Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/x7jTd0kOTGZFc1La2kAv1FvtbV0.roa
File: x7jTd0kOTGZFc1La2kAv1FvtbV0.roa (raw, json)
Hash identifier: vcSWdIKag1U5WCKOJ1K6lHo+IHZKCqWdHsdIO1XMKeI=
Subject key identifier: C7:B8:D3:77:49:0E:4C:66:45:73:52:DA:DA:40:2F:D4:5B:ED:6D:5D
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 38190DDE
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/x7jTd0kOTGZFc1La2kAv1FvtbV0.roa
Signing time: Wed 02 Mar 2022 05:41:00 +0000
ROA not before: Wed 02 Mar 2022 05:41:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.64.0/22 maxlen: 22
109.230.69.0/24 maxlen: 24
109.230.68.0/22 maxlen: 22
109.230.76.0/22 maxlen: 22
109.230.72.0/22 maxlen: 22
109.230.80.0/22 maxlen: 22
109.230.84.0/22 maxlen: 22
109.230.88.0/22 maxlen: 22
109.230.92.0/22 maxlen: 22
109.230.97.0/24 maxlen: 24
109.230.96.0/24 maxlen: 24
109.230.98.0/24 maxlen: 24
109.230.102.0/23 maxlen: 23
109.230.101.0/24 maxlen: 24
109.230.100.0/24 maxlen: 24
109.230.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 941166046 (0x38190dde)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Mar 2 05:41:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c7b8d377490e4c66457352dada402fd45bed6d5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:1b:68:e9:a6:96:22:66:0a:06:80:76:09:05:
cc:dd:fc:b6:ed:c3:bd:d3:96:a6:87:6c:29:d4:a7:
5a:ad:cf:d6:7a:ac:69:fa:17:f2:2b:72:88:0c:c9:
ef:14:2a:ee:81:bf:0c:89:e6:77:6a:71:f7:f4:a6:
41:d2:3b:28:85:3b:3a:e8:21:87:25:59:62:06:b2:
62:eb:a8:fb:e2:3f:c7:85:89:0e:43:b7:62:ee:5b:
bd:9d:89:00:19:0b:22:4c:c3:c6:8b:9d:01:a6:9e:
75:be:aa:c8:01:d8:6a:6a:66:59:cf:81:90:58:ca:
8a:0c:65:97:63:df:0f:d1:d8:7d:b5:c8:46:bf:4f:
70:1c:85:5b:db:e0:f2:c4:36:d9:5c:eb:b0:8e:a2:
07:c0:4a:1d:98:a2:5e:fa:11:88:66:41:53:87:a0:
d9:a8:fe:80:ef:d5:c6:fe:a2:85:f4:f6:fd:8c:e2:
d9:84:00:c3:63:e3:d2:e5:24:d3:95:70:2c:62:0d:
b2:eb:52:18:65:7b:87:3c:35:2c:92:17:b2:e9:34:
97:0e:a9:4f:75:ef:e7:5c:51:67:7a:4c:56:b1:26:
58:d4:52:09:eb:76:0f:32:74:72:7a:bd:6d:87:83:
14:38:b3:7e:82:46:a7:30:98:94:4f:72:eb:9e:27:
52:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:B8:D3:77:49:0E:4C:66:45:73:52:DA:DA:40:2F:D4:5B:ED:6D:5D
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/x7jTd0kOTGZFc1La2kAv1FvtbV0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.64.0-109.230.103.255
Signature Algorithm: sha256WithRSAEncryption
1a:96:5a:18:02:3c:45:a3:ae:fc:d3:5f:14:e4:b9:a9:8d:7a:
