Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/5pWN4f2cJptYrUrch7swazqP5Ko.roa
File: 5pWN4f2cJptYrUrch7swazqP5Ko.roa (raw, json)
Hash identifier: Q+Rs4Cq0OGStB6QatF06TgFNII8lCSP+C6vaMENh84g=
Subject key identifier: E6:95:8D:E1:FD:9C:26:9B:58:AD:4A:DC:87:BB:30:6B:3A:8F:E4:AA
Certificate issuer: /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial: 0190C50FA24655E0FB4858CFFBEAF00F7A14
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/5pWN4f2cJptYrUrch7swazqP5Ko.roa
Signing time: Thu 18 Jul 2024 08:57:34 +0000
ROA not before: Thu 18 Jul 2024 08:57:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1680
IP address blocks: 37.26.144.0/21 maxlen: 21
37.26.145.0/24 maxlen: 24
37.26.146.0/24 maxlen: 24
37.26.147.0/24 maxlen: 24
37.26.148.0/24 maxlen: 24
37.26.149.0/24 maxlen: 24
37.26.150.0/24 maxlen: 24
37.26.151.0/24 maxlen: 24
46.116.0.0/16 maxlen: 16
46.117.0.0/16 maxlen: 16
46.210.0.0/16 maxlen: 24
62.0.0.0/16 maxlen: 24
62.0.87.0/24 maxlen: 24
62.0.88.0/22 maxlen: 24
62.0.92.0/23 maxlen: 24
62.0.94.0/24 maxlen: 24
62.0.114.0/23 maxlen: 24
62.0.116.0/22 maxlen: 24
62.0.120.0/21 maxlen: 24
62.0.128.0/23 maxlen: 24
62.90.0.0/16 maxlen: 24
62.90.135.0/24 maxlen: 24
80.250.144.0/20 maxlen: 24
82.166.0.0/16 maxlen: 24
82.166.100.0/22 maxlen: 24
82.166.112.0/21 maxlen: 24
82.166.201.128/25 maxlen: 25
85.64.0.0/16 maxlen: 16
85.65.0.0/16 maxlen: 16
85.250.0.0/16 maxlen: 16
89.138.0.0/16 maxlen: 16
89.139.0.0/16 maxlen: 16
93.172.0.0/16 maxlen: 16
93.173.0.0/16 maxlen: 16
95.35.0.0/16 maxlen: 24
109.186.0.0/16 maxlen: 16
109.253.0.0/16 maxlen: 24
141.226.132.0/24 maxlen: 24
141.226.134.0/24 maxlen: 24
147.161.8.0/21 maxlen: 24
147.234.17.0/24 maxlen: 24
147.234.22.0/24 maxlen: 24
147.234.26.0/24 maxlen: 24
147.234.27.0/24 maxlen: 24
147.234.27.0/25 maxlen: 25
147.234.27.128/25 maxlen: 25
147.234.28.0/24 maxlen: 24
147.234.43.0/24 maxlen: 24
147.234.83.0/24 maxlen: 24
147.234.84.0/24 maxlen: 24
147.234.86.0/24 maxlen: 24
176.12.128.0/17 maxlen: 24
176.13.0.0/16 maxlen: 24
192.118.28.0/22 maxlen: 22
192.118.28.0/23 maxlen: 23
192.118.30.0/23 maxlen: 23
194.90.0.0/16 maxlen: 24
194.90.1.0/24 maxlen: 24
194.90.229.0/24 maxlen: 24
199.203.0.0/16 maxlen: 16
199.203.1.0/24 maxlen: 24
199.203.21.0/24 maxlen: 24
199.203.191.0/24 maxlen: 24
207.232.0.0/18 maxlen: 18
212.29.192.0/18 maxlen: 18
212.29.244.0/24 maxlen: 24
212.143.0.0/16 maxlen: 24
212.143.194.0/24 maxlen: 24
212.150.0.0/16 maxlen: 24
212.235.0.0/17 maxlen: 24
