Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/v6Kmb_k42mPsHoqVgROH1_l4P_Q.roa
File: v6Kmb_k42mPsHoqVgROH1_l4P_Q.roa (raw, json)
Hash identifier: g8GH/BYlQUHtynLB7vImHRVgNYtXNVBxSLI0UNuU8XQ=
Subject key identifier: BF:A2:A6:6F:F9:38:DA:63:EC:1E:8A:95:81:13:87:D7:F9:78:3F:F4
Certificate issuer: /CN=53fb5242f98cff9dea9baa8c8ae466a42b537c5c
Certificate serial: 05D6BD16
Authority key identifier: 53:FB:52:42:F9:8C:FF:9D:EA:9B:AA:8C:8A:E4:66:A4:2B:53:7C:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U_tSQvmM_53qm6qMiuRmpCtTfFw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/v6Kmb_k42mPsHoqVgROH1_l4P_Q.roa
Signing time: Sat 01 Jan 2022 15:57:03 +0000
ROA not before: Sat 01 Jan 2022 15:57:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 6939
IP address blocks: 195.153.124.0/24 maxlen: 24
195.153.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 97959190 (0x5d6bd16)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53fb5242f98cff9dea9baa8c8ae466a42b537c5c
Validity
Not Before: Jan 1 15:57:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bfa2a66ff938da63ec1e8a95811387d7f9783ff4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:90:a8:5e:94:64:e1:ac:46:03:a9:b5:11:c7:
b1:9d:64:5c:f3:7e:f7:4d:47:a2:0c:4f:8e:9c:80:
a8:5d:cd:cc:ba:53:62:06:55:8e:70:03:9f:cd:13:
79:4f:19:52:f3:84:8d:b3:d3:6b:d8:36:69:90:be:
e8:8a:5c:e5:56:5e:26:96:ed:97:17:a5:33:47:00:
8c:a4:77:6f:06:eb:03:b2:be:18:f8:7c:bb:20:07:
a9:85:d8:47:c9:49:36:f5:c1:0b:41:2f:a8:5e:1c:
f1:0c:a9:ea:ae:f6:53:b7:28:e0:93:a1:f3:61:ae:
93:c5:99:d1:b4:c7:6f:5b:51:31:85:3c:b1:78:91:
c9:de:d3:c6:22:88:30:a6:e6:bf:63:3e:37:39:3f:
49:a6:3c:0d:ce:b9:1e:d7:d6:66:df:24:da:d4:ca:
b8:cf:a3:c8:a7:f8:93:8a:c1:a8:c3:a0:df:d5:2b:
6e:01:f2:19:b3:65:4a:f1:74:dd:ae:21:2c:ff:87:
bf:c9:1f:9d:d9:43:51:c7:6b:52:9d:71:f5:88:e3:
18:e2:78:46:9c:12:97:a3:11:1c:6f:e7:a7:00:eb:
cf:df:3e:5a:87:95:90:f6:57:a4:7d:15:c2:eb:9c:
51:fe:97:57:2f:08:17:77:75:31:b6:c8:10:b3:e2:
db:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:A2:A6:6F:F9:38:DA:63:EC:1E:8A:95:81:13:87:D7:F9:78:3F:F4
X509v3 Authority Key Identifier:
keyid:53:FB:52:42:F9:8C:FF:9D:EA:9B:AA:8C:8A:E4:66:A4:2B:53:7C:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_tSQvmM_53qm6qMiuRmpCtTfFw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/v6Kmb_k42mPsHoqVgROH1_l4P_Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/U_tSQvmM_53qm6qMiuRmpCtTfFw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.153.19.0/24
195.153.124.0/24
Signature Algorithm: sha256WithRSAEncryption
