Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/xZdmh2sZrs03IsOgFx9cYyrYQT0.roa
File: xZdmh2sZrs03IsOgFx9cYyrYQT0.roa (raw, json)
Hash identifier: 0FGlSBK8AfgY2C5GiCFlCRj6BSwatvDeLm/7k2KRG7w=
Subject key identifier: C5:97:66:87:6B:19:AE:CD:37:22:C3:A0:17:1F:5C:63:2A:D8:41:3D
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 0188B92B502E01CA4729378ADE1B97AA1775
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/xZdmh2sZrs03IsOgFx9cYyrYQT0.roa
Signing time: Wed 14 Jun 2023 09:10:03 +0000
ROA not before: Wed 14 Jun 2023 09:10:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.64.0/22 maxlen: 22
109.230.69.0/24 maxlen: 24
109.230.68.0/22 maxlen: 22
109.230.73.0/24 maxlen: 24
109.230.72.0/24 maxlen: 24
109.230.76.0/22 maxlen: 22
109.230.75.0/24 maxlen: 24
109.230.74.0/24 maxlen: 24
109.230.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b9:2b:50:2e:01:ca:47:29:37:8a:de:1b:97:aa:17:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jun 14 09:10:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c59766876b19aecd3722c3a0171f5c632ad8413d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:25:f2:84:d0:4e:04:34:ad:9b:52:4e:a0:48:
b8:cf:bd:10:20:89:f8:24:8b:d4:ee:6a:4c:83:36:
c7:36:bc:97:ff:c8:3e:86:1d:5b:32:cc:72:6b:3e:
42:82:54:1d:b6:e0:4e:f1:51:bb:82:2e:b1:e0:5a:
09:1c:62:79:d0:d0:5a:a9:64:87:0e:12:cd:45:34:
72:73:1a:b1:10:77:df:73:1d:35:23:54:ec:5c:5f:
33:6b:11:94:83:63:8b:b2:ae:5a:c8:c1:9f:45:8c:
06:93:5d:33:00:ef:36:05:69:78:25:97:d1:3f:b0:
1a:0d:33:ae:6f:09:d1:53:4a:08:40:80:fb:11:67:
78:73:51:c1:9f:fe:14:40:56:ec:3e:ef:82:b1:a1:
17:9f:a2:ab:56:aa:59:56:cc:7c:c0:a9:7f:73:0d:
cf:9d:e5:d0:75:43:77:6e:3e:66:ac:87:71:f3:9f:
19:33:be:48:3f:15:a2:c3:5b:68:ab:49:08:5a:0d:
34:a3:a6:72:09:d5:eb:18:cb:20:85:ed:85:46:5b:
4d:3f:9b:6d:7e:c1:c8:74:9b:8d:f7:75:80:36:e1:
0d:8d:e9:ca:f2:9b:97:d9:71:e2:4e:ca:5e:d0:62:
28:84:f0:54:af:65:67:b6:47:76:10:89:81:83:45:
c0:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:97:66:87:6B:19:AE:CD:37:22:C3:A0:17:1F:5C:63:2A:D8:41:3D
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/xZdmh2sZrs03IsOgFx9cYyrYQT0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.64.0/19
Signature Algorithm: sha256WithRSAEncryption
27:ab:ff:be:f6:48:3a:3b:a5:db:68:48:0a:16:67:79:d5:4a:
fb:e0:0f:b7:75:f6:0e:ef:a4:8c:4e:56:51:cf:8c:3e:77:d1:
67:59:90:bf:7c:73:bf:b3:92:12:4e:60:fe:78:1d:06:e7:c3:
f4:fb:2f:f8:f4:19:e2:80:34:5f:2b:ed:d2:2c:c0:55:18:d1:
5d:39:5d:be:1b:9a:42:23:80:09:39:eb:27:f4:39:83:51:de:
fc:e8:9e:7e:2d:56:26:d7:81:51:ac:f2:d8:0c:35:e8:77:83:
99:cd:f0:f5:5e:ce:54:95:11:f3:30:4b:22:fd:ac:48:6d:86:
41:7d:4f:78:7a:84:1a:f0:94:0e:b8:61:6d:44:28:25:81:a1:
81:c7:6b:40:3c:b5:ac:f3:94:74:47:75:5c:65:87:a8:e2:18:
c3:09:21:69:94:3d:7a:9b:4f:27:1d:0a:90:07:c1:6a:97:e1:
2e:e4:05:13:8f:46:90:db:a2:78:13:1e:06:b1:f4:35:d1:1f:
6a:ba:cd:42:78:5b:11:82:df:ad:6f:7d:72:20:41:cc:80:31:
46:25:47:b4:79:f0:d6:e6:cc:a7:01:57:ba:77:43:6e:1d:61:
f6:ae:08:ae:5b:68:67:94:d7:b3:96:c1:f6:d6:61:53:fe:12:
9a:35:5c:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYi5K1AuAcpHKTeK3huXqhd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwNjE0MDkxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk3NjY4NzZiMTlhZWNkMzcyMmMzYTAxNzFmNWM2MzJhZDg0MTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiXyhNBOBDStm1JOoEi4z70QIIn4
JIvU7mpMgzbHNryX/8g+hh1bMsxyaz5CglQdtuBO8VG7gi6x4FoJHGJ50NBaqWSH
DhLNRTRycxqxEHffcx01I1TsXF8zaxGUg2OLsq5ayMGfRYwGk10zAO82BWl4JZfR
P7AaDTOubwnRU0oIQID7EWd4c1HBn/4UQFbsPu+CsaEXn6KrVqpZVsx8wKl/cw3P
neXQdUN3bj5mrIdx858ZM75IPxWiw1toq0kIWg00o6ZyCdXrGMsghe2FRltNP5tt
fsHIdJuN93WANuENjenK8puX2XHiTspe0GIohPBUr2Vntkd2EImBg0XA/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWXZodrGa7NNyLDoBcfXGMq2EE9MB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEveFpkbWgyc1pyczAzSXNPZ0Z4OWNZeXJZUVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbeZAMA0G
CSqGSIb3DQEBCwUAA4IBAQAnq/++9kg6O6XbaEgKFmd51Ur74A+3dfYO76SMTlZR
z4w+d9FnWZC/fHO/s5ISTmD+eB0G58P0+y/49BnigDRfK+3SLMBVGNFdOV2+G5pC
I4AJOesn9DmDUd786J5+LVYm14FRrPLYDDXod4OZzfD1Xs5UlRHzMEsi/axIbYZB
fU94eoQa8JQOuGFtRCglgaGBx2tAPLWs85R0R3VcZYeo4hjDCSFplD16m08nHQqQ
B8Fql+Eu5AUTj0aQ26J4Ex4GsfQ10R9qus1CeFsRgt+tb31yIEHMgDFGJUe0efDW
5synAVe6d0NuHWH2rgiuW2hnlNezlsH21mFT/hKaNVw4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:45 2024 by rpki-client on console-fra.rpki-client.org