Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/GZX6vEaNATBWmzZ6aeB7cnhRGQ8.roa
File: GZX6vEaNATBWmzZ6aeB7cnhRGQ8.roa (raw, json)
Hash identifier: zXT7CN8UCAdYvDzEZ1O1Li3G+hZagw5d8JqQgNrhzC4=
Subject key identifier: 19:95:FA:BC:46:8D:01:30:56:9B:36:7A:69:E0:7B:72:78:51:19:0F
Certificate issuer: /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial: 01856DCE678487790FE19FAA07323A7594E7
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/GZX6vEaNATBWmzZ6aeB7cnhRGQ8.roa
Signing time: Sun 01 Jan 2023 14:48:41 +0000
ROA not before: Sun 01 Jan 2023 14:48:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1680
IP address blocks: 212.29.192.0/18 maxlen: 24
176.13.0.0/16 maxlen: 24
212.235.0.0/17 maxlen: 24
89.138.0.0/16 maxlen: 16
207.232.0.0/18 maxlen: 18
62.90.135.0/24 maxlen: 24
212.29.244.0/24 maxlen: 24
147.234.84.0/24 maxlen: 24
147.234.83.0/24 maxlen: 24
147.234.86.0/24 maxlen: 24
147.234.26.0/24 maxlen: 24
147.234.28.0/24 maxlen: 24
147.234.27.0/24 maxlen: 24
147.234.27.0/25 maxlen: 25
147.234.27.128/25 maxlen: 25
82.166.201.128/25 maxlen: 25
147.234.43.0/24 maxlen: 24
212.150.0.0/16 maxlen: 24
176.12.128.0/17 maxlen: 24
194.90.1.0/24 maxlen: 24
194.90.0.0/16 maxlen: 24
62.90.0.0/16 maxlen: 24
46.117.0.0/16 maxlen: 16
212.143.194.0/24 maxlen: 24
46.210.0.0/16 maxlen: 24
93.173.0.0/16 maxlen: 16
199.203.1.0/24 maxlen: 24
199.203.0.0/16 maxlen: 16
89.139.0.0/16 maxlen: 16
82.166.0.0/16 maxlen: 24
199.203.21.0/24 maxlen: 24
85.65.0.0/16 maxlen: 16
46.116.0.0/16 maxlen: 16
212.143.0.0/16 maxlen: 24
147.234.17.0/24 maxlen: 24
199.203.191.0/24 maxlen: 24
147.234.22.0/24 maxlen: 24
80.250.144.0/20 maxlen: 24
95.35.0.0/16 maxlen: 24
82.166.100.0/22 maxlen: 24
82.166.112.0/21 maxlen: 24
192.118.30.0/23 maxlen: 23
192.118.28.0/22 maxlen: 22
192.118.28.0/23 maxlen: 23
93.172.0.0/16 maxlen: 16
62.0.88.0/22 maxlen: 24
62.0.87.0/24 maxlen: 24
62.0.94.0/24 maxlen: 24
62.0.92.0/23 maxlen: 24
109.253.0.0/16 maxlen: 24
62.0.0.0/16 maxlen: 24
85.64.0.0/16 maxlen: 16
217.132.0.0/16 maxlen: 16
109.186.0.0/16 maxlen: 16
85.250.0.0/16 maxlen: 16
62.0.116.0/22 maxlen: 24
62.0.114.0/23 maxlen: 24
62.0.120.0/21 maxlen: 24
62.0.128.0/23 maxlen: 24
2001:4df0::/32 maxlen: 32
2a02:148::/32 maxlen: 32
2a02:149::/32 maxlen: 32
2001:4df2::/32 maxlen: 32
2001:4df3::/32 maxlen: 32
