Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/6tyOURbtL3sovBt2PYeH3WSgSnc.roa
File: 6tyOURbtL3sovBt2PYeH3WSgSnc.roa (raw, json)
Hash identifier: xCT+Yk4WT0ll4cgzvIXTIEOupgmjK/ZzvRZ+u6VZXfg=
Subject key identifier: EA:DC:8E:51:16:ED:2F:7B:28:BC:1B:76:3D:87:87:DD:64:A0:4A:77
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 01865580B1D03D5C483BB9EF9A7181745436
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/6tyOURbtL3sovBt2PYeH3WSgSnc.roa
Signing time: Wed 15 Feb 2023 14:35:42 +0000
ROA not before: Wed 15 Feb 2023 14:35:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:55:80:b1:d0:3d:5c:48:3b:b9:ef:9a:71:81:74:54:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Feb 15 14:35:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=eadc8e5116ed2f7b28bc1b763d8787dd64a04a77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:fe:0b:fa:eb:23:6e:4d:71:a2:d3:03:c9:50:
ea:d6:f6:24:8c:27:7b:05:22:d9:61:73:ba:54:e6:
5f:f0:51:e9:61:ba:07:70:0f:f5:ff:98:a9:ff:c2:
9d:44:74:ae:96:c4:8e:7b:70:de:96:86:00:17:cc:
81:74:63:78:64:d1:88:7c:a9:15:2a:81:f7:07:ba:
b5:90:4c:a2:23:f2:5a:dd:5d:98:f1:50:84:12:31:
e9:5c:53:a3:a5:4d:37:33:f1:52:93:3c:0a:4b:3d:
00:51:cb:55:b4:c6:aa:3c:0c:82:de:d2:3b:c2:8a:
e6:e0:44:e9:95:a1:7e:96:50:7f:cf:cf:4b:70:cf:
d9:e1:95:e1:dc:41:48:6d:04:5c:c7:eb:b5:c9:d2:
37:6c:5f:44:45:3f:3b:09:f9:aa:00:df:56:cb:aa:
98:19:44:62:9b:a9:a0:4a:e1:e6:2e:c1:97:18:ed:
8b:f6:2d:24:92:82:20:5e:c6:2a:77:07:b0:6d:27:
42:bc:64:ac:4a:59:0b:7a:85:94:8c:09:ad:28:8c:
2c:ba:af:ac:f4:ca:9b:12:4a:03:d5:1c:bd:5c:ee:
be:ec:e9:80:cc:2f:10:e5:1e:de:ce:a7:1b:18:8a:
bf:b1:4c:56:ef:54:2c:10:61:0b:e6:06:bc:56:15:
34:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:DC:8E:51:16:ED:2F:7B:28:BC:1B:76:3D:87:87:DD:64:A0:4A:77
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/6tyOURbtL3sovBt2PYeH3WSgSnc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.139.255
109.104.144.0/23
109.104.157.0-109.104.158.255
Signature Algorithm: sha256WithRSAEncryption
62:27:bb:d4:8a:d8:4e:97:87:36:da:62:b4:03:1a:c9:83:65:
86:34:ba:d9:4c:26:01:d3:de:84:1c:b3:90:6c:9b:bf:77:bf:
3a:d9:c7:03:16:c8:7b:c3:00:e0:24:02:c7:df:01:78:11:8b:
dd:71:84:da:39:53:f3:e4:f4:70:d2:1d:44:55:5a:37:18:9e:
b4:39:d2:24:01:dc:d4:49:70:e0:36:e4:50:2a:a3:b4:01:b9:
9e:c4:9e:09:ec:1e:a8:97:02:23:44:cc:9b:67:87:e2:1b:c9:
31:3c:2d:02:b1:72:6a:db:6e:6b:5a:39:db:fc:e1:c1:25:00:
34:2c:0b:db:06:86:94:49:c1:93:84:a0:65:92:2d:66:22:aa:
a2:32:57:49:3f:4d:36:2e:90:d3:29:3c:47:01:86:7d:3b:50:
33:72:26:53:f6:32:fc:68:b6:a2:d2:35:e3:d7:b4:8a:3f:a2:
49:1c:03:12:4e:52:95:99:5b:39:4a:33:c1:05:16:8a:d0:cb:
90:9d:5a:29:56:cf:7b:f9:ce:a2:bf:f1:af:71:81:f1:3d:fa:
9a:4d:44:06:e7:01:1b:e6:b7:12:59:33:d2:63:9c:c0:46:06:
22:3f:65:e8:a6:ba:ef:5e:ee:3f:66:1e:86:26:40:50:32:48:
79:fa:4e:5f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYZVgLHQPVxIO7nvmnGBdFQ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMwMjE1MTQzNTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWRjOGU1MTE2ZWQyZjdiMjhiYzFiNzYzZDg3ODdkZDY0YTA0YTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/4L+usjbk1xotMDyVDq1vYkjCd7
BSLZYXO6VOZf8FHpYboHcA/1/5ip/8KdRHSulsSOe3DeloYAF8yBdGN4ZNGIfKkV
KoH3B7q1kEyiI/Ja3V2Y8VCEEjHpXFOjpU03M/FSkzwKSz0AUctVtMaqPAyC3tI7
worm4ETplaF+llB/z89LcM/Z4ZXh3EFIbQRcx+u1ydI3bF9ERT87CfmqAN9Wy6qY
GURim6mgSuHmLsGXGO2L9i0kkoIgXsYqdwewbSdCvGSsSlkLeoWUjAmtKIwsuq+s
9MqbEkoD1Ry9XO6+7OmAzC8Q5R7ezqcbGIq/sUxW71QsEGEL5ga8VhU0RwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFOrcjlEW7S97KLwbdj2Hh91koEp3MB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xLzZ0eU9VUmJ0TDNzb3ZCdDJQWWVIM1dTZ1NuYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQQYIKwYBBQUHAQcBAf8EMjAwMC4EAgABMCgDBAJb0ogw
DAMEB21ogAMEAm1oiAMEAW1okDAMAwQAbWidAwQAbWieMA0GCSqGSIb3DQEBCwUA
A4IBAQBiJ7vUithOl4c22mK0AxrJg2WGNLrZTCYB096EHLOQbJu/d7862ccDFsh7
wwDgJALH3wF4EYvdcYTaOVPz5PRw0h1EVVo3GJ60OdIkAdzUSXDgNuRQKqO0Abme
xJ4J7B6olwIjRMybZ4fiG8kxPC0CsXJq225rWjnb/OHBJQA0LAvbBoaUScGThKBl
ki1mIqqiMldJP002LpDTKTxHAYZ9O1AzciZT9jL8aLai0jXj17SKP6JJHAMSTlKV
mVs5SjPBBRaK0MuQnVopVs97+c6iv/GvcYHxPfqaTUQG5wEb5rcSWTPSY5zARgYi
P2XoprrvXu4/Zh6GJkBQMkh5+k5f
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:26 2024 by rpki-client on console-fra.rpki-client.org