:4d:8e:75:25:cd:70:aa:de:
46:20:35:ea:14:34:6a:dc:85:ca:f8:43:64:a2:92:c8:9d:fa:
a5:f1:87:a5:81:b5:06:9a:31:03:40:47:4a:91:c7:c1:29:c4:
f9:52:b1:eb:36:bd:db:0b:c0:1a:ae:cd:7a:f1:88:8b:cf:b0:
0c:dc:db:37
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAZsKOuHlRefiGoauvcZurqTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjUxMjEwMjE0NjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNhNWQzNGExODYwOWI5NjA4MDAwMzhkZjllNDI1Mzc5NDBkYTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvY1fKjLh3L+4e7f3bSn1UfXqWx5Z
8LgcWN9Dg1y453sJpKSc62tTnZaQ/SthQ39Igj0N/dMAo6eNTHAEi+ZAhBiPfH9z
iuJ+A4dvnrAxBfda65fZlfIFuKge+Q/E2faYdhwOyOygNEqMZzbZltL6snl7+WYP
fqtvkBEh5n6tCqxJjydEL1nwIjvK31j/GsICScQTWTRqzY7kMJfM/IcYdJfwPJ/Y
DuqScYB7+g8TbeVSJ+Ev+DB2uNxqWuYQkQxlErbbAh+F8PLKwdaetop6523/25oN
nDO/QVuYMXlYJkiqlCrM3nKM7N/G1jc7vEkkQA3NKcMulBpgEQxaNnBbNwIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFAg6XTShhgm5YIAAON+eQlN5QNpZMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvQ0RwZE5LR0dDYmxnZ0FBNDM1NUNVM2xBMmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCCAQkEAgABMIIB
AQMDAwJgAwQGPgPAAwQHPhiAAwQFPvGgAwMDTpAwCgMDAE9NAwMET0ADAwNQKAME
BlEBQAMEBlEGwAMDAFFWAwQHUaoAAwMBUbIDBAdShQADAwBTQwMEB1QrAAMEB1fy
gAMEB1mogAMDAlnwAwQDW5JwMAoDAwFcCgMDBVwAAwQDkf/wAwQCuRgMAwQCuXDU
MAwDBAK5rXQDBAK5rXgDBAK5rzADBAK5r5ADBADB2mMDBAXCaiADBAXC9+ADBAbD
cAADBAfDiQADBAbDlQADBAXUAYADBAXUQ2ADBAXUSmADAwDUiwMEBtSfgAMDANVO
AwQG1dBAAwQF2QgAAwQE2USAMA0GCSqGSIb3DQEBCwUAA4IBAQAaF4siImqV5Q6y
wBWEqh+XDujE7BO5yxShLdJwxlQ9FSqBxbybD+ExVRqjC0Tzpb+CpBvdbJaNQnru
W+Nt5xMKMw4cfCAwqL8UbkjrUYLCPgUjRPPrHwmxUUrr6Iqfwm9zjxBYfzVJDxjF
ucEC/OswKU4p/Obvujv/Zzg09+FDqCQkZ2bifxChANBJ6MRe0uv5MuBxS+euH3Wt
Lf6fKr1/PeT9I7SL7B2aG17L3gFqTlBx/szW0ZuRdj5UFYTQTY51Jc1wqt5GIDXq
FDRq3IXK+ENkopLInfql8YelgbUGmjEDQEdKkcfBKcT5UrHrNr3bC8Aars168YiL
z7AM3Ns3
-----END CERTIFICATE-----
Generated at Sat Mar 14 16:48:17 2026 by rpki-client