Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/2KcMZczIZuxywRfmS836Vzhfec4.roa
File: 2KcMZczIZuxywRfmS836Vzhfec4.roa (raw, json)
Hash identifier: iqkctYuFBw8PPgvGr0tveW5gQykmU/AYIjIivljbm0w=
Subject key identifier: D8:A7:0C:65:CC:C8:66:EC:72:C1:17:E6:4B:CD:FA:57:38:5F:79:CE
Certificate issuer: /CN=72e81fb5cf0fb32c4575f8413acbd41aa84b82f4
Certificate serial: 0188F6AC77E97043D87FDA8791728CB96EB1
Authority key identifier: 72:E8:1F:B5:CF:0F:B3:2C:45:75:F8:41:3A:CB:D4:1A:A8:4B:82:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cugftc8PsyxFdfhBOsvUGqhLgvQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/2KcMZczIZuxywRfmS836Vzhfec4.roa
Signing time: Mon 26 Jun 2023 07:47:58 +0000
ROA not before: Mon 26 Jun 2023 07:47:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15695
IP address blocks: 195.238.244.0/24 maxlen: 24
37.26.224.0/24 maxlen: 24
37.26.226.0/24 maxlen: 24
37.26.225.0/24 maxlen: 24
37.26.231.0/24 maxlen: 24
37.26.230.0/24 maxlen: 24
37.26.229.0/24 maxlen: 24
37.26.228.0/24 maxlen: 24
37.26.227.0/24 maxlen: 24
63.247.206.0/24 maxlen: 24
63.247.205.0/24 maxlen: 24
63.247.204.0/24 maxlen: 24
63.247.203.0/24 maxlen: 24
63.247.202.0/24 maxlen: 24
63.247.201.0/24 maxlen: 24
63.247.200.0/24 maxlen: 24
63.247.207.0/24 maxlen: 24
91.103.17.0/24 maxlen: 24
91.103.16.0/24 maxlen: 24
91.103.19.0/24 maxlen: 24
91.103.18.0/24 maxlen: 24
91.103.23.0/24 maxlen: 24
91.103.21.0/24 maxlen: 24
86.48.240.0/24 maxlen: 24
185.62.118.0/24 maxlen: 24
185.62.117.0/24 maxlen: 24
185.62.116.0/24 maxlen: 24
63.247.192.0/24 maxlen: 24
185.62.119.0/24 maxlen: 24
63.247.199.0/24 maxlen: 24
63.247.198.0/24 maxlen: 24
63.247.197.0/24 maxlen: 24
63.247.196.0/24 maxlen: 24
63.247.195.0/24 maxlen: 24
63.247.194.0/24 maxlen: 24
63.247.193.0/24 maxlen: 24
45.93.85.0/24 maxlen: 24
45.93.84.0/24 maxlen: 24
45.93.87.0/24 maxlen: 24
193.160.135.0/24 maxlen: 24
193.160.134.0/24 maxlen: 24
45.81.223.0/24 maxlen: 24
45.81.222.0/24 maxlen: 24
45.81.221.0/24 maxlen: 24
45.81.220.0/24 maxlen: 24
45.95.219.0/24 maxlen: 24
45.95.218.0/24 maxlen: 24
45.95.217.0/24 maxlen: 24
45.95.216.0/24 maxlen: 24
5.253.89.0/24 maxlen: 24
5.253.88.0/24 maxlen: 24
5.253.91.0/24 maxlen: 24
5.253.90.0/24 maxlen: 24
45.94.190.0/24 maxlen: 24
216.172.64.0/24 maxlen: 24
216.172.67.0/24 maxlen: 24
216.172.66.0/24 maxlen: 24
216.172.65.0/24 maxlen: 24
216.172.71.0/24 maxlen: 24
216.172.70.0/24 maxlen: 24
216.172.69.0/24 maxlen: 24
216.172.68.0/24 maxlen: 24
216.172.74.0/24 maxlen: 24
216.172.73.0/24 maxlen: 24
216.172.72.0/24 maxlen: 24
216.172.78.0/24 maxlen: 24
216.172.77.0/24 maxlen: 24
216.172.76.0/24 maxlen: 24
