Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/rVS_q255BcrOrhYmC8LBWEwXydc.roa
File: rVS_q255BcrOrhYmC8LBWEwXydc.roa (raw, json)
Hash identifier: 7LXFCSoRUmLtK+pTIL4wjW+ZVa8T9oManrpHAqINXfA=
Subject key identifier: AD:54:BF:AB:6E:79:05:CA:CE:AE:16:26:0B:C2:C1:58:4C:17:C9:D7
Certificate issuer: /CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
Certificate serial: 0196D30372ECFA61FE0C5FB0FE3D064F3BA2
Authority key identifier: D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/rVS_q255BcrOrhYmC8LBWEwXydc.roa
Signing time: Thu 15 May 2025 08:15:40 +0000
ROA not before: Thu 15 May 2025 08:15:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4913
IP address blocks: 93.190.185.0/24 maxlen: 24
93.190.186.0/24 maxlen: 24
93.190.187.0/24 maxlen: 24
93.190.188.0/24 maxlen: 24
93.190.189.0/24 maxlen: 24
93.190.190.0/24 maxlen: 24
109.71.185.0/24 maxlen: 24
109.71.186.0/24 maxlen: 24
109.71.187.0/24 maxlen: 24
109.71.188.0/24 maxlen: 24
109.71.189.0/24 maxlen: 24
109.71.190.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:d3:03:72:ec:fa:61:fe:0c:5f:b0:fe:3d:06:4f:3b:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
Validity
Not Before: May 15 08:15:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ad54bfab6e7905caceae16260bc2c1584c17c9d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:09:5f:e8:49:9a:f3:72:01:0b:0c:1b:e0:e5:
ee:46:77:bf:d5:3d:a1:c7:38:12:c7:59:ba:35:b3:
44:dc:7d:33:15:d0:63:3f:73:e4:44:73:57:5c:65:
c5:47:24:9d:4a:78:d7:30:9d:92:c6:6b:c7:ff:fe:
88:16:52:05:df:df:f8:ac:2c:c7:f7:15:d5:f9:ac:
ca:6c:a5:97:74:c5:b6:ab:56:f6:d6:b0:65:24:08:
03:c7:cb:c5:4d:fe:49:88:96:9d:53:74:a4:ce:dc:
98:3b:0a:6c:cf:cf:02:f8:cd:89:e7:77:f3:f0:a5:
34:7f:52:c4:10:75:97:ab:36:a1:13:e6:83:17:7e:
16:90:07:bf:6d:c8:b5:0d:fb:eb:6a:ff:8d:c2:c6:
11:dc:06:71:66:7b:fe:17:fd:48:24:47:3b:4b:dd:
dc:24:48:15:c8:57:62:23:09:c4:00:a7:51:07:38:
09:05:68:5e:ab:6d:49:61:0f:fe:8c:4d:67:a0:44:
40:fb:9e:c6:b9:ed:49:42:81:5d:b5:7e:de:9e:2b:
22:89:28:3c:ad:0c:50:d7:49:f9:c8:06:e4:8e:17:
62:f7:3a:7d:02:60:50:21:a2:fa:44:ae:19:ef:81:
e0:90:45:7c:86:67:b1:c9:79:a5:d2:ac:63:df:f8:
54:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:54:BF:AB:6E:79:05:CA:CE:AE:16:26:0B:C2:C1:58:4C:17:C9:D7
X509v3 Authority Key Identifier:
keyid:D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/rVS_q255BcrOrhYmC8LBWEwXydc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.190.185.0-93.190.190.255
