Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/fUHOD0Wn5hr79AlXlmspnX8AVSA.roa
File: fUHOD0Wn5hr79AlXlmspnX8AVSA.roa (raw, json)
Hash identifier: izJ0w4sDL3qHBt+5oHNTHz7QFwMnSlWY8DeydolPgew=
Subject key identifier: 7D:41:CE:0F:45:A7:E6:1A:FB:F4:09:57:96:6B:29:9D:7F:00:55:20
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 0197BACD8D3E478FDA977ADFE9F26B37BBAC
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/fUHOD0Wn5hr79AlXlmspnX8AVSA.roa
Signing time: Sun 29 Jun 2025 08:28:42 +0000
ROA not before: Sun 29 Jun 2025 08:28:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47376
IP address blocks: 94.183.150.0/24 maxlen: 24
94.183.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ba:cd:8d:3e:47:8f:da:97:7a:df:e9:f2:6b:37:bb:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jun 29 08:28:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7d41ce0f45a7e61afbf40957966b299d7f005520
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:be:9c:f6:fe:f7:0a:56:8f:98:6d:1b:2e:52:
a3:3e:0f:47:07:b7:7d:b6:77:b2:de:81:25:51:65:
e4:59:37:b1:50:c7:7b:11:c3:99:c2:f0:36:42:60:
9e:50:51:16:28:c7:1b:de:6f:9a:a2:ee:ed:e0:48:
d8:c4:ee:56:61:5c:81:d4:86:9c:28:fe:3b:ce:ea:
63:1b:e8:9c:39:c8:44:8e:7f:a8:7b:f1:23:4b:98:
c9:8b:84:00:9e:d1:58:71:36:b4:5c:22:39:ff:9e:
8a:e4:09:77:05:2d:ae:bf:c1:37:16:bf:c4:14:47:
50:b3:77:57:04:7a:b9:d4:4f:74:32:c4:c2:b4:be:
4a:fa:68:11:9e:89:bf:54:87:f0:e9:e8:43:cc:75:
04:c7:08:58:95:a9:7c:55:ae:e0:b8:1b:43:87:6c:
3b:ad:6e:49:0e:a3:84:04:44:87:98:b7:f3:9c:ef:
5a:48:e3:19:bd:40:d2:d4:ae:cf:e4:d9:36:13:07:
d1:c4:92:b1:68:1b:07:40:8d:01:b4:74:aa:af:80:
99:73:09:2d:09:61:b2:45:c1:0c:9c:31:79:d9:ff:
34:e6:83:54:e0:d3:b3:3f:12:08:f9:62:06:02:98:
89:46:1a:05:b2:c2:8a:b4:63:bf:01:3e:83:c4:21:
82:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:41:CE:0F:45:A7:E6:1A:FB:F4:09:57:96:6B:29:9D:7F:00:55:20
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/fUHOD0Wn5hr79AlXlmspnX8AVSA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.183.150.0/23
Signature Algorithm: sha256WithRSAEncryption
5a:00:1a:03:de:6b:5c:eb:f9:7e:31:35:e6:3f:09:fc:43:04:
68:bc:d0:7a:90:0e:4f:10:a1:d8:0d:d5:9f:d0:0a:3b:ec:0e:
6a:fe:89:4d:07:90:85:04:17:35:3a:8a:e6:95:47:3d:4e:70:
b2:a1:bb:ab:2c:ee:68:1a:61:92:c8:33:b8:d2:1d:38:5c:0e:
d4:13:1c:72:7c:64:4f:73:67:59:22:40:b6:fb:80:5b:3f:b6:
8b:3a:a2:f4:06:87:50:0e:ac:33:54:3e:99:05:d2:8a:95:bc:
b0:52:aa:c9:36:c7:5f:d2:a9:d9:a9:12:de:2f:ed:4c:b2:11:
88:94:4b:42:44:79:7b:cf:60:0a:98:46:0c:e5:48:d5:1e:7c:
29:9b:95:a6:42:25:01:80:1a:ae:97:3d:cb:2b:e6:5e:8b:2b:
a2:1c:ec:b2:01:d1:22:cc:37:80:8d:4e:ac:11:40:35:1a:f7:
fb:71:0a:b7:20:d7:fc:50:1e:62:11:5a:67:8a:25:ef:ae:de:
e1:a1:80:51:1c:ec:5b:83:7a:79:0c:ec:4c:9f:a4:38:37:cb:
c8:2e:58:29:97:3a:d3:47:72:3f:a5:37:0c:9d:ef:e5:cd:e1:
57:e6:19:8e:f2:ad:0b:ea:40:8f:e6:d0:2e:d2:1a:e8:46:07:
ba:96:56:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe6zY0+R4/al3rf6fJrN7usMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjUwNjI5MDgyODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDQxY2UwZjQ1YTdlNjFhZmJmNDA5NTc5NjZiMjk5ZDdmMDA1NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn76c9v73ClaPmG0bLlKjPg9HB7d9
tney3oElUWXkWTexUMd7EcOZwvA2QmCeUFEWKMcb3m+aou7t4EjYxO5WYVyB1Iac
KP47zupjG+icOchEjn+oe/EjS5jJi4QAntFYcTa0XCI5/56K5Al3BS2uv8E3Fr/E
FEdQs3dXBHq51E90MsTCtL5K+mgRnom/VIfw6ehDzHUExwhYlal8Va7guBtDh2w7
rW5JDqOEBESHmLfznO9aSOMZvUDS1K7P5Nk2EwfRxJKxaBsHQI0BtHSqr4CZcwkt
CWGyRcEMnDF52f805oNU4NOzPxII+WIGApiJRhoFssKKtGO/AT6DxCGCAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1Bzg9Fp+Ya+/QJV5ZrKZ1/AFUgMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvZlVIT0QwV241aHI3OUFsWGxtc3BuWDhBVlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXreWMA0G
CSqGSIb3DQEBCwUAA4IBAQBaABoD3mtc6/l+MTXmPwn8QwRovNB6kA5PEKHYDdWf
0Ao77A5q/olNB5CFBBc1OormlUc9TnCyoburLO5oGmGSyDO40h04XA7UExxyfGRP
c2dZIkC2+4BbP7aLOqL0BodQDqwzVD6ZBdKKlbywUqrJNsdf0qnZqRLeL+1MshGI
lEtCRHl7z2AKmEYM5UjVHnwpm5WmQiUBgBqulz3LK+ZeiyuiHOyyAdEizDeAjU6s
EUA1Gvf7cQq3INf8UB5iEVpniiXvrt7hoYBRHOxbg3p5DOxMn6Q4N8vILlgplzrT
R3I/pTcMne/lzeFX5hmO8q0L6kCP5tAu0hroRge6llae
-----END CERTIFICATE-----
Generated at Fri Jul 25 00:22:08 2025 by rpki-client