216.172.75.0/24 maxlen: 24
216.172.79.0/24 maxlen: 24
2a00:cb8:971::/48 maxlen: 48
2a00:cb8:31::/48 maxlen: 48
2a00:cb8:34::/48 maxlen: 48
2a00:cb8:48::/48 maxlen: 48
2a00:cb8:41::/48 maxlen: 48
2a00:cb8:44::/48 maxlen: 48
2a00:cb8:144::/48 maxlen: 48
2a00:cb8:33::/48 maxlen: 48
2a00:cb8:39::/48 maxlen: 48
2a00:cb8:49::/48 maxlen: 48
2a00:cb8:353::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:f6:ac:77:e9:70:43:d8:7f:da:87:91:72:8c:b9:6e:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72e81fb5cf0fb32c4575f8413acbd41aa84b82f4
Validity
Not Before: Jun 26 07:47:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8a70c65ccc866ec72c117e64bcdfa57385f79ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:1d:29:ac:f2:4a:9a:cd:59:f0:00:d1:05:8c:
96:2e:fe:47:1d:1b:53:ba:b6:ef:dc:a9:7a:f8:a5:
75:e0:78:9a:a6:6d:35:c0:f2:15:21:4a:8e:ab:ae:
4f:5b:69:5d:01:2a:35:85:38:69:6a:85:ab:cb:55:
9d:48:a9:76:71:5e:dc:8f:9a:0a:9b:1d:67:0e:52:
fd:10:ad:74:68:51:d5:f4:fe:0e:4f:29:9b:1a:9b:
c0:08:13:25:ed:32:e2:8f:d5:1a:43:f1:40:2e:8f:
3b:67:93:21:36:45:aa:31:de:05:20:5a:b2:42:7f:
d3:6b:56:ea:c1:90:27:08:97:cf:2b:0e:ac:5b:2f:
22:f3:b6:e3:ff:42:be:1a:26:d9:d4:8f:53:9e:5e:
e6:af:5d:87:1b:61:92:50:30:06:86:99:db:76:3b:
cd:82:5f:92:1d:d1:34:f7:0c:63:59:d2:53:d0:73:
91:00:0b:aa:5d:4a:ca:a7:68:c5:8a:11:72:14:ae:
e4:c6:0a:a2:26:b2:67:36:71:5e:89:0b:c4:06:d1:
cd:e2:56:42:d6:be:2b:9b:f2:a0:71:1a:87:9b:e7:
8c:73:6c:0f:fc:80:39:35:11:8a:0d:c8:fd:f9:cf:
34:c5:d9:be:94:56:1b:44:f8:bf:88:4a:d4:8c:03:
ab:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:A7:0C:65:CC:C8:66:EC:72:C1:17:E6:4B:CD:FA:57:38:5F:79:CE
X509v3 Authority Key Identifier:
keyid:72:E8:1F:B5:CF:0F:B3:2C:45:75:F8:41:3A:CB:D4:1A:A8:4B:82:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cugftc8PsyxFdfhBOsvUGqhLgvQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/2KcMZczIZuxywRfmS836Vzhfec4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/cugftc8PsyxFdfhBOsvUGqhLgvQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.88.0/22
37.26.224.0/21
45.81.220.0/22
45.93.84.0/23
45.93.87.0/24
45.94.190.0/24
45.95.216.0/22
63.247.192.0/20
86.48.240.0/24
91.103.16.0/22
91.103.21.0/24
91.103.23.0/24
185.62.116.0/22
193.160.134.0/23
195.238.244.0/24
216.172.64.0/20
IPv6:
2a00:cb8:31::/48
2a00:cb8:33::-2a00:cb8:34:ffff:ffff:ffff:ffff:ffff
2a00:cb8:39::/48
2a00:cb8:41::/48
2a00:cb8:44::/48
2a00:cb8:48::/47
2a00:cb8:144::/48
2a00:cb8:353::/48
2a00:cb8:971::/48
Signature Algorithm: sha256WithRSAEncryption
61:79:68:37:6a:07:87:19:2c:6b:b1:3e:bf:d5:9a:21:1f:11:
a1:98:57:e0:36:06:14:bf:83:4a:99:89:4c:2a:46:ef:86:bf:
