Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/UKUSQdXd1KdL33vXRGtatzo1R_s.roa
File: UKUSQdXd1KdL33vXRGtatzo1R_s.roa (raw, json)
Hash identifier: aGk+I5lQArxTIGTDQRtQzDYR2YFVMYILJebvtXlRPOw=
Subject key identifier: 50:A5:12:41:D5:DD:D4:A7:4B:DF:7B:D7:44:6B:5A:B7:3A:35:47:FB
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 019424458E9A69A4C4A12167FDBB0E249CF0
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/UKUSQdXd1KdL33vXRGtatzo1R_s.roa
Signing time: Wed 01 Jan 2025 23:48:45 +0000
ROA not before: Wed 01 Jan 2025 23:48:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202505
IP address blocks: 84.54.14.0/24 maxlen: 24
86.104.14.0/24 maxlen: 24
89.43.78.0/24 maxlen: 24
176.98.42.0/24 maxlen: 24
176.98.43.0/24 maxlen: 24
185.81.152.0/24 maxlen: 24
185.81.153.0/24 maxlen: 24
185.81.154.0/24 maxlen: 24
185.81.155.0/24 maxlen: 24
193.31.119.0/24 maxlen: 24
2a05:88c0::/32 maxlen: 32
2a05:88c1::/32 maxlen: 32
2a05:88c2::/32 maxlen: 32
2a05:88c3::/32 maxlen: 32
2a05:88c4::/32 maxlen: 32
2a05:88c5::/32 maxlen: 32
2a05:88c6::/32 maxlen: 32
2a05:88c7::/32 maxlen: 32
2a06:f7c0::/32 maxlen: 32
2a06:f7c1::/32 maxlen: 32
2a06:f7c2::/32 maxlen: 32
2a06:f7c3::/32 maxlen: 32
2a06:f7c4::/32 maxlen: 32
2a06:f7c5::/32 maxlen: 32
2a06:f7c6::/32 maxlen: 32
2a06:f7c7::/32 maxlen: 32
2a10:3300::/32 maxlen: 32
2a10:3301::/32 maxlen: 32
2a10:3302::/32 maxlen: 32
2a10:3303::/32 maxlen: 32
2a10:3304::/32 maxlen: 32
2a10:3305::/32 maxlen: 32
2a10:3306::/32 maxlen: 32
2a10:3307::/32 maxlen: 32
2a10:7f40::/32 maxlen: 32
2a10:7f41::/32 maxlen: 32
2a10:7f42::/32 maxlen: 32
2a10:7f43::/32 maxlen: 32
2a10:7f44::/32 maxlen: 32
2a10:7f45::/32 maxlen: 32
2a10:7f46::/32 maxlen: 32
2a10:7f47::/32 maxlen: 32
2a10:7fc0::/32 maxlen: 32
2a10:7fc1::/32 maxlen: 32
2a10:7fc2::/32 maxlen: 32
2a10:7fc3::/32 maxlen: 32
2a10:7fc4::/32 maxlen: 32
2a10:7fc5::/32 maxlen: 32
2a10:7fc6::/32 maxlen: 32
2a10:7fc7::/32 maxlen: 32
2a11:d100::/32 maxlen: 32
2a11:d101::/32 maxlen: 32
2a11:d102::/32 maxlen: 32
2a11:d103::/32 maxlen: 32
2a11:d104::/32 maxlen: 32
2a11:d105::/32 maxlen: 32
2a11:d106::/32 maxlen: 32
2a11:d107::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:8e:9a:69:a4:c4:a1:21:67:fd:bb:0e:24:9c:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 1 23:48:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=50a51241d5ddd4a74bdf7bd7446b5ab73a3547fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:b8:c1:63:77:65:1e:1f:6f:f1:c4:ed:72:19:
8f:56:ba:64:2f:14:4e:e9:b6:3d:eb:83:69:d0:70:
d3:ca:e5:91:4a:df:13:58:6a:87:a6:88:b6:54:c9:
69:d9:8a:18:f1:5b:dd:38:f6:2e:b6:98:07:52:95:
a2:ea:ce:bd:f4:54:b2:50:0e:ee:89:bd:95:55:15:
4c:ab:ea:02:7b:37:55:3a:b6:31:d3:4a:37:b3:ce:
a6:52:b5:b5:84:9a:31:6a:64:02:bd:d7:30:1e:df:
4e:4b:df:bf:5f:76:a9:48:a6:61:25:12:dd:98:24:
29:91:36:a2:a2:40:a6:11:40:e9:9c:43:33:5c:d8:
ab:8b:9a:9a:a4:e6:d2:c0:05:56:cf:85:63:2b:14:
2b:9d:ab:cb:8e:2f:3f:a5:10:96:39:27:e1:53:3d:
