Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/326131343a623430303a3a2f32382d3238203d3e20323133323739.roa
File: 326131343a623430303a3a2f32382d3238203d3e20323133323739.roa (raw, json)
Hash identifier: OgOX3y2Cb0y0bCTi9m7CKowwwQmHnA0JKK3Fh61rXL0=
Subject key identifier: 36:9D:8E:C0:1E:34:13:0E:DE:2C:F9:E1:5B:C8:46:EA:1A:8C:F0:B8
Certificate issuer: /CN=2c12f0a080f021f2ba25bc0c6ea7e06b67aad05e
Certificate serial: 5A5F8F9A71E58234BF2C5433E38F94244D353EAB
Authority key identifier: 2C:12:F0:A0:80:F0:21:F2:BA:25:BC:0C:6E:A7:E0:6B:67:AA:D0:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LBLwoIDwIfK6JbwMbqfga2eq0F4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/326131343a623430303a3a2f32382d3238203d3e20323133323739.roa
Signing time: Tue 04 Nov 2025 15:12:16 +0000
ROA not before: Tue 04 Nov 2025 15:07:16 +0000
ROA not after: Tue 03 Nov 2026 15:12:16 +0000
asID: 213279
IP address blocks: 2a14:b400::/28 maxlen: 28
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:5f:8f:9a:71:e5:82:34:bf:2c:54:33:e3:8f:94:24:4d:35:3e:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c12f0a080f021f2ba25bc0c6ea7e06b67aad05e
Validity
Not Before: Nov 4 15:07:16 2025 GMT
Not After : Nov 3 15:12:16 2026 GMT
Subject: CN=369D8EC01E34130EDE2CF9E15BC846EA1A8CF0B8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:56:9d:fb:ca:36:e1:44:b4:5c:70:9b:14:a1:
c0:34:53:99:6e:13:d9:61:f8:27:c0:2e:b5:b3:6d:
3c:4d:af:1a:af:27:10:7e:fc:71:3f:cd:d9:3b:56:
91:ec:ed:2d:db:6a:8e:df:11:40:77:94:75:3b:93:
2a:e2:4d:d9:4d:c8:a1:d9:67:9f:d3:16:51:15:46:
8d:74:82:d6:9e:57:e9:7d:d3:02:79:49:74:7e:a7:
81:0a:eb:f7:5b:ed:49:bf:bd:9b:9d:97:8e:4d:67:
35:61:26:33:37:db:1c:ab:c6:4c:3e:d3:f8:62:49:
ec:e1:26:a2:42:44:81:92:71:ac:c4:3f:d2:54:b0:
b4:6b:60:68:6a:8c:54:49:ff:af:82:c4:a1:8b:a9:
0a:dd:ce:e1:00:d8:18:23:67:00:9d:6a:27:d5:80:
4b:e7:03:83:9c:be:f2:3d:14:4d:d2:f2:4f:23:c6:
ea:42:78:15:21:bc:e8:04:ee:d4:31:09:57:a7:96:
9a:7a:4b:47:bc:46:eb:a9:c3:15:66:7f:52:15:e1:
a7:0d:8e:c1:22:c8:49:06:3d:6a:71:22:5e:20:f0:
2e:aa:33:58:92:41:d6:6b:c1:b2:53:49:e3:85:31:
ce:73:1a:3e:22:4a:23:09:b3:aa:77:e8:fe:5a:cf:
14:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:9D:8E:C0:1E:34:13:0E:DE:2C:F9:E1:5B:C8:46:EA:1A:8C:F0:B8
X509v3 Authority Key Identifier:
keyid:2C:12:F0:A0:80:F0:21:F2:BA:25:BC:0C:6E:A7:E0:6B:67:AA:D0:5E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/2C12F0A080F021F2BA25BC0C6EA7E06B67AAD05E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LBLwoIDwIfK6JbwMbqfga2eq0F4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/326131343a623430303a3a2f32382d3238203d3e20323133323739.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:b400::/28
