Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Yo1zpaG8DIw7FGAOT_pIFrssp2w.roa
File: Yo1zpaG8DIw7FGAOT_pIFrssp2w.roa (raw, json)
Hash identifier: TxA5MjSIqJnAlvHW/Dx4jKy5wl975GhCppTusdntRSs=
Subject key identifier: 62:8D:73:A5:A1:BC:0C:8C:3B:14:60:0E:4F:FA:48:16:BB:2C:A7:6C
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0C254770
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Yo1zpaG8DIw7FGAOT_pIFrssp2w.roa
Signing time: Mon 07 Mar 2022 08:05:09 +0000
ROA not before: Mon 07 Mar 2022 08:05:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.143.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.141.0/24 maxlen: 24
109.104.142.0/24 maxlen: 24
109.104.140.0/24 maxlen: 24
109.104.148.0/22 maxlen: 24
109.104.153.0/24 maxlen: 24
109.104.159.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
109.104.155.0/24 maxlen: 24
109.104.156.0/24 maxlen: 24
109.104.154.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 203769712 (0xc254770)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Mar 7 08:05:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=628d73a5a1bc0c8c3b14600e4ffa4816bb2ca76c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:cf:3e:64:3f:cb:bd:44:e4:59:1a:3a:f1:09:
72:38:c3:a0:4b:33:fb:50:95:1b:9d:80:2c:a5:3c:
7c:d3:0d:c2:f8:11:e0:f8:0c:51:6a:97:95:ef:dc:
e6:f8:cc:ea:58:87:9a:59:75:3e:79:f8:81:e3:18:
d1:4f:5b:6e:59:b6:3b:ce:a4:d6:23:a0:70:39:c0:
3a:e4:90:7a:94:86:bd:23:bf:84:bb:f7:19:4f:32:
39:6b:19:82:e6:55:1f:12:b5:ee:1e:99:6b:7a:cb:
e9:4b:10:2f:05:2c:a6:36:a3:8e:bb:41:bc:00:10:
66:e5:12:2d:a5:d5:19:44:07:66:e5:15:87:c0:84:
ff:97:ab:68:86:e5:ca:c2:f3:c8:02:0c:72:2c:d6:
0a:1d:73:38:76:e3:d4:48:30:b4:41:12:1f:8b:d5:
bb:fc:8b:38:66:dc:e3:ca:ff:cd:0b:2a:96:46:82:
6b:a4:5a:ed:c8:bb:44:8c:e9:60:3d:ae:13:b5:8e:
f2:98:15:63:d6:3d:46:97:e7:e9:c2:26:cd:42:bd:
bc:b2:b6:91:05:b3:03:13:e3:ea:7b:e4:36:77:e0:
c8:ff:d1:f2:2d:c5:a0:2f:6c:e2:91:90:2f:8e:88:
58:31:61:61:52:4c:81:69:84:94:7f:bc:48:a1:37:
f1:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:8D:73:A5:A1:BC:0C:8C:3B:14:60:0E:4F:FA:48:16:BB:2C:A7:6C
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Yo1zpaG8DIw7FGAOT_pIFrssp2w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.145.255
109.104.148.0/22
109.104.153.0-109.104.159.255
Signature Algorithm: sha256WithRSAEncryption
2f:af:5d:02:d7:4f:04:ed:80:5b:13:e6:a4:69:e2:ce:1c:a1:
64:8c:72:54:9a:a7:93:ac:d8:e6:30:43:86:18:1a:91:fc:1b:
4f:c8:79:c8:35:cc:b1:ee:27:f6:c4:1f:fa:8f:c9:d9:5d:6a:
69:80:bd:5c:f4:e1:ef:1a:81:ab:77:08:9f:66:af:7b:d1:1d:
bc:19:b2:00:75:36:4a:97:e6:54:c5:9c:21:93:79:87:ae:5c:
a8:8e:77:47:de:38:d4:98:5a:e0:7d:4e:3a:66:71:2a:f8:bd:
16:9a:5a:61:72:47:76:f5:af:b4:71:ac:4f:52:74:46:8d:b3:
93:74:1c:0c:c1:8f:8b:9d:86:99:1c:f8:80:0b:57:20:bf:94:
ba:fa:ed:bb:10:f7:f5:7c:1d:24:da:30:a8:bd:bb:db:4b:c2:
36:a6:ad:8c:68:c8:22:5c:f1:20:b9:57:c4:00:a6:39:32:e6:
9c:b0:d9:d0:f7:5d:52:eb:d6:9d:b4:de:bc:04:1d:6e:64:bc:
0b:3f:b3:86:6a:45:8f:b8:b9:c8:b1:41:df:22:cb:65:9f:7b:
2d:57:0c:06:58:1e:d2:5f:e5:92:e1:15:70:a8:49:cc:44:19:
d5:56:ec:ca:21:fe:e9:7c:3a:b5:88:71:c5:6e:bc:a9:ce:a9:
4d:75:1b:4e
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEDCVHcDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmY2MmY3NjA2MjczZjQxYTZjY2M4ZTI5NTYwNzZmM2MwYTFlYjU0MB4XDTIyMDMw
NzA4MDUwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjI4ZDczYTVhMWJj
MGM4YzNiMTQ2MDBlNGZmYTQ4MTZiYjJjYTc2YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/PPmQ/y71E5FkaOvEJcjjDoEsz+1CVG52ALKU8fNMNwvgR
4PgMUWqXle/c5vjM6liHmll1Pnn4geMY0U9bblm2O86k1iOgcDnAOuSQepSGvSO/
hLv3GU8yOWsZguZVHxK17h6Za3rL6UsQLwUspjajjrtBvAAQZuUSLaXVGUQHZuUV
h8CE/5eraIblysLzyAIMcizWCh1zOHbj1EgwtEESH4vVu/yLOGbc48r/zQsqlkaC
a6Ra7ci7RIzpYD2uE7WO8pgVY9Y9Rpfn6cImzUK9vLK2kQWzAxPj6nvkNnfgyP/R
8i3FoC9s4pGQL46IWDFhYVJMgWmElH+8SKE38RECAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBRijXOlobwMjDsUYA5P+kgWuyynbDAfBgNVHSMEGDAWgBT79i92Bic/QabM
yOKVYHbzwKHrVDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzIzLzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIv
MS9ZbzF6cGFHOERJdzdGR0FPVF9wSUZyc3NwMncucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIz
Lzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIvMS8xLV9ZdmRnWW5Q
MEdtek1qaWxXQjI4OENoNjFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCW9KIMAwDBAdtaIADBAFtaJAD
BAJtaJQwDAMEAG1omQMEBW1ogDANBgkqhkiG9w0BAQsFAAOCAQEAL69dAtdPBO2A
WxPmpGnizhyhZIxyVJqnk6zY5jBDhhgakfwbT8h5yDXMse4n9sQf+o/J2V1qaYC9
XPTh7xqBq3cIn2ave9EdvBmyAHU2SpfmVMWcIZN5h65cqI53R9441Jha4H1OOmZx
Kvi9FppaYXJHdvWvtHGsT1J0Ro2zk3QcDMGPi52GmRz4gAtXIL+UuvrtuxD39Xwd
JNowqL2720vCNqatjGjIIlzxILlXxACmOTLmnLDZ0PddUuvWnbTevAQdbmS8Cz+z
hmpFj7i5yLFB3yLLZZ97LVcMBlge0l/lkuEVcKhJzEQZ1VbsyiH+6Xw6tYhxxW68
qc6pTXUbTg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:17 2023 by rpki-client on console-fra.rpki-client.org