Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/FZRcwSKicv_TXFJ9V4mWGr-3H2M.roa
File: FZRcwSKicv_TXFJ9V4mWGr-3H2M.roa (raw, json)
Hash identifier: PTYlleHMXwmyiq5CKaYrRj4de8YQwlaWNy7H1Uk80jA=
Subject key identifier: 15:94:5C:C1:22:A2:72:FF:D3:5C:52:7D:57:89:96:1A:BF:B7:1F:63
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 0188B91AD5A37B49798A772A4C98F07928E7
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/FZRcwSKicv_TXFJ9V4mWGr-3H2M.roa
Signing time: Wed 14 Jun 2023 08:52:03 +0000
ROA not before: Wed 14 Jun 2023 08:52:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206065
IP address blocks: 109.230.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b9:1a:d5:a3:7b:49:79:8a:77:2a:4c:98:f0:79:28:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jun 14 08:52:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=15945cc122a272ffd35c527d5789961abfb71f63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:1c:40:3d:63:9e:7a:30:87:e4:c3:c9:f8:67:
86:17:2b:16:34:b7:b4:31:56:b3:bc:7f:f5:41:2f:
74:b5:f4:a9:2e:9b:ca:b9:3a:53:71:a9:07:04:8c:
f9:54:b8:84:8d:16:c2:73:99:e6:1d:b3:79:81:73:
04:a1:f9:6c:3c:6e:01:53:af:35:3d:bf:f4:35:ea:
c3:ab:ea:26:dc:01:b5:a1:05:68:76:77:2b:48:d4:
06:cc:89:82:52:c7:5d:d3:2a:fa:04:0d:9b:1c:3f:
dd:81:cf:f4:a9:03:ff:f2:8d:4c:e1:68:5e:70:1c:
74:e7:2b:60:dc:3a:11:46:0b:d2:06:27:d2:af:08:
9e:52:d4:e0:9c:c1:ad:ed:7f:4d:bf:02:87:19:f4:
1c:bf:65:da:12:40:b8:97:29:2a:7e:cb:f2:a4:2a:
04:e5:02:3b:18:95:c4:5d:c5:28:35:bf:ba:d6:05:
97:ef:47:7c:15:ac:91:dc:68:50:db:df:20:91:26:
60:d2:54:a6:e6:a6:d3:b8:93:e6:d4:1c:3f:df:fc:
3e:42:1d:6c:ad:1c:7d:95:0a:fd:bc:a9:53:54:35:
4a:c7:ec:ea:7d:8c:06:9c:b6:12:59:5f:1a:e1:82:
b1:02:95:38:54:c5:db:1d:84:73:75:05:0a:dd:97:
0e:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:94:5C:C1:22:A2:72:FF:D3:5C:52:7D:57:89:96:1A:BF:B7:1F:63
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/FZRcwSKicv_TXFJ9V4mWGr-3H2M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.80.0/20
Signature Algorithm: sha256WithRSAEncryption
52:70:69:67:02:47:04:bd:0c:b8:bb:cb:ec:84:52:8f:e7:30:
8f:9b:53:70:c0:47:c8:5d:24:07:0c:c5:22:57:c5:90:e8:97:
56:dd:ec:86:27:08:c1:33:c6:79:cd:82:a2:0e:e0:fd:50:9c:
c4:08:7c:31:ed:6d:08:05:32:be:01:42:69:cb:57:80:fe:96:
71:5a:0a:0f:13:69:f2:d9:68:55:f8:aa:b5:5f:20:ef:61:ea:
c9:58:a5:96:cf:12:9f:01:4d:6a:ac:ee:78:c7:fa:90:1e:be:
09:e0:87:ec:85:59:3e:d8:fd:bf:39:62:f7:73:0a:8e:19:63:
db:4d:8f:38:69:89:15:22:d4:13:3f:72:bc:f8:90:23:a0:4c:
75:5c:a5:3f:91:23:32:0d:4f:4c:6e:7d:d6:af:cb:f5:6a:13:
08:64:19:df:ad:bb:00:d1:9b:8c:93:54:a0:f0:c3:4e:9d:49:
00:38:b8:e0:d6:b0:26:a4:b8:12:f2:4c:c5:5d:0e:72:bb:32:
11:f4:1a:cd:aa:c7:94:bb:f3:5f:03:64:a6:15:e1:14:f4:5a:
c5:0b:af:ba:93:6d:fc:5f:35:1b:00:8b:af:bf:2b:d7:45:34:
f9:65:7a:c4:62:b8:76:81:08:ec:1a:bc:63:db:f2:67:44:eb:
80:39:7c:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYi5GtWje0l5incqTJjweSjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwNjE0MDg1MjAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTk0NWNjMTIyYTI3MmZmZDM1YzUyN2Q1Nzg5OTYxYWJmYjcxZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhxAPWOeejCH5MPJ+GeGFysWNLe0
MVazvH/1QS90tfSpLpvKuTpTcakHBIz5VLiEjRbCc5nmHbN5gXMEoflsPG4BU681
Pb/0NerDq+om3AG1oQVodncrSNQGzImCUsdd0yr6BA2bHD/dgc/0qQP/8o1M4Whe
cBx05ytg3DoRRgvSBifSrwieUtTgnMGt7X9NvwKHGfQcv2XaEkC4lykqfsvypCoE
5QI7GJXEXcUoNb+61gWX70d8FayR3GhQ298gkSZg0lSm5qbTuJPm1Bw/3/w+Qh1s
rRx9lQr9vKlTVDVKx+zqfYwGnLYSWV8a4YKxApU4VMXbHYRzdQUK3ZcO+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWUXMEionL/01xSfVeJlhq/tx9jMB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEvRlpSY3dTS2ljdl9UWEZKOVY0bVdHci0zSDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbeZQMA0G
CSqGSIb3DQEBCwUAA4IBAQBScGlnAkcEvQy4u8vshFKP5zCPm1NwwEfIXSQHDMUi
V8WQ6JdW3eyGJwjBM8Z5zYKiDuD9UJzECHwx7W0IBTK+AUJpy1eA/pZxWgoPE2ny
2WhV+Kq1XyDvYerJWKWWzxKfAU1qrO54x/qQHr4J4IfshVk+2P2/OWL3cwqOGWPb
TY84aYkVItQTP3K8+JAjoEx1XKU/kSMyDU9Mbn3Wr8v1ahMIZBnfrbsA0ZuMk1Sg
8MNOnUkAOLjg1rAmpLgS8kzFXQ5yuzIR9BrNqseUu/NfA2SmFeEU9FrFC6+6k238
XzUbAIuvvyvXRTT5ZXrEYrh2gQjsGrxj2/JnROuAOXw5
-----END CERTIFICATE-----
Generated at Thu May 8 21:16:15 2025 by rpki-client