Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/XdT4Akg-f5R301qN2NsAOVoAHhY.roa
File: XdT4Akg-f5R301qN2NsAOVoAHhY.roa (raw, json)
Hash identifier: OtlAucsPW899jNaTeAB1FZTerHeILvokdXVnunssHh4=
Subject key identifier: 5D:D4:F8:02:48:3E:7F:94:77:D3:5A:8D:D8:DB:00:39:5A:00:1E:16
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 01848F2F5B65739576546F5C48F6014E3CB8
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/XdT4Akg-f5R301qN2NsAOVoAHhY.roa
Signing time: Sat 19 Nov 2022 09:19:16 +0000
ROA not before: Sat 19 Nov 2022 09:19:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.64.0/22 maxlen: 22
109.230.69.0/24 maxlen: 24
109.230.68.0/22 maxlen: 22
109.230.77.0/24 maxlen: 24
109.230.76.0/24 maxlen: 24
109.230.75.0/24 maxlen: 24
109.230.74.0/24 maxlen: 24
109.230.73.0/24 maxlen: 24
109.230.72.0/24 maxlen: 24
109.230.78.0/24 maxlen: 24
109.230.80.0/22 maxlen: 22
109.230.79.0/24 maxlen: 24
109.230.84.0/22 maxlen: 22
109.230.88.0/22 maxlen: 22
109.230.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:8f:2f:5b:65:73:95:76:54:6f:5c:48:f6:01:4e:3c:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Nov 19 09:19:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5dd4f802483e7f9477d35a8dd8db00395a001e16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:1f:6a:a7:59:93:6b:93:88:7f:f2:a3:8b:0f:
a7:90:90:98:36:aa:be:bf:9e:73:02:21:6b:d9:16:
24:73:7b:61:0c:63:7e:fd:65:27:cc:c0:31:d6:0d:
43:46:f8:09:af:25:a1:83:a6:36:22:73:95:b6:b9:
6f:b4:26:f1:75:a7:89:e1:ca:43:92:f8:9e:db:e8:
82:b2:af:1c:d1:79:8d:92:5e:15:55:5d:32:7f:db:
33:d3:a7:a7:6a:66:a7:bd:b1:d5:f5:4f:50:03:25:
eb:23:37:09:f0:9d:a8:3e:9e:ed:7b:4e:a6:25:e4:
4d:7f:cd:0c:10:11:ba:27:1d:e8:7d:ad:73:87:b5:
14:e4:2b:ae:84:a2:89:dd:95:c8:2f:b9:e0:7d:63:
c4:b6:7f:cc:88:60:38:6e:0a:09:35:4b:4e:5c:a3:
b7:d4:21:aa:59:c4:9e:ca:bc:7d:11:5a:ed:44:57:
08:96:41:ef:1d:4d:6e:9d:11:69:7b:a7:cb:b1:2b:
ea:f2:2b:81:5c:48:b9:bc:db:e1:e7:7f:7f:b1:0b:
d6:1b:ab:0d:f9:71:a6:6b:c2:b8:37:07:1f:3d:16:
0f:cf:ea:3f:1a:e1:12:24:51:70:f6:65:9a:be:68:
95:db:e1:77:85:b4:22:b2:37:e1:28:af:5e:4e:84:
5d:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:D4:F8:02:48:3E:7F:94:77:D3:5A:8D:D8:DB:00:39:5A:00:1E:16
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/XdT4Akg-f5R301qN2NsAOVoAHhY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.64.0/19
Signature Algorithm: sha256WithRSAEncryption
69:80:f5:ce:18:7a:62:4d:a2:0b:1f:18:53:ae:64:d0:e5:31:
fe:e1:0d:2d:48:7e:17:e8:58:6f:93:eb:06:89:13:b7:09:87:
f5:a4:ec:ec:3f:98:e3:74:b3:01:64:67:2d:a8:65:26:82:ba:
89:8b:8d:d8:56:c4:a1:02:62:df:c0:47:e9:78:36:f8:64:8a:
90:2e:05:3f:0c:df:30:73:3f:9f:28:33:49:e1:a1:48:50:2d:
a2:68:d7:8c:63:95:f6:8a:ad:db:b1:99:e3:ec:35:5b:c6:a1:
0a:d5:e8:8a:02:00:ca:f0:2b:24:8d:e8:1b:96:53:0d:a4:b3:
84:f7:0d:72:2a:22:5c:5b:f1:7f:2f:69:4d:a9:7c:9f:6e:b7:
a8:b7:c2:ca:a3:86:84:e3:2b:a4:90:93:e2:21:b6:42:15:ac:
96:a9:50:24:9e:aa:72:27:15:0c:37:38:30:44:be:b8:a0:db:
28:9f:70:53:c7:3b:df:61:f6:e0:1b:9d:57:da:96:7e:93:2b:
3d:e6:1e:f9:d0:75:2b:68:25:d0:64:93:95:2c:86:a3:38:aa:
57:a7:7d:7b:39:81:b4:15:21:55:32:ea:90:f2:df:c1:b2:79:
bf:22:6c:ed:a9:ff:35:9b:7d:aa:21:1a:3f:af:63:9a:58:c3:
ea:4e:c4:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSPL1tlc5V2VG9cSPYBTjy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjIxMTE5MDkxOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ0ZjgwMjQ4M2U3Zjk0NzdkMzVhOGRkOGRiMDAzOTVhMDAxZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxx9qp1mTa5OIf/Kjiw+nkJCYNqq+
v55zAiFr2RYkc3thDGN+/WUnzMAx1g1DRvgJryWhg6Y2InOVtrlvtCbxdaeJ4cpD
kvie2+iCsq8c0XmNkl4VVV0yf9sz06enamanvbHV9U9QAyXrIzcJ8J2oPp7te06m
JeRNf80MEBG6Jx3ofa1zh7UU5CuuhKKJ3ZXIL7ngfWPEtn/MiGA4bgoJNUtOXKO3
1CGqWcSeyrx9EVrtRFcIlkHvHU1unRFpe6fLsSvq8iuBXEi5vNvh539/sQvWG6sN
+XGma8K4NwcfPRYPz+o/GuESJFFw9mWavmiV2+F3hbQisjfhKK9eToRd/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3U+AJIPn+Ud9NajdjbADlaAB4WMB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEvWGRUNEFrZy1mNVIzMDFxTjJOc0FPVm9BSGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbeZAMA0G
CSqGSIb3DQEBCwUAA4IBAQBpgPXOGHpiTaILHxhTrmTQ5TH+4Q0tSH4X6Fhvk+sG
iRO3CYf1pOzsP5jjdLMBZGctqGUmgrqJi43YVsShAmLfwEfpeDb4ZIqQLgU/DN8w
cz+fKDNJ4aFIUC2iaNeMY5X2iq3bsZnj7DVbxqEK1eiKAgDK8CskjegbllMNpLOE
9w1yKiJcW/F/L2lNqXyfbreot8LKo4aE4yukkJPiIbZCFayWqVAknqpyJxUMNzgw
RL64oNson3BTxzvfYfbgG51X2pZ+kys95h750HUraCXQZJOVLIajOKpXp317OYG0
FSFVMuqQ8t/Bsnm/Imztqf81m32qIRo/r2OaWMPqTsQ8
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:59 2025 by rpki-client