2a02:148::/29 maxlen: 32
2a02:14b::/32 maxlen: 32
2a02:14f::/32 maxlen: 32
2001:4df7::/32 maxlen: 32
2a02:14e::/32 maxlen: 32
2001:4df6::/32 maxlen: 32
2001:4df5::/32 maxlen: 32
2a02:14c::/32 maxlen: 32
2001:4df0::/29 maxlen: 32
2001:4df1::/32 maxlen: 32
2a02:14a::/32 maxlen: 32
2001:4df4::/32 maxlen: 32
2a02:14d::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:ce:67:84:87:79:0f:e1:9f:aa:07:32:3a:75:94:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Validity
Not Before: Jan 1 14:48:41 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1995fabc468d0130569b367a69e07b727851190f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:b2:6e:d8:2b:72:8a:dc:35:c9:76:c1:73:a3:
25:ee:17:3a:cb:a8:03:91:f1:aa:c4:85:00:dd:90:
6e:cf:4a:25:4a:b1:ab:0b:7a:88:8a:81:09:64:12:
16:a9:fa:51:e3:e3:f6:14:91:cf:73:4a:3a:ac:da:
1e:3f:f8:de:35:c2:62:12:be:e7:08:62:5d:52:62:
20:9f:28:c3:62:dd:b3:8c:fa:47:6a:e3:65:22:2a:
d8:ba:69:ce:c1:fc:a5:ec:76:27:ce:34:70:8a:5e:
be:73:21:cf:d1:e1:ec:c8:af:16:48:25:ab:63:34:
43:f8:2c:40:50:f0:b9:2b:79:4e:ef:17:39:c5:9f:
c0:f7:33:de:c5:66:2b:55:3d:b8:06:11:d4:d1:a1:
aa:f2:fa:6f:37:78:27:af:d6:94:46:dd:0c:2e:bb:
55:4d:0d:ae:a0:77:ca:25:27:77:86:3d:7c:67:d3:
d0:5d:84:8c:1d:f9:bc:2f:b8:8f:8a:a6:af:90:bf:
92:7b:1a:7c:db:2c:fd:40:52:41:3c:4d:7d:11:fc:
ab:d9:a7:a0:56:f5:6b:16:2c:f4:e8:12:7c:b9:35:
2b:6a:57:b7:87:da:c5:eb:60:70:da:d7:2f:7e:c5:
9c:e6:60:4b:57:b3:dd:38:a2:66:a9:d5:09:8d:0a:
ff:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:95:FA:BC:46:8D:01:30:56:9B:36:7A:69:E0:7B:72:78:51:19:0F
X509v3 Authority Key Identifier:
keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/GZX6vEaNATBWmzZ6aeB7cnhRGQ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.116.0.0/15
46.210.0.0/16
62.0.0.0/16
62.90.0.0/16
80.250.144.0/20
82.166.0.0/16
85.64.0.0/15
85.250.0.0/16
89.138.0.0/15
93.172.0.0/15
95.35.0.0/16
109.186.0.0/16
109.253.0.0/16
147.234.17.0/24
147.234.22.0/24
147.234.26.0-147.234.28.255
147.234.43.0/24
147.234.83.0-147.234.84.255
147.234.86.0/24
176.12.128.0-176.13.255.255
192.118.28.0/22
194.90.0.0/16
199.203.0.0/16
207.232.0.0/18
212.29.192.0/18
212.143.0.0/16
212.150.0.0/16
212.235.0.0/17
217.132.0.0/16
IPv6:
2001:4df0::/29
2a02:148::/29
Signature Algorithm: sha256WithRSAEncryption
0d:7d:40:94:93:a7:2f:be:69:82:6a:9e:6a:7a:7c:04:62:ab:
32:04:80:b9:c3:21:f6:fc:92:37:bc:6b:e5:10:0f:0e:ec:6d:
70:8a:e7:a1:84:93:7a:2a:48:6d:6d:09:f8:ca:f5:ef:22:e6:
27:0b:08:34:67:3c:89:2d:7c:1b:4a:a8:2e:e3:ea:9f:4f:6e:
91:b3:7f:4e:51:5d:51:db:e7:1a:e9:5b:1e:42:f3:78:89:ce:
16:28:ea:8e:e6:98:e4:5d:cb:03:a2:be:fe:0b:5a:f6:3b:48:
df:13:ab:ad:f3:b7:7c:a1:6f:f7:d1:15:04:39:ec:64:f0:5f:
8e:30:f2:b8:6f:0e:8d:5a:75:33:cb:7b:38:0f:47:7c:c1:fb:
3b:4d:22:eb:82:a4:b0:f6:5f:c8:b7:73:39:03:e8:73:8a:b1:
ad:47:b1:49:48:9a:69:73:65:4d:5f:a0:7b:e0:88:f5:32:7f:
30:eb:ab:44:15:9f:14:f0:5b:64:b9:50:44:69:47:3e:40:60:
53:b1:b8:43:7d:48:74:a2:59:fe:81:ee:ca:da:00:d3:4e:2f:
e2:cc:ac:94:2a:e4:30:0f:d5:b2:bf:03:fd:9e:ac:59:24:34:
49:cb:95:d7:eb:b0:fc:55:2e:83:4e:d6:c4:bc:d8:15:1d:6f:
40:40:5d:2e
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAYVtzmeEh3kP4Z+qBzI6dZTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjMwMTAxMTQ0ODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk1ZmFiYzQ2OGQwMTMwNTY5YjM2N2E2OWUwN2I3Mjc4NTExOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bJu2Ctyitw1yXbBc6Ml7hc6y6gD
kfGqxIUA3ZBuz0olSrGrC3qIioEJZBIWqfpR4+P2FJHPc0o6rNoeP/jeNcJiEr7n
CGJdUmIgnyjDYt2zjPpHauNlIirYumnOwfyl7HYnzjRwil6+cyHP0eHsyK8WSCWr
YzRD+CxAUPC5K3lO7xc5xZ/A9zPexWYrVT24BhHU0aGq8vpvN3gnr9aURt0MLrtV
TQ2uoHfKJSd3hj18Z9PQXYSMHfm8L7iPiqavkL+Sexp82yz9QFJBPE19Efyr2aeg
VvVrFiz06BJ8uTUrale3h9rF62Bw2tcvfsWc5mBLV7PdOKJmqdUJjQr/GQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFBmV+rxGjQEwVps2emnge3J4URkPMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvR1pYNnZFYU5BVEJXbXpaNmFlQjdjbmhSR1E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCBuwQCAAEwgbQDAwEu
dAMDAC7SAwMAPgADAwA+WgMEBFD6kAMDAFKmAwMBVUADAwBV+gMDAVmKAwMBXawD
AwBfIwMDAG26AwMAbf0DBACT6hEDBACT6hYwDAMEAZPqGgMEAJPqHAMEAJPqKzAM
AwQAk+pTAwQAk+pUAwQAk+pWMAsDBAewDIADAwGwDAMEAsB2HAMDAMJaAwMAx8sD
BAbP6AADBAbUHcADAwDUjwMDANSWAwQH1OsAAwMA2YQwFAQCAAIwDgMFAyABTfAD
BQMqAgFIMA0GCSqGSIb3DQEBCwUAA4IBAQANfUCUk6cvvmmCap5qenwEYqsyBIC5
wyH2/JI3vGvlEA8O7G1wiuehhJN6KkhtbQn4yvXvIuYnCwg0ZzyJLXwbSqgu4+qf
T26Rs39OUV1R2+ca6VseQvN4ic4WKOqO5pjkXcsDor7+C1r2O0jfE6ut87d8oW/3
0RUEOexk8F+OMPK4bw6NWnUzy3s4D0d8wfs7TSLrgqSw9l/It3M5A+hzirGtR7FJ
SJppc2VNX6B74Ij1Mn8w66tEFZ8U8FtkuVBEaUc+QGBTsbhDfUh0oln+ge7K2gDT
Ti/izKyUKuQwD9WyvwP9nqxZJDRJy5XX67D8VS6DTtbEvNgVHW9AQF0u
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:42:00 2025 by rpki-client