Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/2qtYtymSlU0lPRt5n8P5jNUjAc0.roa
File: 2qtYtymSlU0lPRt5n8P5jNUjAc0.roa (raw, json)
Hash identifier: lCHlmd1vZeOeBQK0BJt0pVeC5pF2L16F7bIGXUOWguo=
Subject key identifier: DA:AB:58:B7:29:92:95:4D:25:3D:1B:79:9F:C3:F9:8C:D5:23:01:CD
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 01856EB8F3F3D255C8C5DD8CD0B28E725868
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/2qtYtymSlU0lPRt5n8P5jNUjAc0.roa
Signing time: Sun 01 Jan 2023 19:04:52 +0000
ROA not before: Sun 01 Jan 2023 19:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:b8:f3:f3:d2:55:c8:c5:dd:8c:d0:b2:8e:72:58:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Jan 1 19:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=daab58b72992954d253d1b799fc3f98cd52301cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:4e:98:0f:16:1c:57:76:fb:e3:35:a7:c1:9b:
f4:fb:46:8a:20:ae:b0:0e:cc:8f:cf:29:54:e7:7b:
22:46:bd:c4:57:4d:ef:f5:d3:6f:d1:f0:29:04:88:
cf:45:7d:19:7d:af:8d:7a:85:8b:be:64:a2:7a:87:
8e:a7:30:c2:94:76:6c:26:d7:5a:90:27:f5:de:1a:
62:fd:13:5b:03:c4:90:84:18:59:13:2a:9a:9a:96:
5f:d4:31:0c:9b:69:e2:05:61:10:7e:8b:56:bf:d2:
87:fb:b1:54:df:d9:e4:08:7f:b5:55:df:49:66:98:
41:6c:a7:7f:db:e3:c6:38:e7:c0:36:07:50:bc:4e:
4e:0a:42:79:63:e5:3b:c6:fe:00:f0:02:58:4f:80:
6c:5a:92:0e:a8:d3:47:fd:40:31:6a:3a:ce:6b:04:
7c:a7:42:89:a0:88:d7:9a:b0:c0:37:74:9a:b8:3c:
0f:ff:ca:97:31:cf:6a:8c:bf:ae:a0:1b:ae:a6:7b:
08:ec:a6:be:68:77:a0:b4:8c:6d:3f:e9:b9:b4:1a:
15:45:2b:e7:bc:ce:19:d0:b5:3e:11:3c:05:7b:03:
c3:2b:c2:41:34:79:36:88:61:6b:49:8e:2c:cf:2d:
ef:4d:f5:cb:b6:de:18:0f:22:ad:68:80:c8:96:fa:
21:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:AB:58:B7:29:92:95:4D:25:3D:1B:79:9F:C3:F9:8C:D5:23:01:CD
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/2qtYtymSlU0lPRt5n8P5jNUjAc0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.130.255
109.104.132.0-109.104.134.255
109.104.136.0/24
109.104.138.0/24
109.104.144.0/23
109.104.157.0-109.104.158.255
Signature Algorithm: sha256WithRSAEncryption
d5:5f:a2:f6:04:18:d2:95:8d:24:8d:36:07:8a:1e:4d:64:d0:
8d:d3:63:08:4f:8e:ac:5c:75:b8:6f:b6:a5:94:eb:bd:73:49:
83:c4:dd:e9:43:9d:46:48:4a:18:45:64:f8:c2:f4:06:ec:12:
62:7b:56:44:05:2b:ab:74:0e:21:b9:6f:41:09:d9:8d:30:a5:
4c:99:bf:52:ec:64:cc:12:28:08:a0:e3:0d:02:fc:9f:1c:f7:
cc:00:fb:13:a2:9d:07:72:c0:d7:15:ab:f7:e7:dd:0f:9f:45:
d8:80:b5:79:ee:59:7e:e6:9f:9d:66:a0:29:a3:57:c9:34:fa:
d2:1e:65:a4:9c:ac:16:c9:73:dd:f0:42:48:80:26:2a:83:6f:
b4:e8:97:34:4a:71:d6:37:8f:42:55:db:34:39:9f:ca:3b:3c:
c1:23:22:27:7e:86:70:b3:70:d2:bc:0b:51:13:bb:c8:cc:b3:
d3:4f:14:64:24:03:7d:9b:e0:7d:cb:c8:46:9e:43:44:b3:be:
ca:eb:47:c7:66:96:48:e8:84:aa:51:7f:b1:76:84:38:2a:ee:
18:9c:79:20:75:de:81:9b:02:b5:d5:3f:86:ba:36:0a:f7:58:
16:82:34:9a:ea:2c:b6:d3:5f:ca:32:ee:96:0b:0f:60:44:6c:
3c:16:00:0f
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVuuPPz0lXIxd2M0LKOclhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMwMTAxMTkwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFiNThiNzI5OTI5NTRkMjUzZDFiNzk5ZmMzZjk4Y2Q1MjMwMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA306YDxYcV3b74zWnwZv0+0aKIK6w
DsyPzylU53siRr3EV03v9dNv0fApBIjPRX0Zfa+NeoWLvmSieoeOpzDClHZsJtda
kCf13hpi/RNbA8SQhBhZEyqampZf1DEMm2niBWEQfotWv9KH+7FU39nkCH+1Vd9J
ZphBbKd/2+PGOOfANgdQvE5OCkJ5Y+U7xv4A8AJYT4BsWpIOqNNH/UAxajrOawR8
p0KJoIjXmrDAN3SauDwP/8qXMc9qjL+uoBuupnsI7Ka+aHegtIxtP+m5tBoVRSvn
vM4Z0LU+ETwFewPDK8JBNHk2iGFrSY4szy3vTfXLtt4YDyKtaIDIlvohaQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNqrWLcpkpVNJT0beZ/D+YzVIwHNMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xLzJxdFl0eW1TbFUwbFBSdDVuOFA1ak5VakFjMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBAJb0ogw
DAMEB21ogAMEAG1ogjAMAwQCbWiEAwQAbWiGAwQAbWiIAwQAbWiKAwQBbWiQMAwD
BABtaJ0DBABtaJ4wDQYJKoZIhvcNAQELBQADggEBANVfovYEGNKVjSSNNgeKHk1k
0I3TYwhPjqxcdbhvtqWU671zSYPE3elDnUZIShhFZPjC9AbsEmJ7VkQFK6t0DiG5
b0EJ2Y0wpUyZv1LsZMwSKAig4w0C/J8c98wA+xOinQdywNcVq/fn3Q+fRdiAtXnu
WX7mn51moCmjV8k0+tIeZaScrBbJc93wQkiAJiqDb7TolzRKcdY3j0JV2zQ5n8o7
PMEjIid+hnCzcNK8C1ETu8jMs9NPFGQkA32b4H3LyEaeQ0SzvsrrR8dmlkjohKpR
f7F2hDgq7hiceSB13oGbArXVP4a6Ngr3WBaCNJrqLLbTX8oy7pYLD2BEbDwWAA8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:26 2024 by rpki-client on console-fra.rpki-client.org