Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/r-tgeYbBGTF9j2-SqI0-7HmhOBY.roa
File: r-tgeYbBGTF9j2-SqI0-7HmhOBY.roa (raw, json)
Hash identifier: 89ngtNiabiWBS1N+9gTG7us9CZCE6pug9oXu3lGeTNs=
Subject key identifier: AF:EB:60:79:86:C1:19:31:7D:8F:6F:92:A8:8D:3E:EC:79:A1:38:16
Certificate issuer: /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial: 0196F7FC62AAC4FAA1386287ED0FD8FAB332
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/r-tgeYbBGTF9j2-SqI0-7HmhOBY.roa
Signing time: Thu 22 May 2025 12:33:54 +0000
ROA not before: Thu 22 May 2025 12:33:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8391
IP address blocks: 195.138.32.0/20 maxlen: 24
195.138.54.0/24 maxlen: 24
195.253.0.0/16 maxlen: 24
195.253.6.0/24 maxlen: 24
195.253.96.0/19 maxlen: 24
2a01:5b0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:f7:fc:62:aa:c4:fa:a1:38:62:87:ed:0f:d8:fa:b3:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Validity
Not Before: May 22 12:33:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afeb607986c119317d8f6f92a88d3eec79a13816
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:67:a8:4b:00:06:22:38:30:db:1b:5a:d4:ac:
0b:0b:80:28:94:c7:bc:9d:92:ef:1e:a3:d3:3e:02:
42:5e:62:46:c8:05:f7:7c:f7:5d:1c:72:c9:eb:75:
13:33:f2:2e:46:d2:33:d3:92:ad:64:95:5d:b2:7c:
ff:ba:26:2a:95:52:48:67:a9:86:44:e8:99:d3:4d:
46:82:0b:aa:3c:4a:a2:ff:55:e3:4a:1b:16:e2:23:
96:2e:f1:0f:10:f2:bb:b7:7c:c2:b3:71:65:7a:77:
58:10:42:5b:98:0f:6e:61:0f:76:c7:02:05:05:4c:
88:c8:46:6b:a9:33:4d:b3:3a:7b:8f:2d:bd:79:96:
fe:90:5b:39:cd:63:7e:08:a9:6b:aa:b6:6d:95:1e:
50:79:43:6b:b6:e5:5e:41:41:4d:31:1d:fc:35:19:
96:ef:b4:70:05:ac:b6:89:ed:79:53:fc:f8:dd:b8:
88:3e:78:ae:15:54:e3:9b:5d:5f:75:1e:a0:e1:41:
5d:95:59:5a:ed:f1:eb:0c:27:af:c2:cc:d5:3a:ee:
17:38:d2:50:de:c6:08:1b:14:e5:48:9f:10:ed:b2:
bd:72:f1:26:15:51:63:af:3c:60:26:ab:f0:25:b2:
01:2f:36:97:dd:1a:11:f1:17:cd:42:2e:d6:8f:48:
d4:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:EB:60:79:86:C1:19:31:7D:8F:6F:92:A8:8D:3E:EC:79:A1:38:16
X509v3 Authority Key Identifier:
keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/r-tgeYbBGTF9j2-SqI0-7HmhOBY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.138.32.0/20
195.138.54.0/24
195.253.0.0/16
IPv6:
2a01:5b0::/32
Signature Algorithm: sha256WithRSAEncryption
28:cd:28:77:4f:5b:44:be:6d:27:65:5b:0b:c1:ec:71:12:29:
ed:31:a6:bc:68:0f:29:74:19:df:34:1d:b5:0b:c2:72:32:a4:
63:1e:e7:8e:51:6d:2f:78:c3:45:f2:75:95:09:f0:50:13:e8:
70:3f:93:4d:77:b9:9c:ca:2b:ea:72:1a:3a:19:eb:ce:36:07:
66:24:12:7b:b7:32:5d:a1:c2:45:82:7d:59:24:72:6a:41:9a:
0e:27:f5:6e:19:b0:66:b9:b4:f5:08:ad:2d:7a:ec:33:81:db:
b2:c1:34:71:b6:46:9d:2c:da:30:af:99:e8:66:e8:7c:70:ca:
9d:71:9f:a5:63:0c:bd:fa:e6:ca:73:26:c9:f2:b6:93:8f:fa:
3d:d7:83:fb:dd:1c:f1:4c:5a:2d:13:0c:4e:73:ad:db:e8:c8:
c1:1f:fc:0c:1c:9c:8a:96:9b:a6:ee:06:0b:f2:02:bc:cb:00:
14:c6:07:73:07:eb:5a:e1:f0:1c:51:74:89:5e:6f:d0:e4:94:
8c:ff:94:dc:ec:ab:76:d8:d3:16:ef:7c:88:40:0f:a3:01:6d:
19:bc:09:9a:a5:67:04:c9:98:1c:56:76:be:ae:0d:a2:e9:a8:
fc:1b:a2:b8:05:95:d6:e5:24:0d:6d:94:98:04:4b:88:35:4e:
67:d0:be:40
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZb3/GKqxPqhOGKH7Q/Y+rMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjUwNTIyMTIzMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmViNjA3OTg2YzExOTMxN2Q4ZjZmOTJhODhkM2VlYzc5YTEzODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WeoSwAGIjgw2xta1KwLC4AolMe8
nZLvHqPTPgJCXmJGyAX3fPddHHLJ63UTM/IuRtIz05KtZJVdsnz/uiYqlVJIZ6mG
ROiZ001GgguqPEqi/1XjShsW4iOWLvEPEPK7t3zCs3FlendYEEJbmA9uYQ92xwIF
BUyIyEZrqTNNszp7jy29eZb+kFs5zWN+CKlrqrZtlR5QeUNrtuVeQUFNMR38NRmW
77RwBay2ie15U/z43biIPniuFVTjm11fdR6g4UFdlVla7fHrDCevwszVOu4XONJQ
3sYIGxTlSJ8Q7bK9cvEmFVFjrzxgJqvwJbIBLzaX3RoR8RfNQi7Wj0jUowIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFK/rYHmGwRkxfY9vkqiNPux5oTgWMB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvci10Z2VZYkJHVEY5ajItU3FJMC03SG1oT0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQEw4ogAwQA
w4o2AwMAw/0wDQQCAAIwBwMFACoBBbAwDQYJKoZIhvcNAQELBQADggEBACjNKHdP
W0S+bSdlWwvB7HESKe0xprxoDyl0Gd80HbULwnIypGMe545RbS94w0XydZUJ8FAT
6HA/k013uZzKK+pyGjoZ6842B2YkEnu3Ml2hwkWCfVkkcmpBmg4n9W4ZsGa5tPUI
rS167DOB27LBNHG2Rp0s2jCvmehm6Hxwyp1xn6VjDL365spzJsnytpOP+j3Xg/vd
HPFMWi0TDE5zrdvoyMEf/AwcnIqWm6buBgvyArzLABTGB3MH61rh8BxRdIleb9Dk
lIz/lNzsq3bY0xbvfIhAD6MBbRm8CZqlZwTJmBxWdr6uDaLpqPwborgFldblJA1t
lJgES4g1TmfQvkA=
-----END CERTIFICATE-----
Generated at Sun Jun 8 22:55:21 2025 by rpki-client