Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/326131343a373538353a3a2f34342d3438203d3e20323134343531.roa
File: 326131343a373538353a3a2f34342d3438203d3e20323134343531.roa (raw, json)
Hash identifier: UBEQsbTTZYIavT+RBA1RC+pYamAJxeVY/Kldt58JJRE=
Subject key identifier: 22:BD:76:E9:4D:BE:6A:AB:98:23:CC:93:D1:28:20:E6:C7:09:93:7E
Certificate issuer: /CN=41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B
Certificate serial: 1DB80D8A9F328CB76F9359DFDF32E95C4404BA92
Authority key identifier: 41:C6:B5:56:7A:DB:76:46:22:2A:1B:9F:1A:A7:03:8F:0C:2D:4B:4B
Authority info access: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/326131343a373538353a3a2f34342d3438203d3e20323134343531.roa
Signing time: Sun 11 May 2025 14:20:55 +0000
ROA not before: Sun 11 May 2025 14:15:55 +0000
ROA not after: Sun 10 May 2026 14:20:55 +0000
asID: 214451
IP address blocks: 2a14:7585::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:b8:0d:8a:9f:32:8c:b7:6f:93:59:df:df:32:e9:5c:44:04:ba:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B
Validity
Not Before: May 11 14:15:55 2025 GMT
Not After : May 10 14:20:55 2026 GMT
Subject: CN=22BD76E94DBE6AAB9823CC93D12820E6C709937E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:94:10:ae:18:3f:57:74:6b:b7:fb:57:c7:58:
6f:03:2a:db:56:5f:3f:dc:73:5a:e1:1d:7b:62:bc:
68:d5:60:ff:82:05:a9:44:98:9a:9d:3a:aa:53:15:
e9:67:bd:8a:bd:10:e1:27:97:15:cc:87:63:7f:31:
0f:8d:0a:93:f3:71:0c:11:43:6e:39:ca:d6:83:e8:
9b:22:80:b3:3c:a5:d6:31:ab:9f:95:5d:91:d9:e5:
74:41:f0:2a:0e:ab:3f:a5:ff:7f:a9:cc:00:b8:b4:
8c:a4:f8:d4:36:e3:b4:f6:b3:dd:c6:5c:4b:8e:bf:
57:b2:c0:ea:3c:00:f0:22:7e:bb:38:f7:f0:bb:7c:
4c:3a:ee:9a:d7:9c:17:55:e6:16:95:89:98:cf:f5:
53:11:dc:f8:35:ce:3d:56:d6:a9:91:be:e4:a0:ed:
5d:ca:67:b2:27:5f:b7:9b:1f:3a:8e:38:28:1e:da:
34:9f:f8:15:91:8f:25:5d:bc:58:d5:00:a2:fd:96:
5b:b9:49:c4:64:34:0f:e2:6c:df:36:97:89:5e:93:
38:48:b0:76:76:b7:78:ff:8f:be:e6:59:7c:17:6a:
aa:89:f1:14:b1:97:22:fb:ec:40:7e:35:24:43:14:
e6:bc:17:bc:ea:5e:3b:b9:40:17:cc:bc:58:62:17:
77:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:BD:76:E9:4D:BE:6A:AB:98:23:CC:93:D1:28:20:E6:C7:09:93:7E
X509v3 Authority Key Identifier:
keyid:41:C6:B5:56:7A:DB:76:46:22:2A:1B:9F:1A:A7:03:8F:0C:2D:4B:4B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.crl
Authority Information Access:
CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/41C6B5567ADB7646222A1B9F1AA7038F0C2D4B4B.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22cf8ba7-cb02-418b-be04-4d9f3a07e950/1/326131343a373538353a3a2f34342d3438203d3e20323134343531.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:7585::/44
Signature Algorithm: sha256WithRSAEncryption
