Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/0JAKtj-oG67yJrKWE9CG0sGaONo.roa
File: 0JAKtj-oG67yJrKWE9CG0sGaONo.roa (raw, json)
Hash identifier: PjAk5Fjcs9ZSdi9IBIltc/KAIcMPF5TeiRAmIPBiT6Q=
Subject key identifier: D0:90:0A:B6:3F:A8:1B:AE:F2:26:B2:96:13:D0:86:D2:C1:9A:38:DA
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0BD5F537
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/0JAKtj-oG67yJrKWE9CG0sGaONo.roa
Signing time: Thu 03 Feb 2022 15:01:52 +0000
ROA not before: Thu 03 Feb 2022 15:01:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.143.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.141.0/24 maxlen: 24
109.104.142.0/24 maxlen: 24
109.104.140.0/24 maxlen: 24
109.104.150.0/24 maxlen: 24
109.104.151.0/24 maxlen: 24
109.104.148.0/22 maxlen: 24
109.104.153.0/24 maxlen: 24
109.104.159.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
109.104.155.0/24 maxlen: 24
109.104.156.0/24 maxlen: 24
109.104.154.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 198571319 (0xbd5f537)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Feb 3 15:01:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d0900ab63fa81baef226b29613d086d2c19a38da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:bc:c2:bd:02:ce:fa:a3:06:f8:26:17:eb:d7:
eb:08:d8:4e:30:00:03:6e:85:44:9b:b7:73:05:08:
cd:b3:92:c9:c5:4b:14:de:f2:5c:d6:58:24:dd:1b:
97:b7:35:56:9e:1f:48:ae:10:05:6f:df:3a:22:39:
4b:9a:62:c7:c4:8d:be:bb:91:78:1a:f8:d6:c0:cf:
26:9c:6b:b4:a5:93:0f:7e:d4:e1:b4:ae:60:8b:ae:
ed:7c:97:ed:d2:8d:23:64:b8:f0:99:90:59:db:27:
cf:79:40:26:7d:1c:3a:52:0a:a4:24:3c:71:07:d1:
f8:4e:b0:5f:4b:16:aa:5d:31:77:53:4b:84:46:97:
35:ba:b4:58:9f:f9:4a:d5:30:89:3c:ee:7d:23:e6:
8e:5a:0a:6e:38:aa:d6:bc:05:a0:66:b0:f4:68:5c:
0d:cd:cc:21:6b:eb:de:0e:52:04:26:5e:16:f0:77:
68:8a:e3:67:04:fc:8d:16:49:78:50:49:88:c9:a1:
e6:37:04:d6:3a:6f:6e:64:71:41:69:df:1d:64:7e:
a7:48:3f:61:43:d6:fe:9f:fb:2c:39:8b:da:46:60:
a0:3a:23:33:1f:4b:84:9c:48:01:34:0a:52:01:48:
27:5c:d7:c2:94:92:18:f8:bb:8e:54:cc:e3:77:20:
40:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:90:0A:B6:3F:A8:1B:AE:F2:26:B2:96:13:D0:86:D2:C1:9A:38:DA
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/0JAKtj-oG67yJrKWE9CG0sGaONo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.145.255
109.104.148.0/22
109.104.153.0-109.104.159.255
Signature Algorithm: sha256WithRSAEncryption
4b:e9:4b:5e:64:34:76:71:c2:8a:40:dc:99:25:16:b8:5a:a0:
f8:99:a6:7d:5d:0b:ec:b1:d2:de:23:6e:46:62:51:56:f6:27:
e2:b5:f6:4e:cb:6b:fc:9d:e5:f2:24:c9:b5:33:83:7f:58:9d:
45:d9:f8:3d:67:bd:3b:c8:2b:84:10:0f:40:0e:d9:10:b6:99:
1e:87:0c:c9:90:29:53:7b:ca:c8:11:4d:6b:e3:fe:e5:70:e0:
11:23:f1:e4:ce:99:72:69:af:44:f9:1b:69:08:11:72:c0:55:
0a:c4:6a:2e:00:5a:61:72:d2:49:07:d6:a9:1d:ee:f7:cb:98:
d4:fc:8d:d1:27:92:89:c5:77:27:96:6d:1f:cb:49:96:15:3b:
f6:69:0c:e3:87:37:62:1b:1e:27:f1:38:84:2a:c7:ba:b3:80:
4a:af:4a:ee:32:6b:89:83:3b:9d:c6:6c:1e:1f:ef:4b:bf:6f:
8d:d3:18:19:32:ac:7b:5f:66:13:45:25:b7:14:d2:51:3b:a0:
8f:82:68:f9:33:08:df:ad:fe:a0:6b:4e:8a:af:5c:73:d9:3d:
fd:87:12:34:0e:4e:46:c1:c1:1f:4d:bf:11:71:f8:34:0c:c9:
9e:09:af:f2:ab:63:d7:b8:ea:a1:65:fd:bc:14:0b:3e:a4:86:
4a:5e:8b:63
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEC9X1NzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmY2MmY3NjA2MjczZjQxYTZjY2M4ZTI5NTYwNzZmM2MwYTFlYjU0MB4XDTIyMDIw
MzE1MDE1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDA5MDBhYjYzZmE4
MWJhZWYyMjZiMjk2MTNkMDg2ZDJjMTlhMzhkYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJu8wr0CzvqjBvgmF+vX6wjYTjAAA26FRJu3cwUIzbOSycVL
FN7yXNZYJN0bl7c1Vp4fSK4QBW/fOiI5S5pix8SNvruReBr41sDPJpxrtKWTD37U
4bSuYIuu7XyX7dKNI2S48JmQWdsnz3lAJn0cOlIKpCQ8cQfR+E6wX0sWql0xd1NL
hEaXNbq0WJ/5StUwiTzufSPmjloKbjiq1rwFoGaw9GhcDc3MIWvr3g5SBCZeFvB3
aIrjZwT8jRZJeFBJiMmh5jcE1jpvbmRxQWnfHWR+p0g/YUPW/p/7LDmL2kZgoDoj
Mx9LhJxIATQKUgFIJ1zXwpSSGPi7jlTM43cgQPMCAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBTQkAq2P6gbrvImspYT0IbSwZo42jAfBgNVHSMEGDAWgBT79i92Bic/QabM
yOKVYHbzwKHrVDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzIzLzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIv
MS8wSkFLdGotb0c2N3lKcktXRTlDRzBzR2FPTm8ucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIz
Lzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIvMS8xLV9ZdmRnWW5Q
MEdtek1qaWxXQjI4OENoNjFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCW9KIMAwDBAdtaIADBAFtaJAD
BAJtaJQwDAMEAG1omQMEBW1ogDANBgkqhkiG9w0BAQsFAAOCAQEAS+lLXmQ0dnHC
ikDcmSUWuFqg+JmmfV0L7LHS3iNuRmJRVvYn4rX2Tstr/J3l8iTJtTODf1idRdn4
PWe9O8grhBAPQA7ZELaZHocMyZApU3vKyBFNa+P+5XDgESPx5M6ZcmmvRPkbaQgR
csBVCsRqLgBaYXLSSQfWqR3u98uY1PyN0SeSicV3J5ZtH8tJlhU79mkM44c3Yhse
J/E4hCrHurOASq9K7jJriYM7ncZsHh/vS79vjdMYGTKse19mE0UltxTSUTugj4Jo
+TMI363+oGtOiq9cc9k9/YcSNA5ORsHBH02/EXH4NAzJngmv8qtj17jqoWX9vBQL
PqSGSl6LYw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:17 2023 by rpki-client on console-fra.rpki-client.org