Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/B8940NEUNIeSOH-w0Rh_3ogaY3U.roa
File: B8940NEUNIeSOH-w0Rh_3ogaY3U.roa (raw, json)
Hash identifier: KgIU/c/ubs+Rysr4XYHzu4TaPf+wrTt1KFDpuDlgIUc=
Subject key identifier: 07:CF:78:D0:D1:14:34:87:92:38:7F:B0:D1:18:7F:DE:88:1A:63:75
Certificate issuer: /CN=d038c338b128f83adec2f69d93c32c5353ca0398
Certificate serial: 019B7BA528DFC4EB6615A3E3174FC2728484
Authority key identifier: D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/B8940NEUNIeSOH-w0Rh_3ogaY3U.roa
Signing time: Thu 01 Jan 2026 22:19:40 +0000
ROA not before: Thu 01 Jan 2026 22:19:40 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 559
IP address blocks: 89.206.64.0/18 maxlen: 18
130.60.0.0/16 maxlen: 16
185.207.116.0/24 maxlen: 24
185.207.117.0/24 maxlen: 24
185.207.118.0/23 maxlen: 24
192.12.247.0/24 maxlen: 24
192.41.132.0/22 maxlen: 22
192.41.136.0/24 maxlen: 24
2001:67c:16dc::/48 maxlen: 48
2a0b:2040::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:a5:28:df:c4:eb:66:15:a3:e3:17:4f:c2:72:84:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d038c338b128f83adec2f69d93c32c5353ca0398
Validity
Not Before: Jan 1 22:19:40 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=07cf78d0d114348792387fb0d1187fde881a6375
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:fd:2a:89:8a:e0:22:26:66:ef:3b:6f:53:28:
b8:f8:63:b7:a4:48:39:bb:64:25:21:87:fb:6c:b4:
ed:a1:72:db:c2:a7:5b:e1:ad:b5:9a:9c:a2:08:25:
67:df:95:0b:35:09:7c:68:04:71:42:30:73:7c:16:
0b:b8:d4:a8:c0:c5:80:12:8f:6b:96:36:50:27:b8:
4b:1b:d4:ab:56:ec:d6:e6:24:d1:34:7e:4f:63:27:
7c:9c:f1:7c:85:a8:7e:8e:47:33:65:2a:8c:3c:bc:
ef:07:3d:01:d1:3b:bf:09:20:0d:ac:a1:a0:dd:85:
20:9a:73:f9:93:a6:cf:9c:87:f1:23:9d:dd:88:c2:
7f:9a:4c:03:0e:39:c4:86:69:54:a3:c4:d3:12:0c:
f2:2f:b2:4e:44:84:d7:1a:28:ae:76:3c:34:5c:5b:
fd:af:28:6d:2e:bc:91:68:e7:c0:44:98:ab:5b:27:
e0:ea:22:81:fa:06:60:63:68:b0:40:85:8a:9b:1a:
58:60:df:38:c1:db:59:be:bf:64:19:49:57:fe:13:
fc:a0:d7:ff:d6:f3:ad:dd:b4:d0:69:71:6a:88:ec:
bc:f4:8a:27:dc:ed:f6:a1:c9:ae:f6:99:77:62:0f:
51:0b:8e:f3:d8:d5:8c:b5:d0:92:3f:ff:47:ba:77:
93:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:CF:78:D0:D1:14:34:87:92:38:7F:B0:D1:18:7F:DE:88:1A:63:75
X509v3 Authority Key Identifier:
keyid:D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/B8940NEUNIeSOH-w0Rh_3ogaY3U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/0DjDOLEo-Drewvadk8MsU1PKA5g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.206.64.0/18
130.60.0.0/16
185.207.116.0/22
192.12.247.0/24
