Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Xah_Qd564hg2J3qBXNTMQBZDtkw.roa
File: Xah_Qd564hg2J3qBXNTMQBZDtkw.roa (raw, json)
Hash identifier: MMRbHzgR8PxaYussE2atAeoDHuWKYRnydtTufHEgD0E=
Subject key identifier: 5D:A8:7F:41:DE:7A:E2:18:36:27:7A:81:5C:D4:CC:40:16:43:B6:4C
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 01848FAA0953AA25174AABFF134E6EE4CEF2
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Xah_Qd564hg2J3qBXNTMQBZDtkw.roa
Signing time: Sat 19 Nov 2022 11:33:16 +0000
ROA not before: Sat 19 Nov 2022 11:33:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44620
IP address blocks: 84.54.12.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:8f:aa:09:53:aa:25:17:4a:ab:ff:13:4e:6e:e4:ce:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Nov 19 11:33:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5da87f41de7ae21836277a815cd4cc401643b64c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:8b:36:16:cc:00:60:8b:2b:c4:47:b2:a4:e9:
31:a7:d5:b6:49:f5:18:4d:8d:d0:f0:8b:38:d3:fa:
83:42:1e:8c:5a:b6:0c:7b:a1:d5:48:18:73:67:51:
76:2d:da:f8:7d:3b:98:dd:c2:72:93:25:34:e7:ad:
24:88:96:c3:26:62:99:ba:6c:d9:00:07:aa:10:ad:
13:ef:45:df:15:b0:57:aa:43:d6:a2:ff:4e:e4:a0:
c0:b0:0e:98:39:69:17:aa:9b:6f:84:44:62:e2:3c:
0f:58:c9:50:c2:5b:25:a8:a2:1b:91:17:72:de:a9:
e4:92:be:38:39:9e:f8:84:64:51:c3:5a:a8:03:7e:
f9:ac:c7:8e:37:20:74:0d:e7:ac:47:9c:25:8a:e0:
a4:84:91:0e:8a:76:6a:dd:84:ae:38:3f:e2:f0:3c:
52:f7:ab:67:e9:de:31:7a:eb:f7:e0:99:fb:f0:73:
bc:36:91:de:52:34:86:2d:70:e3:12:be:75:07:d1:
88:2f:4a:f4:ad:32:1a:7d:94:6b:32:42:34:55:70:
58:27:56:55:40:41:fa:75:8c:f1:bf:8e:ad:57:b8:
28:8d:c7:26:a1:ec:56:9a:1b:07:8c:07:9c:c1:95:
b5:b7:8c:84:54:97:18:02:29:9a:a3:e2:dc:36:07:
88:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:A8:7F:41:DE:7A:E2:18:36:27:7A:81:5C:D4:CC:40:16:43:B6:4C
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Xah_Qd564hg2J3qBXNTMQBZDtkw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.12.0/24
Signature Algorithm: sha256WithRSAEncryption
24:9f:bf:24:f1:ef:65:3b:e9:2b:1a:92:ce:fe:15:85:12:cd:
4f:56:44:16:04:5d:17:3f:8f:ff:5d:14:fa:c5:2a:01:07:fc:
e1:89:07:7d:67:b7:73:8c:9b:2a:1b:0a:f3:30:29:f8:5c:dc:
e2:32:09:9b:2f:d8:c2:10:dc:cc:b6:3b:b4:45:e4:03:4d:49:
c3:50:88:49:16:55:b8:fc:7a:e6:7b:fc:01:53:9f:c8:14:b9:
40:76:49:88:f6:d4:97:05:26:34:cf:e7:05:aa:b6:ef:99:11:
20:5f:09:98:c2:da:6b:26:57:68:19:2d:66:c5:5f:31:c6:f1:
e6:25:57:61:01:b4:ae:1e:b1:3a:d5:cc:13:8a:09:77:1b:9b:
81:dc:30:67:f8:47:c0:f0:ed:91:58:2d:c9:43:65:32:9e:d4:
dd:0a:3b:ff:0b:ce:80:fe:3e:c6:c8:7c:49:8d:10:28:c1:c9:
5f:1e:24:a9:83:94:3e:09:2a:e9:b9:15:6b:83:78:72:ba:e5:
ca:95:4e:64:82:23:ac:67:ae:79:e4:e8:47:e5:88:08:7d:40:
ac:6a:05:78:09:81:98:99:96:c6:6c:36:3a:f6:0a:d8:de:12:
a6:26:8d:40:96:76:c6:85:78:a8:58:d0:26:97:d3:a1:c4:87:
17:bb:f0:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSPqglTqiUXSqv/E05u5M7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjIxMTE5MTEzMzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE4N2Y0MWRlN2FlMjE4MzYyNzdhODE1Y2Q0Y2M0MDE2NDNiNjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYs2FswAYIsrxEeypOkxp9W2SfUY
TY3Q8Is40/qDQh6MWrYMe6HVSBhzZ1F2Ldr4fTuY3cJykyU0560kiJbDJmKZumzZ
AAeqEK0T70XfFbBXqkPWov9O5KDAsA6YOWkXqptvhERi4jwPWMlQwlslqKIbkRdy
3qnkkr44OZ74hGRRw1qoA375rMeONyB0DeesR5wliuCkhJEOinZq3YSuOD/i8DxS
96tn6d4xeuv34Jn78HO8NpHeUjSGLXDjEr51B9GIL0r0rTIafZRrMkI0VXBYJ1ZV
QEH6dYzxv46tV7gojccmoexWmhsHjAecwZW1t4yEVJcYAimao+LcNgeIGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2of0HeeuIYNid6gVzUzEAWQ7ZMMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvWGFoX1FkNTY0aGcySjNxQlhOVE1RQlpEdGt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDYMMA0G
CSqGSIb3DQEBCwUAA4IBAQAkn78k8e9lO+krGpLO/hWFEs1PVkQWBF0XP4//XRT6
xSoBB/zhiQd9Z7dzjJsqGwrzMCn4XNziMgmbL9jCENzMtju0ReQDTUnDUIhJFlW4
/Hrme/wBU5/IFLlAdkmI9tSXBSY0z+cFqrbvmREgXwmYwtprJldoGS1mxV8xxvHm
JVdhAbSuHrE61cwTigl3G5uB3DBn+EfA8O2RWC3JQ2UyntTdCjv/C86A/j7GyHxJ
jRAowclfHiSpg5Q+CSrpuRVrg3hyuuXKlU5kgiOsZ6555OhH5YgIfUCsagV4CYGY
mZbGbDY69grY3hKmJo1AlnbGhXioWNAml9OhxIcXu/Dj
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:29:06 2025 by rpki-client