a3:a8:b9:43:9a:3b:de:67:f1:c7:5b:9c:b7:bd:f2:a7:01:42:
b8:35:19:b9:17:5c:72:31:72:80:5b:97:cb:91:86:07:fd:aa:
cd:f0:b9:98:8e:a1:e0:22:9e:4f:e7:e9:4b:94:ea:48:5b:3e:
ca:29:9e:09:59:81:bd:db:d2:64:49:fd:a5:e5:58:ed:56:bd:
45:0a:2c:04:3f:ee:9c:c3:bc:0b:31:db:99:72:1b:d2:f8:0d:
b5:ea:b0:8b:2e:d6:12:65:c3:ec:c1:22:89:73:c6:8e:76:df:
6c:4b:5f:48:5d:06:59:74:89:f1:2c:6e:01:29:aa:28:7d:82:
85:cf:8c:6c:8d:c2:dd:b4:02:2b:e8:25:2e:bb:c5:0b:7c:b2:
68:59:da:6a:f1:de:25:eb:2c:51:e2:51:f5:83:0b:e1:cd:c8:
7a:b4:8d:0d:48:7b:b2:84:ba:3b:d1:48:7f:5b:e1:58:47:fb:
88:58:78:f2:55:43:c8:2c:f9:a3:5b:e6:e8:33:33:1b:1a:cb:
a7:9a:e5:a2:5f:6d:02:18:4d:7b:f4:ba:d8:48:54:96:d3:fc:
67:4c:3d:92:3e:88:9d:59:06:69:41:d4:0c:83:a7:8e:1a:aa:
de:cb:8e:20
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEOBkN3jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YTM5MmRmYzZiYTJkMzE4NmQzMjY5YzcwOTFiNzAxOTgxNTM0NWQzMB4XDTIyMDMw
MjA1NDEwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzdiOGQzNzc0OTBl
NGM2NjQ1NzM1MmRhZGE0MDJmZDQ1YmVkNmQ1ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK8baOmmliJmCgaAdgkFzN38tu3DvdOWpodsKdSnWq3P1nqs
afoX8ityiAzJ7xQq7oG/DInmd2px9/SmQdI7KIU7OughhyVZYgayYuuo++I/x4WJ
DkO3Yu5bvZ2JABkLIkzDxoudAaaedb6qyAHYampmWc+BkFjKigxll2PfD9HYfbXI
Rr9PcByFW9vg8sQ22VzrsI6iB8BKHZiiXvoRiGZBU4eg2aj+gO/Vxv6ihfT2/Yzi
2YQAw2Pj0uUk05VwLGINsutSGGV7hzw1LJIXsuk0lw6pT3Xv51xRZ3pMVrEmWNRS
Cet2DzJ0cnq9bYeDFDizfoJGpzCYlE9y654nUiECAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBTHuNN3SQ5MZkVzUtraQC/UW+1tXTAfBgNVHSMEGDAWgBQaOS38a6LTGG0y
accJG3AZgVNF0zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dqa3RfR3VpMHhodE1tbkhDUnR3R1lGVFJkTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWUvMzJkODVkLWE3MTctNGQ2OC04MmE2LTJmMzY1ZjIyYTE4Yy8x
L3g3alRkMGtPVEdaRmMxTGEya0F2MUZ2dGJWMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUv
MzJkODVkLWE3MTctNGQ2OC04MmE2LTJmMzY1ZjIyYTE4Yy8xL0dqa3RfR3VpMHho
dE1tbkhDUnR3R1lGVFJkTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQGbeZAAwQDbeZgMA0GCSqGSIb3
DQEBCwUAA4IBAQAalloYAjxFo678018U5LmpjXqjqLlDmjveZ/HHW5y3vfKnAUK4
NRm5F1xyMXKAW5fLkYYH/arN8LmYjqHgIp5P5+lLlOpIWz7KKZ4JWYG929JkSf2l
5VjtVr1FCiwEP+6cw7wLMduZchvS+A216rCLLtYSZcPswSKJc8aOdt9sS19IXQZZ
dInxLG4BKaoofYKFz4xsjcLdtAIr6CUuu8ULfLJoWdpq8d4l6yxR4lH1gwvhzch6
tI0NSHuyhLo70Uh/W+FYR/uIWHjyVUPILPmjW+boMzMbGsunmuWiX20CGE179LrY
SFSW0/xnTD2SPoidWQZpQdQMg6eOGqrey44g
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:34:24 2025 by rpki-client