Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/09l8vTMnacWcIcmKcFHczTcwGeE.roa
File: 09l8vTMnacWcIcmKcFHczTcwGeE.roa (raw, json)
Hash identifier: e+XDSBNZK5HPjKcFx7CFZxmYOAdHgAV98oblxbJVmtA=
Subject key identifier: D3:D9:7C:BD:33:27:69:C5:9C:21:C9:8A:70:51:DC:CD:37:30:19:E1
Certificate issuer: /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial: 0195C8FF00FDE9C99FDA721511E93059FC29
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/09l8vTMnacWcIcmKcFHczTcwGeE.roa
Signing time: Mon 24 Mar 2025 16:31:49 +0000
ROA not before: Mon 24 Mar 2025 16:31:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34549
IP address blocks: 5.1.64.0/19 maxlen: 32
5.1.64.0/20 maxlen: 32
5.1.64.0/24 maxlen: 32
5.1.65.0/24 maxlen: 32
5.1.66.0/24 maxlen: 32
5.1.67.0/24 maxlen: 32
5.1.70.0/24 maxlen: 32
5.1.72.0/24 maxlen: 32
5.1.73.0/24 maxlen: 32
5.1.75.0/24 maxlen: 24
5.1.76.0/24 maxlen: 32
5.1.79.0/24 maxlen: 24
5.1.82.0/24 maxlen: 32
5.1.84.0/24 maxlen: 32
5.1.85.0/24 maxlen: 32
5.1.86.0/24 maxlen: 32
5.1.87.0/24 maxlen: 32
5.1.89.0/24 maxlen: 32
5.1.90.0/24 maxlen: 32
5.1.91.0/24 maxlen: 32
5.1.93.0/24 maxlen: 32
5.1.94.0/23 maxlen: 32
5.1.94.0/24 maxlen: 32
31.47.232.0/21 maxlen: 32
45.155.248.0/22 maxlen: 22
80.77.16.0/20 maxlen: 32
80.77.16.0/24 maxlen: 32
80.77.31.254/32 maxlen: 32
83.243.40.0/21 maxlen: 32
83.243.41.0/24 maxlen: 24
83.243.44.0/24 maxlen: 32
83.243.45.0/24 maxlen: 32
83.243.45.114/32 maxlen: 32
83.243.46.0/24 maxlen: 32
83.243.46.83/32 maxlen: 32
83.243.47.0/24 maxlen: 32
94.247.40.0/21 maxlen: 32
94.247.45.0/24 maxlen: 32
94.247.46.0/24 maxlen: 32
178.251.224.0/21 maxlen: 21
178.251.224.0/22 maxlen: 32
178.251.225.0/24 maxlen: 32
178.251.228.0/23 maxlen: 32
178.251.229.0/24 maxlen: 32
178.251.230.0/23 maxlen: 32
178.251.230.0/24 maxlen: 32
185.37.144.0/22 maxlen: 32
185.37.144.0/24 maxlen: 24
185.37.145.0/24 maxlen: 32
185.37.147.0/24 maxlen: 32
185.44.104.0/22 maxlen: 32
185.44.106.0/24 maxlen: 32
185.44.107.0/24 maxlen: 32
185.90.160.0/22 maxlen: 32
185.90.160.0/23 maxlen: 32
185.90.160.0/24 maxlen: 32
185.90.161.0/24 maxlen: 32
185.90.162.0/24 maxlen: 32
185.90.163.0/24 maxlen: 32
185.150.96.0/22 maxlen: 32
195.10.195.0/24 maxlen: 32
2a00:f820::/29 maxlen: 29
2a01:360::/29 maxlen: 29
2a01:360::/32 maxlen: 32
2a07:6fc0::/29 maxlen: 48
2a07:6fc0:452::/48 maxlen: 48
2a0f:b80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:c8:ff:00:fd:e9:c9:9f:da:72:15:11:e9:30:59:fc:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Validity
Not Before: Mar 24 16:31:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d3d97cbd332769c59c21c98a7051dccd373019e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:00:b5:7c:ce:51:95:fb:48:05:f9:ee:9d:12:
a3:a4:06:7b:9e:80:29:26:9d:c1:cb:2c:46:3b:64:
8a:3c:f6:95:ee:d1:89:13:80:c7:24:f3:a4:c1:12:
79:fa:67:8a:9b:a3:be:a8:ce:e8:c1:88:49:83:ca:
bf:b8:dd:5d:89:27:95:c6:a8:4e:cd:51:51:41:b3:
2d:7d:c4:bf:1a:8c:70:f4:92:fa:bb:2f:19:cb:bf:
0c:a0:38:a6:21:98:7d:81:89:fe:9f:0c:c0:48:a8:
a1:da:36:25:22:e0:b8:80:cb:39:af:44:70:85:39:
c7:48:0c:67:fd:36:84:67:3c:33:83:c2:c9:e0:6c:
d1:6c:b0:64:12:b1:c4:66:6d:fe:37:69:e6:a2:34:
