Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/OB5qwfHL18WueIqvNTfWp6yps-s.roa
File: OB5qwfHL18WueIqvNTfWp6yps-s.roa (raw, json)
Hash identifier: EWMoh3PAwNWFBmfnnT8qq0RIu6IKQB1vuu7rBjstsek=
Subject key identifier: 38:1E:6A:C1:F1:CB:D7:C5:AE:78:8A:AF:35:37:D6:A7:AC:A9:B3:EB
Certificate issuer: /CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Certificate serial: 0194221F2D9C4EB3178C646F937253D0D6F2
Authority key identifier: CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/OB5qwfHL18WueIqvNTfWp6yps-s.roa
Signing time: Wed 01 Jan 2025 13:47:35 +0000
ROA not before: Wed 01 Jan 2025 13:47:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29611
IP address blocks: 185.138.196.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:2d:9c:4e:b3:17:8c:64:6f:93:72:53:d0:d6:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Validity
Not Before: Jan 1 13:47:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=381e6ac1f1cbd7c5ae788aaf3537d6a7aca9b3eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:42:5e:d0:97:a7:f1:61:02:bc:8e:6c:fa:a1:
3d:69:ca:a4:98:42:ae:61:3b:5e:f1:15:e2:fb:9f:
c6:b0:b5:e0:6a:a7:a6:26:f7:41:40:3e:7f:7e:3a:
8d:6c:a3:65:6c:4c:35:79:6b:16:03:ca:40:1a:02:
1a:9d:7f:15:74:f6:74:19:b9:26:cd:d2:85:07:d5:
9b:4b:61:26:1a:a7:20:f2:bb:61:47:47:bd:08:7a:
2a:c1:51:48:48:df:d6:f2:4e:a3:a3:2a:d9:80:f3:
61:f0:d0:01:d5:62:0c:31:6d:45:f3:fd:bb:de:19:
e0:a5:39:ff:ce:3c:15:73:ff:c6:00:d9:f1:cb:ea:
1a:9d:78:b1:30:f0:ca:93:b5:fa:c0:46:b8:2f:82:
84:ca:1f:a6:50:8b:64:f6:2f:e6:6b:67:53:51:e9:
c5:db:eb:e7:81:6f:e1:0e:cd:ce:0d:37:9c:7c:52:
47:c6:9d:ce:d5:59:ea:13:ec:f9:7e:ec:8c:3b:0e:
68:7a:7a:90:a7:41:62:92:65:fd:01:5c:31:0a:4a:
65:cd:72:d7:18:3d:8d:d8:ff:35:47:03:30:2b:28:
b1:40:b3:0a:40:c2:1a:b6:94:64:22:f8:c3:01:c9:
f4:b0:99:db:63:c5:ae:50:5a:c9:35:58:dc:2b:88:
0a:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:1E:6A:C1:F1:CB:D7:C5:AE:78:8A:AF:35:37:D6:A7:AC:A9:B3:EB
X509v3 Authority Key Identifier:
keyid:CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/OB5qwfHL18WueIqvNTfWp6yps-s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.138.196.0/23
Signature Algorithm: sha256WithRSAEncryption
0d:70:27:08:38:00:74:82:9b:e9:f9:aa:ed:3b:d2:72:4d:35:
29:5e:d9:8b:55:d1:3a:2e:f2:1e:ca:05:16:d0:0b:07:ba:07:
27:60:ca:ce:1f:3b:66:01:b4:b3:26:b1:7f:42:3b:1f:bf:46:
7f:d8:22:7a:ad:64:50:bd:0a:c5:bf:7e:ae:59:53:90:d1:59:
77:82:37:13:e0:ef:26:e8:0e:be:b5:08:8a:a8:be:5e:8b:8f:
68:d6:86:fc:41:4a:e1:16:52:54:3c:f9:9d:f3:a0:de:26:7b:
ae:e9:95:6d:43:39:10:43:b8:45:4c:2c:82:7b:72:25:86:41:
fc:81:21:fe:2d:d4:bf:79:a3:cc:e8:d1:7f:7e:c9:e6:78:59:
3c:a6:7b:6b:34:0a:03:a0:9d:9a:f5:24:a8:0b:1f:b8:5a:7a:
50:67:a5:cd:9b:cb:63:e7:8b:d2:9d:e1:d2:a0:14:b0:f3:74:
9f:5b:6d:71:d5:e8:53:37:7a:c5:16:b3:21:2d:e2:fa:57:76:
4c:f1:22:29:52:f9:54:f2:61:31:80:02:33:f4:d2:0f:87:94:
79:be:0d:85:8b:72:d0:4e:1a:26:99:9d:6a:92:41:5b:ba:ec:
38:2d:f1:df:f3:bb:a0:61:79:14:5b:82:69:c5:2f:b3:e3:b6:
b3:1e:16:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiHy2cTrMXjGRvk3JT0NbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTYyNTU0MWFiZTZiNWFlOTI2NjcxZGFhOThhYzZkODA5
NGVjN2IwHhcNMjUwMTAxMTM0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODFlNmFjMWYxY2JkN2M1YWU3ODhhYWYzNTM3ZDZhN2FjYTliM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUJe0Jen8WECvI5s+qE9acqkmEKu
YTte8RXi+5/GsLXgaqemJvdBQD5/fjqNbKNlbEw1eWsWA8pAGgIanX8VdPZ0Gbkm
zdKFB9WbS2EmGqcg8rthR0e9CHoqwVFISN/W8k6joyrZgPNh8NAB1WIMMW1F8/27
3hngpTn/zjwVc//GANnxy+oanXixMPDKk7X6wEa4L4KEyh+mUItk9i/ma2dTUenF
2+vngW/hDs3ODTecfFJHxp3O1VnqE+z5fuyMOw5oenqQp0FikmX9AVwxCkplzXLX
GD2N2P81RwMwKyixQLMKQMIatpRkIvjDAcn0sJnbY8WuUFrJNVjcK4gKIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgeasHxy9fFrniKrzU31qesqbPrMB8GA1UdIwQY
MBaAFM+WJVQavmta6SZnHaqYrG2AlOx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2Et
NTlhNTg3YmRlYTNmLzEvT0I1cXdmSEwxOFd1ZUlxdk5UZldwNnlwcy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2EtNTlhNTg3YmRlYTNm
LzEvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYrEMA0G
CSqGSIb3DQEBCwUAA4IBAQANcCcIOAB0gpvp+artO9JyTTUpXtmLVdE6LvIeygUW
0AsHugcnYMrOHztmAbSzJrF/Qjsfv0Z/2CJ6rWRQvQrFv36uWVOQ0Vl3gjcT4O8m
6A6+tQiKqL5ei49o1ob8QUrhFlJUPPmd86DeJnuu6ZVtQzkQQ7hFTCyCe3IlhkH8
gSH+LdS/eaPM6NF/fsnmeFk8pntrNAoDoJ2a9SSoCx+4WnpQZ6XNm8tj54vSneHS
oBSw83SfW21x1ehTN3rFFrMhLeL6V3ZM8SIpUvlU8mExgAIz9NIPh5R5vg2Fi3LQ
ThommZ1qkkFbuuw4LfHf87ugYXkUW4JpxS+z47azHhaj
-----END CERTIFICATE-----
Generated at Sat Jun 14 10:41:43 2025 by rpki-client