Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/p5BXd3KQeLSjVTuCTc-oTZKDpFo.roa
File: p5BXd3KQeLSjVTuCTc-oTZKDpFo.roa (raw, json)
Hash identifier: WnYhS2nR45WW9s7AWm2ocz4rr7xCLpqMIohWBGeLwBM=
Subject key identifier: A7:90:57:77:72:90:78:B4:A3:55:3B:82:4D:CF:A8:4D:92:83:A4:5A
Certificate issuer: /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial: 0196F7D50501B12A062F67FDBEB2F23E61C7
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/p5BXd3KQeLSjVTuCTc-oTZKDpFo.roa
Signing time: Thu 22 May 2025 11:50:54 +0000
ROA not before: Thu 22 May 2025 11:50:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8391
IP address blocks: 194.77.54.0/23 maxlen: 23
195.138.32.0/20 maxlen: 24
195.138.54.0/24 maxlen: 24
195.253.0.0/16 maxlen: 24
195.253.6.0/24 maxlen: 24
195.253.96.0/19 maxlen: 24
2a01:5b0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:f7:d5:05:01:b1:2a:06:2f:67:fd:be:b2:f2:3e:61:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Validity
Not Before: May 22 11:50:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a7905777729078b4a3553b824dcfa84d9283a45a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:b5:a1:15:f8:2d:55:41:05:35:8d:31:84:9b:
07:c0:08:14:63:d5:94:5a:cf:ad:33:60:77:f8:0f:
ef:b7:b6:86:a7:ad:28:e7:83:86:c5:d5:85:a6:86:
0c:4b:93:97:18:fa:25:26:ab:5f:96:c1:81:39:ef:
3a:29:e9:df:85:66:2b:2c:f6:7b:74:82:56:2f:e2:
f6:c8:59:be:e3:bc:fa:69:21:2d:a3:0b:87:35:fd:
f7:ac:9e:3e:4d:41:7a:be:d4:2f:af:1c:cf:f9:ec:
dc:24:0a:c3:19:13:90:fa:37:55:32:f1:5c:f1:ab:
29:6f:c5:34:b7:1e:f8:f4:6e:39:9f:01:ce:b5:49:
fc:73:c0:e7:b8:fe:da:86:82:16:5b:8b:60:fc:d1:
78:68:ed:ec:2c:c1:c3:31:32:b0:70:a4:25:cb:a9:
0f:bd:e9:b5:6e:08:e8:9d:0f:79:39:17:42:f5:94:
87:08:87:a4:cf:49:21:b5:85:7b:43:4e:ba:3d:bc:
97:2b:a7:24:84:a1:00:11:2a:73:2a:34:d4:b1:da:
6e:97:05:ad:77:9f:7f:1a:8f:75:28:7b:53:81:2b:
c3:4b:c4:8d:aa:e0:cf:0c:7a:7c:7c:9f:37:b6:6b:
32:8c:c1:db:5f:1d:2b:8a:b5:c6:eb:c9:e4:5f:56:
0c:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:90:57:77:72:90:78:B4:A3:55:3B:82:4D:CF:A8:4D:92:83:A4:5A
X509v3 Authority Key Identifier:
keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/p5BXd3KQeLSjVTuCTc-oTZKDpFo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.77.54.0/23
195.138.32.0/20
195.138.54.0/24
195.253.0.0/16
IPv6:
2a01:5b0::/32
Signature Algorithm: sha256WithRSAEncryption
03:8a:94:3c:41:30:09:28:71:ba:17:4d:43:14:ea:ae:81:6c:
fd:2f:4f:5b:52:88:b2:eb:16:13:da:fd:e1:a9:62:fc:d9:6d:
c3:88:cf:5d:73:57:ce:5c:1e:ed:1b:11:87:bd:91:d9:e6:4f:
96:9e:72:99:e7:96:ef:c2:f3:4b:f1:62:dc:3f:8c:dd:d4:d3:
11:15:d6:e6:86:b1:05:7b:19:64:35:98:b0:0a:20:3a:9b:64:
f6:cf:a1:34:4f:7d:67:5c:9f:1f:18:a5:46:ce:8b:95:f5:a7:
fb:60:68:9f:c6:ca:4c:11:6e:3b:0b:28:01:d1:4e:71:0e:05:
4d:75:b9:02:9d:19:4b:71:7b:97:cb:c7:b0:3e:3b:a0:c0:b3:
54:b4:c8:ff:9b:d2:30:4f:2d:a1:a0:59:36:88:0d:2d:a5:53:
b9:91:f0:f3:f5:45:c9:fd:94:8a:34:c9:eb:f4:6f:6f:39:c3:
66:df:20:ea:2f:17:6f:6c:ee:34:cb:1f:f0:39:31:55:62:bf:
1e:11:af:53:6c:c7:6d:c2:d1:03:ba:4b:d5:a9:bf:1f:77:cc:
a6:d8:14:d0:73:25:db:4e:f8:bd:5e:79:d0:fa:c6:4d:8f:c0:
29:2c:87:1c:83:f0:7e:24:52:82:5b:99:d8:9d:5e:6c:3d:d7:
cc:25:74:03
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZb31QUBsSoGL2f9vrLyPmHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjUwNTIyMTE1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzkwNTc3NzcyOTA3OGI0YTM1NTNiODI0ZGNmYTg0ZDkyODNhNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLWhFfgtVUEFNY0xhJsHwAgUY9WU
Ws+tM2B3+A/vt7aGp60o54OGxdWFpoYMS5OXGPolJqtflsGBOe86KenfhWYrLPZ7
dIJWL+L2yFm+47z6aSEtowuHNf33rJ4+TUF6vtQvrxzP+ezcJArDGROQ+jdVMvFc
8aspb8U0tx749G45nwHOtUn8c8DnuP7ahoIWW4tg/NF4aO3sLMHDMTKwcKQly6kP
vem1bgjonQ95ORdC9ZSHCIekz0khtYV7Q066PbyXK6ckhKEAESpzKjTUsdpulwWt
d59/Go91KHtTgSvDS8SNquDPDHp8fJ83tmsyjMHbXx0rirXG68nkX1YMbQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKeQV3dykHi0o1U7gk3PqE2Sg6RaMB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvcDVCWGQzS1FlTFNqVlR1Q1RjLW9UWktEcEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwQBwk02AwQE
w4ogAwQAw4o2AwMAw/0wDQQCAAIwBwMFACoBBbAwDQYJKoZIhvcNAQELBQADggEB
AAOKlDxBMAkocboXTUMU6q6BbP0vT1tSiLLrFhPa/eGpYvzZbcOIz11zV85cHu0b
EYe9kdnmT5aecpnnlu/C80vxYtw/jN3U0xEV1uaGsQV7GWQ1mLAKIDqbZPbPoTRP
fWdcnx8YpUbOi5X1p/tgaJ/GykwRbjsLKAHRTnEOBU11uQKdGUtxe5fLx7A+O6DA
s1S0yP+b0jBPLaGgWTaIDS2lU7mR8PP1Rcn9lIo0yev0b285w2bfIOovF29s7jTL
H/A5MVVivx4Rr1Nsx23C0QO6S9Wpvx93zKbYFNBzJdtO+L1eedD6xk2PwCkshxyD
8H4kUoJbmdidXmw918wldAM=
-----END CERTIFICATE-----
Generated at Sat Jun 14 11:28:38 2025 by rpki-client