217.132.0.0/16 maxlen: 16
2001:4df0::/29 maxlen: 32
2001:4df0::/32 maxlen: 32
2001:4df1::/32 maxlen: 32
2001:4df2::/32 maxlen: 32
2001:4df3::/32 maxlen: 32
2001:4df4::/32 maxlen: 32
2001:4df5::/32 maxlen: 32
2001:4df6::/32 maxlen: 32
2001:4df7::/32 maxlen: 32
2a02:148::/29 maxlen: 32
2a02:148::/32 maxlen: 32
2a02:149::/32 maxlen: 32
2a02:14a::/32 maxlen: 32
2a02:14b::/32 maxlen: 32
2a02:14c::/32 maxlen: 32
2a02:14d::/32 maxlen: 32
2a02:14e::/32 maxlen: 32
2a02:14f::/32 maxlen: 32
2a03:c5c0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:c5:0f:a2:46:55:e0:fb:48:58:cf:fb:ea:f0:0f:7a:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Validity
Not Before: Jul 18 08:57:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e6958de1fd9c269b58ad4adc87bb306b3a8fe4aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:9b:87:fc:12:1a:bc:b0:56:3b:4b:6d:64:f0:
75:f8:a7:5e:7c:09:3c:0e:d6:6b:6f:ce:8a:28:c2:
2f:db:a8:9c:a5:bb:ad:98:ca:eb:99:63:1d:28:9f:
16:77:1f:43:65:d2:18:3d:24:65:cc:af:b2:03:05:
25:3a:11:f7:d7:97:96:6c:14:23:a5:01:7c:af:6c:
12:57:c3:b0:05:ac:9a:8f:95:a0:e1:df:61:d7:c4:
5f:c0:1c:db:ce:a1:ac:1f:b8:89:be:83:5b:6c:7d:
e9:d2:78:0d:f1:f4:c0:ea:5d:05:ee:05:87:16:72:
3b:19:c9:79:69:59:e9:4a:47:ea:2c:3c:7c:03:27:
40:e9:61:d7:80:a1:9b:dd:6a:d6:cd:63:47:45:6a:
13:54:00:1f:ef:d8:df:21:e3:45:46:6e:54:c4:ca:
1e:68:23:4b:de:50:9f:86:99:b9:fc:6c:91:8f:41:
8f:0c:a8:0f:12:a7:88:d4:80:88:3b:53:8e:79:41:
cd:65:8f:b6:a0:e2:7a:79:5e:43:48:3f:59:f2:56:
09:b9:08:55:e4:c1:ef:88:10:95:8d:6b:55:96:fa:
21:4a:54:35:c7:ed:05:d2:32:22:cc:18:24:ee:1a:
d8:68:f7:76:6e:96:3f:00:53:13:e6:bb:3e:b1:30:
55:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:95:8D:E1:FD:9C:26:9B:58:AD:4A:DC:87:BB:30:6B:3A:8F:E4:AA
X509v3 Authority Key Identifier:
keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/5pWN4f2cJptYrUrch7swazqP5Ko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.26.144.0/21
46.116.0.0/15
46.210.0.0/16
62.0.0.0/16
62.90.0.0/16
80.250.144.0/20
82.166.0.0/16
85.64.0.0/15
85.250.0.0/16
89.138.0.0/15
93.172.0.0/15
95.35.0.0/16
109.186.0.0/16
109.253.0.0/16
141.226.132.0/24
141.226.134.0/24
147.161.8.0/21
147.234.17.0/24
147.234.22.0/24
147.234.26.0-147.234.28.255
147.234.43.0/24
147.234.83.0-147.234.84.255
147.234.86.0/24
176.12.128.0-176.13.255.255
192.118.28.0/22
194.90.0.0/16
199.203.0.0/16
207.232.0.0/18
212.29.192.0/18
212.143.0.0/16
212.150.0.0/16
212.235.0.0/17
217.132.0.0/16
IPv6:
2001:4df0::/29
2a02:148::/29
2a03:c5c0::/32