01:d3:cc:9b:bd:a4:63:06:1f:fb:92:13:c3:e2:56:3f:50:a9:
68:41:01:12:d9:90:20:84:c6:fe:eb:8f:e8:b0:c3:fd:68:f8:
7f:6d:b4:cc:9c:3a:4d:bf:bb:b0:b3:45:e1:ec:c4:5e:1e:61:
eb:cb:17:9e:94:28:20:d6:de:74:33:97:d8:3a:59:c7:dc:a1:
97:5a:e7:a8:c3:90:6e:7c:6f:60:ea:8e:5c:45:e5:98:35:f9:
76:47:05:30:91:bf:48:3a:16:96:1e:dc:b2:e4:e8:b8:e6:27:
ab:d4:5c:47:b4:0f:5b:d9:0a:95:73:b7:22:b8:23:19:ae:15:
7f:0b:e2:ea:cf:9e:f2:a7:cb:57:36:11:08:eb:5c:f0:57:9f:
45:70:10:f9:3c:3a:21:84:4f:c4:41:78:cd:56:b9:54:d7:7c:
44:5d:1f:b2:c6:2e:4f:41:22:96:2d:85:85:62:31:58:2e:fe:
bf:f5:a1:98:78:ae:6f:ba:6e:f4:91:fb:7d:3d:4c:18:9d:ac:
30:5d:5c:9b:08:b1:e5:96:85:75:7d:30:dc:f0:cd:48:ac:56:
dc:48:cf:96:c6:cb:b0:8c:d0:6e:e5:b0:77:aa:fb:ce:d4:25:
f3:71:3d:16:e8:a3:85:3f:4d:66:86:55:fd:5a:75:16:17:2f:
e8:b3:b5:64
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIUHbgNip8yjLdvk1nf3zLpXEQEupIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFDNkI1NTY3QURCNzY0NjIyMkExQjlGMUFBNzAzOEYw
QzJENEI0QjAeFw0yNTA1MTExNDE1NTVaFw0yNjA1MTAxNDIwNTVaMDMxMTAvBgNV
BAMTKDIyQkQ3NkU5NERCRTZBQUI5ODIzQ0M5M0QxMjgyMEU2QzcwOTkzN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8lBCuGD9XdGu3+1fHWG8DKttW
Xz/cc1rhHXtivGjVYP+CBalEmJqdOqpTFelnvYq9EOEnlxXMh2N/MQ+NCpPzcQwR
Q245ytaD6JsigLM8pdYxq5+VXZHZ5XRB8CoOqz+l/3+pzAC4tIyk+NQ247T2s93G
XEuOv1eywOo8APAifrs49/C7fEw67prXnBdV5haViZjP9VMR3Pg1zj1W1qmRvuSg
7V3KZ7InX7ebHzqOOCge2jSf+BWRjyVdvFjVAKL9llu5ScRkNA/ibN82l4lekzhI
sHZ2t3j/j77mWXwXaqqJ8RSxlyL77EB+NSRDFOa8F7zqXju5QBfMvFhiF3c/AgMB
AAGjggJ7MIICdzAdBgNVHQ4EFgQUIr126U2+aquYI8yT0Sgg5scJk34wHwYDVR0j
BBgwFoAUQca1VnrbdkYiKhufGqcDjwwtS0swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJjZjhiYTctY2IwMi00MThiLWJlMDQtNGQ5ZjNhMDdl
OTUwLzEvNDFDNkI1NTY3QURCNzY0NjIyMkExQjlGMUFBNzAzOEYwQzJENEI0Qi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC80MUM2QjU1NjdBREI3NjQ2MjIyQTFCOUYx
QUE3MDM4RjBDMkQ0QjRCLmNlcjCBrQYIKwYBBQUHAQsEgaAwgZ0wgZoGCCsGAQUF
BzALhoGNcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yMmNmOGJhNy1jYjAyLTQxOGItYmUwNC00ZDlmM2EwN2U5NTAvMS8zMjYxMzEz
NDNhMzczNTM4MzUzYTNhMmYzNDM0MmQzNDM4MjAzZDNlMjAzMjMxMzQzNDM1MzEu
cm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzAR
MA8EAgACMAkDBwQqFHWFAAAwDQYJKoZIhvcNAQELBQADggEBAAHTzJu9pGMGH/uS
E8PiVj9QqWhBARLZkCCExv7rj+iww/1o+H9ttMycOk2/u7CzReHsxF4eYevLF56U
KCDW3nQzl9g6WcfcoZda56jDkG58b2DqjlxF5Zg1+XZHBTCRv0g6FpYe3LLk6Ljm
J6vUXEe0D1vZCpVztyK4IxmuFX8L4urPnvKny1c2EQjrXPBXn0VwEPk8OiGET8RB
eM1WuVTXfERdH7LGLk9BIpYthYViMVgu/r/1oZh4rm+6bvSR+309TBidrDBdXJsI
seWWhXV9MNzwzUisVtxIz5bGy7CM0G7lsHeq+87UJfNxPRboo4U/TWaGVf1adRYX
L+iztWQ=
-----END CERTIFICATE-----
Generated at Sun Jun 8 05:23:03 2025 by rpki-client