Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/XC2YWZEzlwEf-Z6dk9CvmXVsANM.roa
File: XC2YWZEzlwEf-Z6dk9CvmXVsANM.roa (raw, json)
Hash identifier: e4dTZJ+svKcV1Z7dWQudRB+cKyAj47c+t/7QqjElNew=
Subject key identifier: 5C:2D:98:59:91:33:97:01:1F:F9:9E:9D:93:D0:AF:99:75:6C:00:D3
Certificate issuer: /CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Certificate serial: 018E4257F74809733B6A9673EB9122F171DC
Authority key identifier: 5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/XC2YWZEzlwEf-Z6dk9CvmXVsANM.roa
Signing time: Fri 15 Mar 2024 13:40:44 +0000
ROA not before: Fri 15 Mar 2024 13:40:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49100
IP address blocks: 109.95.60.0/24 maxlen: 24
109.95.61.0/24 maxlen: 24
109.95.62.0/24 maxlen: 24
109.95.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:42:57:f7:48:09:73:3b:6a:96:73:eb:91:22:f1:71:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Validity
Not Before: Mar 15 13:40:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c2d9859913397011ff99e9d93d0af99756c00d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:27:ec:c7:ab:47:f0:e9:00:ff:60:dd:12:e7:
6c:4a:49:60:a2:90:be:b8:9b:d2:d0:23:ef:25:09:
6a:58:ac:25:68:e3:32:57:38:1d:41:e0:97:0e:b8:
8d:35:b3:82:80:e3:c9:34:b2:bb:b4:5c:16:a3:04:
cd:57:6f:e3:7c:56:a2:37:8b:40:e6:09:31:6b:c3:
4d:42:30:c2:1e:78:09:e2:cb:47:a2:e6:51:06:a6:
40:0e:af:d8:c1:6c:ec:d0:2d:89:50:23:b8:14:43:
67:f8:7b:5c:bd:6f:42:57:36:cd:96:65:13:e3:bb:
c0:7d:3d:41:47:83:8e:25:03:1d:11:fe:df:ab:b0:
06:54:d9:21:04:8f:45:93:a1:33:45:f4:9d:07:fb:
13:95:a9:f9:39:72:3e:c8:3d:a3:1f:00:7c:2b:a4:
64:67:58:94:11:47:2a:c6:a4:72:3a:31:02:9a:7c:
97:05:51:ae:54:39:02:19:23:c5:04:9d:b9:1a:ad:
68:98:0d:e0:fc:39:5e:db:6c:09:2a:9a:e7:d1:cd:
e9:2f:39:af:dd:df:1c:57:86:b9:a9:fa:b3:e8:85:
6a:30:38:79:62:10:97:86:e0:f9:4d:4f:b7:08:24:
ac:18:f8:89:db:fc:dc:05:b2:57:86:19:fb:c3:a6:
cb:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:2D:98:59:91:33:97:01:1F:F9:9E:9D:93:D0:AF:99:75:6C:00:D3
X509v3 Authority Key Identifier:
keyid:5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/XC2YWZEzlwEf-Z6dk9CvmXVsANM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/X1G82J639bOrCIBu9Rp8L265jvw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.95.60.0/22
Signature Algorithm: sha256WithRSAEncryption
6b:78:60:37:9b:91:62:60:4b:25:17:91:2d:54:65:33:4d:a1:
03:66:57:d4:43:4c:1c:dc:2f:9c:04:e8:1b:a1:63:ad:ee:ce:
00:68:1e:ec:bd:46:40:a0:4b:0c:77:5d:67:b7:ea:45:db:ec:
69:bd:cf:ae:c8:b0:81:f1:64:d9:ca:3e:34:1a:f9:ed:ba:b6:
10:cd:41:c3:3a:4b:dd:45:d4:22:77:ea:31:ae:5f:5c:80:68:
17:bd:fc:33:3a:43:34:6d:77:da:ca:8e:ff:e8:ff:43:09:ac:
0c:35:83:95:f6:c0:85:a3:39:65:6c:8f:60:02:e0:28:22:f9:
93:7e:3c:53:d2:5f:1b:4d:7e:31:66:34:fe:dc:9f:c2:e7:21:
90:8c:fd:e0:52:91:f0:3f:cd:73:0c:b4:ca:d1:20:b7:1a:a9:
a3:21:25:23:6d:ea:04:81:be:76:d6:c8:d5:b5:3c:9f:0e:ca:
a1:9c:79:b9:33:f5:5b:83:c7:30:1a:c7:65:4e:00:c7:9c:74:
b1:f0:52:dc:6f:e5:6e:88:b3:15:e0:87:52:c4:33:0b:bb:20:
59:bf:af:17:39:22:aa:c8:1e:90:35:c9:6d:b6:07:62:e4:e3:
09:ee:e5:28:a3:c8:80:93:95:eb:30:d7:34:72:4d:a9:37:9c:
23:78:ea:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5CV/dICXM7apZz65Ei8XHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTFiY2Q4OWViN2Y1YjNhYjA4ODA2ZWY1MWE3YzJmNmVi
OThlZmMwHhcNMjQwMzE1MTM0MDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJkOTg1OTkxMzM5NzAxMWZmOTllOWQ5M2QwYWY5OTc1NmMwMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuifsx6tH8OkA/2DdEudsSklgopC+
uJvS0CPvJQlqWKwlaOMyVzgdQeCXDriNNbOCgOPJNLK7tFwWowTNV2/jfFaiN4tA
5gkxa8NNQjDCHngJ4stHouZRBqZADq/YwWzs0C2JUCO4FENn+HtcvW9CVzbNlmUT
47vAfT1BR4OOJQMdEf7fq7AGVNkhBI9Fk6EzRfSdB/sTlan5OXI+yD2jHwB8K6Rk
Z1iUEUcqxqRyOjECmnyXBVGuVDkCGSPFBJ25Gq1omA3g/Dle22wJKprn0c3pLzmv
3d8cV4a5qfqz6IVqMDh5YhCXhuD5TU+3CCSsGPiJ2/zcBbJXhhn7w6bLXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwtmFmRM5cBH/menZPQr5l1bADTMB8GA1UdIwQY
MBaAFF9RvNiet/WzqwiAbvUafC9uuY78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDct
MGE4NTk4NjIwOGE5LzEvWEMyWVdaRXpsd0VmLVo2ZGs5Q3ZtWFZzQU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDctMGE4NTk4NjIwOGE5
LzEvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbV88MA0G
CSqGSIb3DQEBCwUAA4IBAQBreGA3m5FiYEslF5EtVGUzTaEDZlfUQ0wc3C+cBOgb
oWOt7s4AaB7svUZAoEsMd11nt+pF2+xpvc+uyLCB8WTZyj40GvnturYQzUHDOkvd
RdQid+oxrl9cgGgXvfwzOkM0bXfayo7/6P9DCawMNYOV9sCFozllbI9gAuAoIvmT
fjxT0l8bTX4xZjT+3J/C5yGQjP3gUpHwP81zDLTK0SC3GqmjISUjbeoEgb521sjV
tTyfDsqhnHm5M/Vbg8cwGsdlTgDHnHSx8FLcb+VuiLMV4IdSxDMLuyBZv68XOSKq
yB6QNclttgdi5OMJ7uUoo8iAk5XrMNc0ck2pN5wjeOpQ
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:04:13 2025 by rpki-client