Signature Algorithm: sha256WithRSAEncryption
ae:f1:bc:b4:50:10:4d:ad:70:de:41:cc:16:98:28:3e:5f:25:
64:df:e3:79:b0:02:72:77:b3:b3:0c:35:68:10:e6:9d:b7:42:
70:50:4f:24:c5:fc:97:f9:8e:d8:85:3b:65:dc:99:87:01:ff:
c0:f9:6d:1e:ad:0f:a2:e8:16:1d:33:39:ca:01:c1:28:70:19:
04:33:a4:fa:41:f5:a4:2b:a2:83:fa:cf:6c:ff:b0:38:f8:85:
16:d4:8e:91:a2:6b:ce:01:09:54:08:eb:40:9e:7d:ae:76:39:
42:9b:af:e9:dd:07:56:65:ba:41:44:30:ca:ab:97:89:ea:6c:
ae:59:a2:67:00:92:bd:11:0f:e3:bc:9e:b3:63:b9:b4:3a:6c:
8f:d4:07:d0:40:04:e4:af:98:24:88:71:c8:9f:11:3c:27:fc:
97:3f:aa:35:f4:17:62:f4:fa:55:65:98:ff:00:9a:f4:fb:b7:
c3:1c:a9:53:3f:af:fb:80:00:4c:c9:90:18:ec:61:bc:80:b0:
ec:ae:09:7f:fc:8c:b1:b1:00:05:ee:48:74:9c:c9:de:18:e3:
da:b2:0f:4c:59:db:5d:13:48:5b:57:6e:a4:d4:bb:c9:5d:6a:
0a:0e:14:7c:d7:50:0c:7b:f9:e2:86:d9:c0:73:ad:b8:d2:7d:
99:77:4a:b7
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgISAZDFD6JGVeD7SFjP++rwD3oUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwNzE4MDg1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjk1OGRlMWZkOWMyNjliNThhZDRhZGM4N2JiMzA2YjNhOGZlNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppuH/BIavLBWO0ttZPB1+KdefAk8
DtZrb86KKMIv26icpbutmMrrmWMdKJ8Wdx9DZdIYPSRlzK+yAwUlOhH315eWbBQj
pQF8r2wSV8OwBayaj5Wg4d9h18RfwBzbzqGsH7iJvoNbbH3p0ngN8fTA6l0F7gWH
FnI7Gcl5aVnpSkfqLDx8AydA6WHXgKGb3WrWzWNHRWoTVAAf79jfIeNFRm5UxMoe
aCNL3lCfhpm5/GyRj0GPDKgPEqeI1ICIO1OOeUHNZY+2oOJ6eV5DSD9Z8lYJuQhV
5MHviBCVjWtVlvohSlQ1x+0F0jIizBgk7hrYaPd2bpY/AFMT5rs+sTBVWQIDAQAB
o4IC8jCCAu4wHQYDVR0OBBYEFOaVjeH9nCabWK1K3Ie7MGs6j+SqMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvNXBXTjRmMmNKcHRZclVyY2g3c3dhenFQNUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBgYIKwYBBQUHAQcBAf8EgfYwgfMwgdMEAgABMIHMAwQD
JRqQAwMBLnQDAwAu0gMDAD4AAwMAPloDBARQ+pADAwBSpgMDAVVAAwMAVfoDAwFZ
igMDAV2sAwMAXyMDAwBtugMDAG39AwQAjeKEAwQAjeKGAwQDk6EIAwQAk+oRAwQA
k+oWMAwDBAGT6hoDBACT6hwDBACT6iswDAMEAJPqUwMEAJPqVAMEAJPqVjALAwQH
sAyAAwMBsAwDBALAdhwDAwDCWgMDAMfLAwQGz+gAAwQG1B3AAwMA1I8DAwDUlgME
B9TrAAMDANmEMBsEAgACMBUDBQMgAU3wAwUDKgIBSAMFACoDxcAwDQYJKoZIhvcN
AQELBQADggEBAK7xvLRQEE2tcN5BzBaYKD5fJWTf43mwAnJ3s7MMNWgQ5p23QnBQ
TyTF/Jf5jtiFO2XcmYcB/8D5bR6tD6LoFh0zOcoBwShwGQQzpPpB9aQrooP6z2z/
sDj4hRbUjpGia84BCVQI60Cefa52OUKbr+ndB1ZlukFEMMqrl4nqbK5ZomcAkr0R
D+O8nrNjubQ6bI/UB9BABOSvmCSIccifETwn/Jc/qjX0F2L0+lVlmP8AmvT7t8Mc
qVM/r/uAAEzJkBjsYbyAsOyuCX/8jLGxAAXuSHScyd4Y49qyD0xZ210TSFtXbqTU
u8ldagoOFHzXUAx7+eKG2cBzrbjSfZl3Src=
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:34:17 2025 by rpki-client