Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/AYMZsCP_EpMu8RPBLDZVLkCvhu0.roa
File: AYMZsCP_EpMu8RPBLDZVLkCvhu0.roa (raw, json)
Hash identifier: Tst8LxSIjyJtf5Ga+lTbCskeG0exVgkIZgLfHnrsrBA=
Subject key identifier: 01:83:19:B0:23:FF:12:93:2E:F1:13:C1:2C:36:55:2E:40:AF:86:ED
Certificate issuer: /CN=2ba1cfd757f51f2feb74509e9c39be46806be642
Certificate serial: 0196B5147C90A73DE0FAD47ED8B426EBE7A6
Authority key identifier: 2B:A1:CF:D7:57:F5:1F:2F:EB:74:50:9E:9C:39:BE:46:80:6B:E6:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K6HP11f1Hy_rdFCenDm-RoBr5kI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/AYMZsCP_EpMu8RPBLDZVLkCvhu0.roa
Signing time: Fri 09 May 2025 12:45:40 +0000
ROA not before: Fri 09 May 2025 12:45:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25441
IP address blocks: 62.231.32.0/19 maxlen: 19
78.135.128.0/17 maxlen: 17
78.135.208.0/21 maxlen: 21
78.135.216.0/21 maxlen: 21
78.135.224.0/21 maxlen: 21
78.135.232.0/21 maxlen: 21
78.135.240.0/21 maxlen: 21
78.135.248.0/21 maxlen: 21
83.141.64.0/18 maxlen: 18
85.134.128.0/17 maxlen: 17
85.134.128.0/21 maxlen: 21
85.134.136.0/21 maxlen: 21
85.134.144.0/21 maxlen: 21
85.134.152.0/21 maxlen: 21
85.134.160.0/21 maxlen: 21
85.134.168.0/21 maxlen: 21
85.134.176.0/21 maxlen: 21
85.134.184.0/21 maxlen: 21
85.134.192.0/21 maxlen: 21
85.134.200.0/21 maxlen: 21
85.134.208.0/21 maxlen: 21
85.134.216.0/21 maxlen: 21
85.134.224.0/21 maxlen: 21
85.134.232.0/21 maxlen: 21
85.134.240.0/21 maxlen: 21
85.134.248.0/21 maxlen: 21
87.192.0.0/18 maxlen: 18
87.192.64.0/20 maxlen: 20
87.192.82.0/23 maxlen: 23
87.192.84.0/22 maxlen: 22
87.192.96.0/19 maxlen: 19
87.192.128.0/18 maxlen: 18
87.192.192.0/20 maxlen: 20
87.192.216.0/22 maxlen: 22
87.192.222.0/23 maxlen: 23
87.192.224.0/19 maxlen: 19
87.232.0.0/19 maxlen: 19
87.232.144.0/20 maxlen: 20
87.232.160.0/19 maxlen: 19
87.232.192.0/24 maxlen: 24
87.232.194.0/23 maxlen: 23
87.232.196.0/22 maxlen: 22
87.232.208.0/20 maxlen: 20
87.232.225.0/24 maxlen: 24
87.232.228.0/22 maxlen: 22
89.124.0.0/17 maxlen: 17
89.124.0.0/24 maxlen: 24
89.124.128.0/18 maxlen: 18
89.124.192.0/19 maxlen: 19
89.124.224.0/20 maxlen: 20
89.124.245.0/24 maxlen: 24
89.124.248.0/21 maxlen: 21
89.125.0.0/16 maxlen: 16
89.126.0.0/16 maxlen: 16
89.126.0.0/22 maxlen: 22
89.126.4.0/22 maxlen: 22
89.126.8.0/22 maxlen: 22
89.126.12.0/22 maxlen: 22
89.126.16.0/22 maxlen: 22
89.126.20.0/22 maxlen: 22
89.126.24.0/22 maxlen: 22
89.126.28.0/22 maxlen: 22
89.127.0.0/17 maxlen: 17
89.127.128.0/18 maxlen: 18
