Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/rqkO7LETo_cuT2bFgW1eASPxvHA.roa
File: rqkO7LETo_cuT2bFgW1eASPxvHA.roa (raw, json)
Hash identifier: hKMobf6Vzjq88suFWbbTAMFmGF2cN5WalalqGfzHAIU=
Subject key identifier: AE:A9:0E:EC:B1:13:A3:F7:2E:4F:66:C5:81:6D:5E:01:23:F1:BC:70
Certificate issuer: /CN=2643923e773eb270492aecc8da15c2e5ca57c2ca
Certificate serial: 07E8B60F
Authority key identifier: 26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/rqkO7LETo_cuT2bFgW1eASPxvHA.roa
Signing time: Sat 01 Jan 2022 09:53:53 +0000
ROA not before: Sat 01 Jan 2022 09:53:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208505
IP address blocks: 2001:678:ac4::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 132691471 (0x7e8b60f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2643923e773eb270492aecc8da15c2e5ca57c2ca
Validity
Not Before: Jan 1 09:53:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=aea90eecb113a3f72e4f66c5816d5e0123f1bc70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:67:a1:55:ac:1d:ab:aa:81:4f:09:fa:54:b8:
b9:5d:5f:e4:37:78:79:ce:ee:13:9a:53:6a:b4:41:
36:bb:60:19:62:6a:8c:29:f2:7a:e9:bf:24:f1:87:
23:15:fc:42:1e:4b:5b:a2:d3:54:c3:6c:a8:ff:ad:
1b:87:eb:c4:68:c6:78:6b:2b:3f:7f:49:10:94:08:
05:50:4a:70:45:7c:5e:6d:ee:c8:03:47:31:62:58:
89:5b:ca:33:bd:37:dd:70:98:a6:b4:e7:d9:05:14:
c2:58:b2:92:73:97:41:28:e6:88:cf:cb:fc:1d:af:
dc:68:25:d4:51:15:ee:f1:18:a5:52:15:01:44:1d:
e7:78:86:ed:e8:7f:72:db:e4:8f:16:a9:67:9c:cc:
8a:f2:17:d6:39:41:21:8a:8f:1c:4f:d0:d5:5d:6b:
75:21:ac:1b:60:ae:41:d7:7d:02:6d:e4:33:7b:ff:
67:b9:05:18:57:28:01:d5:6b:9d:eb:62:2f:6d:79:
ab:cc:f1:ea:20:71:7d:f1:a0:a2:0c:a5:b9:0f:3c:
ee:44:5c:b4:0b:7c:7f:a7:de:d3:28:53:a5:13:2a:
c6:ee:fd:d7:1f:4a:ba:22:1e:f5:90:cf:fb:4c:d8:
69:2c:a9:2b:4a:ef:d8:4a:01:bd:c1:3c:81:f9:0b:
1d:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:A9:0E:EC:B1:13:A3:F7:2E:4F:66:C5:81:6D:5E:01:23:F1:BC:70
X509v3 Authority Key Identifier:
keyid:26:43:92:3E:77:3E:B2:70:49:2A:EC:C8:DA:15:C2:E5:CA:57:C2:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JkOSPnc-snBJKuzI2hXC5cpXwso.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/rqkO7LETo_cuT2bFgW1eASPxvHA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0631a7-416c-41be-8e45-78c37c0b0d97/1/JkOSPnc-snBJKuzI2hXC5cpXwso.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:ac4::/48
Signature Algorithm: sha256WithRSAEncryption
ae:78:7a:1d:43:f3:4c:26:59:84:42:1e:52:0d:0b:7b:2a:f5:
c7:13:38:12:0d:56:5a:86:b6:67:31:1c:2a:3e:9a:f2:5f:51:
65:9b:f8:6d:8a:6f:21:f7:85:06:21:fe:ef:64:3a:16:7c:a0:
b9:dd:06:1e:76:ca:71:00:64:8f:7d:b8:3b:9a:04:68:8e:b0:
d1:a9:08:88:c5:d2:ba:0a:f4:f7:b0:40:64:a0:65:6f:92:86:
a4:64:bc:2b:8d:df:f6:22:76:27:23:36:2c:fc:20:d3:91:94:
3f:45:d9:20:f5:d2:b4:59:59:4d:1a:fa:b3:4e:8e:9e:a3:a5:
9f:95:d3:81:e5:90:1e:7c:3d:20:1a:11:c7:d4:b4:e7:74:b3:
e6:17:af:28:0f:3c:98:cd:7d:71:18:03:05:6e:5e:98:96:f4:
99:93:e9:71:56:7f:c2:03:14:a8:0b:1b:e2:7b:a5:93:30:2a:
dc:b6:e7:4f:81:6b:95:71:1d:e1:b6:56:45:5e:5c:a7:28:1b:
92:af:53:14:2b:95:60:c5:ac:22:3c:87:3f:4b:3f:1e:b4:ae:
07:e9:87:73:4e:40:fa:5a:bb:e6:87:33:03:ff:a5:e3:68:fe:
dd:c6:72:24:e3:f0:50:26:c9:b1:9f:94:f7:55:1f:d7:93:bb:
ca:45:d8:83
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEB+i2DzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NjQzOTIzZTc3M2ViMjcwNDkyYWVjYzhkYTE1YzJlNWNhNTdjMmNhMB4XDTIyMDEw
MTA5NTM1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWVhOTBlZWNiMTEz
YTNmNzJlNGY2NmM1ODE2ZDVlMDEyM2YxYmM3MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALJnoVWsHauqgU8J+lS4uV1f5Dd4ec7uE5pTarRBNrtgGWJq
jCnyeum/JPGHIxX8Qh5LW6LTVMNsqP+tG4frxGjGeGsrP39JEJQIBVBKcEV8Xm3u
yANHMWJYiVvKM7033XCYprTn2QUUwliyknOXQSjmiM/L/B2v3Ggl1FEV7vEYpVIV
AUQd53iG7eh/ctvkjxapZ5zMivIX1jlBIYqPHE/Q1V1rdSGsG2CuQdd9Am3kM3v/
Z7kFGFcoAdVrnetiL215q8zx6iBxffGgogyluQ887kRctAt8f6fe0yhTpRMqxu79
1x9KuiIe9ZDP+0zYaSypK0rv2EoBvcE8gfkLHWsCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSuqQ7ssROj9y5PZsWBbV4BI/G8cDAfBgNVHSMEGDAWgBQmQ5I+dz6ycEkq
7MjaFcLlylfCyjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0prT1NQbmMtc25CSkt1ekkyaFhDNWNwWHdzby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTcvMDYzMWE3LTQxNmMtNDFiZS04ZTQ1LTc4YzM3YzBiMGQ5Ny8x
L3Jxa083TEVUb19jdVQyYkZnVzFlQVNQeHZIQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTcv
MDYzMWE3LTQxNmMtNDFiZS04ZTQ1LTc4YzM3YzBiMGQ5Ny8xL0prT1NQbmMtc25C
Skt1ekkyaFhDNWNwWHdzby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngKxDANBgkqhkiG9w0BAQsF
AAOCAQEArnh6HUPzTCZZhEIeUg0Leyr1xxM4Eg1WWoa2ZzEcKj6a8l9RZZv4bYpv
IfeFBiH+72Q6Fnygud0GHnbKcQBkj324O5oEaI6w0akIiMXSugr097BAZKBlb5KG
pGS8K43f9iJ2JyM2LPwg05GUP0XZIPXStFlZTRr6s06OnqOln5XTgeWQHnw9IBoR
x9S053Sz5hevKA88mM19cRgDBW5emJb0mZPpcVZ/wgMUqAsb4nulkzAq3LbnT4Fr
lXEd4bZWRV5cpygbkq9TFCuVYMWsIjyHP0s/HrSuB+mHc05A+lq75oczA/+l42j+
3cZyJOPwUCbJsZ+U91Uf15O7ykXYgw==
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:46:18 2025 by rpki-client