db:48:27:1c:7f:58:9f:4e:2d:c3:85:69:3e:42:01:
dd:1f:7b:9a:c3:f0:31:e1:ed:a9:21:42:7d:48:89:
34:23:23:d1:3f:8d:61:da:e8:16:71:7c:f8:55:8a:
ee:a2:c1:83:86:37:df:d2:e2:eb:32:d2:38:3f:1a:
6c:9d:05:2f:84:b9:74:c9:d3:15:91:18:1b:f3:20:
c7:0a:01:bb:1c:17:47:3d:b3:52:9d:60:87:df:31:
85:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:A5:12:41:D5:DD:D4:A7:4B:DF:7B:D7:44:6B:5A:B7:3A:35:47:FB
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/UKUSQdXd1KdL33vXRGtatzo1R_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.14.0/24
86.104.14.0/24
89.43.78.0/24
176.98.42.0/23
185.81.152.0/22
193.31.119.0/24
IPv6:
2a05:88c0::/29
2a06:f7c0::/29
2a10:3300::/29
2a10:7f40::/29
2a10:7fc0::/29
2a11:d100::/29
Signature Algorithm: sha256WithRSAEncryption
ce:80:3a:06:b9:64:09:0f:ee:d5:8b:88:c4:a5:b6:25:fd:6c:
b2:cf:52:f1:77:06:1b:05:ff:5a:77:0e:ba:0f:ee:12:5c:e8:
52:75:59:66:e9:f2:61:7b:86:61:43:2e:b7:41:90:f0:24:95:
a2:d1:79:87:87:0e:95:15:ea:3f:92:9f:8f:1a:84:83:03:29:
94:01:cb:e1:e6:16:73:7e:73:93:10:ac:79:78:0e:da:6e:f1:
48:67:5b:9a:b1:e1:14:8c:59:1c:3c:0c:99:a9:6d:0b:f8:63:
57:86:4c:d2:29:b7:1c:10:c3:eb:62:4e:0a:69:d9:ce:99:d8:
9d:e5:65:a9:b5:6f:68:c6:a1:97:70:15:2d:e7:76:08:a6:f1:
56:77:04:e8:c4:83:62:0a:47:4f:54:3d:37:52:3c:a8:b9:73:
a8:26:99:b3:3a:7a:59:fb:5e:52:94:f9:ac:9c:af:e2:16:f9:
cb:e3:83:eb:11:29:ce:0e:cb:df:b4:0b:8e:45:52:f2:73:6c:
a3:4d:a4:a8:2c:10:88:f7:33:bc:89:9d:fb:1b:31:03:01:cc:
bd:63:41:64:93:f4:30:f1:de:2b:f1:38:7f:57:eb:6c:b9:82:
4b:ee:e5:a6:de:54:be:3f:46:e4:36:60:a3:44:fe:db:c2:49:
3b:9e:a1:48
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZQkRY6aaaTEoSFn/bsOJJzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE1MTI0MWQ1ZGRkNGE3NGJkZjdiZDc0NDZiNWFiNzNhMzU0N2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubjBY3dlHh9v8cTtchmPVrpkLxRO
6bY964Np0HDTyuWRSt8TWGqHpoi2VMlp2YoY8VvdOPYutpgHUpWi6s699FSyUA7u
ib2VVRVMq+oCezdVOrYx00o3s86mUrW1hJoxamQCvdcwHt9OS9+/X3apSKZhJRLd
mCQpkTaiokCmEUDpnEMzXNiri5qapObSwAVWz4VjKxQrnavLji8/pRCWOSfhUz3b
SCccf1ifTi3DhWk+QgHdH3uaw/Ax4e2pIUJ9SIk0IyPRP41h2ugWcXz4VYruosGD
hjff0uLrMtI4PxpsnQUvhLl0ydMVkRgb8yDHCgG7HBdHPbNSnWCH3zGFuQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFFClEkHV3dSnS99710RrWrc6NUf7MB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvVUtVU1FkWGQxS2RMMzN2WFJHdGF0em8xUl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjAqBAIAATAkAwQAVDYOAwQA
VmgOAwQAWStOAwQBsGIqAwQCuVGYAwQAwR93MDAEAgACMCoDBQMqBYjAAwUDKgb3
wAMFAyoQMwADBQMqEH9AAwUDKhB/wAMFAyoR0QAwDQYJKoZIhvcNAQELBQADggEB
AM6AOga5ZAkP7tWLiMSltiX9bLLPUvF3BhsF/1p3DroP7hJc6FJ1WWbp8mF7hmFD
LrdBkPAklaLReYeHDpUV6j+Sn48ahIMDKZQBy+HmFnN+c5MQrHl4Dtpu8UhnW5qx
4RSMWRw8DJmpbQv4Y1eGTNIptxwQw+tiTgpp2c6Z2J3lZam1b2jGoZdwFS3ndgim
8VZ3BOjEg2IKR09UPTdSPKi5c6gmmbM6eln7XlKU+aycr+IW+cvjg+sRKc4Oy9+0
C45FUvJzbKNNpKgsEIj3M7yJnfsbMQMBzL1jQWST9DDx3ivxOH9X62y5gkvu5abe
VL4/RuQ2YKNE/tvCSTueoUg=
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:52:06 2025 by rpki-client