df:f0:15:b2:40:88:e9:70:5d:9d:39:fc:70:f5:53:
6a:a2:4d:67:d0:6f:ed:a9:6c:e2:fa:60:b7:ca:bc:
db:b4:91:f8:3f:07:5f:66:b4:32:b1:8b:1a:76:b8:
29:c8:4e:78:35:20:38:c8:ef:ed:00:48:3c:8e:4a:
44:a6:69:78:cf:b0:c7:4b:f0:fd:40:8e:70:d7:e0:
50:b5:f1:c8:5e:97:9f:ef:43:db:87:a1:53:e0:ad:
a3:de:15:e5:dc:12:5a:eb:76:2b:af:33:b6:b7:62:
fb:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:D9:7C:BD:33:27:69:C5:9C:21:C9:8A:70:51:DC:CD:37:30:19:E1
X509v3 Authority Key Identifier:
keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/09l8vTMnacWcIcmKcFHczTcwGeE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.64.0/19
31.47.232.0/21
45.155.248.0/22
80.77.16.0/20
83.243.40.0/21
94.247.40.0/21
178.251.224.0/21
185.37.144.0/22
185.44.104.0/22
185.90.160.0/22
185.150.96.0/22
195.10.195.0/24
IPv6:
2a00:f820::/29
2a01:360::/29
2a07:6fc0::/29
2a0f:b80::/29
Signature Algorithm: sha256WithRSAEncryption
86:e5:8b:95:8b:6c:e8:3b:32:5b:7f:49:f4:de:08:7a:f5:81:
37:c0:6c:c7:93:3b:2a:9f:13:17:e3:98:c0:e7:81:43:03:30:
f3:8d:7e:97:0b:67:aa:72:34:4e:08:bc:c4:0d:c9:46:13:84:
14:68:8c:61:98:ca:43:a0:3e:ca:f9:6a:2f:4a:4d:39:a2:44:
2c:c5:b0:4a:c1:6f:87:a9:82:aa:b3:c8:d9:08:f7:00:7e:b7:
cc:98:d6:3c:c6:75:10:f6:91:63:94:27:ce:92:7c:fc:12:82:
ad:78:a3:70:b6:c9:48:26:10:9b:12:d0:85:87:97:6e:b6:ac:
42:6b:79:f0:7a:bc:97:2e:ca:b3:c4:47:d1:d6:4b:5d:4d:42:
5f:5a:b5:41:ef:bb:c8:1a:8b:0a:04:b1:01:fe:75:bd:e4:80:
37:05:55:ef:90:ad:95:7a:8d:63:14:07:8b:21:48:2c:ae:31:
38:48:40:24:f6:93:9e:43:46:3f:c5:c5:6a:57:cd:a2:6d:1a:
9b:7c:3a:f5:13:91:5c:cc:5a:34:20:5e:4b:88:21:61:ed:eb:
ed:5d:bf:a1:f1:d7:a6:71:62:2c:29:88:29:45:82:64:bc:76:
30:5e:e6:f2:18:16:1b:f6:e2:df:9f:9b:58:84:fe:55:f4:67:
4f:2b:5e:3b
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAZXI/wD96cmf2nIVEekwWfwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMzI0MTYzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Q5N2NiZDMzMjc2OWM1OWMyMWM5OGE3MDUxZGNjZDM3MzAxOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wC1fM5RlftIBfnunRKjpAZ7noAp
Jp3ByyxGO2SKPPaV7tGJE4DHJPOkwRJ5+meKm6O+qM7owYhJg8q/uN1diSeVxqhO
zVFRQbMtfcS/Goxw9JL6uy8Zy78MoDimIZh9gYn+nwzASKih2jYlIuC4gMs5r0Rw
hTnHSAxn/TaEZzwzg8LJ4GzRbLBkErHEZm3+N2nmojTf8BWyQIjpcF2dOfxw9VNq
ok1n0G/tqWzi+mC3yrzbtJH4PwdfZrQysYsadrgpyE54NSA4yO/tAEg8jkpEpml4
z7DHS/D9QI5w1+BQtfHIXpef70Pbh6FT4K2j3hXl3BJa63YrrzO2t2L7qQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFNPZfL0zJ2nFnCHJinBR3M03MBnhMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvMDlsOHZUTW5hY1djSWNtS2NGSGN6VGN3R2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwTgQCAAEwSAMEBQUBQAME
Ax8v6AMEAi2b+AMEBFBNEAMEA1PzKAMEA173KAMEA7L74AMEArklkAMEArksaAME
ArlaoAMEArmWYAMEAMMKwzAiBAIAAjAcAwUDKgD4IAMFAyoBA2ADBQMqB2/AAwUD
Kg8LgDANBgkqhkiG9w0BAQsFAAOCAQEAhuWLlYts6DsyW39J9N4IevWBN8Bsx5M7
Kp8TF+OYwOeBQwMw841+lwtnqnI0Tgi8xA3JRhOEFGiMYZjKQ6A+yvlqL0pNOaJE
LMWwSsFvh6mCqrPI2Qj3AH63zJjWPMZ1EPaRY5QnzpJ8/BKCrXijcLbJSCYQmxLQ
hYeXbrasQmt58Hq8ly7Ks8RH0dZLXU1CX1q1Qe+7yBqLCgSxAf51veSANwVV75Ct
lXqNYxQHiyFILK4xOEhAJPaTnkNGP8XFalfNom0am3w69RORXMxaNCBeS4ghYe3r
7V2/ofHXpnFiLCmIKUWCZLx2MF7m8hgWG/bi35+bWIT+VfRnTyteOw==
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:08:55 2025 by rpki-client