192.41.132.0-192.41.136.255
IPv6:
2001:67c:16dc::/48
2a0b:2040::/29
Signature Algorithm: sha256WithRSAEncryption
67:54:c4:ea:e4:4f:60:5c:e4:f4:c9:f2:4c:2e:d1:5d:03:d5:
18:08:03:d6:a1:50:0a:01:83:ba:3f:43:1e:0e:d9:e3:9f:ac:
9e:07:15:aa:6a:b9:26:79:ff:b4:05:bb:e1:1a:70:c4:da:86:
75:92:96:6d:17:dc:bb:02:5d:ca:2a:7d:c2:53:5c:9c:10:ef:
22:e1:9f:ab:cc:15:f7:49:37:ec:44:5c:60:a0:24:de:b4:15:
fd:50:44:85:ac:1a:3f:76:40:92:98:91:5b:1d:49:f1:1b:2c:
78:5c:33:67:9f:75:d2:bb:b7:d8:8c:ef:08:81:a1:2a:8b:78:
98:02:3c:e1:9e:e7:e1:24:40:ef:a8:17:0a:09:c8:b6:4b:2a:
6f:fe:8b:db:68:28:a5:d5:84:af:76:e6:71:a8:e1:75:0a:86:
a5:a8:db:fd:e5:38:6f:5e:d3:9d:e4:0f:2c:85:0a:51:36:2c:
4a:f8:ac:0c:82:4a:db:6d:a6:ab:5c:b3:3b:d5:b7:dc:aa:b3:
5a:4c:97:e0:f5:91:f2:19:bf:bf:52:9c:b1:1f:9e:8b:c6:a1:
e7:b7:bd:3f:6c:06:6e:f7:82:83:8a:b1:7b:83:a5:65:c4:c9:
13:aa:c0:4d:b2:ad:69:45:16:79:69:1a:98:40:50:5f:a1:08:
00:b8:53:0f
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZt7pSjfxOtmFaPjF0/CcoSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMzhjMzM4YjEyOGY4M2FkZWMyZjY5ZDkzYzMyYzUzNTNj
YTAzOTgwHhcNMjYwMTAxMjIxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2NmNzhkMGQxMTQzNDg3OTIzODdmYjBkMTE4N2ZkZTg4MWE2Mzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnP0qiYrgIiZm7ztvUyi4+GO3pEg5
u2QlIYf7bLTtoXLbwqdb4a21mpyiCCVn35ULNQl8aARxQjBzfBYLuNSowMWAEo9r
ljZQJ7hLG9SrVuzW5iTRNH5PYyd8nPF8hah+jkczZSqMPLzvBz0B0Tu/CSANrKGg
3YUgmnP5k6bPnIfxI53diMJ/mkwDDjnEhmlUo8TTEgzyL7JORITXGiiudjw0XFv9
ryhtLryRaOfARJirWyfg6iKB+gZgY2iwQIWKmxpYYN84wdtZvr9kGUlX/hP8oNf/
1vOt3bTQaXFqiOy89Ion3O32ocmu9pl3Yg9RC47z2NWMtdCSP/9HuneTjQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFAfPeNDRFDSHkjh/sNEYf96IGmN1MB8GA1UdIwQY
MBaAFNA4wzixKPg63sL2nZPDLFNTygOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDkt
OWJmOGIxZWYyZTk2LzEvQjg5NDBORVVOSWVTT0gtdzBSaF8zb2dhWTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDktOWJmOGIxZWYyZTk2
LzEvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTArBAIAATAlAwQGWc5AAwMA
gjwDBAK5z3QDBADADPcwDAMEAsAphAMEAMApiDAWBAIAAjAQAwcAIAEGfBbcAwUD
KgsgQDANBgkqhkiG9w0BAQsFAAOCAQEAZ1TE6uRPYFzk9MnyTC7RXQPVGAgD1qFQ
CgGDuj9DHg7Z45+sngcVqmq5Jnn/tAW74RpwxNqGdZKWbRfcuwJdyip9wlNcnBDv
IuGfq8wV90k37ERcYKAk3rQV/VBEhawaP3ZAkpiRWx1J8RsseFwzZ5910ru32Izv
CIGhKot4mAI84Z7n4SRA76gXCgnItksqb/6L22gopdWEr3bmcajhdQqGpajb/eU4
b17TneQPLIUKUTYsSvisDIJK222mq1yzO9W33KqzWkyX4PWR8hm/v1KcsR+ei8ah
57e9P2wGbveCg4qxe4OlZcTJE6rATbKtaUUWeWkamEBQX6EIALhTDw==
-----END CERTIFICATE-----
Generated at Sat Mar 7 02:27:28 2026 by rpki-client