Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/deVjNrNfu8UoxjJwF2kyb7Sq0MM.roa
File: deVjNrNfu8UoxjJwF2kyb7Sq0MM.roa (raw, json)
Hash identifier: 07x1hvxc/WhzWMgs9H/cGHQT9rdPyvqgj3EcKz19okE=
Subject key identifier: 75:E5:63:36:B3:5F:BB:C5:28:C6:32:70:17:69:32:6F:B4:AA:D0:C3
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018A1971D6397E109D7263F0F0599EEBBD76
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/deVjNrNfu8UoxjJwF2kyb7Sq0MM.roa
Signing time: Mon 21 Aug 2023 18:53:25 +0000
ROA not before: Mon 21 Aug 2023 18:53:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7029
IP address blocks: 193.30.30.0/24 maxlen: 24
195.138.108.0/24 maxlen: 24
195.138.107.0/24 maxlen: 24
195.138.111.0/24 maxlen: 24
195.138.112.0/24 maxlen: 24
195.138.114.0/24 maxlen: 24
195.138.118.0/24 maxlen: 24
185.180.145.0/24 maxlen: 24
195.138.120.0/24 maxlen: 24
193.46.220.0/24 maxlen: 24
91.201.107.0/24 maxlen: 24
185.243.140.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:19:71:d6:39:7e:10:9d:72:63:f0:f0:59:9e:eb:bd:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Aug 21 18:53:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=75e56336b35fbbc528c632701769326fb4aad0c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:37:55:31:e4:58:78:56:78:a9:58:4d:88:88:
c9:d0:26:07:bf:0d:a5:c8:cf:64:86:32:f6:59:6e:
1d:04:97:76:c1:1d:b9:7c:59:d5:a4:fc:85:87:18:
22:2c:0d:24:d0:7f:b6:c0:d2:85:4a:69:27:99:39:
0a:58:2d:f7:c9:2c:6d:94:42:62:13:99:0f:4c:18:
3d:6a:0e:3a:63:44:62:0f:9f:db:23:1f:80:33:3a:
39:c2:71:a3:23:2a:6d:6f:01:3d:b7:ef:3f:a8:9d:
73:31:a5:ff:7c:64:5e:d2:93:34:89:81:f1:cb:1b:
64:43:a0:86:be:41:2a:15:4e:0c:f0:81:d9:cb:88:
e0:c2:cb:75:7b:f9:26:63:6c:ba:22:a9:45:10:01:
b9:ef:15:fa:31:a2:6d:3e:53:c5:a0:2e:00:ae:8b:
49:b8:d6:e8:e0:27:75:4a:12:a6:c7:a6:9d:92:a1:
6d:5f:f8:11:e6:b4:ea:5d:d7:6e:45:10:a4:84:7d:
65:ab:7e:48:81:23:24:96:10:fe:94:17:f9:26:cb:
73:a9:5a:60:47:72:25:57:28:72:95:b9:13:f0:4a:
8a:af:25:83:b0:51:0a:1a:a0:18:b1:f7:3f:c2:89:
ef:2a:2e:f0:30:ad:b2:97:f4:a6:e1:47:cf:9b:51:
14:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:E5:63:36:B3:5F:BB:C5:28:C6:32:70:17:69:32:6F:B4:AA:D0:C3
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/deVjNrNfu8UoxjJwF2kyb7Sq0MM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.201.107.0/24
185.180.145.0/24
185.243.140.0/22
193.30.30.0/24
193.46.220.0/24
