Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/LpiS0GcI1SWTeEI6t25TgxWTy50.roa
File: LpiS0GcI1SWTeEI6t25TgxWTy50.roa (raw, json)
Hash identifier: Yjis12TUEuWs1zikDRIL0fW6J3z54ct6k479n8xF0c8=
Subject key identifier: 2E:98:92:D0:67:08:D5:25:93:78:42:3A:B7:6E:53:83:15:93:CB:9D
Certificate issuer: /CN=1f046cde8512802b14933b34a22f7765e295d2ab
Certificate serial: 019E83B52675AB3CB9A10B588FFDBA5C4A85
Authority key identifier: 1F:04:6C:DE:85:12:80:2B:14:93:3B:34:A2:2F:77:65:E2:95:D2:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HwRs3oUSgCsUkzs0oi93ZeKV0qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/LpiS0GcI1SWTeEI6t25TgxWTy50.roa
Signing time: Mon 01 Jun 2026 15:02:27 +0000
ROA not before: Mon 01 Jun 2026 15:02:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198471
IP address blocks: 5.133.54.0/23 maxlen: 24
5.133.55.0/24 maxlen: 24
5.133.56.0/22 maxlen: 22
5.133.56.0/23 maxlen: 23
5.133.56.0/24 maxlen: 24
5.133.57.0/24 maxlen: 24
5.133.58.0/23 maxlen: 23
5.133.58.0/24 maxlen: 24
5.133.59.0/24 maxlen: 24
5.133.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:83:b5:26:75:ab:3c:b9:a1:0b:58:8f:fd:ba:5c:4a:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f046cde8512802b14933b34a22f7765e295d2ab
Validity
Not Before: Jun 1 15:02:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2e9892d06708d5259378423ab76e53831593cb9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:71:82:f9:9f:07:63:d6:9e:2f:f2:ce:7a:3c:
e0:62:26:d4:2a:43:76:44:5d:b4:40:a2:cb:87:95:
eb:69:c4:f8:06:81:52:06:6e:1d:fa:79:37:50:7b:
39:51:75:9b:c8:7a:71:db:e1:e6:30:57:06:22:02:
57:97:5e:13:94:b0:94:e5:d5:b8:5d:ad:8b:88:c1:
8a:bd:8e:3f:f0:19:7d:1b:87:77:98:80:7a:62:7e:
5c:77:b2:0b:53:1c:62:d7:0b:da:cf:15:71:62:0e:
7a:8d:3e:b1:ae:82:60:f9:a6:3b:13:49:5b:19:bc:
7f:3e:3d:d3:0f:51:a9:b6:af:bc:3c:b5:86:e9:24:
ec:32:2d:91:e7:68:26:f3:b4:65:f5:96:a2:8d:38:
91:63:67:89:e5:bc:5b:50:8b:72:4a:bb:71:35:ff:
65:e7:60:7c:37:27:ee:b8:4c:20:7e:d6:da:ca:51:
cd:f5:f9:26:4e:4c:52:85:29:d3:03:9f:f6:f2:a8:
05:12:92:a8:15:18:92:b3:4e:9e:e1:4e:4e:50:f2:
ff:18:d6:82:08:4d:85:e0:1c:78:e5:e5:5a:aa:70:
1c:f8:b6:e3:ef:13:44:13:49:78:28:4b:6a:6a:ed:
a3:86:3a:0b:8e:dc:93:e1:e8:11:e5:62:b0:8e:b5:
2b:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:98:92:D0:67:08:D5:25:93:78:42:3A:B7:6E:53:83:15:93:CB:9D
X509v3 Authority Key Identifier:
keyid:1F:04:6C:DE:85:12:80:2B:14:93:3B:34:A2:2F:77:65:E2:95:D2:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HwRs3oUSgCsUkzs0oi93ZeKV0qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/LpiS0GcI1SWTeEI6t25TgxWTy50.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/80e740-2c8c-45a6-938c-219b9f6f9087/1/HwRs3oUSgCsUkzs0oi93ZeKV0qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.54.0-5.133.60.255
