Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1jofqYl4SlwEbaMEfIMzNFpjeu0.roa
File: 1jofqYl4SlwEbaMEfIMzNFpjeu0.roa (raw, json)
Hash identifier: UV+Gm32h6xv3j44GiTZtdU3ruFAktCiz8DTTEpq4tmU=
Subject key identifier: D6:3A:1F:A9:89:78:4A:5C:04:6D:A3:04:7C:83:33:34:5A:63:7A:ED
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 018D2FC05A3AB51FB9F156DCEE8DFFA2DDB1
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1jofqYl4SlwEbaMEfIMzNFpjeu0.roa
Signing time: Mon 22 Jan 2024 05:59:11 +0000
ROA not before: Mon 22 Jan 2024 05:59:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.136.0/24 maxlen: 24
91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2f:c0:5a:3a:b5:1f:b9:f1:56:dc:ee:8d:ff:a2:dd:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Jan 22 05:59:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d63a1fa989784a5c046da3047c8333345a637aed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:de:69:b2:2e:26:44:93:1c:01:7a:2b:68:5d:
5a:72:3b:2b:fa:dc:ce:d6:da:e8:11:06:87:c8:dd:
30:9d:e4:5c:3d:97:39:ad:fe:dd:31:ee:94:91:b4:
67:1b:d7:2f:23:da:ed:33:4a:7f:27:00:f3:6b:1e:
e5:b3:35:76:61:89:ab:7d:b1:c8:4d:fa:6a:98:f0:
c3:31:87:04:21:c8:02:fd:36:c7:c7:22:34:a4:8c:
25:4b:5e:bf:74:27:2e:97:d1:8b:c2:de:d6:41:b4:
87:32:b3:24:5f:7e:fa:d0:48:dc:f3:94:b8:23:e7:
94:19:ac:b7:3d:a9:58:56:ec:02:97:56:f1:b6:1e:
b0:98:21:2a:45:4c:72:10:de:ba:89:4e:ec:fc:be:
1d:ed:71:71:b3:f9:d4:ff:41:81:66:2a:85:8a:19:
be:e1:c6:95:3f:9e:ba:b8:fc:2e:57:43:6a:2d:ec:
8d:60:d9:5e:6a:c2:61:99:2e:31:4e:29:f6:a9:3e:
7e:c0:a6:e1:25:30:9e:15:5c:fd:e1:0c:c3:d7:d4:
f8:17:59:d1:c6:91:22:e3:2a:6d:57:10:1d:6b:09:
7c:84:62:09:04:7a:91:a7:4d:58:73:b7:25:9e:ce:
8e:ad:e9:ef:63:6e:07:24:d2:e2:b3:38:2f:86:ac:
3e:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:3A:1F:A9:89:78:4A:5C:04:6D:A3:04:7C:83:33:34:5A:63:7A:ED
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1jofqYl4SlwEbaMEfIMzNFpjeu0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.132.255
109.104.144.0/23
Signature Algorithm: sha256WithRSAEncryption
92:0b:af:99:74:35:39:1c:7e:55:71:b9:58:97:a6:1e:4f:95:
0b:89:65:41:9a:1c:1d:9e:3c:fd:b1:d6:b7:a3:d6:d6:60:b4:
83:38:46:f5:8e:d6:dd:c8:40:07:90:7f:49:9f:10:98:f0:39:
70:00:d6:07:b2:88:db:75:b0:94:ab:65:f7:ec:1a:60:00:2f:
df:70:73:5e:17:4a:3b:3d:16:cc:70:d9:cd:e9:53:dc:72:3c:
e4:a9:9a:79:7d:ec:62:08:66:62:c4:a2:f9:28:15:c9:74:51:
24:13:22:4f:61:85:fb:5f:6d:e7:41:69:21:9e:5b:03:a9:16:
dc:6d:9b:e3:39:70:1d:2d:16:fc:68:05:1e:fe:5b:5f:fd:07:
97:5f:ce:1e:d8:7c:db:fe:16:22:5d:b6:df:41:a5:95:bf:d6:
35:88:f2:db:d8:51:dd:02:49:2e:f4:6b:9e:07:26:51:99:4e:
99:dc:af:53:10:5d:cf:2f:99:ac:e6:a8:56:27:b1:e6:6e:9c:
b3:e7:00:a3:6c:38:13:c1:37:63:11:eb:6d:82:85:2c:0a:cb:
46:5e:66:29:b0:52:e5:8c:e9:ff:72:b6:22:11:ec:f7:81:eb:
a9:4f:9c:64:d8:24:42:cb:48:2d:af:8b:de:da:7d:a4:23:7e:
4a:3d:5f:18
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY0vwFo6tR+58Vbc7o3/ot2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjQwMTIyMDU1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjNhMWZhOTg5Nzg0YTVjMDQ2ZGEzMDQ3YzgzMzMzNDVhNjM3YWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk95psi4mRJMcAXoraF1acjsr+tzO
1troEQaHyN0wneRcPZc5rf7dMe6UkbRnG9cvI9rtM0p/JwDzax7lszV2YYmrfbHI
TfpqmPDDMYcEIcgC/TbHxyI0pIwlS16/dCcul9GLwt7WQbSHMrMkX3760Ejc85S4
I+eUGay3PalYVuwCl1bxth6wmCEqRUxyEN66iU7s/L4d7XFxs/nU/0GBZiqFihm+
4caVP566uPwuV0NqLeyNYNleasJhmS4xTin2qT5+wKbhJTCeFVz94QzD19T4F1nR
xpEi4yptVxAdawl8hGIJBHqRp01Yc7clns6OrenvY24HJNLiszgvhqw+TQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNY6H6mJeEpcBG2jBHyDMzRaY3rtMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xLzFqb2ZxWWw0U2x3RWJhTUVmSU16TkZwamV1MC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMwYIKwYBBQUHAQcBAf8EJDAiMCAEAgABMBoDBAJb0ogw
DAMEB21ogAMEAG1ohAMEAW1okDANBgkqhkiG9w0BAQsFAAOCAQEAkguvmXQ1ORx+
VXG5WJemHk+VC4llQZocHZ48/bHWt6PW1mC0gzhG9Y7W3chAB5B/SZ8QmPA5cADW
B7KI23WwlKtl9+waYAAv33BzXhdKOz0WzHDZzelT3HI85KmaeX3sYghmYsSi+SgV
yXRRJBMiT2GF+19t50FpIZ5bA6kW3G2b4zlwHS0W/GgFHv5bX/0Hl1/OHth82/4W
Il2230Gllb/WNYjy29hR3QJJLvRrngcmUZlOmdyvUxBdzy+ZrOaoViex5m6cs+cA
o2w4E8E3YxHrbYKFLArLRl5mKbBS5Yzp/3K2IhHs94HrqU+cZNgkQstILa+L3tp9
pCN+Sj1fGA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:26 2024 by rpki-client on console-fra.rpki-client.org