Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/avNDL34baEL1_tj2s4WyXygmBz4.roa
File: avNDL34baEL1_tj2s4WyXygmBz4.roa (raw, json)
Hash identifier: jcjbnto5vIs7B0dUQdNO7bxv+6+bai3pbSIiyuS2z4k=
Subject key identifier: 6A:F3:43:2F:7E:1B:68:42:F5:FE:D8:F6:B3:85:B2:5F:28:26:07:3E
Certificate issuer: /CN=f648b15582d34bd5170a9dd13b81325babae5e3a
Certificate serial: 0194228D77E23164DB4A3EA1003E7786DB91
Authority key identifier: F6:48:B1:55:82:D3:4B:D5:17:0A:9D:D1:3B:81:32:5B:AB:AE:5E:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9kixVYLTS9UXCp3RO4EyW6uuXjo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/avNDL34baEL1_tj2s4WyXygmBz4.roa
Signing time: Wed 01 Jan 2025 15:48:04 +0000
ROA not before: Wed 01 Jan 2025 15:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209347
IP address blocks: 2001:678:978::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:77:e2:31:64:db:4a:3e:a1:00:3e:77:86:db:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f648b15582d34bd5170a9dd13b81325babae5e3a
Validity
Not Before: Jan 1 15:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6af3432f7e1b6842f5fed8f6b385b25f2826073e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:c3:61:1a:03:e8:a6:df:f6:6e:a7:be:bc:78:
95:46:19:11:be:93:a3:0b:01:c4:d2:d0:e1:cc:69:
33:e0:ec:7c:11:95:e0:5a:0b:ad:85:ee:ff:c3:93:
49:fc:c2:d6:3d:56:4f:3b:c5:e0:2d:be:d1:4e:df:
df:89:80:dd:11:e2:b4:e5:75:76:e9:57:38:e7:ef:
11:b1:68:74:39:6e:63:c3:ec:1e:ac:90:99:2c:01:
7b:81:55:8f:df:7c:fb:36:40:f3:f6:2c:f1:40:91:
ba:e3:39:3c:62:20:5d:e1:82:49:d9:ce:dc:43:0d:
04:a4:d5:a7:3f:3a:ed:d8:b5:04:cc:e8:30:81:bf:
f8:86:8c:05:de:b7:fe:7c:16:bb:09:d1:f3:5d:16:
71:1f:4e:22:51:91:37:83:31:88:3e:a6:d2:5f:1d:
2e:1b:83:27:fd:02:e7:4f:1f:67:4a:e1:85:e0:b9:
ec:32:78:b2:a5:2a:74:47:46:0d:11:52:83:00:3b:
e6:4b:b0:b9:4e:ea:68:7d:6e:7b:fd:cc:d5:57:56:
91:2d:d4:e4:ef:3f:fa:74:90:84:3e:03:44:9a:31:
ab:6f:7d:28:fa:37:a4:81:d4:ca:71:05:b8:76:0d:
4d:16:08:77:2b:b1:43:89:36:3e:f8:f8:a7:6d:2d:
bb:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:F3:43:2F:7E:1B:68:42:F5:FE:D8:F6:B3:85:B2:5F:28:26:07:3E
X509v3 Authority Key Identifier:
keyid:F6:48:B1:55:82:D3:4B:D5:17:0A:9D:D1:3B:81:32:5B:AB:AE:5E:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9kixVYLTS9UXCp3RO4EyW6uuXjo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/avNDL34baEL1_tj2s4WyXygmBz4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/9kixVYLTS9UXCp3RO4EyW6uuXjo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:978::/48