195.138.107.0-195.138.108.255
195.138.111.0-195.138.112.255
195.138.114.0/24
195.138.118.0/24
195.138.120.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:9c:78:b2:76:d8:95:25:30:c1:14:d1:1f:49:d6:7d:2d:45:
e4:c9:be:0c:37:65:53:3a:bb:10:ae:46:d1:25:e6:75:d2:ea:
1c:4a:ff:62:6a:62:2b:9e:8b:2e:3b:2b:c7:51:41:c9:cf:27:
c8:b2:82:27:68:3d:9d:f6:6d:78:4c:d9:eb:b7:bc:5e:58:56:
ef:21:6a:db:25:ae:13:fc:8e:04:9d:1f:4b:87:77:08:30:27:
9a:18:81:13:52:fc:ca:5e:88:89:02:30:f3:b0:4f:1f:20:04:
77:59:c3:9b:63:93:4e:b0:43:b4:03:f3:93:c4:f5:4a:fa:f6:
52:de:fd:78:23:0a:21:19:9e:83:57:54:42:aa:4f:1e:1a:30:
bb:c2:58:a6:ee:75:e3:22:21:4c:63:e4:1b:50:36:42:0c:9f:
c1:97:dd:7e:13:52:4a:c2:0b:d3:89:e6:2e:d7:6e:48:eb:65:
28:56:cd:c1:31:d9:90:5e:bb:1d:9a:60:d7:cc:4f:d0:92:c6:
52:9d:f3:d1:b3:83:7a:30:4b:3b:d7:15:7d:b6:58:62:73:65:
96:fb:de:6f:77:bb:ea:44:24:0b:27:f5:71:9d:71:74:03:dc:
04:4d:82:88:ac:63:e5:ab:f4:96:07:cc:4c:8b:db:48:ed:92:
af:07:5f:9b
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYoZcdY5fhCdcmPw8Fme6712MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwODIxMTg1MzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWU1NjMzNmIzNWZiYmM1MjhjNjMyNzAxNzY5MzI2ZmI0YWFkMGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzdVMeRYeFZ4qVhNiIjJ0CYHvw2l
yM9khjL2WW4dBJd2wR25fFnVpPyFhxgiLA0k0H+2wNKFSmknmTkKWC33ySxtlEJi
E5kPTBg9ag46Y0RiD5/bIx+AMzo5wnGjIyptbwE9t+8/qJ1zMaX/fGRe0pM0iYHx
yxtkQ6CGvkEqFU4M8IHZy4jgwst1e/kmY2y6IqlFEAG57xX6MaJtPlPFoC4ArotJ
uNbo4Cd1ShKmx6adkqFtX/gR5rTqXdduRRCkhH1lq35IgSMklhD+lBf5JstzqVpg
R3IlVyhylbkT8EqKryWDsFEKGqAYsfc/wonvKi7wMK2yl/Sm4UfPm1EUjQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHXlYzazX7vFKMYycBdpMm+0qtDDMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvZGVWak5yTmZ1OFVveGpKd0Yya3liN1NxME1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAW8lrAwQA
ubSRAwQCufOMAwQAwR4eAwQAwS7cMAwDBADDimsDBADDimwwDAMEAMOKbwMEAMOK
cAMEAMOKcgMEAMOKdgMEAMOKeDANBgkqhkiG9w0BAQsFAAOCAQEAqpx4snbYlSUw
wRTRH0nWfS1F5Mm+DDdlUzq7EK5G0SXmddLqHEr/YmpiK56LLjsrx1FByc8nyLKC
J2g9nfZteEzZ67e8XlhW7yFq2yWuE/yOBJ0fS4d3CDAnmhiBE1L8yl6IiQIw87BP
HyAEd1nDm2OTTrBDtAPzk8T1Svr2Ut79eCMKIRmeg1dUQqpPHhowu8JYpu514yIh
TGPkG1A2QgyfwZfdfhNSSsIL04nmLtduSOtlKFbNwTHZkF67HZpg18xP0JLGUp3z
0bODejBLO9cVfbZYYnNllvveb3e76kQkCyf1cZ1xdAPcBE2CiKxj5av0lgfMTIvb
SO2Srwdfmw==
-----END CERTIFICATE-----
Generated at Mon May 12 11:27:27 2025 by rpki-client