109.71.185.0-109.71.190.255
Signature Algorithm: sha256WithRSAEncryption
3d:87:5a:76:61:b9:9c:ec:a1:ef:b1:fa:72:e6:46:21:45:b8:
d7:a8:c1:ee:57:22:03:47:a6:4b:aa:f9:4d:69:63:a7:21:8b:
a3:92:ee:57:06:89:66:29:94:b4:c8:73:8f:6a:05:b2:9c:a2:
6e:2e:1c:05:00:e0:81:ec:1a:ff:c8:82:7a:5b:82:8a:f0:cf:
99:1e:46:b6:6a:c4:25:82:6b:51:60:9d:a6:9f:fa:ab:bc:4c:
86:1c:2c:41:6d:6a:34:67:c1:6e:9f:ad:b5:00:a6:8a:ce:27:
d2:5d:40:cc:0d:66:e6:27:40:9c:4e:e9:0d:f4:76:82:df:2f:
18:b5:33:d9:43:0f:1e:d6:69:7b:f0:8c:bb:f6:3e:7e:5e:0a:
ab:47:bd:46:f1:c0:36:48:01:1b:4b:f8:84:51:22:0d:cb:37:
9a:b9:10:8d:ac:e0:f6:59:0b:a7:51:5a:57:6d:7f:d3:2d:2a:
75:67:4c:ee:e1:08:42:6d:3e:e7:e1:c5:7d:8f:da:d2:38:aa:
96:6d:bf:fb:38:65:db:f8:c9:b1:ae:3a:0d:85:76:4f:93:ed:
2c:a0:2e:a7:f9:93:64:97:0a:62:6f:a2:fe:1b:76:ed:75:6f:
d7:03:32:4f:56:83:9a:5f:7a:c8:be:05:db:b3:b2:94:9b:e6:
55:d9:b6:68
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZbTA3Ls+mH+DF+w/j0GTzuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZjFmYmRiY2UyMTQ1YTBkYjY5MDA2MDlmN2M1NDczMmRm
YjBjZDgwHhcNMjUwNTE1MDgxNTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDU0YmZhYjZlNzkwNWNhY2VhZTE2MjYwYmMyYzE1ODRjMTdjOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqglf6Ema83IBCwwb4OXuRne/1T2h
xzgSx1m6NbNE3H0zFdBjP3PkRHNXXGXFRySdSnjXMJ2SxmvH//6IFlIF39/4rCzH
9xXV+azKbKWXdMW2q1b21rBlJAgDx8vFTf5JiJadU3SkztyYOwpsz88C+M2J53fz
8KU0f1LEEHWXqzahE+aDF34WkAe/bci1Dfvrav+NwsYR3AZxZnv+F/1IJEc7S93c
JEgVyFdiIwnEAKdRBzgJBWheq21JYQ/+jE1noERA+57Gue1JQoFdtX7enisiiSg8
rQxQ10n5yAbkjhdi9zp9AmBQIaL6RK4Z74HgkEV8hmexyXml0qxj3/hUcwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFK1Uv6tueQXKzq4WJgvCwVhMF8nXMB8GA1UdIwQY
MBaAFNjx+9vOIUWg22kAYJ98VHMt+wzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQt
NDdmMDQzZmJhMTNiLzEvclZTX3EyNTVCY3JPcmhZbUM4TEJXRXdYeWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQtNDdmMDQzZmJhMTNi
LzEvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBABdvrkD
BABdvr4wDAMEAG1HuQMEAG1HvjANBgkqhkiG9w0BAQsFAAOCAQEAPYdadmG5nOyh
77H6cuZGIUW416jB7lciA0emS6r5TWljpyGLo5LuVwaJZimUtMhzj2oFspyibi4c
BQDggewa/8iCeluCivDPmR5GtmrEJYJrUWCdpp/6q7xMhhwsQW1qNGfBbp+ttQCm
is4n0l1AzA1m5idAnE7pDfR2gt8vGLUz2UMPHtZpe/CMu/Y+fl4Kq0e9RvHANkgB
G0v4hFEiDcs3mrkQjazg9lkLp1FaV21/0y0qdWdM7uEIQm0+5+HFfY/a0jiqlm2/
+zhl2/jJsa46DYV2T5PtLKAup/mTZJcKYm+i/ht27XVv1wMyT1aDml96yL4F27Oy
lJvmVdm2aA==
-----END CERTIFICATE-----
Generated at Sat Jun 7 14:34:40 2025 by rpki-client