Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/176EhTEO-VIw7Djzd0vSZC-M-L0.roa
File: 176EhTEO-VIw7Djzd0vSZC-M-L0.roa (raw, json)
Hash identifier: z9RguZOO3CN/J1yf7ugjW7TuzW+oKA4xav3G/SPHTj8=
Subject key identifier: D7:BE:84:85:31:0E:F9:52:30:EC:38:F3:77:4B:D2:64:2F:8C:F8:BD
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0183833EB713089F745B32B233BA63F50B78
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/176EhTEO-VIw7Djzd0vSZC-M-L0.roa
Signing time: Wed 28 Sep 2022 08:37:48 +0000
ROA not before: Wed 28 Sep 2022 08:37:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208485
IP address blocks: 109.104.148.0/24 maxlen: 24
109.104.147.0/24 maxlen: 24
109.104.150.0/24 maxlen: 24
109.104.149.0/24 maxlen: 24
109.104.146.0/24 maxlen: 24
109.104.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:83:3e:b7:13:08:9f:74:5b:32:b2:33:ba:63:f5:0b:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Sep 28 08:37:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d7be8485310ef95230ec38f3774bd2642f8cf8bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:61:5f:ea:3e:15:fd:0e:d9:b9:ad:c3:8b:b4:
53:dc:64:40:45:a1:dc:0a:e1:b6:20:e6:c0:08:69:
69:2b:eb:46:13:84:60:2f:2a:80:35:a6:23:9c:af:
21:6e:9f:68:27:4d:c8:d5:6a:9d:3f:1e:4c:f8:41:
d2:5d:49:01:38:4a:b2:2e:eb:67:5f:c4:8c:5a:25:
00:cc:a2:42:6e:24:bd:66:77:e6:8c:62:4a:e9:fe:
7d:8e:bb:a5:f9:8b:8c:06:3d:16:e8:f2:6a:ba:cc:
43:63:38:e3:85:15:68:5e:f9:3d:ae:77:d8:65:25:
7e:24:be:bf:8b:9c:d8:eb:b4:60:de:a4:d4:53:08:
2f:14:03:13:ff:21:6d:52:02:17:c0:4b:c2:b0:95:
ad:da:d4:64:77:d0:ac:9f:e5:56:85:b0:03:a1:d6:
57:91:d6:0c:06:eb:65:14:67:35:af:d5:a6:ce:be:
37:54:57:3c:f0:2a:91:d9:43:88:78:f5:e9:2b:cb:
9d:02:1e:35:43:cf:9c:09:ff:95:de:72:8a:68:a0:
2c:24:e4:48:dd:a6:4a:68:e0:c9:32:9c:b9:09:f1:
2c:3a:c6:70:80:5b:fe:fc:ae:e6:69:55:57:7b:52:
92:5c:59:63:01:d2:f9:df:e9:a2:ca:f2:e4:fc:fc:
8f:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:BE:84:85:31:0E:F9:52:30:EC:38:F3:77:4B:D2:64:2F:8C:F8:BD
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/176EhTEO-VIw7Djzd0vSZC-M-L0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.104.146.0-109.104.151.255
Signature Algorithm: sha256WithRSAEncryption
74:e9:8f:f8:b3:cb:a0:03:0d:e5:56:03:e8:17:38:8e:59:5f:
61:a5:bd:d3:09:df:5e:ca:26:1c:77:5b:9b:e8:b3:dc:95:6e:
4b:22:b2:21:6d:c4:2b:b8:4a:b2:ea:fe:42:95:6f:22:69:c2:
6e:41:18:e5:83:ae:54:8c:63:cc:c5:f9:ee:9d:3a:7f:2c:85:
c6:4e:50:a4:64:65:88:c6:36:c0:5c:a0:b8:eb:81:3a:ae:4d:
b1:5a:a1:bd:83:4c:ad:25:8a:1c:7b:22:c6:fe:a3:96:7f:21:
5c:9a:2f:eb:95:ec:15:2d:87:ac:7b:3c:d5:99:b9:d6:6a:81:
da:57:de:ec:88:6f:3b:7c:b9:aa:d5:ef:5d:0d:bf:c7:78:bf:
cd:f3:b0:88:7b:23:dd:51:e6:41:71:7c:73:b2:d7:7a:0a:30:
73:39:3b:dc:fa:b7:ab:5d:65:03:2a:fa:71:b7:a4:3f:06:2f:
82:c6:1d:8f:c4:80:02:b3:aa:ad:4f:c1:ed:01:c3:a7:66:b7:
63:ad:d1:ea:30:60:9a:1f:d3:d6:f2:35:f4:a0:fc:e7:cc:f7:
a3:2f:40:d2:18:3b:e8:cb:63:7e:9e:58:81:64:43:e2:84:6a:
bd:a7:93:64:a1:8f:e7:60:8c:15:02:cf:0a:90:de:fd:93:24:
97:75:0e:b2
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYODPrcTCJ90WzKyM7pj9Qt4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjIwOTI4MDgzNzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2JlODQ4NTMxMGVmOTUyMzBlYzM4ZjM3NzRiZDI2NDJmOGNmOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmFf6j4V/Q7Zua3Di7RT3GRARaHc
CuG2IObACGlpK+tGE4RgLyqANaYjnK8hbp9oJ03I1WqdPx5M+EHSXUkBOEqyLutn
X8SMWiUAzKJCbiS9ZnfmjGJK6f59jrul+YuMBj0W6PJqusxDYzjjhRVoXvk9rnfY
ZSV+JL6/i5zY67Rg3qTUUwgvFAMT/yFtUgIXwEvCsJWt2tRkd9Csn+VWhbADodZX
kdYMButlFGc1r9Wmzr43VFc88CqR2UOIePXpK8udAh41Q8+cCf+V3nKKaKAsJORI
3aZKaODJMpy5CfEsOsZwgFv+/K7maVVXe1KSXFljAdL53+miyvLk/PyP8wIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFNe+hIUxDvlSMOw483dL0mQvjPi9MB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xLzE3NkVoVEVPLVZJdzdEanpkMHZTWkMtTS1MMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEAW1o
kgMEA21okDANBgkqhkiG9w0BAQsFAAOCAQEAdOmP+LPLoAMN5VYD6Bc4jllfYaW9
0wnfXsomHHdbm+iz3JVuSyKyIW3EK7hKsur+QpVvImnCbkEY5YOuVIxjzMX57p06
fyyFxk5QpGRliMY2wFyguOuBOq5NsVqhvYNMrSWKHHsixv6jln8hXJov65XsFS2H
rHs81Zm51mqB2lfe7IhvO3y5qtXvXQ2/x3i/zfOwiHsj3VHmQXF8c7LXegowczk7
3Pq3q11lAyr6cbekPwYvgsYdj8SAArOqrU/B7QHDp2a3Y63R6jBgmh/T1vI19KD8
58z3oy9A0hg76Mtjfp5YgWRD4oRqvaeTZKGP52CMFQLPCpDe/ZMkl3UOsg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:14 2025 by rpki-client