9c:32:16:b5:0a:e9:68:a6:20:89:f6:97:81:7e:79:e9:0b:26:
2d:1c:eb:b7:f6:c9:25:15:44:69:f0:f3:48:4d:d5:35:71:ee:
71:7c:66:76:76:d7:31:22:d7:44:70:10:4a:1e:17:3f:be:b2:
e4:58:a9:7e:a3:e2:97:67:c3:68:99:e8:86:34:22:02:ff:24:
e7:13:ca:92:82:66:df:da:2b:78:ab:c7:4e:37:01:f3:ed:98:
6f:07:08:7d:61:27:61:62:87:e7:28:2c:07:dc:16:b0:ec:1c:
63:aa:78:62:09:c8:a8:e4:9c:23:23:ad:a2:d3:a9:ab:8a:46:
0c:7e:69:91:0e:71:b4:50:bd:b1:c7:b1:97:a8:05:f2:97:f5:
ef:a6:50:21:ca:87:a0:04:23:03:14:64:a7:04:4f:87:06:fe:
a6:4e:4b:fb:6c:41:5a:56:d6:3b:21:d3:c0:21:c4:ae:7e:c4:
e2:b1:da:a1:21:53:bd:76:b9:fb:4e:8c:d4:ec:2e:2a:10:f5:
a9:f2:b1:05:3f:3a:44:a0:7d:1c:de:d0:48:6c:34:97:78:7f:
88:b1:f8:e6
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAYj2rHfpcEPYf9qHkXKMuW6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTgxZmI1Y2YwZmIzMmM0NTc1Zjg0MTNhY2JkNDFhYTg0
YjgyZjQwHhcNMjMwNjI2MDc0NzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE3MGM2NWNjYzg2NmVjNzJjMTE3ZTY0YmNkZmE1NzM4NWY3OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR0prPJKms1Z8ADRBYyWLv5HHRtT
urbv3Kl6+KV14Hiapm01wPIVIUqOq65PW2ldASo1hThpaoWry1WdSKl2cV7cj5oK
mx1nDlL9EK10aFHV9P4OTymbGpvACBMl7TLij9UaQ/FALo87Z5MhNkWqMd4FIFqy
Qn/Ta1bqwZAnCJfPKw6sWy8i87bj/0K+GibZ1I9Tnl7mr12HG2GSUDAGhpnbdjvN
gl+SHdE09wxjWdJT0HORAAuqXUrKp2jFihFyFK7kxgqiJrJnNnFeiQvEBtHN4lZC
1r4rm/KgcRqHm+eMc2wP/IA5NRGKDcj9+c80xdm+lFYbRPi/iErUjAOrowIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFNinDGXMyGbscsEX5kvN+lc4X3nOMB8GA1UdIwQY
MBaAFHLoH7XPD7MsRXX4QTrL1BqoS4L0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VnZnRjOFBzeXhGZGZoQk9zdlVHcWhMZ3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9mMDY4YTctNWY4Yy00ZjMyLWFiOTQt
Y2RhNmUxOWZmYjg4LzEvMktjTVpjekladXh5d1JmbVM4MzZWemhmZWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9mMDY4YTctNWY4Yy00ZjMyLWFiOTQtY2RhNmUxOWZmYjg4
LzEvY3VnZnRjOFBzeXhGZGZoQk9zdlVHcWhMZ3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDBmBAIAATBgAwQCBf1Y
AwQDJRrgAwQCLVHcAwQBLV1UAwQALV1XAwQALV6+AwQCLV/YAwQEP/fAAwQAVjDw
AwQCW2cQAwQAW2cVAwQAW2cXAwQCuT50AwQBwaCGAwQAw+70AwQE2KxAMGIEAgAC
MFwDBwAqAAy4ADEwEgMHACoADLgAMwMHACoADLgANAMHACoADLgAOQMHACoADLgA
QQMHACoADLgARAMHASoADLgASAMHACoADLgBRAMHACoADLgDUwMHACoADLgJcTAN
BgkqhkiG9w0BAQsFAAOCAQEAYXloN2oHhxksa7E+v9WaIR8RoZhX4DYGFL+DSpmJ
TCpG74a/nDIWtQrpaKYgifaXgX556QsmLRzrt/bJJRVEafDzSE3VNXHucXxmdnbX
MSLXRHAQSh4XP76y5FipfqPil2fDaJnohjQiAv8k5xPKkoJm39oreKvHTjcB8+2Y
bwcIfWEnYWKH5ygsB9wWsOwcY6p4YgnIqOScIyOtotOpq4pGDH5pkQ5xtFC9scex
l6gF8pf176ZQIcqHoAQjAxRkpwRPhwb+pk5L+2xBWlbWOyHTwCHErn7E4rHaoSFT
vXa5+06M1OwuKhD1qfKxBT86RKB9HN7QSGw0l3h/iLH45g==
-----END CERTIFICATE-----
Generated at Tue May 13 06:16:20 2025 by rpki-client