![](/console.gif)
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/gS7B8Ca6jfjXCUuput9VRJL0a4w.roa
File: gS7B8Ca6jfjXCUuput9VRJL0a4w.roa (raw, json)
Hash identifier: RUo+5aLM2mlR9BwSIPvvD+yooxv9XEebML7QeyYDmxA=
Subject key identifier: 81:2E:C1:F0:26:BA:8D:F8:D7:09:4B:A9:BA:DF:55:44:92:F4:6B:8C
Certificate issuer: /CN=39019f9c0ab29b42e0db12e9ac87b327bfc55af9
Certificate serial: 01856C138BEA474597BC2886B0C5703D9266
Authority key identifier: 39:01:9F:9C:0A:B2:9B:42:E0:DB:12:E9:AC:87:B3:27:BF:C5:5A:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OQGfnAqym0Lg2xLprIezJ7_FWvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/gS7B8Ca6jfjXCUuput9VRJL0a4w.roa
Signing time: Sun 01 Jan 2023 06:44:58 +0000
ROA not before: Sun 01 Jan 2023 06:44:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44534
IP address blocks: 2a0e:fd87::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:13:8b:ea:47:45:97:bc:28:86:b0:c5:70:3d:92:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=39019f9c0ab29b42e0db12e9ac87b327bfc55af9
Validity
Not Before: Jan 1 06:44:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=812ec1f026ba8df8d7094ba9badf554492f46b8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:1b:65:af:17:5b:30:39:e5:e6:57:9c:2f:cc:
96:13:d3:a4:e8:45:a8:56:d8:ee:da:0c:3b:18:9b:
a7:8d:12:b6:2b:d6:1c:04:8e:5b:61:10:36:06:3e:
9b:c9:10:10:e9:a2:81:59:d1:97:0f:f8:34:cb:b6:
9e:c9:b0:2a:e3:c6:51:66:a6:b4:c0:43:1d:c4:d5:
57:09:bf:04:39:1b:ce:07:24:3b:3e:11:05:5b:d2:
bc:de:a7:e0:31:e4:6d:e0:2e:fa:bd:8e:39:94:d0:
a2:e3:73:61:a9:ef:ef:6e:26:af:b7:52:1b:fd:d6:
b9:a9:c8:62:4e:b5:b1:a0:0e:54:a9:0c:fb:9d:b7:
66:27:80:fa:53:27:02:ec:62:c9:23:60:45:c4:22:
8a:b0:e3:15:56:1a:5c:2a:22:28:a0:26:b4:96:46:
05:16:c7:bb:d5:0d:1d:09:5b:30:c1:10:ba:46:aa:
09:af:e3:50:1d:27:f7:e7:22:b3:27:13:af:cc:4e:
fb:c3:3a:2e:ff:14:1e:0d:ac:6d:b8:a4:d0:c9:f4:
5e:f9:ed:b1:ef:7a:bf:f5:58:81:14:da:6a:f3:00:
c5:54:81:38:4a:21:e5:17:14:28:a3:90:8d:7d:00:
a3:6a:7c:47:cf:0d:b7:39:68:52:a2:a9:30:b6:ee:
4e:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:2E:C1:F0:26:BA:8D:F8:D7:09:4B:A9:BA:DF:55:44:92:F4:6B:8C
X509v3 Authority Key Identifier:
keyid:39:01:9F:9C:0A:B2:9B:42:E0:DB:12:E9:AC:87:B3:27:BF:C5:5A:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQGfnAqym0Lg2xLprIezJ7_FWvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/gS7B8Ca6jfjXCUuput9VRJL0a4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/OQGfnAqym0Lg2xLprIezJ7_FWvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:fd87::/32