89.127.192.0/19 maxlen: 19
89.127.224.0/20 maxlen: 20
89.127.240.0/21 maxlen: 21
89.127.248.0/22 maxlen: 22
89.127.254.0/23 maxlen: 23
185.247.52.0/22 maxlen: 22
2001:4d68::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:b5:14:7c:90:a7:3d:e0:fa:d4:7e:d8:b4:26:eb:e7:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ba1cfd757f51f2feb74509e9c39be46806be642
Validity
Not Before: May 9 12:45:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=018319b023ff12932ef113c12c36552e40af86ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:85:2b:e3:a8:ee:0c:81:f7:21:f8:95:e3:51:
c6:dd:fd:f9:a2:f7:aa:62:06:e6:e1:d5:6c:c9:e5:
16:38:54:4f:b6:42:c7:84:24:07:53:2f:cb:b4:37:
46:69:50:eb:44:cd:6a:3b:c0:06:d7:f1:1f:dd:a9:
06:6f:04:99:b6:be:f6:dc:28:d5:39:bf:9c:0a:c3:
2d:14:29:40:99:d5:e6:af:ff:e6:ac:92:f3:7e:ae:
36:08:80:eb:4c:67:23:56:de:01:0b:e7:24:ca:0c:
f9:40:fb:a0:a4:31:7b:51:9f:bf:ec:f5:80:2d:7a:
28:37:bd:5e:1c:28:28:c7:eb:0f:52:1a:bf:e7:5a:
d0:9f:4d:f6:e2:96:f5:47:02:ff:5a:2a:66:6f:c6:
f5:68:77:0e:ca:9f:f2:13:20:ec:d9:aa:9c:38:b6:
e6:f4:5a:70:36:65:db:8c:7d:ab:ca:d1:08:08:ee:
d3:22:39:73:a5:3a:50:08:b6:8b:6b:63:01:f1:ed:
52:ed:f3:74:fd:c5:94:b2:17:59:c4:8c:e0:57:6b:
8d:d6:16:73:74:dd:94:d7:90:db:0b:32:3e:b7:24:
51:fd:bd:cc:e4:34:0c:de:06:8c:e8:c5:73:4f:af:
6c:8f:30:8a:4f:52:c7:4c:06:eb:bf:de:8f:c9:8a:
67:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:83:19:B0:23:FF:12:93:2E:F1:13:C1:2C:36:55:2E:40:AF:86:ED
X509v3 Authority Key Identifier:
keyid:2B:A1:CF:D7:57:F5:1F:2F:EB:74:50:9E:9C:39:BE:46:80:6B:E6:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K6HP11f1Hy_rdFCenDm-RoBr5kI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/AYMZsCP_EpMu8RPBLDZVLkCvhu0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/K6HP11f1Hy_rdFCenDm-RoBr5kI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.231.32.0/19
78.135.128.0/17
83.141.64.0/18
85.134.128.0/17
87.192.0.0-87.192.79.255
87.192.82.0-87.192.87.255
87.192.96.0-87.192.207.255
87.192.216.0/22
87.192.222.0-87.192.255.255
87.232.0.0/19
87.232.144.0-87.232.192.255
87.232.194.0-87.232.199.255
87.232.208.0/20
87.232.225.0/24
87.232.228.0/22
89.124.0.0-89.124.239.255
89.124.245.0/24
89.124.248.0-89.127.251.255
89.127.254.0/23
185.247.52.0/22
IPv6:
2001:4d68::/32
Signature Algorithm: sha256WithRSAEncryption
8f:f2:36:b9:11:14:b6:43:ec:cf:cc:58:c7:2c:09:da:a7:47:
40:01:6b:4e:fe:2d:a1:f8:c6:de:01:0f:ad:d2:41:4a:db:79:
f8:d6:4f:8f:e6:c6:a4:7d:2c:26:ba:cc:9d:12:2c:44:42:c2:
68:09:49:8e:db:e4:23:24:4a:70:7c:b1:d5:40:ac:46:d8:52:
55:36:54:fe:ad:14:7c:75:69:64:c2:41:ae:58:10:89:22:92:
e6:fc:d6:f0:8f:45:00:cd:4b:cb:4d:55:7a:77:f8:39:51:a5:
0c:60:da:66:24:bb:4e:1a:c5:be:8c:7d:98:7b:a8:09:74:71:
9d:4e:74:49:0f:d1:70:b1:88:ce:21:65:2f:19:c2:e2:ba:1b:
72:80:e0:94:fd:37:7c:5a:66:8d:cd:1b:52:32:6f:46:f3:a0:
44:43:f1:5a:44:11:62:63:cc:1f:02:77:53:0c:40:61:bf:59:
05:52:ff:b5:5c:73:10:6d:b4:3e:60:0b:31:dd:de:00:05:f9:
e9:34:89:91:9c:7c:8e:1c:b0:99:f7:04:0a:83:57:ec:77:e3:
a2:c4:76:7b:de:ec:3d:84:22:72:df:0e:b3:e0:bb:d0:9c:da:
f8:05:f8:20:68:07:ca:c1:c7:d3:64:2e:05:78:32:b5:13:70:
43:c6:02:cd
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAZa1FHyQpz3g+tR+2LQm6+emMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYTFjZmQ3NTdmNTFmMmZlYjc0NTA5ZTljMzliZTQ2ODA2
YmU2NDIwHhcNMjUwNTA5MTI0NTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTgzMTliMDIzZmYxMjkzMmVmMTEzYzEyYzM2NTUyZTQwYWY4NmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIUr46juDIH3IfiV41HG3f35oveq
Ygbm4dVsyeUWOFRPtkLHhCQHUy/LtDdGaVDrRM1qO8AG1/Ef3akGbwSZtr723CjV
Ob+cCsMtFClAmdXmr//mrJLzfq42CIDrTGcjVt4BC+ckygz5QPugpDF7UZ+/7PWA
LXooN71eHCgox+sPUhq/51rQn0324pb1RwL/Wipmb8b1aHcOyp/yEyDs2aqcOLbm
9FpwNmXbjH2rytEICO7TIjlzpTpQCLaLa2MB8e1S7fN0/cWUshdZxIzgV2uN1hZz
dN2U15DbCzI+tyRR/b3M5DQM3gaM6MVzT69sjzCKT1LHTAbrv96PyYpnvwIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFAGDGbAj/xKTLvETwSw2VS5Ar4btMB8GA1UdIwQY
MBaAFCuhz9dX9R8v63RQnpw5vkaAa+ZCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzZIUDExZjFIeV9yZEZDZW5EbS1Sb0JyNWtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS83NDU5MTAtODZjNi00M2QxLTk3NjUt
NTc4OWRlNDI0YTQyLzEvQVlNWnNDUF9FcE11OFJQQkxEWlZMa0N2aHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS83NDU5MTAtODZjNi00M2QxLTk3NjUtNTc4OWRlNDI0YTQy
LzEvSzZIUDExZjFIeV9yZEZDZW5EbS1Sb0JyNWtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBvAQCAAEwgbUDBAU+
5yADBAdOh4ADBAZTjUADBAdVhoAwCwMDBlfAAwQEV8BAMAwDBAFXwFIDBANXwFAw
DAMEBVfAYAMEBFfAwAMEAlfA2DALAwQBV8DeAwMAV8ADBAVX6AAwDAMEBFfokAME
AFfowDAMAwQBV+jCAwQDV+jAAwQEV+jQAwQAV+jhAwQCV+jkMAsDAwJZfAMEBFl8
4AMEAFl89TAMAwQDWXz4AwQCWX/4AwQBWX/+AwQCufc0MA0EAgACMAcDBQAgAU1o
MA0GCSqGSIb3DQEBCwUAA4IBAQCP8ja5ERS2Q+zPzFjHLAnap0dAAWtO/i2h+Mbe
AQ+t0kFK23n41k+P5sakfSwmusydEixEQsJoCUmO2+QjJEpwfLHVQKxG2FJVNlT+
rRR8dWlkwkGuWBCJIpLm/Nbwj0UAzUvLTVV6d/g5UaUMYNpmJLtOGsW+jH2Ye6gJ
dHGdTnRJD9FwsYjOIWUvGcLiuhtygOCU/Td8WmaNzRtSMm9G86BEQ/FaRBFiY8wf
AndTDEBhv1kFUv+1XHMQbbQ+YAsx3d4ABfnpNImRnHyOHLCZ9wQKg1fsd+OixHZ7
3uw9hCJy3w6z4LvQnNr4BfggaAfKwcfTZC4FeDK1E3BDxgLN
-----END CERTIFICATE-----
Generated at Sun Jun 8 06:16:13 2025 by rpki-client