Signature Algorithm: sha256WithRSAEncryption
ae:76:84:4f:b3:f6:c3:d3:46:9b:a3:80:9e:5d:08:2b:fd:cd:
42:e9:5f:a2:61:3d:6d:32:2b:d6:df:fd:d7:e3:65:2a:dd:c0:
58:e6:19:82:7d:83:19:c6:4f:1d:d4:54:32:c4:2b:e2:7b:e3:
ff:49:57:04:8b:ed:b7:b1:42:b5:7f:b6:bf:20:13:f0:a7:58:
97:d9:dd:22:88:d7:00:f8:55:ad:31:5c:35:b0:4b:a2:fb:f2:
94:7e:10:c5:97:48:10:8d:49:fb:7f:47:2c:38:84:20:ee:1f:
62:89:b8:06:e3:05:2c:b1:ef:1f:2e:64:1a:56:53:43:62:73:
6f:2f:6a:fc:70:40:31:d0:3b:77:9f:78:5d:54:76:b8:b1:2b:
b5:08:bd:51:af:b2:53:ba:c5:45:b8:db:f1:03:6e:bc:1c:78:
dc:18:ed:0b:e2:25:a7:81:f1:98:ab:1b:6b:22:3d:d9:f4:d0:
83:74:c8:65:34:6b:42:23:0f:3e:2a:b1:ad:cb:ca:2b:4b:89:
e7:74:40:ea:a5:b6:49:0a:d2:0b:ce:3b:8d:7f:ac:c8:78:9b:
25:a9:85:35:81:09:50:e7:8d:61:46:21:dc:f7:5d:b2:94:a2:
97:d0:e1:5b:16:56:d1:1e:4b:ed:26:4c:e5:df:10:93:ed:71:
45:5a:95:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijXfiMWTbSj6hAD53htuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NDhiMTU1ODJkMzRiZDUxNzBhOWRkMTNiODEzMjViYWJh
ZTVlM2EwHhcNMjUwMTAxMTU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWYzNDMyZjdlMWI2ODQyZjVmZWQ4ZjZiMzg1YjI1ZjI4MjYwNzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cNhGgPopt/2bqe+vHiVRhkRvpOj
CwHE0tDhzGkz4Ox8EZXgWguthe7/w5NJ/MLWPVZPO8XgLb7RTt/fiYDdEeK05XV2
6Vc45+8RsWh0OW5jw+werJCZLAF7gVWP33z7NkDz9izxQJG64zk8YiBd4YJJ2c7c
Qw0EpNWnPzrt2LUEzOgwgb/4howF3rf+fBa7CdHzXRZxH04iUZE3gzGIPqbSXx0u
G4Mn/QLnTx9nSuGF4LnsMniypSp0R0YNEVKDADvmS7C5TupofW57/czVV1aRLdTk
7z/6dJCEPgNEmjGrb30o+jekgdTKcQW4dg1NFgh3K7FDiTY++PinbS27aQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGrzQy9+G2hC9f7Y9rOFsl8oJgc+MB8GA1UdIwQY
MBaAFPZIsVWC00vVFwqd0TuBMlurrl46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWtpeFZZTFRTOVVYQ3AzUk80RXlXNnV1WGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9kOGY2NzItNTM5Zi00MDFkLTlkYzct
NjI3OTliOTAyMzFiLzEvYXZOREwzNGJhRUwxX3RqMnM0V3lYeWdtQno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9kOGY2NzItNTM5Zi00MDFkLTlkYzctNjI3OTliOTAyMzFi
LzEvOWtpeFZZTFRTOVVYQ3AzUk80RXlXNnV1WGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAl4
MA0GCSqGSIb3DQEBCwUAA4IBAQCudoRPs/bD00abo4CeXQgr/c1C6V+iYT1tMivW
3/3X42Uq3cBY5hmCfYMZxk8d1FQyxCvie+P/SVcEi+23sUK1f7a/IBPwp1iX2d0i
iNcA+FWtMVw1sEui+/KUfhDFl0gQjUn7f0csOIQg7h9iibgG4wUsse8fLmQaVlND
YnNvL2r8cEAx0Dt3n3hdVHa4sSu1CL1Rr7JTusVFuNvxA268HHjcGO0L4iWngfGY
qxtrIj3Z9NCDdMhlNGtCIw8+KrGty8orS4nndEDqpbZJCtILzjuNf6zIeJslqYU1
gQlQ541hRiHc912ylKKX0OFbFlbRHkvtJkzl3xCT7XFFWpVc
-----END CERTIFICATE-----
Generated at Sat May 10 10:03:40 2025 by rpki-client