Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/FZzvVPSC_Ah6rc7_mbnr6eTLncQ.roa
File: FZzvVPSC_Ah6rc7_mbnr6eTLncQ.roa (raw, json)
Hash identifier: UTDkfJY0B8ICOuW1RW0rZ8mbt8Cqg+IcEz6xsyw1bGo=
Subject key identifier: 15:9C:EF:54:F4:82:FC:08:7A:AD:CE:FF:99:B9:EB:E9:E4:CB:9D:C4
Certificate issuer: /CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
Certificate serial: 019710B1C3BF0B3FE85341BD999BB361B811
Authority key identifier: 0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/FZzvVPSC_Ah6rc7_mbnr6eTLncQ.roa
Signing time: Tue 27 May 2025 07:42:54 +0000
ROA not before: Tue 27 May 2025 07:42:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200200
IP address blocks: 185.124.149.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:10:b1:c3:bf:0b:3f:e8:53:41:bd:99:9b:b3:61:b8:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
Validity
Not Before: May 27 07:42:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=159cef54f482fc087aadceff99b9ebe9e4cb9dc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:48:da:e8:6a:07:68:d5:a4:d0:39:aa:5f:e5:
d3:8b:95:ca:8d:5b:c1:2a:7b:c8:81:8f:e8:5f:ef:
b7:1e:2d:72:7b:cf:a5:0f:4e:3e:3b:36:b1:6e:e7:
71:c4:b3:6a:b0:be:98:24:c9:9e:66:5b:0e:77:5a:
d8:35:14:b8:56:1d:db:2e:bc:be:8c:5c:d4:99:14:
6f:a0:dc:c6:cb:28:a9:e3:a4:9c:9a:e9:8d:52:b2:
41:c9:10:c9:0c:a3:7e:1a:50:1f:24:e1:13:2d:06:
6f:be:17:38:38:ea:29:4e:3e:30:b2:8f:9e:df:aa:
d9:50:b2:65:b4:44:42:cd:4f:86:98:7c:e1:88:b6:
f2:0c:1c:3a:79:ba:5b:36:8c:c0:2c:82:d3:96:b9:
4d:b6:2c:c4:03:0d:3e:a4:76:4e:2c:5c:68:f6:24:
29:55:fb:25:b2:4f:81:70:67:1a:ce:03:f7:54:87:
69:3e:ae:0f:23:0f:26:b1:a9:f8:44:53:1d:e4:88:
8b:e5:3b:72:36:60:85:99:07:bd:02:7e:c7:f9:54:
7c:0a:99:d3:2b:83:02:bd:a4:8c:21:84:9d:a7:45:
2d:af:20:07:59:d8:65:9c:89:a8:54:ba:be:4d:f3:
a6:a8:ce:fc:7b:15:82:df:be:b0:40:be:fa:94:41:
aa:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:9C:EF:54:F4:82:FC:08:7A:AD:CE:FF:99:B9:EB:E9:E4:CB:9D:C4
X509v3 Authority Key Identifier:
keyid:0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/FZzvVPSC_Ah6rc7_mbnr6eTLncQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.124.149.0/24
Signature Algorithm: sha256WithRSAEncryption
32:1e:f1:e3:4a:56:19:b1:13:44:c2:17:b3:7a:1c:7e:92:2a:
9f:23:c5:cb:cf:0f:39:29:15:91:6f:48:ed:c0:7a:a2:92:77:
f1:50:b0:b3:fb:f7:b7:f5:f6:d5:14:1d:73:43:aa:2a:66:d1:
36:18:a2:c8:46:ec:db:b1:76:41:2f:9c:34:0d:f4:4c:45:72:
0d:9c:28:26:bb:04:3a:b6:d7:b6:f7:a8:63:b8:21:3d:d4:b8:
10:a1:ef:68:d4:9d:b9:10:60:b3:36:ec:60:54:a9:90:a5:f5:
66:09:40:e9:f4:9a:bd:51:1c:70:a7:de:36:36:97:36:da:b7:
85:a2:7f:ce:bf:7b:94:b8:43:1a:45:c0:de:9a:00:2f:c1:41:
20:50:ed:6e:7c:52:39:55:0e:07:4f:f1:49:a3:4d:15:71:a7:
de:5c:b2:ab:03:bb:ed:0d:af:ae:71:cc:da:ba:a0:8b:91:ef:
a0:e0:92:09:df:5a:d9:5d:81:44:f7:bb:e3:1e:49:90:7d:66:
64:6d:85:e7:cb:a4:85:7a:da:6f:b2:5e:9f:9c:ae:05:f1:67:
8f:ff:e9:e0:e7:38:b1:e0:71:02:13:26:a1:5e:47:fe:3d:a0:
16:dd:02:a4:65:5e:30:b5:b3:00:f5:f7:02:5c:02:5f:6f:8e:
87:21:be:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcQscO/Cz/oU0G9mZuzYbgRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMmY4YjJiOTQ3MjFlOTI4ZjYxODhiNWNmMTUwNTMxNDRk
ZWRmOGMwHhcNMjUwNTI3MDc0MjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTljZWY1NGY0ODJmYzA4N2FhZGNlZmY5OWI5ZWJlOWU0Y2I5ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUja6GoHaNWk0DmqX+XTi5XKjVvB
KnvIgY/oX++3Hi1ye8+lD04+OzaxbudxxLNqsL6YJMmeZlsOd1rYNRS4Vh3bLry+
jFzUmRRvoNzGyyip46ScmumNUrJByRDJDKN+GlAfJOETLQZvvhc4OOopTj4wso+e
36rZULJltERCzU+GmHzhiLbyDBw6ebpbNozALILTlrlNtizEAw0+pHZOLFxo9iQp
Vfslsk+BcGcazgP3VIdpPq4PIw8msan4RFMd5IiL5TtyNmCFmQe9An7H+VR8CpnT
K4MCvaSMIYSdp0UtryAHWdhlnImoVLq+TfOmqM78exWC376wQL76lEGqpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWc71T0gvwIeq3O/5m56+nky53EMB8GA1UdIwQY
MBaAFA8viyuUch6Sj2GItc8VBTFE3t+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2Mt
NzIyNmE4ODQ1ZTAxLzEvRlp6dlZQU0NfQWg2cmM3X21ibnI2ZVRMbmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2MtNzIyNmE4ODQ1ZTAx
LzEvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXyVMA0G
CSqGSIb3DQEBCwUAA4IBAQAyHvHjSlYZsRNEwhezehx+kiqfI8XLzw85KRWRb0jt
wHqiknfxULCz+/e39fbVFB1zQ6oqZtE2GKLIRuzbsXZBL5w0DfRMRXINnCgmuwQ6
tte296hjuCE91LgQoe9o1J25EGCzNuxgVKmQpfVmCUDp9Jq9URxwp942Npc22reF
on/Ov3uUuEMaRcDemgAvwUEgUO1ufFI5VQ4HT/FJo00VcafeXLKrA7vtDa+uccza
uqCLke+g4JIJ31rZXYFE97vjHkmQfWZkbYXny6SFetpvsl6fnK4F8WeP/+ng5zix
4HECEyahXkf+PaAW3QKkZV4wtbMA9fcCXAJfb46HIb5W
-----END CERTIFICATE-----
Generated at Sun Jun 8 10:22:42 2025 by rpki-client