Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/XJAL-VpxBET6ULcwbad-Mx_VyEY.roa
File: XJAL-VpxBET6ULcwbad-Mx_VyEY.roa (raw, json)
Hash identifier: pp0JU+gzCPpyhjLGGs7AraLzUrcFXcB44mrLcWFLjV8=
Subject key identifier: 5C:90:0B:F9:5A:71:04:44:FA:50:B7:30:6D:A7:7E:33:1F:D5:C8:46
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 018D13D7EFB65FB050C0D45A671DED4A2543
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/XJAL-VpxBET6ULcwbad-Mx_VyEY.roa
Signing time: Tue 16 Jan 2024 19:55:35 +0000
ROA not before: Tue 16 Jan 2024 19:55:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61317
IP address blocks: 62.233.44.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:ef:b6:5f:b0:50:c0:d4:5a:67:1d:ed:4a:25:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jan 16 19:55:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c900bf95a710444fa50b7306da77e331fd5c846
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:db:c1:01:5b:cf:f1:62:be:9d:db:0a:2c:f6:
49:f4:88:a5:cf:94:1f:cb:6e:31:6f:56:ad:eb:f4:
b0:f6:fd:04:68:2b:2f:cb:b9:7c:4a:6a:28:e0:24:
79:81:81:9d:c0:ec:4f:de:bc:a6:8f:45:cf:5c:fd:
d8:c9:2b:f5:d2:d8:71:dd:ef:54:84:57:b2:44:7f:
de:7f:92:93:5a:5a:43:ea:00:26:b1:c3:d6:d5:a0:
78:ec:2e:8a:5c:0b:7c:c7:54:bb:9f:b0:79:b7:16:
d1:be:ac:ca:d2:28:d6:81:73:c6:cc:77:fd:86:81:
92:d9:ce:ec:2a:7e:18:5f:ff:96:61:64:28:70:f4:
5c:37:56:09:67:4f:bb:0b:f5:5d:a4:cd:96:02:f5:
9d:ad:9a:d1:f8:7b:e9:e7:b3:a7:33:54:09:a3:3e:
99:bb:36:c8:49:36:23:3a:6c:5c:6e:3c:ca:62:c5:
80:5b:83:0f:a8:b5:e0:99:ea:c5:35:8d:b9:8d:62:
f6:11:8a:0b:00:8e:52:76:1e:4c:4c:3e:ef:40:5d:
ab:fa:ea:cd:ae:dd:7d:dd:6d:2f:6c:03:df:05:b9:
86:a3:e0:d7:b5:fb:73:c9:af:70:64:bb:e6:e0:a0:
95:fb:ef:50:41:3c:21:33:97:64:74:92:98:7b:ee:
21:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:90:0B:F9:5A:71:04:44:FA:50:B7:30:6D:A7:7E:33:1F:D5:C8:46
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/XJAL-VpxBET6ULcwbad-Mx_VyEY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.233.44.0/24
Signature Algorithm: sha256WithRSAEncryption
03:fb:20:92:10:52:74:41:cb:b6:18:18:07:a4:ba:7e:b9:86:
41:57:b1:b9:17:65:e8:df:7d:20:bf:10:1b:1f:91:f3:db:b9:
e4:6d:0d:59:ad:5d:ef:5d:1f:43:11:37:b2:12:08:ce:ff:b4:
d9:a6:3b:36:a9:fc:e6:2e:f6:36:6d:1b:8e:c8:bf:bd:35:d4:
42:ec:2d:5c:d2:74:c5:2f:13:6f:7e:2a:8c:4e:fc:a5:54:40:
f6:f0:97:b6:66:a7:30:e8:41:a9:8a:df:09:66:3a:00:39:a8:
22:b5:74:e7:bf:ac:7e:89:8d:ea:89:c3:9d:fe:c3:b2:d2:27:
c3:ab:26:4b:8d:3d:b4:0b:41:5d:d9:26:98:c6:0c:f7:3c:b0:
d5:23:dc:38:de:24:9c:48:1a:18:34:91:80:a6:d3:73:57:75:
15:0a:67:05:47:2a:dd:c3:82:e1:16:ed:74:8a:f7:25:da:bb:
0c:29:dc:8a:00:3f:af:6a:93:cd:83:12:dc:4f:4e:98:39:94:
d5:52:84:b3:ce:5e:33:e3:cf:c2:17:56:a7:b6:62:1e:76:a9:
78:46:ea:56:16:94:6f:de:7b:a8:7f:bc:be:f6:a2:e3:17:49:
59:90:1a:e0:37:5c:b1:35:20:b8:c3:56:32:42:c8:ab:18:12:
9b:c4:98:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0T1++2X7BQwNRaZx3tSiVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzkwMGJmOTVhNzEwNDQ0ZmE1MGI3MzA2ZGE3N2UzMzFmZDVjODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNvBAVvP8WK+ndsKLPZJ9Iilz5Qf
y24xb1at6/Sw9v0EaCsvy7l8Smoo4CR5gYGdwOxP3rymj0XPXP3YySv10thx3e9U
hFeyRH/ef5KTWlpD6gAmscPW1aB47C6KXAt8x1S7n7B5txbRvqzK0ijWgXPGzHf9
hoGS2c7sKn4YX/+WYWQocPRcN1YJZ0+7C/VdpM2WAvWdrZrR+Hvp57OnM1QJoz6Z
uzbISTYjOmxcbjzKYsWAW4MPqLXgmerFNY25jWL2EYoLAI5Sdh5MTD7vQF2r+urN
rt193W0vbAPfBbmGo+DXtftzya9wZLvm4KCV++9QQTwhM5dkdJKYe+4hcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyQC/lacQRE+lC3MG2nfjMf1chGMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvWEpBTC1WcHhCRVQ2VUxjd2JhZC1NeF9WeUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuksMA0G
CSqGSIb3DQEBCwUAA4IBAQAD+yCSEFJ0Qcu2GBgHpLp+uYZBV7G5F2Xo330gvxAb
H5Hz27nkbQ1ZrV3vXR9DETeyEgjO/7TZpjs2qfzmLvY2bRuOyL+9NdRC7C1c0nTF
LxNvfiqMTvylVED28Je2Zqcw6EGpit8JZjoAOagitXTnv6x+iY3qicOd/sOy0ifD
qyZLjT20C0Fd2SaYxgz3PLDVI9w43iScSBoYNJGAptNzV3UVCmcFRyrdw4LhFu10
ivcl2rsMKdyKAD+vapPNgxLcT06YOZTVUoSzzl4z48/CF1antmIedql4RupWFpRv
3nuof7y+9qLjF0lZkBrgN1yxNSC4w1YyQsirGBKbxJjF
-----END CERTIFICATE-----
Generated at Fri Apr 18 21:13:41 2025 by rpki-client