Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/FkVKO9lJzHuqDi_BU1xUqv0I42c.roa
File: FkVKO9lJzHuqDi_BU1xUqv0I42c.roa (raw, json)
Hash identifier: Pf09oIFjLEekDPUMczM5tlS6IhZnEoC/wb2yzhfm4dI=
Subject key identifier: 16:45:4A:3B:D9:49:CC:7B:AA:0E:2F:C1:53:5C:54:AA:FD:08:E3:67
Certificate issuer: /CN=2643923e773eb270492aecc8da15c2e5ca57c2ca
Certificate serial: 0185729EC9940471F4F3A1B01BE5B050F9C1
Authority key identifier: 26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/FkVKO9lJzHuqDi_BU1xUqv0I42c.roa
Signing time: Mon 02 Jan 2023 13:14:46 +0000
ROA not before: Mon 02 Jan 2023 13:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208505
IP address blocks: 2001:678:ac4::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:c9:94:04:71:f4:f3:a1:b0:1b:e5:b0:50:f9:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2643923e773eb270492aecc8da15c2e5ca57c2ca
Validity
Not Before: Jan 2 13:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=16454a3bd949cc7baa0e2fc1535c54aafd08e367
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:d3:01:5f:3e:ed:72:cb:b2:88:0b:95:19:0c:
5f:82:15:cb:4e:e3:3c:1a:20:e2:5f:95:89:4f:79:
6c:de:7a:0f:37:43:fc:fb:69:03:fd:e4:f0:74:0b:
6d:85:f1:d4:0f:12:dc:cd:f5:93:0a:0d:17:1f:69:
c8:f9:a3:31:2f:b7:31:a1:8d:e1:2d:5d:78:f0:9c:
b7:b4:6e:66:5f:f2:d4:cf:ff:63:b5:7e:bc:d8:4b:
f9:5f:b0:3f:fb:3f:d0:8e:41:6a:ea:37:3c:7c:b6:
88:8d:ae:38:b1:50:a2:31:a9:34:07:2c:f5:a5:e8:
5a:bb:e5:93:04:60:a3:44:e4:da:be:b9:83:38:fc:
eb:dd:fc:4e:f4:2d:9d:66:0c:88:8b:ed:af:4d:62:
a5:e7:19:b2:dc:0b:a2:d3:df:cf:f6:26:48:50:f2:
9c:13:39:88:81:95:9f:b7:db:6e:13:0a:7d:26:f9:
c3:41:3a:79:b1:37:78:5b:61:e7:7e:3b:63:d0:d8:
2f:8f:c5:15:d0:12:57:a6:03:99:32:d3:0e:7f:32:
49:78:ad:8e:07:00:cc:c7:da:54:70:32:fb:92:c7:
2d:5d:e6:f9:3d:f4:66:33:67:74:09:2f:9e:2a:f8:
9d:c8:a4:19:94:2d:dc:35:41:5b:d8:82:25:fe:50:
ac:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:45:4A:3B:D9:49:CC:7B:AA:0E:2F:C1:53:5C:54:AA:FD:08:E3:67
X509v3 Authority Key Identifier:
keyid:26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/FkVKO9lJzHuqDi_BU1xUqv0I42c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/JkOSPnc-snBJKuzI2hXC5cpXwso.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:ac4::/48
Signature Algorithm: sha256WithRSAEncryption
4e:16:2c:c3:5d:a1:f8:9b:b7:c4:cf:9c:4b:7f:37:b5:62:15:
11:8b:f5:cb:46:71:5c:32:5a:1c:dc:d4:ec:d4:d1:dc:17:2f:
89:2e:e9:f2:dd:ab:b6:9d:a3:3d:8e:bc:0f:a5:82:3e:3a:e7:
44:4f:6e:bf:80:67:e7:dc:74:fc:a4:fb:45:fe:a5:d2:e1:66:
bb:50:79:cd:e0:9f:27:0b:12:df:68:e7:a7:c8:d7:34:ec:98:
d8:27:b7:51:9d:9e:af:d8:8a:fe:af:21:58:a5:3d:c9:74:79:
20:90:f7:a9:15:6c:a9:69:9d:44:97:6f:0d:6b:79:b4:3b:06:
76:14:20:5d:70:9c:12:0a:e7:9f:0c:3c:42:f1:eb:df:3e:d1:
65:5f:71:62:f4:ab:44:1b:8d:96:c0:1b:78:84:62:25:08:48:
46:98:ce:5b:f2:73:ef:bd:3a:4c:06:3f:2a:80:d1:b2:be:1c:
b2:dd:80:00:47:e2:97:28:c5:20:77:c6:18:d2:a9:de:7c:a7:
ca:fa:3f:13:06:04:ba:15:4f:a0:05:48:bf:1a:ab:50:a6:34:
77:45:a7:1f:4b:29:c5:d8:52:b6:c5:6c:1d:38:38:d8:fa:07:
eb:67:15:96:88:19:d9:cf:ad:0a:97:5c:4e:34:f6:cb:4e:85:
e9:70:17:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVynsmUBHH086GwG+WwUPnBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NDM5MjNlNzczZWIyNzA0OTJhZWNjOGRhMTVjMmU1Y2E1
N2MyY2EwHhcNMjMwMTAyMTMxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQ1NGEzYmQ5NDljYzdiYWEwZTJmYzE1MzVjNTRhYWZkMDhlMzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNMBXz7tcsuyiAuVGQxfghXLTuM8
GiDiX5WJT3ls3noPN0P8+2kD/eTwdAtthfHUDxLczfWTCg0XH2nI+aMxL7cxoY3h
LV148Jy3tG5mX/LUz/9jtX682Ev5X7A/+z/QjkFq6jc8fLaIja44sVCiMak0Byz1
pehau+WTBGCjROTavrmDOPzr3fxO9C2dZgyIi+2vTWKl5xmy3Aui09/P9iZIUPKc
EzmIgZWft9tuEwp9JvnDQTp5sTd4W2Hnfjtj0Ngvj8UV0BJXpgOZMtMOfzJJeK2O
BwDMx9pUcDL7ksctXeb5PfRmM2d0CS+eKvidyKQZlC3cNUFb2IIl/lCsAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBZFSjvZScx7qg4vwVNcVKr9CONnMB8GA1UdIwQY
MBaAFCZDkj53PrJwSSrsyNoVwuXKV8LKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmtPU1BuYy1zbkJKS3V6STJoWEM1Y3BYd3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wNjMxYTctNDE2Yy00MWJlLThlNDUt
NzhjMzdjMGIwZDk3LzEvRmtWS085bEp6SHVxRGlfQlUxeFVxdjBJNDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wNjMxYTctNDE2Yy00MWJlLThlNDUtNzhjMzdjMGIwZDk3
LzEvSmtPU1BuYy1zbkJKS3V6STJoWEM1Y3BYd3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArE
MA0GCSqGSIb3DQEBCwUAA4IBAQBOFizDXaH4m7fEz5xLfze1YhURi/XLRnFcMloc
3NTs1NHcFy+JLuny3au2naM9jrwPpYI+OudET26/gGfn3HT8pPtF/qXS4Wa7UHnN
4J8nCxLfaOenyNc07JjYJ7dRnZ6v2Ir+ryFYpT3JdHkgkPepFWypaZ1El28Na3m0
OwZ2FCBdcJwSCuefDDxC8evfPtFlX3Fi9KtEG42WwBt4hGIlCEhGmM5b8nPvvTpM
Bj8qgNGyvhyy3YAAR+KXKMUgd8YY0qnefKfK+j8TBgS6FU+gBUi/GqtQpjR3Racf
SynF2FK2xWwdODjY+gfrZxWWiBnZz60Kl1xONPbLToXpcBef
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:20:03 2025 by rpki-client