Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1zXnYfXafV--MTMclkkYcCGEi-0.roa
File: 1zXnYfXafV--MTMclkkYcCGEi-0.roa (raw, json)
Hash identifier: bhsxylWGnEl1QwEUG13SnwYQLr8Pdny45UMF36VcgF4=
Subject key identifier: D7:35:E7:61:F5:DA:7D:5F:BE:31:33:1C:96:49:18:70:21:84:8B:ED
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 0197C5F080C007AF6C16DC5E578020A6D657
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1zXnYfXafV--MTMclkkYcCGEi-0.roa
Signing time: Tue 01 Jul 2025 12:22:42 +0000
ROA not before: Tue 01 Jul 2025 12:22:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214431
IP address blocks: 94.183.157.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c5:f0:80:c0:07:af:6c:16:dc:5e:57:80:20:a6:d6:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jul 1 12:22:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d735e761f5da7d5fbe31331c9649187021848bed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:1e:c1:2a:88:25:c1:1d:3b:11:c1:a0:74:fb:
30:a8:ba:f6:7a:3e:d7:ba:1a:65:54:68:13:a2:71:
aa:a8:b4:73:85:8f:9e:fb:1f:3f:4b:a3:94:8f:1f:
ee:ad:91:80:32:84:8b:33:c0:0a:38:50:68:70:12:
b1:01:cb:05:93:6b:f2:48:9c:d8:78:71:3e:2f:5b:
4a:3c:b9:38:92:59:8e:2d:90:f8:cd:b6:3a:5c:f0:
c4:43:64:ab:0d:4d:88:ed:0d:76:65:6d:b7:b9:08:
1e:9c:11:a0:e0:71:94:d1:a6:c7:95:66:d0:0c:44:
dd:f4:b6:12:60:12:c1:28:bf:87:ea:12:aa:b9:3a:
5b:55:2c:aa:ed:74:ae:1d:ca:72:7e:58:cc:36:8a:
b4:39:5f:51:93:a6:b1:91:81:21:1b:d7:ab:77:5a:
bc:3e:7c:d0:7b:d3:17:a3:f0:ff:21:15:e6:cb:41:
08:ee:7b:53:ec:f9:a7:60:bf:ce:cc:6b:ec:da:72:
40:96:fa:55:19:3e:bd:30:1b:2a:8b:9d:1f:e9:9f:
e3:d9:50:38:22:b2:4d:d3:8d:ed:f1:a8:70:b7:2c:
5d:6c:cd:d5:6b:17:b9:1a:ff:5b:ff:74:94:42:2d:
e2:ac:bc:e0:d9:9a:df:9a:5d:88:1a:c7:13:36:56:
e2:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:35:E7:61:F5:DA:7D:5F:BE:31:33:1C:96:49:18:70:21:84:8B:ED
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1zXnYfXafV--MTMclkkYcCGEi-0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.183.157.0/24
Signature Algorithm: sha256WithRSAEncryption
64:bd:a6:5a:73:9e:bd:a0:eb:11:69:fc:94:d1:46:bb:d0:aa:
c2:62:e0:c4:bc:fa:bb:61:38:4f:a5:4c:47:e1:21:3d:02:82:
65:6b:45:e2:12:bd:66:68:a8:fb:3d:58:76:e6:36:10:01:c6:
55:6c:b8:44:c2:46:30:b0:85:65:17:87:02:4a:99:53:3f:69:
93:90:a9:7a:c1:cf:40:ea:29:d9:1f:0f:2c:94:4a:e3:8c:d4:
72:ce:eb:dd:0d:7d:3a:c3:26:a6:ef:09:57:eb:67:6a:09:4d:
21:e6:46:ad:05:eb:b5:7c:b8:3c:8e:02:fe:ac:20:df:17:01:
70:3f:bf:a9:c9:7f:ca:d8:1a:d1:4b:9d:1f:ed:15:88:b8:fd:
70:38:b8:15:fb:f3:13:79:d1:d9:43:6f:85:23:d1:a5:45:11:
33:20:2e:3a:3d:a1:ec:67:1e:4d:0e:6d:f4:94:c8:91:ef:35:
5d:f3:b4:5a:02:be:6f:4e:bc:4c:b4:12:d1:6f:52:55:3f:4d:
0e:64:58:f3:bb:cf:93:14:86:8f:8e:28:9f:7e:af:21:88:c3:
48:1d:f9:6d:47:c1:ae:09:76:3c:ec:cb:a4:38:80:8f:bc:63:
2b:94:a5:ff:6f:2c:4a:3d:fd:32:8c:2e:4e:a7:bb:b7:f9:18:
08:04:50:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfF8IDAB69sFtxeV4AgptZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjUwNzAxMTIyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzM1ZTc2MWY1ZGE3ZDVmYmUzMTMzMWM5NjQ5MTg3MDIxODQ4YmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjh7BKoglwR07EcGgdPswqLr2ej7X
uhplVGgTonGqqLRzhY+e+x8/S6OUjx/urZGAMoSLM8AKOFBocBKxAcsFk2vySJzY
eHE+L1tKPLk4klmOLZD4zbY6XPDEQ2SrDU2I7Q12ZW23uQgenBGg4HGU0abHlWbQ
DETd9LYSYBLBKL+H6hKquTpbVSyq7XSuHcpyfljMNoq0OV9Rk6axkYEhG9erd1q8
PnzQe9MXo/D/IRXmy0EI7ntT7PmnYL/OzGvs2nJAlvpVGT69MBsqi50f6Z/j2VA4
IrJN043t8ahwtyxdbM3Vaxe5Gv9b/3SUQi3irLzg2Zrfml2IGscTNlbi1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNc152H12n1fvjEzHJZJGHAhhIvtMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvMXpYbllmWGFmVi0tTVRNY2xra1ljQ0dFaS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXredMA0G
CSqGSIb3DQEBCwUAA4IBAQBkvaZac569oOsRafyU0Ua70KrCYuDEvPq7YThPpUxH
4SE9AoJla0XiEr1maKj7PVh25jYQAcZVbLhEwkYwsIVlF4cCSplTP2mTkKl6wc9A
6inZHw8slErjjNRyzuvdDX06wyam7wlX62dqCU0h5katBeu1fLg8jgL+rCDfFwFw
P7+pyX/K2BrRS50f7RWIuP1wOLgV+/MTedHZQ2+FI9GlRREzIC46PaHsZx5NDm30
lMiR7zVd87RaAr5vTrxMtBLRb1JVP00OZFjzu8+TFIaPjiiffq8hiMNIHfltR8Gu
CXY87MukOICPvGMrlKX/byxKPf0yjC5Op7u3+RgIBFBP
-----END CERTIFICATE-----
Generated at Fri Jul 25 00:34:39 2025 by rpki-client