Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-P3acaX0kDYjfe0KFGo5BoKQIDQ.roa
File: 1-P3acaX0kDYjfe0KFGo5BoKQIDQ.roa (raw, json)
Hash identifier: SopHW6m/jiuOTI19jeDPjmBgA9/pL8SMX95VZfbBidM=
Subject key identifier: F8:FD:DA:71:A5:F4:90:36:23:7D:ED:0A:14:6A:39:06:82:90:20:34
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0189DB03121A3D231E388EBF9E16C1A1FAF3
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-P3acaX0kDYjfe0KFGo5BoKQIDQ.roa
Signing time: Wed 09 Aug 2023 15:55:58 +0000
ROA not before: Wed 09 Aug 2023 15:55:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:db:03:12:1a:3d:23:1e:38:8e:bf:9e:16:c1:a1:fa:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Aug 9 15:55:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f8fdda71a5f49036237ded0a146a390682902034
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:74:a7:1f:a7:59:d6:a1:bf:84:82:fc:d4:e3:
0a:7b:fe:76:95:74:8b:76:56:61:d5:e1:de:98:ee:
c3:f3:96:67:02:8a:e2:65:d6:c4:16:4f:ec:08:12:
50:6c:9c:8c:33:f7:3d:67:cd:61:55:ad:0e:3c:b0:
cd:55:d6:bf:41:3e:5e:d9:5f:0b:bd:d1:d7:88:fb:
7d:87:b4:36:1d:d8:77:e7:bc:c7:f8:ff:9f:32:03:
79:7e:3a:ca:7a:11:02:21:0c:60:48:d2:aa:9c:78:
50:13:a0:d6:d0:b2:f1:42:53:0e:b8:83:ca:bf:f2:
46:fa:d5:3e:eb:e1:98:8f:74:0e:87:99:fe:0e:c6:
93:59:fd:2b:67:ef:2c:88:64:54:bb:0f:04:7a:56:
72:c7:03:18:29:2c:c9:a8:5d:ea:58:26:eb:f9:4a:
38:4a:79:b3:a7:14:a2:fb:cb:67:00:6a:5a:b9:07:
70:31:92:5b:b2:18:24:73:ba:ee:c0:f2:b5:85:f2:
d8:db:ad:83:29:f8:d9:b2:bc:5d:cc:66:8d:c1:23:
9c:7d:6e:ee:87:3d:6a:8d:43:3d:74:e4:da:fa:2a:
d3:e0:ee:d9:d4:5b:8f:a3:69:a6:a7:21:f6:39:5d:
6e:51:9b:2b:8d:2f:b4:72:fd:1e:63:ff:72:f3:82:
f8:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:FD:DA:71:A5:F4:90:36:23:7D:ED:0A:14:6A:39:06:82:90:20:34
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-P3acaX0kDYjfe0KFGo5BoKQIDQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.137.255
109.104.144.0/23
109.104.157.0-109.104.158.255
Signature Algorithm: sha256WithRSAEncryption
bf:5d:b7:4b:63:fe:2a:a9:f6:f2:40:70:6d:70:d0:ce:64:b5:
f4:1a:12:dc:21:c3:41:d5:fd:86:d0:f1:9c:f6:39:3a:d9:4f:
39:09:a8:72:43:d8:19:d1:f4:e4:8b:5b:e6:93:f9:82:49:79:
c3:36:24:97:4f:b2:f8:fc:6f:65:9b:0e:21:00:ed:f0:0d:db:
8b:e6:28:c8:45:e6:67:d0:ca:ee:9e:9e:52:28:43:e9:bc:41:
ca:c6:8f:83:90:83:d8:4c:3a:04:42:96:a8:9e:58:84:26:aa:
77:2d:10:41:dd:1b:27:77:a6:87:50:70:2c:e6:72:0b:87:27:
a1:7a:c4:e2:e2:b3:e3:90:c0:e4:df:10:cf:49:88:01:51:0b:
df:a4:3e:17:ac:af:0c:a8:88:a8:0f:ad:32:77:45:30:c5:59:
82:7a:a1:d7:a3:ae:27:c0:8e:b7:0d:84:dc:1e:17:61:2e:8f:
96:59:aa:83:3c:6b:9a:20:75:61:52:3c:60:82:db:20:d1:89:
75:23:82:5c:c3:e1:73:45:0c:5b:ce:0b:df:37:8a:ee:d1:42:
40:e7:48:6a:25:78:0b:5e:e1:3b:fa:f6:35:91:03:f9:e7:9c:
b7:30:0a:a6:f0:10:c8:36:46:8b:7a:dd:f4:1b:2d:40:38:03:
ff:3b:4d:35
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYnbAxIaPSMeOI6/nhbBofrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMwODA5MTU1NTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGZkZGE3MWE1ZjQ5MDM2MjM3ZGVkMGExNDZhMzkwNjgyOTAyMDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXSnH6dZ1qG/hIL81OMKe/52lXSL
dlZh1eHemO7D85ZnAoriZdbEFk/sCBJQbJyMM/c9Z81hVa0OPLDNVda/QT5e2V8L
vdHXiPt9h7Q2Hdh357zH+P+fMgN5fjrKehECIQxgSNKqnHhQE6DW0LLxQlMOuIPK
v/JG+tU+6+GYj3QOh5n+DsaTWf0rZ+8siGRUuw8EelZyxwMYKSzJqF3qWCbr+Uo4
SnmzpxSi+8tnAGpauQdwMZJbshgkc7ruwPK1hfLY262DKfjZsrxdzGaNwSOcfW7u
hz1qjUM9dOTa+irT4O7Z1FuPo2mmpyH2OV1uUZsrjS+0cv0eY/9y84L4sQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFPj92nGl9JA2I33tChRqOQaCkCA0MB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xLzEtUDNhY2FYMGtEWWpmZTBLRkdvNUJvS1FJRFEucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzIzLzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTky
YmIvMS8xLV9ZdmRnWW5QMEdtek1qaWxXQjI4OENoNjFRLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCW9KI
MAwDBAdtaIADBAFtaIgDBAFtaJAwDAMEAG1onQMEAG1onjANBgkqhkiG9w0BAQsF
AAOCAQEAv123S2P+Kqn28kBwbXDQzmS19BoS3CHDQdX9htDxnPY5OtlPOQmockPY
GdH05Itb5pP5gkl5wzYkl0+y+PxvZZsOIQDt8A3bi+YoyEXmZ9DK7p6eUihD6bxB
ysaPg5CD2Ew6BEKWqJ5YhCaqdy0QQd0bJ3emh1BwLOZyC4cnoXrE4uKz45DA5N8Q
z0mIAVEL36Q+F6yvDKiIqA+tMndFMMVZgnqh16OuJ8COtw2E3B4XYS6Pllmqgzxr
miB1YVI8YILbINGJdSOCXMPhc0UMW84L3zeK7tFCQOdIaiV4C17hO/r2NZED+eec
tzAKpvAQyDZGi3rd9BstQDgD/ztNNQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:26 2024 by rpki-client on console-fra.rpki-client.org