Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/l58G1CIKowCaDQ9USczvYKeivH8.roa
File: l58G1CIKowCaDQ9USczvYKeivH8.roa (raw, json)
Hash identifier: G+pJ15JBAfjS5ULrqdRW6yeE52p6U0iB9QYb9qCkpaw=
Subject key identifier: 97:9F:06:D4:22:0A:A3:00:9A:0D:0F:54:49:CC:EF:60:A7:A2:BC:7F
Certificate issuer: /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial: 01961ADCFC0668298140DDE857D060597746
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/l58G1CIKowCaDQ9USczvYKeivH8.roa
Signing time: Wed 09 Apr 2025 14:03:32 +0000
ROA not before: Wed 09 Apr 2025 14:03:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8391
IP address blocks: 185.119.138.0/23 maxlen: 24
194.77.54.0/23 maxlen: 23
195.138.32.0/19 maxlen: 24
195.138.32.0/20 maxlen: 24
195.138.54.0/24 maxlen: 24
195.138.56.0/21 maxlen: 24
195.253.0.0/16 maxlen: 24
195.253.6.0/24 maxlen: 24
195.253.96.0/19 maxlen: 24
2a01:5b0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:1a:dc:fc:06:68:29:81:40:dd:e8:57:d0:60:59:77:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Validity
Not Before: Apr 9 14:03:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=979f06d4220aa3009a0d0f5449ccef60a7a2bc7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d5:56:00:6e:0d:fe:4c:d5:b5:6d:48:86:ee:
16:be:83:f1:79:d8:ea:c6:cc:fa:d1:5a:94:17:e4:
b5:ae:d7:98:aa:82:2c:87:47:5e:98:55:06:b0:8e:
62:a3:17:ea:94:49:a3:81:7a:98:21:63:8a:08:13:
e0:09:8d:fd:da:17:ae:41:72:24:50:4d:5a:6d:8d:
b1:54:bd:72:14:bb:c4:40:96:b7:2f:36:33:7b:48:
14:c6:65:60:e2:f5:90:86:e1:4b:22:ab:70:e8:fc:
3b:8e:7c:59:66:ae:dd:58:91:90:f5:d1:74:58:4e:
d2:e0:38:72:f4:cb:6b:70:0c:eb:0b:6e:0a:fd:ae:
5d:b3:f3:18:86:8d:3c:03:e0:5e:61:99:20:82:f2:
44:72:ab:69:be:f3:6a:ea:39:c4:7c:79:f5:69:c5:
ba:5c:ab:fa:9f:0c:dd:b9:1f:9a:85:d9:0c:94:d2:
d5:aa:a6:0a:c9:05:f6:60:f5:ab:2d:00:85:05:e3:
55:01:da:d4:e8:36:77:69:4c:6b:3f:1c:b3:b5:c7:
29:02:03:eb:5b:80:04:41:79:71:b2:8e:f0:7c:2d:
ee:18:7a:ea:63:fa:8f:7c:b4:2e:20:f5:9e:ff:2f:
c8:4b:a2:68:91:03:87:6d:ec:06:b9:5a:1e:ad:7b:
d9:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:9F:06:D4:22:0A:A3:00:9A:0D:0F:54:49:CC:EF:60:A7:A2:BC:7F
X509v3 Authority Key Identifier:
keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/l58G1CIKowCaDQ9USczvYKeivH8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.119.138.0/23
194.77.54.0/23
195.138.32.0/19
195.253.0.0/16
IPv6:
2a01:5b0::/32
Signature Algorithm: sha256WithRSAEncryption
26:e8:d2:f6:ba:60:62:7a:d2:f6:01:60:1f:5b:88:b5:f9:e8:
34:c9:c6:29:78:9b:82:d4:3e:c5:b3:48:f3:71:f3:34:ba:fd:
4f:db:18:89:f1:40:fd:c4:da:d2:cc:e5:5b:28:2b:11:53:06:
96:90:6a:12:76:5c:a7:aa:12:f6:b3:f7:31:c3:4e:54:9c:49:
a0:bc:f5:15:21:b1:87:da:cb:1e:9e:7c:42:d4:b7:7c:5e:95:
a2:86:9c:4e:67:02:e0:ef:98:1a:3a:bf:b9:d6:15:85:b1:b9:
cc:1c:53:66:c9:5e:7a:d1:0f:6e:82:62:67:1c:49:e7:86:f1:
95:ce:9b:09:a5:8a:d5:55:68:05:71:88:6c:3d:32:09:60:6d:
b2:8f:17:fb:9a:d9:6c:a9:99:38:f7:81:eb:92:c8:20:ee:ad:
53:7b:1c:4c:46:f9:b0:e3:d9:f0:90:a5:15:6d:25:fe:c4:9e:
63:bb:b9:52:36:73:9a:e6:1d:fa:1f:8a:fc:49:9c:41:bb:a1:
fa:f7:38:b0:85:52:b1:8f:70:df:37:09:2f:4a:c7:eb:fa:c0:
38:54:b7:b5:a0:0b:8f:f5:f4:d0:90:27:8e:78:04:2b:a2:cd:
97:0e:db:e6:19:05:37:dc:5c:d3:2d:cb:47:f2:5e:5e:69:21:
1d:4d:4b:42
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZYa3PwGaCmBQN3oV9BgWXdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjUwNDA5MTQwMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzlmMDZkNDIyMGFhMzAwOWEwZDBmNTQ0OWNjZWY2MGE3YTJiYzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9VWAG4N/kzVtW1Ihu4WvoPxedjq
xsz60VqUF+S1rteYqoIsh0demFUGsI5ioxfqlEmjgXqYIWOKCBPgCY392heuQXIk
UE1abY2xVL1yFLvEQJa3LzYze0gUxmVg4vWQhuFLIqtw6Pw7jnxZZq7dWJGQ9dF0
WE7S4Dhy9MtrcAzrC24K/a5ds/MYho08A+BeYZkggvJEcqtpvvNq6jnEfHn1acW6
XKv6nwzduR+ahdkMlNLVqqYKyQX2YPWrLQCFBeNVAdrU6DZ3aUxrPxyztccpAgPr
W4AEQXlxso7wfC3uGHrqY/qPfLQuIPWe/y/IS6JokQOHbewGuVoerXvZEwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFJefBtQiCqMAmg0PVEnM72Cnorx/MB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvbDU4RzFDSUtvd0NhRFE5VVNjenZZS2Vpdkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwQBuXeKAwQB
wk02AwQFw4ogAwMAw/0wDQQCAAIwBwMFACoBBbAwDQYJKoZIhvcNAQELBQADggEB
ACbo0va6YGJ60vYBYB9biLX56DTJxil4m4LUPsWzSPNx8zS6/U/bGInxQP3E2tLM
5VsoKxFTBpaQahJ2XKeqEvaz9zHDTlScSaC89RUhsYfayx6efELUt3xelaKGnE5n
AuDvmBo6v7nWFYWxucwcU2bJXnrRD26CYmccSeeG8ZXOmwmlitVVaAVxiGw9Mglg
bbKPF/ua2WypmTj3geuSyCDurVN7HExG+bDj2fCQpRVtJf7EnmO7uVI2c5rmHfof
ivxJnEG7ofr3OLCFUrGPcN83CS9Kx+v6wDhUt7WgC4/19NCQJ454BCuizZcO2+YZ
BTfcXNMty0fyXl5pIR1NS0I=
-----END CERTIFICATE-----
Generated at Sat Jun 14 13:21:43 2025 by rpki-client