Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/xajFuWENaa50AbarmpSIp9QN6Vw.roa
File: xajFuWENaa50AbarmpSIp9QN6Vw.roa (raw, json)
Hash identifier: Tr3nVti6fSPeQ+Q1Zg9ce0EjzaQvS1/ZxZx1VaO8GXo=
Subject key identifier: C5:A8:C5:B9:61:0D:69:AE:74:01:B6:AB:9A:94:88:A7:D4:0D:E9:5C
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C9D1DB38BC4232DD9A74AC4E28D79D502
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/xajFuWENaa50AbarmpSIp9QN6Vw.roa
Signing time: Sun 24 Dec 2023 18:36:58 +0000
ROA not before: Sun 24 Dec 2023 18:36:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44620
IP address blocks: 109.122.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:9d:1d:b3:8b:c4:23:2d:d9:a7:4a:c4:e2:8d:79:d5:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 24 18:36:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5a8c5b9610d69ae7401b6ab9a9488a7d40de95c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:56:7b:e6:35:d4:31:e6:75:40:2d:e4:49:91:
d9:b7:ba:f1:00:74:b1:aa:01:5d:19:b9:81:46:b8:
54:e6:b1:24:52:76:00:00:0f:e4:61:96:dd:54:35:
dc:25:85:ed:04:fc:15:a8:d9:7d:d6:ee:50:ef:e0:
71:c9:79:66:f3:78:d4:06:1a:f7:da:37:78:e6:bb:
b6:43:a7:58:42:61:a2:c4:7f:8e:7d:0a:d6:54:b7:
18:75:5f:90:a6:c5:4f:32:fe:5c:2c:eb:3b:c7:35:
21:e9:e1:a8:c1:1a:56:78:22:99:9c:31:95:25:46:
5b:4a:9f:65:40:9f:31:9e:f7:7e:e2:44:d6:90:e3:
cb:6c:80:9f:31:b0:ea:9d:f7:9f:ca:57:15:92:04:
f0:3a:63:d9:2e:7d:4f:c0:02:30:20:b6:2f:3f:2c:
37:bb:66:92:ea:6e:2a:de:ed:c2:50:1a:4e:54:66:
6f:f7:80:9b:2e:61:45:84:35:c4:19:d6:21:0a:de:
25:0f:79:1d:3b:0a:3c:e3:f9:13:df:2e:30:ff:86:
5d:26:ef:db:f0:5e:20:93:16:fb:e5:1c:ad:e8:12:
66:4e:02:bc:c6:d7:c1:e3:30:82:36:03:8a:9d:11:
88:09:a8:1d:f5:4a:6d:f5:4a:b5:43:4d:c9:7f:4a:
fe:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:A8:C5:B9:61:0D:69:AE:74:01:B6:AB:9A:94:88:A7:D4:0D:E9:5C
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/xajFuWENaa50AbarmpSIp9QN6Vw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.196.0/24
Signature Algorithm: sha256WithRSAEncryption
86:e4:0c:57:21:01:24:ab:01:a9:bc:90:2c:04:2e:f6:b8:55:
92:11:0e:84:df:55:f2:83:f9:f4:21:6f:b6:09:e5:f0:8d:d3:
41:c1:b4:a9:bd:c4:48:9e:cb:b4:65:9b:b1:0a:b7:2b:51:5b:
93:74:47:5a:37:7e:93:3d:cb:96:7a:0c:00:fe:dc:38:a4:58:
b5:4d:ae:2a:a3:e3:60:50:42:96:69:b2:20:c0:e3:08:62:a1:
09:b3:2e:9e:f5:83:a3:07:30:fb:e4:0c:fe:a8:14:e1:7d:37:
db:7d:17:51:ac:1f:fc:60:61:66:76:cc:0f:97:99:00:f0:b7:
6d:87:f0:72:38:39:b5:02:e6:82:28:85:fb:a2:f9:f3:17:6b:
fb:9b:f8:3b:6a:35:ed:f8:47:23:86:06:3a:6d:43:8d:a2:f1:
d6:9b:d6:d1:ac:59:f7:29:21:fd:84:1a:ca:59:23:73:09:ab:
7b:dd:92:cb:b7:4d:44:0d:07:11:90:56:86:ad:96:ab:68:1b:
61:fd:08:93:a4:57:cc:d8:31:5e:90:9a:eb:69:7d:dc:91:cb:
52:56:17:5e:ad:67:69:13:1c:3c:83:00:b0:18:8f:2b:e3:d6:
23:00:8f:24:df:aa:4b:5a:d3:1f:a1:83:17:cc:2b:4b:8c:75:
58:14:4e:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYydHbOLxCMt2adKxOKNedUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjI0MTgzNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE4YzViOTYxMGQ2OWFlNzQwMWI2YWI5YTk0ODhhN2Q0MGRlOTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllZ75jXUMeZ1QC3kSZHZt7rxAHSx
qgFdGbmBRrhU5rEkUnYAAA/kYZbdVDXcJYXtBPwVqNl91u5Q7+BxyXlm83jUBhr3
2jd45ru2Q6dYQmGixH+OfQrWVLcYdV+QpsVPMv5cLOs7xzUh6eGowRpWeCKZnDGV
JUZbSp9lQJ8xnvd+4kTWkOPLbICfMbDqnfefylcVkgTwOmPZLn1PwAIwILYvPyw3
u2aS6m4q3u3CUBpOVGZv94CbLmFFhDXEGdYhCt4lD3kdOwo84/kT3y4w/4ZdJu/b
8F4gkxb75Ryt6BJmTgK8xtfB4zCCNgOKnRGICagd9Upt9Uq1Q03Jf0r+jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWoxblhDWmudAG2q5qUiKfUDelcMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEveGFqRnVXRU5hYTUwQWJhcm1wU0lwOVFONlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQCG5AxXIQEkqwGpvJAsBC72uFWSEQ6E31Xyg/n0IW+2
CeXwjdNBwbSpvcRInsu0ZZuxCrcrUVuTdEdaN36TPcuWegwA/tw4pFi1Ta4qo+Ng
UEKWabIgwOMIYqEJsy6e9YOjBzD75Az+qBThfTfbfRdRrB/8YGFmdswPl5kA8Ldt
h/ByODm1AuaCKIX7ovnzF2v7m/g7ajXt+EcjhgY6bUONovHWm9bRrFn3KSH9hBrK
WSNzCat73ZLLt01EDQcRkFaGrZaraBth/QiTpFfM2DFekJrraX3ckctSVhderWdp
Exw8gwCwGI8r49YjAI8k36pLWtMfoYMXzCtLjHVYFE5O
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:56:32 2025 by rpki-client