Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/emliX5WjOepNL0adOGCKcff-fYk.roa
File: emliX5WjOepNL0adOGCKcff-fYk.roa (raw, json)
Hash identifier: be7sz6rLIHvuCZHtz9H6wNqTdlWo02oM+ZbQfckq8wE=
Subject key identifier: 7A:69:62:5F:95:A3:39:EA:4D:2F:46:9D:38:60:8A:71:F7:FE:7D:89
Certificate issuer: /CN=2ba1cfd757f51f2feb74509e9c39be46806be642
Certificate serial: 01970C03DB117BAC906BE9B5FAAEF616E757
Authority key identifier: 2B:A1:CF:D7:57:F5:1F:2F:EB:74:50:9E:9C:39:BE:46:80:6B:E6:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K6HP11f1Hy_rdFCenDm-RoBr5kI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/emliX5WjOepNL0adOGCKcff-fYk.roa
Signing time: Mon 26 May 2025 09:54:28 +0000
ROA not before: Mon 26 May 2025 09:54:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25441
IP address blocks: 62.231.32.0/19 maxlen: 19
78.135.128.0/17 maxlen: 17
78.135.208.0/21 maxlen: 21
78.135.216.0/21 maxlen: 21
78.135.224.0/21 maxlen: 21
78.135.232.0/21 maxlen: 21
78.135.240.0/21 maxlen: 21
78.135.248.0/21 maxlen: 21
83.141.64.0/18 maxlen: 18
85.134.128.0/17 maxlen: 17
85.134.128.0/21 maxlen: 21
85.134.136.0/21 maxlen: 21
85.134.144.0/21 maxlen: 21
85.134.152.0/21 maxlen: 21
85.134.160.0/21 maxlen: 21
85.134.168.0/21 maxlen: 21
85.134.176.0/21 maxlen: 21
85.134.184.0/21 maxlen: 21
85.134.192.0/21 maxlen: 21
85.134.200.0/21 maxlen: 21
85.134.208.0/21 maxlen: 21
85.134.216.0/21 maxlen: 21
85.134.224.0/21 maxlen: 21
85.134.232.0/21 maxlen: 21
85.134.240.0/21 maxlen: 21
85.134.248.0/21 maxlen: 21
87.192.0.0/18 maxlen: 18
87.192.64.0/20 maxlen: 20
87.192.82.0/23 maxlen: 23
87.192.84.0/22 maxlen: 22
87.192.128.0/18 maxlen: 18
87.192.192.0/20 maxlen: 20
87.192.216.0/22 maxlen: 22
87.192.222.0/23 maxlen: 23
87.192.224.0/19 maxlen: 19
87.232.0.0/19 maxlen: 19
87.232.160.0/19 maxlen: 19
87.232.192.0/24 maxlen: 24
87.232.194.0/23 maxlen: 23
87.232.196.0/22 maxlen: 22
87.232.225.0/24 maxlen: 24
87.232.228.0/22 maxlen: 22
89.124.0.0/17 maxlen: 17
89.124.0.0/24 maxlen: 24
89.124.128.0/18 maxlen: 18
89.124.192.0/19 maxlen: 19
89.124.224.0/20 maxlen: 20
89.124.245.0/24 maxlen: 24
89.124.248.0/21 maxlen: 21
89.125.0.0/16 maxlen: 16
89.126.0.0/16 maxlen: 16
89.126.0.0/22 maxlen: 22
89.126.4.0/22 maxlen: 22
89.126.8.0/22 maxlen: 22
89.126.12.0/22 maxlen: 22
89.126.16.0/22 maxlen: 22
89.126.20.0/22 maxlen: 22
89.126.24.0/22 maxlen: 22
89.126.28.0/22 maxlen: 22
89.127.0.0/17 maxlen: 17
89.127.128.0/18 maxlen: 18
89.127.192.0/19 maxlen: 19
89.127.224.0/20 maxlen: 20
89.127.240.0/21 maxlen: 21