Signature Algorithm: sha256WithRSAEncryption
82:5f:42:09:26:e6:e1:2f:43:b7:71:38:be:e3:fe:4a:cc:be:
e6:6a:e7:7e:c7:8e:fe:ab:46:ac:aa:39:e5:19:f2:b2:ab:74:
19:b6:ec:f0:db:39:dc:cb:27:ae:cb:73:17:af:62:d7:23:9d:
e3:64:a8:51:b9:8c:51:80:ea:2d:e7:e8:2c:1a:3e:05:59:87:
32:57:14:52:c0:6c:03:12:b4:c9:c7:6d:4f:b5:95:ae:7a:70:
ad:31:60:78:93:9a:61:35:61:0d:d3:9c:82:a5:e7:59:50:26:
4c:8f:16:95:7d:03:8c:55:a3:19:9d:59:9a:51:ae:d8:74:f7:
17:95:5f:10:a2:6d:ae:bc:21:d1:bf:a4:8b:71:a2:26:c9:1b:
51:54:35:70:fb:e3:ed:40:6e:39:01:e6:a4:7d:f4:f1:d6:8d:
97:4d:ec:8f:f2:11:10:20:f6:bd:d6:2c:37:5e:29:ac:52:b9:
73:25:85:72:3f:8b:dc:af:be:4c:46:6d:84:af:8e:dd:fc:30:
48:91:cd:6a:04:58:5b:8e:3a:c6:a5:24:5f:c2:91:85:b3:43:
16:4e:f3:03:29:81:68:8b:6a:98:d9:a5:dd:19:8a:3e:15:e9:
93:00:27:0f:35:7b:1b:bc:59:17:4b:6a:37:60:c5:7a:ec:7e:
cc:a8:c9:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVsE4vqR0WXvCiGsMVwPZJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDE5ZjljMGFiMjliNDJlMGRiMTJlOWFjODdiMzI3YmZj
NTVhZjkwHhcNMjMwMTAxMDY0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTJlYzFmMDI2YmE4ZGY4ZDcwOTRiYTliYWRmNTU0NDkyZjQ2YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBtlrxdbMDnl5lecL8yWE9Ok6EWo
Vtju2gw7GJunjRK2K9YcBI5bYRA2Bj6byRAQ6aKBWdGXD/g0y7aeybAq48ZRZqa0
wEMdxNVXCb8EORvOByQ7PhEFW9K83qfgMeRt4C76vY45lNCi43Nhqe/vbiavt1Ib
/da5qchiTrWxoA5UqQz7nbdmJ4D6UycC7GLJI2BFxCKKsOMVVhpcKiIooCa0lkYF
Fse71Q0dCVswwRC6RqoJr+NQHSf35yKzJxOvzE77wzou/xQeDaxtuKTQyfRe+e2x
73q/9ViBFNpq8wDFVIE4SiHlFxQoo5CNfQCjanxHzw23OWhSoqkwtu5OaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIEuwfAmuo341wlLqbrfVUSS9GuMMB8GA1UdIwQY
MBaAFDkBn5wKsptC4NsS6ayHsye/xVr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FHZm5BcXltMExnMnhMcHJJZXpKN19GV3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80MzBjODEtZWU0Yi00ZTg4LWEzNmYt
Nzg4ZjVhNTgwNDRmLzEvZ1M3QjhDYTZqZmpYQ1V1cHV0OVZSSkwwYTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80MzBjODEtZWU0Yi00ZTg4LWEzNmYtNzg4ZjVhNTgwNDRm
LzEvT1FHZm5BcXltMExnMnhMcHJJZXpKN19GV3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg79hzAN
BgkqhkiG9w0BAQsFAAOCAQEAgl9CCSbm4S9Dt3E4vuP+Ssy+5mrnfseO/qtGrKo5
5Rnysqt0Gbbs8Ns53MsnrstzF69i1yOd42SoUbmMUYDqLefoLBo+BVmHMlcUUsBs
AxK0ycdtT7WVrnpwrTFgeJOaYTVhDdOcgqXnWVAmTI8WlX0DjFWjGZ1ZmlGu2HT3
F5VfEKJtrrwh0b+ki3GiJskbUVQ1cPvj7UBuOQHmpH308daNl03sj/IRECD2vdYs
N14prFK5cyWFcj+L3K++TEZthK+O3fwwSJHNagRYW446xqUkX8KRhbNDFk7zAymB
aItqmNml3RmKPhXpkwAnDzV7G7xZF0tqN2DFeux+zKjJeg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:35:20 2025 by rpki-client