ba:07:c6:60:ff:c5:53:87:77:e2:c3:5d:9d:ca:09:c9:97:ca:
0a:b4:ff:68:b3:3e:28:74:48:80:64:09:20:94:f2:90:87:bf:
8e:82:b7:96:39:7e:9b:e0:51:9c:af:7c:b2:f3:ac:83:6f:e0:
a3:83:32:a5:b3:5c:f6:d0:93:35:c2:65:80:63:6f:45:d3:bf:
16:13:dd:e3:32:ee:70:df:48:2e:50:c8:5d:5b:48:0a:42:a1:
30:68:a6:e8:b9:c3:45:74:bc:fb:08:34:71:e4:17:8b:41:0a:
9e:bf:c3:bd:45:5d:9e:9b:18:7c:b2:cb:af:b2:fb:53:71:3c:
e8:0f:0e:0e:0e:83:ce:25:45:a8:6d:13:66:65:37:e0:52:2f:
62:3c:7d:62:06:f3:f9:26:f7:0f:ea:34:da:dd:ac:0c:ff:77:
e8:75:6a:8a:84:9c:6c:be:ae:69:4a:21:3d:fd:71:92:84:5c:
54:60:32:54:5c:00:fa:52:ef:82:2f:35:db:4b:5e:ce:5c:ae:
cf:a0:e7:0d:35:28:e4:ff:95:dc:35:95:b6:ec:97:19:03:e6:
32:75:49:4b:89:54:d1:ba:65:1a:2a:53:bc:6a:65:cc:92:e2:
64:2f:39:a8:ee:54:2e:e1:b2:a5:5e:e4:b4:61:ab:15:97:9a:
e5:d7:26:09
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBda9FjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
M2ZiNTI0MmY5OGNmZjlkZWE5YmFhOGM4YWU0NjZhNDJiNTM3YzVjMB4XDTIyMDEw
MTE1NTcwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmZhMmE2NmZmOTM4
ZGE2M2VjMWU4YTk1ODExMzg3ZDdmOTc4M2ZmNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANiQqF6UZOGsRgOptRHHsZ1kXPN+901HogxPjpyAqF3NzLpT
YgZVjnADn80TeU8ZUvOEjbPTa9g2aZC+6Ipc5VZeJpbtlxelM0cAjKR3bwbrA7K+
GPh8uyAHqYXYR8lJNvXBC0EvqF4c8Qyp6q72U7co4JOh82Guk8WZ0bTHb1tRMYU8
sXiRyd7TxiKIMKbmv2M+Nzk/SaY8Dc65HtfWZt8k2tTKuM+jyKf4k4rBqMOg39Ur
bgHyGbNlSvF03a4hLP+Hv8kfndlDUcdrUp1x9YjjGOJ4RpwSl6MRHG/npwDrz98+
WoeVkPZXpH0VwuucUf6XVy8IF3d1MbbIELPi20UCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBS/oqZv+TjaY+weipWBE4fX+Xg/9DAfBgNVHSMEGDAWgBRT+1JC+Yz/neqb
qoyK5GakK1N8XDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1VfdFNRdm1NXzUzcW02cU1pdVJtcEN0VGZGdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODIvZTRkN2M2LWEyOTktNGI4OC04MjQ3LTljNDAzMjk2M2UxNy8x
L3Y2S21iX2s0Mm1Qc0hvcVZnUk9IMV9sNFBfUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIv
ZTRkN2M2LWEyOTktNGI4OC04MjQ3LTljNDAzMjk2M2UxNy8xL1VfdFNRdm1NXzUz
cW02cU1pdVJtcEN0VGZGdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAMOZEwMEAMOZfDANBgkqhkiG9w0B
AQsFAAOCAQEAugfGYP/FU4d34sNdncoJyZfKCrT/aLM+KHRIgGQJIJTykIe/joK3
ljl+m+BRnK98svOsg2/go4MypbNc9tCTNcJlgGNvRdO/FhPd4zLucN9ILlDIXVtI
CkKhMGim6LnDRXS8+wg0ceQXi0EKnr/DvUVdnpsYfLLLr7L7U3E86A8ODg6DziVF
qG0TZmU34FIvYjx9Ygbz+Sb3D+o02t2sDP936HVqioScbL6uaUohPf1xkoRcVGAy
VFwA+lLvgi8120tezlyuz6DnDTUo5P+V3DWVtuyXGQPmMnVJS4lU0bplGipTvGpl
zJLiZC85qO5ULuGypV7ktGGrFZea5dcmCQ==
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:56:24 2025 by rpki-client