Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/hU48jYHFYnw1yNfwFZBik8XsxXE.roa
File: hU48jYHFYnw1yNfwFZBik8XsxXE.roa (raw, json)
Hash identifier: kt7VgB4HQdTjfb37aIA5a5KmOFMGPjPlEK/f8y0qqro=
Subject key identifier: 85:4E:3C:8D:81:C5:62:7C:35:C8:D7:F0:15:90:62:93:C5:EC:C5:71
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 01857C144D05C787068CB04885E634A0A850
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/hU48jYHFYnw1yNfwFZBik8XsxXE.roa
Signing time: Wed 04 Jan 2023 09:19:43 +0000
ROA not before: Wed 04 Jan 2023 09:19:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.143.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.141.0/24 maxlen: 24
109.104.142.0/24 maxlen: 24
109.104.140.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7c:14:4d:05:c7:87:06:8c:b0:48:85:e6:34:a0:a8:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Jan 4 09:19:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=854e3c8d81c5627c35c8d7f015906293c5ecc571
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:2b:8f:4c:c9:4e:48:b6:f5:85:79:8b:b4:00:
36:19:d4:ac:50:d9:59:18:1a:c4:3c:5e:4f:fd:88:
b9:4d:e8:06:cc:d5:22:82:13:2a:f3:84:56:b4:41:
4a:a8:1f:26:0d:91:a8:1c:3e:3d:6e:5c:81:62:4b:
74:86:d3:7a:55:5c:a3:5a:4f:23:b0:db:18:ac:73:
cd:50:c1:c4:e3:72:87:0c:02:1f:01:30:1d:fd:c5:
ec:f9:00:57:f2:da:3b:60:30:fc:6d:34:ed:e4:2a:
0e:02:d3:65:97:85:c1:ab:d5:1f:29:d0:9e:f0:04:
9a:fb:d7:f5:99:48:9e:c0:59:dc:6e:4a:7a:aa:a7:
ec:df:e3:ab:e6:36:81:49:09:79:01:9f:b7:29:34:
5d:fc:db:c8:c2:f5:da:4f:c6:19:88:71:b7:83:f5:
cc:28:c0:bb:23:f5:a9:4e:d6:e8:3c:dd:93:2d:7c:
c7:24:f9:f4:68:cb:0c:fe:9e:3a:16:cd:4b:dd:0f:
f1:72:4c:2b:34:52:05:04:5e:20:91:0b:0a:31:7d:
35:dd:92:3a:f1:51:58:be:90:78:d3:ce:3f:26:02:
df:98:f8:13:73:d8:19:78:8f:c4:8c:51:bf:68:31:
21:d2:5f:c7:d6:c4:e7:01:f3:3c:4a:3f:d0:74:ed:
5f:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:4E:3C:8D:81:C5:62:7C:35:C8:D7:F0:15:90:62:93:C5:EC:C5:71
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/hU48jYHFYnw1yNfwFZBik8XsxXE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.145.255
109.104.157.0-109.104.158.255
Signature Algorithm: sha256WithRSAEncryption
d0:58:0b:49:16:4e:cb:71:24:5b:cb:09:bf:42:78:81:19:31:
51:eb:7c:ae:21:de:17:3b:b1:c5:25:86:a5:0b:17:92:82:1c:
f3:df:06:d2:42:7f:13:77:db:aa:c0:43:0a:90:b8:ae:14:99:
bf:43:5c:56:2d:0a:60:c0:f4:05:0c:c8:b5:ed:2a:39:49:37:
63:e0:75:ba:71:21:95:52:70:bd:1d:a1:f4:ad:fd:85:64:05:
17:e4:ab:db:5d:4f:9f:1f:3e:61:47:6f:9a:24:24:0b:7a:6c:
89:6f:53:db:e4:94:62:ee:87:a5:f8:df:c3:85:8a:5e:72:e7:
08:9f:c0:29:34:b4:db:1e:2b:26:8b:c2:68:0d:fd:7c:82:26:
46:28:2a:71:ad:17:c6:ff:9b:96:22:ce:33:fb:4f:dd:2b:4f:
44:ce:69:fb:34:c6:31:0d:a7:2f:97:04:6c:36:00:53:ea:18:
6c:f5:4a:c1:21:97:fa:5e:9b:19:c3:3c:1f:b7:6c:66:99:60:
8f:5d:72:3a:05:74:18:d7:dc:5c:7b:f8:0f:20:5e:b2:58:7d:
25:22:c8:00:78:96:95:c4:8a:b1:78:2e:e3:b7:3f:8c:77:d9:
20:e7:8c:36:43:17:8b:65:06:e6:c3:d9:6d:ca:c5:5a:fd:55:
18:80:4b:33
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYV8FE0Fx4cGjLBIheY0oKhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMwMTA0MDkxOTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTRlM2M4ZDgxYzU2MjdjMzVjOGQ3ZjAxNTkwNjI5M2M1ZWNjNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyuPTMlOSLb1hXmLtAA2GdSsUNlZ
GBrEPF5P/Yi5TegGzNUighMq84RWtEFKqB8mDZGoHD49blyBYkt0htN6VVyjWk8j
sNsYrHPNUMHE43KHDAIfATAd/cXs+QBX8to7YDD8bTTt5CoOAtNll4XBq9UfKdCe
8ASa+9f1mUiewFncbkp6qqfs3+Or5jaBSQl5AZ+3KTRd/NvIwvXaT8YZiHG3g/XM
KMC7I/WpTtboPN2TLXzHJPn0aMsM/p46Fs1L3Q/xckwrNFIFBF4gkQsKMX013ZI6
8VFYvpB4084/JgLfmPgTc9gZeI/EjFG/aDEh0l/H1sTnAfM8Sj/QdO1f6wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIVOPI2BxWJ8NcjX8BWQYpPF7MVxMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL2hVNDhqWUhGWW53MXlOZndGWkJpazhYc3hYRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOwYIKwYBBQUHAQcBAf8ELDAqMCgEAgABMCIDBAJb0ogw
DAMEB21ogAMEAW1okDAMAwQAbWidAwQAbWieMA0GCSqGSIb3DQEBCwUAA4IBAQDQ
WAtJFk7LcSRbywm/QniBGTFR63yuId4XO7HFJYalCxeSghzz3wbSQn8Td9uqwEMK
kLiuFJm/Q1xWLQpgwPQFDMi17So5STdj4HW6cSGVUnC9HaH0rf2FZAUX5KvbXU+f
Hz5hR2+aJCQLemyJb1Pb5JRi7oel+N/DhYpecucIn8ApNLTbHismi8JoDf18giZG
KCpxrRfG/5uWIs4z+0/dK09Ezmn7NMYxDacvlwRsNgBT6hhs9UrBIZf6XpsZwzwf
t2xmmWCPXXI6BXQY19xce/gPIF6yWH0lIsgAeJaVxIqxeC7jtz+Md9kg54w2QxeL
ZQbmw9ltysVa/VUYgEsz
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:17 2023 by rpki-client on console-fra.rpki-client.org