89.127.248.0/22 maxlen: 22
89.127.254.0/23 maxlen: 23
185.247.52.0/22 maxlen: 22
2001:4d68::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:0c:03:db:11:7b:ac:90:6b:e9:b5:fa:ae:f6:16:e7:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ba1cfd757f51f2feb74509e9c39be46806be642
Validity
Not Before: May 26 09:54:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7a69625f95a339ea4d2f469d38608a71f7fe7d89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:06:f9:4e:15:7c:b6:ac:47:46:71:e4:dd:16:
ab:53:d4:33:1b:92:49:52:f6:3f:cc:2d:78:e5:7c:
09:6c:2b:01:71:71:0f:cc:27:6d:83:ce:0c:92:80:
79:e7:02:3b:59:45:02:8c:2f:48:68:60:e8:c1:32:
a0:47:4c:a9:5b:08:79:ee:26:88:0f:ec:2f:1e:01:
af:49:b4:57:84:08:6a:d2:69:5a:1c:9e:fa:c6:4f:
7d:4b:ab:4d:d4:c1:a8:00:a9:98:b9:be:2a:fb:de:
41:1d:45:48:f6:64:fb:f5:b2:57:1c:49:70:70:13:
1a:e2:48:67:c1:ef:65:1e:7c:b1:b3:e0:65:89:0e:
5a:30:cd:91:10:92:08:46:4c:d9:b8:d9:06:c2:f8:
f6:f2:65:ff:82:6d:1f:f2:69:e8:22:30:e8:52:c7:
28:91:8a:48:ce:82:c9:17:ff:8d:7c:7a:4a:d9:39:
60:ae:5e:98:45:bb:68:7c:47:1f:c2:6d:38:64:08:
f9:88:e2:c2:1a:e9:41:c4:f6:72:71:d5:ad:e6:22:
81:6e:09:3d:70:90:82:8d:5e:2a:5e:b1:51:ca:bb:
9c:00:a1:81:cf:47:50:c2:a4:4c:38:06:7b:a1:1a:
ef:d2:40:2a:48:12:7b:ae:e3:5a:27:63:33:c0:10:
2d:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:69:62:5F:95:A3:39:EA:4D:2F:46:9D:38:60:8A:71:F7:FE:7D:89
X509v3 Authority Key Identifier:
keyid:2B:A1:CF:D7:57:F5:1F:2F:EB:74:50:9E:9C:39:BE:46:80:6B:E6:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K6HP11f1Hy_rdFCenDm-RoBr5kI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/emliX5WjOepNL0adOGCKcff-fYk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/745910-86c6-43d1-9765-5789de424a42/1/K6HP11f1Hy_rdFCenDm-RoBr5kI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.231.32.0/19
78.135.128.0/17
83.141.64.0/18
85.134.128.0/17
87.192.0.0-87.192.79.255
87.192.82.0-87.192.87.255
87.192.128.0-87.192.207.255
87.192.216.0/22
87.192.222.0-87.192.255.255
87.232.0.0/19
87.232.160.0-87.232.192.255
87.232.194.0-87.232.199.255
87.232.225.0/24
87.232.228.0/22
89.124.0.0-89.124.239.255
89.124.245.0/24
89.124.248.0-89.127.251.255
89.127.254.0/23
185.247.52.0/22
IPv6:
2001:4d68::/32
Signature Algorithm: sha256WithRSAEncryption
65:f3:75:65:95:d1:50:1d:8e:7b:37:28:ce:3f:f3:b0:d2:73:
29:14:07:2a:8d:df:8b:b0:c6:d3:44:8a:54:8b:cf:a8:6a:a4:
3b:c0:4d:1a:36:0e:27:d0:a9:ec:e0:e5:19:d4:e4:c0:4e:ca:
f3:a1:26:8a:f4:1e:fa:d6:2f:84:5f:b5:f6:f4:0b:ed:49:96:
ed:d1:ea:88:26:d4:a9:3f:81:36:17:83:d4:ac:61:db:e5:de:
09:2c:8e:9d:9a:36:49:e1:35:bb:21:e7:af:0b:ae:08:e9:db:
76:3f:97:39:77:ba:fe:d5:c8:b3:20:09:e9:62:2b:fe:65:29:
c1:bd:4a:fa:3b:43:64:81:c2:32:b6:f2:15:9a:e7:7c:7b:e9:
10:02:d6:50:42:a6:9d:f0:88:bb:59:b2:26:7b:8f:29:09:b0:
47:45:9d:44:53:d1:e9:3d:a4:68:cd:c5:c8:11:8b:66:46:69:
78:bb:40:e4:09:01:5e:11:cb:31:aa:ec:6d:e1:66:3c:a5:84:
71:d2:03:5f:d3:ec:77:0d:36:6e:dd:a8:11:bd:49:97:82:27:
79:b6:84:f4:28:f3:90:98:6e:2c:a6:62:aa:2b:83:2c:19:a6:
db:38:e7:0c:a8:9f:92:ab:ab:bf:fb:6b:ad:cc:fe:83:a9:07:
19:d8:9f:b0
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAZcMA9sRe6yQa+m1+q72FudXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYTFjZmQ3NTdmNTFmMmZlYjc0NTA5ZTljMzliZTQ2ODA2
YmU2NDIwHhcNMjUwNTI2MDk1NDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTY5NjI1Zjk1YTMzOWVhNGQyZjQ2OWQzODYwOGE3MWY3ZmU3ZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAb5ThV8tqxHRnHk3RarU9QzG5JJ
UvY/zC145XwJbCsBcXEPzCdtg84MkoB55wI7WUUCjC9IaGDowTKgR0ypWwh57iaI
D+wvHgGvSbRXhAhq0mlaHJ76xk99S6tN1MGoAKmYub4q+95BHUVI9mT79bJXHElw
cBMa4khnwe9lHnyxs+BliQ5aMM2REJIIRkzZuNkGwvj28mX/gm0f8mnoIjDoUsco
kYpIzoLJF/+NfHpK2Tlgrl6YRbtofEcfwm04ZAj5iOLCGulBxPZycdWt5iKBbgk9
cJCCjV4qXrFRyrucAKGBz0dQwqRMOAZ7oRrv0kAqSBJ7ruNaJ2MzwBAtTQIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFHppYl+VoznqTS9GnThginH3/n2JMB8GA1UdIwQY
MBaAFCuhz9dX9R8v63RQnpw5vkaAa+ZCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzZIUDExZjFIeV9yZEZDZW5EbS1Sb0JyNWtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS83NDU5MTAtODZjNi00M2QxLTk3NjUt
NTc4OWRlNDI0YTQyLzEvZW1saVg1V2pPZXBOTDBhZE9HQ0tjZmYtZllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS83NDU5MTAtODZjNi00M2QxLTk3NjUtNTc4OWRlNDI0YTQy
LzEvSzZIUDExZjFIeV9yZEZDZW5EbS1Sb0JyNWtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBtgQCAAEwga8DBAU+
5yADBAdOh4ADBAZTjUADBAdVhoAwCwMDBlfAAwQEV8BAMAwDBAFXwFIDBANXwFAw
DAMEB1fAgAMEBFfAwAMEAlfA2DALAwQBV8DeAwMAV8ADBAVX6AAwDAMEBVfooAME
AFfowDAMAwQBV+jCAwQDV+jAAwQAV+jhAwQCV+jkMAsDAwJZfAMEBFl84AMEAFl8
9TAMAwQDWXz4AwQCWX/4AwQBWX/+AwQCufc0MA0EAgACMAcDBQAgAU1oMA0GCSqG
SIb3DQEBCwUAA4IBAQBl83VlldFQHY57NyjOP/Ow0nMpFAcqjd+LsMbTRIpUi8+o
aqQ7wE0aNg4n0Kns4OUZ1OTATsrzoSaK9B761i+EX7X29AvtSZbt0eqIJtSpP4E2
F4PUrGHb5d4JLI6dmjZJ4TW7IeevC64I6dt2P5c5d7r+1cizIAnpYiv+ZSnBvUr6
O0NkgcIytvIVmud8e+kQAtZQQqad8Ii7WbIme48pCbBHRZ1EU9HpPaRozcXIEYtm
Rml4u0DkCQFeEcsxquxt4WY8pYRx0gNf0+x3DTZu3agRvUmXgid5toT0KPOQmG4s
pmKqK4MsGabbOOcMqJ+Sq6u/+2utzP6DqQcZ2J+w
-----END CERTIFICATE-----
Generated at Mon Jun 9 05:28:19 2025 by rpki-client