Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/FzMPB_WJcW3swHRacFbxBPuZ1Hk.roa
File: FzMPB_WJcW3swHRacFbxBPuZ1Hk.roa (raw, json)
Hash identifier: bGP/42J9Zrp2sOnnPs2/CEdwOXznJBosfLXqtHjqwyc=
Subject key identifier: 17:33:0F:07:F5:89:71:6D:EC:C0:74:5A:70:56:F1:04:FB:99:D4:79
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 018C7A526E639EFBF4A7AE6A2587F9F31804
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/FzMPB_WJcW3swHRacFbxBPuZ1Hk.roa
Signing time: Mon 18 Dec 2023 00:27:51 +0000
ROA not before: Mon 18 Dec 2023 00:27:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:7a:52:6e:63:9e:fb:f4:a7:ae:6a:25:87:f9:f3:18:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Dec 18 00:27:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=17330f07f589716decc0745a7056f104fb99d479
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:61:ac:fd:e1:2e:d1:90:94:30:ac:fe:d7:fe:
f9:ac:86:9c:b3:2e:0e:d3:14:ea:07:91:ea:9a:bc:
35:2b:28:08:71:7c:70:d6:9a:95:f5:c7:ef:9a:25:
d1:c2:ea:f2:15:d1:43:75:55:eb:0c:62:35:e2:50:
28:52:8c:d2:e0:d9:fc:9a:87:00:dd:28:82:ba:85:
93:ea:60:84:85:d3:9b:70:5d:93:68:02:7b:3d:dd:
95:b0:23:67:f6:ed:af:5d:ea:7d:31:77:7c:80:1a:
c9:60:f0:aa:21:be:9e:3c:00:1d:0f:95:19:06:99:
ed:94:42:3d:9b:96:ed:e6:fb:ea:41:3c:a8:40:59:
e3:b4:70:a4:d4:5d:7c:58:10:14:6b:9a:0a:7a:f2:
df:54:5b:9d:fb:23:39:bc:cd:89:74:66:9b:7e:12:
ba:c3:c7:af:31:01:ee:35:da:ad:f0:6f:6d:7b:43:
1d:55:8f:60:4b:34:4f:f1:6d:3c:4c:5a:46:c2:7b:
01:88:ea:50:d6:9e:56:7e:ff:ae:0d:5f:6a:76:40:
b3:46:d3:f2:c3:1a:22:5a:5e:ad:93:00:66:af:00:
d4:5c:62:f2:e7:6f:7f:30:50:52:2e:66:ef:bd:6a:
e4:37:08:e2:83:94:a9:5e:9d:09:35:6b:e7:99:90:
47:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:33:0F:07:F5:89:71:6D:EC:C0:74:5A:70:56:F1:04:FB:99:D4:79
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/FzMPB_WJcW3swHRacFbxBPuZ1Hk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.133.255
109.104.144.0/23
Signature Algorithm: sha256WithRSAEncryption
69:71:05:08:5e:56:7a:bc:90:10:cf:6b:cf:d8:9a:f8:f2:31:
df:93:23:9e:94:8a:80:ea:a4:5b:33:23:f4:8c:98:e5:23:5a:
43:19:93:5a:82:d2:24:b8:7e:49:a8:a8:3e:ad:e3:5f:fc:77:
e1:b6:42:ae:bc:fb:0e:e0:60:6b:8e:e6:cb:7f:84:93:43:4d:
06:ec:ff:64:89:e1:6b:6a:b0:4d:78:3d:09:f5:c8:90:3c:46:
05:9d:16:b6:0e:ce:b2:a1:8e:b6:65:47:cb:19:d0:6c:35:05:
81:75:10:b4:05:08:93:a5:d5:9a:4e:b8:f3:60:5f:fc:fc:12:
13:d0:66:ec:31:fd:93:30:87:93:f5:18:98:2b:ff:1a:55:d5:
b9:6c:8b:97:eb:db:aa:94:30:b9:93:7f:a4:7a:26:d6:d8:c4:
39:a0:3f:8d:c4:49:f9:5a:ba:15:c8:d6:7b:84:0e:65:d8:99:
fc:81:ac:32:52:3e:9b:89:ac:4d:03:d2:cb:1e:d9:fb:17:d7:
78:c9:22:ef:c3:30:23:68:c8:2e:4e:f4:ff:d1:ac:a6:bb:58:
ca:eb:d1:54:87:44:d0:e6:20:49:01:9a:df:96:03:19:b8:23:
80:6b:7f:e1:7a:aa:37:73:b9:e3:b6:27:d5:41:9e:12:5c:d8:
13:97:b9:13
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYx6Um5jnvv0p65qJYf58xgEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMxMjE4MDAyNzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzMzMGYwN2Y1ODk3MTZkZWNjMDc0NWE3MDU2ZjEwNGZiOTlkNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGGs/eEu0ZCUMKz+1/75rIacsy4O
0xTqB5Hqmrw1KygIcXxw1pqV9cfvmiXRwuryFdFDdVXrDGI14lAoUozS4Nn8mocA
3SiCuoWT6mCEhdObcF2TaAJ7Pd2VsCNn9u2vXep9MXd8gBrJYPCqIb6ePAAdD5UZ
BpntlEI9m5bt5vvqQTyoQFnjtHCk1F18WBAUa5oKevLfVFud+yM5vM2JdGabfhK6
w8evMQHuNdqt8G9te0MdVY9gSzRP8W08TFpGwnsBiOpQ1p5Wfv+uDV9qdkCzRtPy
wxoiWl6tkwBmrwDUXGLy529/MFBSLmbvvWrkNwjig5SpXp0JNWvnmZBHOwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFBczDwf1iXFt7MB0WnBW8QT7mdR5MB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL0Z6TVBCX1dKY1czc3dIUmFjRmJ4QlB1WjFIay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMwYIKwYBBQUHAQcBAf8EJDAiMCAEAgABMBoDBAJb0ogw
DAMEB21ogAMEAW1ohAMEAW1okDANBgkqhkiG9w0BAQsFAAOCAQEAaXEFCF5WeryQ
EM9rz9ia+PIx35MjnpSKgOqkWzMj9IyY5SNaQxmTWoLSJLh+SaioPq3jX/x34bZC
rrz7DuBga47my3+Ek0NNBuz/ZInha2qwTXg9CfXIkDxGBZ0Wtg7OsqGOtmVHyxnQ
bDUFgXUQtAUIk6XVmk6482Bf/PwSE9Bm7DH9kzCHk/UYmCv/GlXVuWyLl+vbqpQw
uZN/pHom1tjEOaA/jcRJ+Vq6FcjWe4QOZdiZ/IGsMlI+m4msTQPSyx7Z+xfXeMki
78MwI2jILk70/9GsprtYyuvRVIdE0OYgSQGa35YDGbgjgGt/4XqqN3O547Yn1UGe
ElzYE5e5Ew==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:14 2024 by rpki-client on console-ams.rpki-client.org