Signature Algorithm: sha256WithRSAEncryption
5e:89:6e:cb:c6:31:f4:8b:68:df:85:c7:96:fa:de:81:07:b5:
a8:41:b3:55:98:e9:58:9d:92:c9:58:c6:66:e5:11:9d:0f:d2:
42:ed:41:58:3c:6b:fd:61:0e:98:c7:69:15:de:c5:e1:bb:2a:
cb:e3:40:cb:80:cb:38:1a:97:6b:23:79:a5:ea:d5:df:60:ce:
ca:96:03:7d:d7:3a:3a:03:0e:04:0f:58:7d:f1:6b:b6:29:34:
a2:44:6f:64:50:ed:7d:42:9c:e3:39:f9:08:8c:61:73:6f:1d:
65:c8:05:5d:7a:33:bb:5e:78:13:0f:ef:88:91:8a:94:9d:df:
73:57:e2:2b:0e:89:62:e0:9e:e8:52:c9:c3:b8:11:28:ee:ac:
4f:5c:a6:f6:a0:11:fe:12:fd:d2:c0:7e:3e:77:5e:bc:62:67:
73:f1:31:c5:3a:d9:d7:4d:50:90:76:56:87:d2:a7:29:59:d3:
65:16:58:de:5a:f9:7f:71:f0:5b:27:fd:2b:aa:bd:d3:1d:17:
10:70:47:de:81:6c:4c:b4:c5:c0:7b:ff:21:fe:1a:bf:dd:52:
6b:1e:ad:b8:24:21:a8:9b:41:9b:a7:56:b5:d4:fd:7c:45:a2:
8e:04:61:51:0f:02:f7:92:0b:05:af:72:ff:94:dc:cf:a3:b5:
5b:46:5b:f4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6DtSZ1qzy5oQtYj/26XEqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMDQ2Y2RlODUxMjgwMmIxNDkzM2IzNGEyMmY3NzY1ZTI5
NWQyYWIwHhcNMjYwNjAxMTUwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTk4OTJkMDY3MDhkNTI1OTM3ODQyM2FiNzZlNTM4MzE1OTNjYjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXGC+Z8HY9aeL/LOejzgYibUKkN2
RF20QKLLh5XracT4BoFSBm4d+nk3UHs5UXWbyHpx2+HmMFcGIgJXl14TlLCU5dW4
Xa2LiMGKvY4/8Bl9G4d3mIB6Yn5cd7ILUxxi1wvazxVxYg56jT6xroJg+aY7E0lb
Gbx/Pj3TD1Gptq+8PLWG6STsMi2R52gm87Rl9ZaijTiRY2eJ5bxbUItySrtxNf9l
52B8NyfuuEwgftbaylHN9fkmTkxShSnTA5/28qgFEpKoFRiSs06e4U5OUPL/GNaC
CE2F4Bx45eVaqnAc+Lbj7xNEE0l4KEtqau2jhjoLjtyT4egR5WKwjrUr/QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC6YktBnCNUlk3hCOrduU4MVk8udMB8GA1UdIwQY
MBaAFB8EbN6FEoArFJM7NKIvd2XildKrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHdSczNvVVNnQ3NVa3pzMG9pOTNaZUtWMHFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS84MGU3NDAtMmM4Yy00NWE2LTkzOGMt
MjE5YjlmNmY5MDg3LzEvTHBpUzBHY0kxU1dUZUVJNnQyNVRneFdUeTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS84MGU3NDAtMmM4Yy00NWE2LTkzOGMtMjE5YjlmNmY5MDg3
LzEvSHdSczNvVVNnQ3NVa3pzMG9pOTNaZUtWMHFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAEFhTYD
BAAFhTwwDQYJKoZIhvcNAQELBQADggEBAF6JbsvGMfSLaN+Fx5b63oEHtahBs1WY
6VidkslYxmblEZ0P0kLtQVg8a/1hDpjHaRXexeG7KsvjQMuAyzgal2sjeaXq1d9g
zsqWA33XOjoDDgQPWH3xa7YpNKJEb2RQ7X1CnOM5+QiMYXNvHWXIBV16M7teeBMP
74iRipSd33NX4isOiWLgnuhSycO4ESjurE9cpvagEf4S/dLAfj53XrxiZ3PxMcU6
2ddNUJB2VofSpylZ02UWWN5a+X9x8Fsn/SuqvdMdFxBwR96BbEy0xcB7/yH+Gr/d
UmserbgkIaibQZunVrXU/XxFoo4EYVEPAveSCwWvcv+U3M+jtVtGW/Q=
-----END CERTIFICATE-----
Generated at Sat Jun 13 17:53:43 2026 by rpki-client