Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/326131343a373538353a3a2f34342d3434203d3e20323134343531.roa
File: 326131343a373538353a3a2f34342d3434203d3e20323134343531.roa (raw, json)
Hash identifier: dlfHXtO5vtv9X7NqSVxYh3bLgYFkXsFOied2Mrmi64k=
Subject key identifier: CA:98:F1:45:CB:A1:C4:90:1D:78:AE:FE:31:11:E8:C7:65:55:70:AC
Certificate issuer: /CN=41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B
Certificate serial: 3B9394ECDD8E6069CE6122C66B9111A5C545F397
Authority key identifier: 41:C6:B5:56:7A:DB:76:46:22:2A:1B:9F:1A:A7:03:8F:0C:2D:4B:4B
Authority info access: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/326131343a373538353a3a2f34342d3434203d3e20323134343531.roa
Signing time: Sun 11 May 2025 10:09:39 +0000
ROA not before: Sun 11 May 2025 10:04:39 +0000
ROA not after: Sun 10 May 2026 10:09:39 +0000
asID: 214451
IP address blocks: 2a14:7585::/44 maxlen: 44
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:93:94:ec:dd:8e:60:69:ce:61:22:c6:6b:91:11:a5:c5:45:f3:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B
Validity
Not Before: May 11 10:04:39 2025 GMT
Not After : May 10 10:09:39 2026 GMT
Subject: CN=CA98F145CBA1C4901D78AEFE3111E8C7655570AC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:7a:e6:33:40:33:bc:ad:96:44:e2:a8:ec:3d:
24:cd:71:09:12:21:6e:b7:f5:b0:a5:6f:1a:de:6e:
26:c8:6b:64:1d:89:a6:17:cc:66:8d:bb:4a:7a:83:
97:76:cc:39:2b:47:11:c0:75:1d:25:40:dd:3b:af:
62:a9:31:5b:d5:fb:ab:6a:41:8c:81:98:da:7f:55:
e5:31:49:be:d0:d6:2b:c4:16:fe:c6:dd:10:97:0f:
fd:35:9d:82:0b:54:2e:15:f4:49:43:e8:45:e7:bf:
c6:3c:c0:73:fd:5f:59:42:33:5b:a8:2f:2f:30:f0:
3d:df:35:9c:4d:8c:01:fc:bc:f3:ff:fb:e4:7a:4a:
5d:94:a2:66:9b:ec:b7:30:34:d7:09:4c:b9:1a:f0:
99:b4:ca:ba:e1:1e:ee:6c:61:ae:3a:52:cb:5e:a8:
04:76:97:7c:81:a8:26:5c:c6:4a:8f:5f:8d:76:89:
cf:6d:23:d8:ac:8e:8d:b5:87:0c:9a:e9:82:8d:a1:
04:f0:7d:c4:4f:8e:7b:3e:1e:b8:77:44:b2:7e:b5:
d1:bc:2b:23:66:40:bb:90:2f:ba:f8:9f:08:12:95:
89:f3:b2:e0:42:2e:68:45:5b:28:52:90:e1:54:aa:
47:cf:8f:d3:0b:5c:d3:4b:5e:68:77:cd:74:df:d4:
11:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:98:F1:45:CB:A1:C4:90:1D:78:AE:FE:31:11:E8:C7:65:55:70:AC
X509v3 Authority Key Identifier:
keyid:41:C6:B5:56:7A:DB:76:46:22:2A:1B:9F:1A:A7:03:8F:0C:2D:4B:4B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.crl
Authority Information Access:
CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/326131343a373538353a3a2f34342d3434203d3e20323134343531.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:7585::/44
Signature Algorithm: sha256WithRSAEncryption
85:e9:1d:f5:c5:fc:cf:26:f3:2a:e8:3c:d7:cb:24:e2:15:f6:
65:44:9b:6b:03:4e:29:83:a0:f4:35:70:f2:ee:55:1e:02:77:
93:e3:41:bf:d2:81:ee:1e:ec:27:90:fc:b9:70:1d:bd:06:d7:
94:20:d8:a2:75:d9:04:2c:c8:76:f3:55:fd:d0:ad:38:d5:c9:
ec:73:1d:ce:fa:28:93:96:19:f4:70:73:ed:5c:cd:48:b9:6d:
f3:58:df:87:8c:64:74:f7:f0:e7:d5:6f:9d:d0:49:68:0b:c3:
b4:5b:e8:cc:d7:7f:ff:44:73:bd:ac:3e:58:9e:55:b2:78:49:
06:3a:53:1b:17:da:2b:1d:27:d9:78:af:49:14:f8:dc:5e:8b:
36:4f:18:23:84:89:a6:18:48:a4:75:5f:ab:ba:65:e0:d1:3a:
f4:fc:2c:1b:4c:6d:9c:0e:ca:6f:92:4a:47:59:48:34:ff:8c:
8e:f4:97:83:d0:1d:3f:b9:ac:b6:1c:b9:fd:70:a3:02:1a:67:
36:86:8e:29:ae:e1:e7:0b:fe:6a:46:e9:84:27:2d:7e:f7:11:
34:09:04:22:28:24:69:92:39:c0:c4:ba:25:1b:f1:8d:41:a0:
24:27:9f:e8:6e:2e:06:65:01:9c:67:a8:ee:21:7e:86:55:8c:
e9:81:1e:8c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIUO5OU7N2OYGnOYSLGa5ERpcVF85cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFDNkI1NTY3QURCNzY0NjIyMkExQjlGMUFBNzAzOEYw
QzJENEI0QjAeFw0yNTA1MTExMDA0MzlaFw0yNjA1MTAxMDA5MzlaMDMxMTAvBgNV
BAMTKENBOThGMTQ1Q0JBMUM0OTAxRDc4QUVGRTMxMTFFOEM3NjU1NTcwQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqeuYzQDO8rZZE4qjsPSTNcQkS
IW639bClbxrebibIa2QdiaYXzGaNu0p6g5d2zDkrRxHAdR0lQN07r2KpMVvV+6tq
QYyBmNp/VeUxSb7Q1ivEFv7G3RCXD/01nYILVC4V9ElD6EXnv8Y8wHP9X1lCM1uo
Ly8w8D3fNZxNjAH8vPP/++R6Sl2Uomab7LcwNNcJTLka8Jm0yrrhHu5sYa46Uste
qAR2l3yBqCZcxkqPX412ic9tI9isjo21hwya6YKNoQTwfcRPjns+Hrh3RLJ+tdG8
KyNmQLuQL7r4nwgSlYnzsuBCLmhFWyhSkOFUqkfPj9MLXNNLXmh3zXTf1BGTAgMB
AAGjggJ7MIICdzAdBgNVHQ4EFgQUypjxRcuhxJAdeK7+MRHox2VVcKwwHwYDVR0j
BBgwFoAUQca1VnrbdkYiKhufGqcDjwwtS0swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJjZjhiYTctY2IwMi00MThiLWJlMDQtNGQ5ZjNhMDdl
OTUwLzEvNDFDNkI1NTY3QURCNzY0NjIyMkExQjlGMUFBNzAzOEYwQzJENEI0Qi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC80MUM2QjU1NjdBREI3NjQ2MjIyQTFCOUYx
QUE3MDM4RjBDMkQ0QjRCLmNlcjCBrQYIKwYBBQUHAQsEgaAwgZ0wgZoGCCsGAQUF
BzALhoGNcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yMmNmOGJhNy1jYjAyLTQxOGItYmUwNC00ZDlmM2EwN2U5NTAvMS8zMjYxMzEz
NDNhMzczNTM4MzUzYTNhMmYzNDM0MmQzNDM0MjAzZDNlMjAzMjMxMzQzNDM1MzEu
cm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzAR
MA8EAgACMAkDBwQqFHWFAAAwDQYJKoZIhvcNAQELBQADggEBAIXpHfXF/M8m8yro
PNfLJOIV9mVEm2sDTimDoPQ1cPLuVR4Cd5PjQb/Sge4e7CeQ/LlwHb0G15Qg2KJ1
2QQsyHbzVf3QrTjVyexzHc76KJOWGfRwc+1czUi5bfNY34eMZHT38OfVb53QSWgL
w7Rb6MzXf/9Ec72sPlieVbJ4SQY6UxsX2isdJ9l4r0kU+NxeizZPGCOEiaYYSKR1
X6u6ZeDROvT8LBtMbZwOym+SSkdZSDT/jI70l4PQHT+5rLYcuf1wowIaZzaGjimu
4ecL/mpG6YQnLX73ETQJBCIoJGmSOcDEuiUb8Y1BoCQnn+huLgZlAZxnqO4hfoZV
jOmBHow=
-----END CERTIFICATE-----
Generated at Sun Jun 8 05:25:51 2025 by rpki-client