Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Dmug4CH4m93K8ZtqLciLRDCjp8I.roa
File: Dmug4CH4m93K8ZtqLciLRDCjp8I.roa (raw, json)
Hash identifier: jDU+e+H4CmnWbNDfKPs3SHXYIYps4vXAWWdjVU5FwOM=
Subject key identifier: 0E:6B:A0:E0:21:F8:9B:DD:CA:F1:9B:6A:2D:C8:8B:44:30:A3:A7:C2
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 018B6B21726481E45693E2680377DEFE910E
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Dmug4CH4m93K8ZtqLciLRDCjp8I.roa
Signing time: Thu 26 Oct 2023 08:37:15 +0000
ROA not before: Thu 26 Oct 2023 08:37:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:6b:21:72:64:81:e4:56:93:e2:68:03:77:de:fe:91:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Oct 26 08:37:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0e6ba0e021f89bddcaf19b6a2dc88b4430a3a7c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:80:12:02:4d:73:f3:ee:f3:73:9d:7f:41:e6:
30:af:80:25:c8:5b:62:29:db:ea:2f:90:66:d5:03:
06:12:f6:c1:1d:33:13:d3:62:fb:26:38:2a:2b:78:
8e:c6:92:a2:9f:f2:1d:d3:7b:c4:09:84:15:0f:55:
e3:4e:12:e5:47:89:44:14:9a:7f:0f:6f:a6:2f:69:
67:7f:5a:2b:e9:da:88:58:d1:86:2a:80:80:77:54:
98:8f:48:68:04:e7:c1:18:fb:2b:3a:60:c9:70:2a:
ae:a6:15:05:24:39:50:5e:92:31:27:70:f9:5c:f2:
53:87:36:82:3f:4d:2c:de:99:31:9e:9c:74:8c:3a:
fe:e2:30:be:a6:5d:8a:c3:6a:da:d2:b6:45:a3:5b:
82:98:63:62:f3:e3:3d:63:f4:44:75:f8:80:af:bc:
6d:44:1a:f7:df:87:77:49:95:c9:6c:71:2a:68:83:
15:7f:07:00:43:78:45:2c:a8:0e:86:d6:63:f7:61:
d0:d0:0a:74:94:2f:1f:09:35:43:bb:2a:c2:b0:16:
5d:cb:f9:4b:03:ed:cd:a5:e1:67:c6:9c:98:5b:79:
98:fd:e9:31:65:1f:9b:d3:1c:a7:a3:78:57:2f:c3:
0d:1a:83:be:26:6f:0f:04:c9:4b:b8:a9:42:01:2d:
e4:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:6B:A0:E0:21:F8:9B:DD:CA:F1:9B:6A:2D:C8:8B:44:30:A3:A7:C2
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Dmug4CH4m93K8ZtqLciLRDCjp8I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.133.255
109.104.144.0/23
109.104.157.0-109.104.158.255
Signature Algorithm: sha256WithRSAEncryption
41:0b:25:4f:07:a8:ec:8f:38:66:9b:36:42:4a:98:ba:42:16:
41:ec:fd:46:3e:01:6d:de:92:fc:55:7b:9f:a0:5c:67:9e:70:
d1:97:5c:5c:ac:2b:0e:62:ff:cc:4e:dc:0f:0c:28:03:b3:5d:
cf:2d:8a:ac:ba:d8:43:63:ca:85:2c:b0:04:95:0d:a5:db:4a:
59:97:ba:04:82:e5:22:98:a5:60:bb:05:cf:04:3c:71:11:6d:
e8:de:8b:29:51:25:ed:55:b9:78:78:ac:24:c1:95:f0:b5:89:
0e:aa:49:c6:50:33:4d:aa:fd:96:31:e4:af:bb:26:8a:86:1c:
52:d8:92:81:66:86:65:1a:75:86:53:d2:f1:f0:05:0a:57:7f:
1d:38:bf:d1:c2:f6:d4:fe:ed:a9:86:20:d9:5e:5b:b7:74:6b:
14:90:96:cd:16:dd:44:5c:59:4e:e7:1c:36:1b:ea:b9:04:f6:
0d:fe:ec:81:05:8f:02:53:a3:15:81:c8:9c:86:5d:59:31:96:
a5:32:57:a3:14:af:84:15:97:74:6c:61:ce:1e:3c:5a:17:55:
64:71:4d:10:1f:cc:f1:35:2e:8f:ed:2a:a1:40:97:32:47:96:
02:ac:f8:c5:a3:80:d5:31:25:08:bf:3d:98:0a:53:76:95:06:
7c:89:fc:6c
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYtrIXJkgeRWk+JoA3fe/pEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMxMDI2MDgzNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZiYTBlMDIxZjg5YmRkY2FmMTliNmEyZGM4OGI0NDMwYTNhN2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYASAk1z8+7zc51/QeYwr4AlyFti
KdvqL5Bm1QMGEvbBHTMT02L7JjgqK3iOxpKin/Id03vECYQVD1XjThLlR4lEFJp/
D2+mL2lnf1or6dqIWNGGKoCAd1SYj0hoBOfBGPsrOmDJcCquphUFJDlQXpIxJ3D5
XPJThzaCP00s3pkxnpx0jDr+4jC+pl2Kw2ra0rZFo1uCmGNi8+M9Y/REdfiAr7xt
RBr334d3SZXJbHEqaIMVfwcAQ3hFLKgOhtZj92HQ0Ap0lC8fCTVDuyrCsBZdy/lL
A+3NpeFnxpyYW3mY/ekxZR+b0xyno3hXL8MNGoO+Jm8PBMlLuKlCAS3kgQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFA5roOAh+JvdyvGbai3Ii0Qwo6fCMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL0RtdWc0Q0g0bTkzSzhadHFMY2lMUkRDanA4SS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQQYIKwYBBQUHAQcBAf8EMjAwMC4EAgABMCgDBAJb0ogw
DAMEB21ogAMEAW1ohAMEAW1okDAMAwQAbWidAwQAbWieMA0GCSqGSIb3DQEBCwUA
A4IBAQBBCyVPB6jsjzhmmzZCSpi6QhZB7P1GPgFt3pL8VXufoFxnnnDRl1xcrCsO
Yv/MTtwPDCgDs13PLYqsuthDY8qFLLAElQ2l20pZl7oEguUimKVguwXPBDxxEW3o
3ospUSXtVbl4eKwkwZXwtYkOqknGUDNNqv2WMeSvuyaKhhxS2JKBZoZlGnWGU9Lx
8AUKV38dOL/RwvbU/u2phiDZXlu3dGsUkJbNFt1EXFlO5xw2G+q5BPYN/uyBBY8C
U6MVgcichl1ZMZalMlejFK+EFZd0bGHOHjxaF1VkcU0QH8zxNS6P7SqhQJcyR5YC
rPjFo4DVMSUIvz2YClN2lQZ8ifxs
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:14 2024 by rpki-client on console-ams.rpki-client.org