Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/rY7iAPxicgTQKhMNf-tERXfYu4M.roa
File: rY7iAPxicgTQKhMNf-tERXfYu4M.roa (raw, json)
Hash identifier: w9vVOpQxlxLHC+56E776NEq8YG/MZGizQ4lkcvZMcO0=
Subject key identifier: AD:8E:E2:00:FC:62:72:04:D0:2A:13:0D:7F:EB:44:45:77:D8:BB:83
Certificate issuer: /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial: 019C0E86C0895AF2AE4406BEC1C03C19D343
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/rY7iAPxicgTQKhMNf-tERXfYu4M.roa
Signing time: Fri 30 Jan 2026 10:50:37 +0000
ROA not before: Fri 30 Jan 2026 10:50:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208476
IP address blocks: 185.244.29.0/24 maxlen: 24
185.244.30.0/24 maxlen: 24
185.244.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:0e:86:c0:89:5a:f2:ae:44:06:be:c1:c0:3c:19:d3:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
Validity
Not Before: Jan 30 10:50:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ad8ee200fc627204d02a130d7feb444577d8bb83
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:94:3d:82:23:6d:c2:c3:22:54:03:ad:18:76:
0b:22:e4:e2:93:0b:52:01:28:e5:5a:e6:04:b7:2d:
6a:d6:2b:74:83:f4:c6:b2:4a:4d:87:1b:29:66:66:
90:eb:8c:70:8f:0d:ac:2f:f0:3e:3e:88:39:f0:dc:
15:d9:09:1f:cb:3c:fa:17:cf:ea:1e:4d:5a:af:17:
c4:2b:2a:b4:6c:6b:2d:d5:2e:e0:c7:9f:7c:0e:6d:
07:29:cb:df:ce:40:fb:03:ea:45:22:12:9b:8c:e1:
c3:36:ed:5a:fb:e8:6b:cd:20:ca:08:37:bc:42:47:
09:a5:2d:32:1c:40:2d:06:26:6e:9f:52:eb:57:f4:
af:61:ff:d1:d5:a8:e4:1e:91:d1:90:fd:a2:f9:03:
5b:1d:39:1a:6c:36:9f:9f:9e:55:03:8e:13:ab:79:
67:35:c8:2f:0f:38:dc:f5:97:78:15:28:c5:56:26:
0e:98:ed:fd:3a:5b:ea:4d:4f:c5:36:b5:12:3c:8e:
3d:6d:0e:c7:01:7e:39:8b:92:c7:0c:9a:5f:ce:a8:
be:b1:66:c4:13:0a:2b:2d:02:0a:e2:f2:7e:6a:c8:
01:2e:4d:1d:36:d9:87:43:80:18:83:b3:a4:85:79:
9c:0f:48:f3:9a:63:03:24:d8:20:fd:b6:a7:ab:77:
d1:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:8E:E2:00:FC:62:72:04:D0:2A:13:0D:7F:EB:44:45:77:D8:BB:83
X509v3 Authority Key Identifier:
keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/rY7iAPxicgTQKhMNf-tERXfYu4M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.244.29.0-185.244.31.255
Signature Algorithm: sha256WithRSAEncryption
ba:5e:85:84:0a:7d:dc:01:f6:e2:10:36:4b:ff:b0:c6:7c:57:
6e:21:e6:f1:35:84:ec:7f:ed:95:b0:fe:ae:ec:b2:64:f1:71:
2e:17:5d:37:a3:b4:65:48:97:03:03:3f:d6:00:d7:f2:9a:0e:
7d:91:e7:c2:91:96:6d:84:5f:3a:a5:f0:78:8b:21:fd:45:02:
f6:15:3f:26:75:17:bb:81:98:d4:fa:8a:80:dc:a8:8d:0b:44:
ab:29:b0:97:c5:e8:7f:d5:fa:4b:9d:d1:a3:80:e0:43:7e:2d:
8c:cb:14:76:42:cf:41:a8:fe:c5:71:cf:6a:15:eb:84:d1:46:
42:ab:d1:d5:a3:44:c1:45:68:b0:49:35:eb:fa:b9:e0:f7:7d:
dc:26:d9:66:79:92:e6:67:88:41:44:c9:ac:df:e0:9c:ee:78:
f6:b4:28:d2:59:c3:b2:96:31:27:f9:7a:44:2c:86:f8:06:09:
2c:4e:a9:f4:91:c7:78:37:e2:8a:51:8a:a3:82:da:10:79:3c:
1f:0a:89:42:c7:2c:99:0e:4e:13:5f:01:24:a6:53:1e:b9:f3:
95:5f:da:25:7d:dd:a0:5e:b0:32:77:7a:82:c3:65:a4:c4:25:
44:69:c9:d5:fa:56:07:1c:62:a3:ca:9f:aa:29:94:7b:2e:b3:
8a:4b:99:63
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZwOhsCJWvKuRAa+wcA8GdNDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjYwMTMwMTA1MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDhlZTIwMGZjNjI3MjA0ZDAyYTEzMGQ3ZmViNDQ0NTc3ZDhiYjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15Q9giNtwsMiVAOtGHYLIuTikwtS
ASjlWuYEty1q1it0g/TGskpNhxspZmaQ64xwjw2sL/A+Pog58NwV2Qkfyzz6F8/q
Hk1arxfEKyq0bGst1S7gx598Dm0HKcvfzkD7A+pFIhKbjOHDNu1a++hrzSDKCDe8
QkcJpS0yHEAtBiZun1LrV/SvYf/R1ajkHpHRkP2i+QNbHTkabDafn55VA44Tq3ln
NcgvDzjc9Zd4FSjFViYOmO39OlvqTU/FNrUSPI49bQ7HAX45i5LHDJpfzqi+sWbE
EworLQIK4vJ+asgBLk0dNtmHQ4AYg7OkhXmcD0jzmmMDJNgg/banq3fRBwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK2O4gD8YnIE0CoTDX/rREV32LuDMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvclk3aUFQeGljZ1RRS2hNTmYtdEVSWGZZdTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC59B0D
BAW59AAwDQYJKoZIhvcNAQELBQADggEBALpehYQKfdwB9uIQNkv/sMZ8V24h5vE1
hOx/7ZWw/q7ssmTxcS4XXTejtGVIlwMDP9YA1/KaDn2R58KRlm2EXzql8HiLIf1F
AvYVPyZ1F7uBmNT6ioDcqI0LRKspsJfF6H/V+kud0aOA4EN+LYzLFHZCz0Go/sVx
z2oV64TRRkKr0dWjRMFFaLBJNev6ueD3fdwm2WZ5kuZniEFEyazf4JzuePa0KNJZ
w7KWMSf5ekQshvgGCSxOqfSRx3g34opRiqOC2hB5PB8KiULHLJkOThNfASSmUx65
85Vf2iV93aBesDJ3eoLDZaTEJURpydX6VgccYqPKn6oplHsus4pLmWM=
-----END CERTIFICATE-----
Generated at Tue Mar 3 00:23:21 2026 by rpki-client