Signature Algorithm: sha256WithRSAEncryption
a6:33:da:4c:59:3f:6c:0a:54:48:98:72:cc:de:a2:ef:4c:ed:
ad:64:8f:3a:0c:8f:39:a8:72:44:53:02:68:32:a9:1c:cb:71:
13:18:25:0b:c9:3c:5d:a4:4c:11:44:7d:27:8b:ca:99:a1:10:
cf:d6:5a:6d:fc:80:df:61:69:03:a6:1b:15:3c:1b:f4:e6:81:
6d:e3:06:da:03:1a:68:c4:85:50:b2:2d:e4:40:62:ef:f4:16:
a6:84:43:e4:dd:bb:32:0a:d1:33:63:3a:8a:56:3d:7f:21:0a:
5e:c2:21:e1:28:28:5b:46:d2:14:b1:a8:3f:4b:91:d8:ce:4d:
07:ff:0f:07:9f:09:19:bb:67:48:71:bc:38:63:f0:52:41:f9:
75:74:5a:f9:5e:20:94:8b:22:f2:e8:77:f0:80:a9:2b:cc:e0:
40:73:59:86:42:76:e1:d7:a7:cd:77:5d:97:c5:70:71:e6:08:
9a:c9:84:5d:ca:22:40:0c:98:20:c8:17:9a:a5:c9:85:7c:1c:
d0:9b:f0:d4:b8:b1:37:c4:45:f4:b8:ed:7b:4a:0a:1d:6f:db:
66:7c:a2:a1:66:e3:62:97:b1:a0:34:52:84:f5:51:2e:5a:3c:
2b:a8:a5:3a:53:32:a7:b5:4a:c7:fa:99:21:fc:79:c0:10:dc:
3d:aa:4e:49
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUWl+PmnHlgjS/LFQz44+UJE01PqswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmMxMmYwYTA4MGYwMjFmMmJhMjViYzBjNmVhN2UwNmI2
N2FhZDA1ZTAeFw0yNTExMDQxNTA3MTZaFw0yNjExMDMxNTEyMTZaMDMxMTAvBgNV
BAMTKDM2OUQ4RUMwMUUzNDEzMEVERTJDRjlFMTVCQzg0NkVBMUE4Q0YwQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoVp37yjbhRLRccJsUocA0U5lu
E9lh+CfALrWzbTxNrxqvJxB+/HE/zdk7VpHs7S3bao7fEUB3lHU7kyriTdlNyKHZ
Z5/TFlEVRo10gtaeV+l90wJ5SXR+p4EK6/db7Um/vZudl45NZzVhJjM32xyrxkw+
0/hiSezhJqJCRIGScazEP9JUsLRrYGhqjFRJ/6+CxKGLqQrdzuEA2BgjZwCdaifV
gEvnA4OcvvI9FE3S8k8jxupCeBUhvOgE7tQxCVenlpp6S0e8RuupwxVmf1IV4acN
jsEiyEkGPWpxIl4g8C6qM1iSQdZrwbJTSeOFMc5zGj4iSiMJs6p36P5azxRzAgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUNp2OwB40Ew7eLPnhW8hG6hqM8LgwHwYDVR0j
BBgwFoAULBLwoIDwIfK6JbwMbqfga2eq0F4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODA3MDYxNWYtZDI2ZC00MmUzLWExNDUtNWM3YjY3YjJi
NjRlLzAvMkMxMkYwQTA4MEYwMjFGMkJBMjVCQzBDNkVBN0UwNkI2N0FBRDA1RS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xCTHdvSUR3SWZLNkpid01icWZnYTJl
cTBGNC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODA3MDYxNWYt
ZDI2ZC00MmUzLWExNDUtNWM3YjY3YjJiNjRlLzAvMzI2MTMxMzQzYTYyMzQzMDMw
M2EzYTJmMzIzODJkMzIzODIwM2QzZTIwMzIzMTMzMzIzNzM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUE
KhS0ADANBgkqhkiG9w0BAQsFAAOCAQEApjPaTFk/bApUSJhyzN6i70ztrWSPOgyP
OahyRFMCaDKpHMtxExglC8k8XaRMEUR9J4vKmaEQz9ZabfyA32FpA6YbFTwb9OaB
beMG2gMaaMSFULIt5EBi7/QWpoRD5N27MgrRM2M6ilY9fyEKXsIh4SgoW0bSFLGo
P0uR2M5NB/8PB58JGbtnSHG8OGPwUkH5dXRa+V4glIsi8uh38ICpK8zgQHNZhkJ2
4denzXddl8VwceYImsmEXcoiQAyYIMgXmqXJhXwc0Jvw1LixN8RF9Ljte0oKHW/b
ZnyioWbjYpexoDRShPVRLlo8K6ilOlMyp7VKx/qZIfx5wBDcPapOSQ==
-----END CERTIFICATE-----
Generated at Wed Nov 5 13:57:30 2025 by rpki-client