Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/XGc8I6GVvLBFXM3od36qzlbB2qI.roa
File: XGc8I6GVvLBFXM3od36qzlbB2qI.roa (raw, json)
Hash identifier: ZzCPI85b7LUu4tVsFKiJFgg2YCTv9GMscvjSfk48yvw=
Subject key identifier: 5C:67:3C:23:A1:95:BC:B0:45:5C:CD:E8:77:7E:AA:CE:56:C1:DA:A2
Certificate issuer: /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial: 019487EEE1174C97A685A08C02F970AB1181
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/XGc8I6GVvLBFXM3od36qzlbB2qI.roa
Signing time: Tue 21 Jan 2025 08:16:06 +0000
ROA not before: Tue 21 Jan 2025 08:16:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8612
IP address blocks: 82.84.0.0/15 maxlen: 24
82.85.26.128/26 maxlen: 26
82.85.53.0/26 maxlen: 26
82.85.53.64/26 maxlen: 26
84.220.0.0/15 maxlen: 15
84.220.0.0/16 maxlen: 24
84.221.0.0/16 maxlen: 24
94.32.0.0/19 maxlen: 24
94.32.64.0/18 maxlen: 24
94.32.115.0/24 maxlen: 24
94.32.128.0/17 maxlen: 24
94.34.0.0/16 maxlen: 24
94.35.0.0/16 maxlen: 24
193.43.2.0/24 maxlen: 24
193.207.24.0/23 maxlen: 23
193.207.26.0/24 maxlen: 24
193.207.48.0/20 maxlen: 24
193.207.64.0/18 maxlen: 24
193.207.96.0/20 maxlen: 21
193.207.128.0/17 maxlen: 22
195.130.224.0/19 maxlen: 19
212.123.64.0/19 maxlen: 19
213.205.0.0/18 maxlen: 18
213.205.0.251/32 maxlen: 32
217.73.208.0/21 maxlen: 22
217.133.0.0/16 maxlen: 16
217.133.170.0/24 maxlen: 24
2a01:7d0::/32 maxlen: 32
2a01:7d0:4800:1::/64 maxlen: 64
2a01:7d0:4811::/64 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:87:ee:e1:17:4c:97:a6:85:a0:8c:02:f9:70:ab:11:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
Validity
Not Before: Jan 21 08:16:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c673c23a195bcb0455ccde8777eaace56c1daa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:9c:ec:61:4d:70:a4:9b:9c:d6:25:5e:92:be:
f8:26:6e:1c:1e:28:31:65:12:87:a1:9c:eb:ca:d6:
4c:aa:41:08:d5:70:f3:20:97:f5:d2:77:90:a4:24:
a0:8b:04:67:46:38:8a:ba:01:6f:95:04:72:e8:8b:
75:8c:55:df:a3:a7:13:e7:9e:1d:d1:21:cd:4a:d5:
9e:97:57:26:ca:e1:be:44:d3:0e:d1:06:61:1f:90:
c9:fc:92:6e:ed:14:c6:f1:68:a8:8c:04:15:5f:ce:
70:fe:8d:b4:08:38:88:99:4c:21:47:06:43:52:15:
2e:a8:42:05:d3:b6:8c:01:03:c7:19:dc:76:b3:22:
1f:8b:63:95:60:50:ae:00:20:18:e2:18:36:17:5e:
a5:8b:c2:f9:52:94:46:c0:4f:f2:45:97:87:fe:5c:
0f:f5:70:18:56:54:ac:7a:b2:7a:53:29:d6:6e:8f:
c8:66:72:ab:a4:dd:ee:23:5d:14:59:b1:11:a1:8d:
ea:29:12:e6:f9:e1:19:a2:aa:05:89:dc:45:f1:8d:
1e:63:83:ec:29:01:3e:ac:f8:9e:b1:21:e6:a9:1e:
71:ad:4d:36:c0:fe:83:52:29:50:a9:69:28:55:1e:
ef:ec:72:d6:46:36:4e:8e:70:38:2e:17:8f:15:3f:
3b:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:67:3C:23:A1:95:BC:B0:45:5C:CD:E8:77:7E:AA:CE:56:C1:DA:A2
X509v3 Authority Key Identifier:
keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/XGc8I6GVvLBFXM3od36qzlbB2qI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.84.0.0/15
84.220.0.0/15
94.32.0.0/19
94.32.64.0-94.32.255.255
94.34.0.0/15
193.43.2.0/24
193.207.24.0-193.207.26.255
193.207.48.0-193.207.255.255
195.130.224.0/19
212.123.64.0/19
213.205.0.0/18
217.73.208.0/21
217.133.0.0/16
IPv6:
2a01:7d0::/32
Signature Algorithm: sha256WithRSAEncryption
59:8c:e1:9c:a0:80:ea:a7:d5:70:c3:c4:d1:ae:b5:67:fb:d4:
8e:30:7e:9e:8f:08:bf:3f:e1:c8:aa:58:0d:b8:0a:91:05:54:
27:75:8d:c4:18:48:d4:8e:e2:ff:3e:6c:e7:9c:a2:57:4c:e7:
1f:fc:36:c1:ad:91:ee:23:48:20:2a:a5:cd:52:d3:48:51:be:
7d:23:e6:b2:57:a5:9b:2d:02:77:a7:4d:07:ed:5f:17:d2:17:
ed:b2:79:04:73:02:da:89:86:97:b7:b5:58:fb:67:21:3c:bd:
c0:96:a0:4f:ab:65:58:f9:e0:09:c9:06:40:38:8a:d1:0f:53:
f4:fc:1f:66:31:e0:0d:b9:f9:f6:2e:a6:4a:9e:b2:9f:34:90:
00:55:d0:de:ee:ea:62:d5:53:7c:c9:61:15:55:de:55:15:b7:
48:55:e0:40:06:b1:7d:48:8f:41:9b:9f:8e:46:c2:f5:28:1f:
86:6d:f1:a0:57:5a:5b:22:d7:ad:78:44:cb:13:d6:5f:ee:c7:
0c:83:45:ac:bc:d9:5e:09:99:99:e5:2f:b7:12:a8:06:db:5e:
98:28:ed:13:d5:a8:94:51:6d:b2:b0:cc:4c:67:c7:15:a8:c1:
80:de:c5:c2:55:3b:e2:85:1a:c5:9d:38:fe:9a:01:c6:b6:0d:
d7:d0:f5:e0
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgISAZSH7uEXTJemhaCMAvlwqxGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjUwMTIxMDgxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzY3M2MyM2ExOTViY2IwNDU1Y2NkZTg3NzdlYWFjZTU2YzFkYWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJzsYU1wpJuc1iVekr74Jm4cHigx
ZRKHoZzrytZMqkEI1XDzIJf10neQpCSgiwRnRjiKugFvlQRy6It1jFXfo6cT554d
0SHNStWel1cmyuG+RNMO0QZhH5DJ/JJu7RTG8WiojAQVX85w/o20CDiImUwhRwZD
UhUuqEIF07aMAQPHGdx2syIfi2OVYFCuACAY4hg2F16li8L5UpRGwE/yRZeH/lwP
9XAYVlSserJ6UynWbo/IZnKrpN3uI10UWbERoY3qKRLm+eEZoqoFidxF8Y0eY4Ps
KQE+rPiesSHmqR5xrU02wP6DUilQqWkoVR7v7HLWRjZOjnA4LhePFT87TQIDAQAB
o4ICczCCAm8wHQYDVR0OBBYEFFxnPCOhlbywRVzN6Hd+qs5WwdqiMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvWEdjOEk2R1Z2TEJGWE0zb2QzNnF6bGJCMnFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGIBggrBgEFBQcBBwEB/wR5MHcwZgQCAAEwYAMDAVJUAwMB
VNwDBAVeIAAwCwMEBl4gQAMDAF4gAwMBXiIDBADBKwIwDAMEA8HPGAMEAMHPGjAL
AwQEwc8wAwMEwcADBAXDguADBAXUe0ADBAbVzQADBAPZSdADAwDZhTANBAIAAjAH
AwUAKgEH0DANBgkqhkiG9w0BAQsFAAOCAQEAWYzhnKCA6qfVcMPE0a61Z/vUjjB+
no8Ivz/hyKpYDbgKkQVUJ3WNxBhI1I7i/z5s55yiV0znH/w2wa2R7iNIICqlzVLT
SFG+fSPmslelmy0Cd6dNB+1fF9IX7bJ5BHMC2omGl7e1WPtnITy9wJagT6tlWPng
CckGQDiK0Q9T9PwfZjHgDbn59i6mSp6ynzSQAFXQ3u7qYtVTfMlhFVXeVRW3SFXg
QAaxfUiPQZufjkbC9Sgfhm3xoFdaWyLXrXhEyxPWX+7HDINFrLzZXgmZmeUvtxKo
BttemCjtE9WolFFtsrDMTGfHFajBgN7FwlU74oUaxZ04/poBxrYN19D14A==
-----END CERTIFICATE-----
Generated at Mon Apr 14 16:52:20 2025 by rpki-client