Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/5YFV3xc5qQUR7sFYlubDjxNvBLY.roa
File: 5YFV3xc5qQUR7sFYlubDjxNvBLY.roa (raw, json)
Hash identifier: 2QE4LeAepxn7wxhoCHhJS50H6w3qguXp42fkcyYgxv8=
Subject key identifier: E5:81:55:DF:17:39:A9:05:11:EE:C1:58:96:E6:C3:8F:13:6F:04:B6
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 018D888C0B8189C6E0DA4190F97608AED882
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/5YFV3xc5qQUR7sFYlubDjxNvBLY.roa
Signing time: Thu 08 Feb 2024 11:48:15 +0000
ROA not before: Thu 08 Feb 2024 11:48:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197706
IP address blocks: 109.104.132.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:88:8c:0b:81:89:c6:e0:da:41:90:f9:76:08:ae:d8:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Feb 8 11:48:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e58155df1739a90511eec15896e6c38f136f04b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:be:0d:9a:a4:5c:41:8d:4e:74:f8:a4:c8:52:
35:bf:4f:36:cb:ee:cd:b9:73:7d:e8:c9:78:b6:66:
24:33:1b:18:fd:0e:55:2d:10:29:25:65:dc:47:93:
2f:02:54:73:6b:cd:4d:fa:d6:ae:22:79:4e:36:69:
d1:17:d1:5b:1d:72:22:bc:9e:5a:aa:50:84:c9:9b:
5a:84:70:5a:bc:25:64:75:5a:b2:32:c7:a8:00:a3:
de:b5:de:29:08:d9:46:40:38:d6:80:a5:0c:df:dc:
3b:eb:fa:59:0c:60:79:28:f5:84:34:a3:87:f3:3c:
c3:15:bf:55:b1:e9:69:f9:a7:fd:e5:1a:14:eb:05:
ea:d9:03:eb:97:da:55:30:0b:cd:b1:6d:e7:fc:6b:
0a:e2:25:ab:79:6a:45:66:dc:42:3f:57:f7:66:d2:
07:10:75:42:06:aa:17:c7:d5:0d:c0:56:7f:5c:77:
f6:8f:ae:31:6b:a3:c9:60:80:d9:1e:7c:f0:df:d0:
db:b6:5d:27:53:88:6a:a3:7e:31:74:3a:0c:e0:11:
8a:2e:6b:4c:73:e9:ee:32:b2:1f:88:29:3e:6c:57:
b0:e9:26:ca:c7:11:a4:7f:50:4f:1f:52:e6:e6:b7:
57:bf:9b:b3:82:78:b8:d2:d8:f6:b5:8e:d9:bf:62:
a8:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:81:55:DF:17:39:A9:05:11:EE:C1:58:96:E6:C3:8F:13:6F:04:B6
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/5YFV3xc5qQUR7sFYlubDjxNvBLY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.104.132.0/23
Signature Algorithm: sha256WithRSAEncryption
11:9a:86:00:bd:10:aa:fd:24:77:aa:25:66:ef:56:67:94:e6:
87:12:fc:7c:f3:f3:d5:2d:5d:3a:ec:e3:a4:da:4e:f3:77:52:
8d:bc:8f:2c:95:91:a8:43:b0:87:e9:46:66:3e:65:11:4a:20:
29:92:11:4b:a7:65:ce:2b:3e:a3:f6:5a:ad:85:3b:8a:a9:0f:
cf:c8:16:02:36:c3:00:ba:4b:de:b6:8c:01:73:ec:94:16:2a:
07:df:5d:19:7f:3b:07:0a:de:47:e7:de:0b:23:c6:a9:55:c0:
9a:50:a6:f8:0a:d2:ad:0a:1f:2f:22:7b:e3:d5:25:09:d8:04:
54:1a:2a:3e:4f:35:02:d7:57:b3:3b:59:f5:23:88:2f:0d:6a:
19:63:b3:3b:ac:4f:0b:ec:ad:f0:7d:34:fb:c7:bd:5d:7a:38:
f3:08:48:8f:17:9f:de:55:c5:a9:33:90:8e:ba:5d:41:48:52:
96:95:bc:38:9a:db:a1:64:17:21:25:c1:e2:1b:5d:22:0c:17:
6e:6d:80:ba:2f:35:7b:a5:7c:ea:90:dd:2b:99:f5:7e:a6:f6:
e0:fc:88:af:af:5d:37:ad:d9:af:0e:47:06:76:e2:ac:51:f7:
ef:e0:13:ff:25:bc:9b:2c:9e:32:1a:7f:24:42:f2:68:8a:c8:
75:52:5b:c1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY2IjAuBicbg2kGQ+XYIrtiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjQwMjA4MTE0ODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTgxNTVkZjE3MzlhOTA1MTFlZWMxNTg5NmU2YzM4ZjEzNmYwNGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn74NmqRcQY1OdPikyFI1v082y+7N
uXN96Ml4tmYkMxsY/Q5VLRApJWXcR5MvAlRza81N+tauInlONmnRF9FbHXIivJ5a
qlCEyZtahHBavCVkdVqyMseoAKPetd4pCNlGQDjWgKUM39w76/pZDGB5KPWENKOH
8zzDFb9Vselp+af95RoU6wXq2QPrl9pVMAvNsW3n/GsK4iWreWpFZtxCP1f3ZtIH
EHVCBqoXx9UNwFZ/XHf2j64xa6PJYIDZHnzw39Dbtl0nU4hqo34xdDoM4BGKLmtM
c+nuMrIfiCk+bFew6SbKxxGkf1BPH1Lm5rdXv5uzgni40tj2tY7Zv2KomQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOWBVd8XOakFEe7BWJbmw48TbwS2MB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xLzVZRlYzeGM1cVFVUjdzRllsdWJEanhOdkJMWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFtaIQw
DQYJKoZIhvcNAQELBQADggEBABGahgC9EKr9JHeqJWbvVmeU5ocS/Hzz89UtXTrs
46TaTvN3Uo28jyyVkahDsIfpRmY+ZRFKICmSEUunZc4rPqP2Wq2FO4qpD8/IFgI2
wwC6S962jAFz7JQWKgffXRl/OwcK3kfn3gsjxqlVwJpQpvgK0q0KHy8ie+PVJQnY
BFQaKj5PNQLXV7M7WfUjiC8NahljszusTwvsrfB9NPvHvV16OPMISI8Xn95Vxakz
kI66XUFIUpaVvDia26FkFyElweIbXSIMF25tgLovNXulfOqQ3SuZ9X6m9uD8iK+v
XTet2a8ORwZ24qxR9+/gE/8lvJssnjIafyRC8miKyHVSW8E=
-----END CERTIFICATE-----
Generated at Fri Mar 1 13:33:28 2024 by rpki-client on console-fra.rpki-client.org