Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/jQB6phMacoImquhEPfMasjlcL3w.roa
File: jQB6phMacoImquhEPfMasjlcL3w.roa (raw, json)
Hash identifier: 0M9a5MyYRnptn5qGOZfkdMmgmGNmJ6ku7q6SP6NbbgE=
Subject key identifier: 8D:00:7A:A6:13:1A:72:82:26:AA:E8:44:3D:F3:1A:B2:39:5C:2F:7C
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0D2F90AC
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/jQB6phMacoImquhEPfMasjlcL3w.roa
Signing time: Fri 24 Jun 2022 07:34:19 +0000
ROA not before: Fri 24 Jun 2022 07:34:19 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208485
IP address blocks: 109.104.148.0/24 maxlen: 24
109.104.147.0/24 maxlen: 24
109.104.150.0/24 maxlen: 24
109.104.151.0/24 maxlen: 24
109.104.152.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 221221036 (0xd2f90ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Jun 24 07:34:19 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8d007aa6131a728226aae8443df31ab2395c2f7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:c7:ef:98:0e:57:5f:f9:c9:cd:dc:03:62:6c:
b8:0b:da:04:1e:7d:87:a9:c0:5a:1b:ea:45:3c:fe:
40:3c:d7:e4:3c:bc:5d:4e:8f:57:90:c3:90:33:31:
ec:40:32:cf:97:eb:b2:91:e3:53:20:0b:65:62:c1:
f1:69:20:9a:27:9a:5e:6b:a0:6c:8e:9f:b8:48:e6:
80:9f:5b:f4:a7:4d:82:1b:3c:8b:c9:05:9d:2f:76:
17:b2:6a:e8:26:70:97:0b:b8:7e:d7:18:fd:e1:75:
54:b3:60:6b:0f:10:46:28:32:0b:8c:da:ca:7a:a0:
88:0d:2c:af:30:2b:5a:bf:79:48:52:f7:c2:fe:9e:
e2:b1:a2:6f:d6:95:c9:e7:b3:9e:ba:e1:85:c7:73:
74:c5:1c:54:2a:1b:b0:6c:8d:27:b7:6a:24:f9:e1:
a4:48:9d:af:51:98:8f:10:8a:75:10:09:a7:ce:6e:
13:ab:79:36:16:cb:f6:af:82:53:d9:c0:df:0d:28:
ec:62:5a:7c:e8:6c:35:1b:10:28:1f:d2:c9:fa:d8:
bf:64:60:b6:79:3b:3a:be:70:2e:b3:78:b4:af:f2:
c3:be:d3:81:de:b0:ad:e0:e1:07:4c:ce:e7:36:63:
08:a6:55:42:87:4f:db:ab:4c:5d:5f:17:34:85:db:
fa:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:00:7A:A6:13:1A:72:82:26:AA:E8:44:3D:F3:1A:B2:39:5C:2F:7C
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/jQB6phMacoImquhEPfMasjlcL3w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.104.147.0-109.104.148.255
109.104.150.0-109.104.152.255
Signature Algorithm: sha256WithRSAEncryption
51:e0:22:d3:98:c1:98:f1:75:3d:0a:f1:e8:46:5c:19:16:66:
5c:6a:08:11:c2:d6:48:73:76:0c:ae:87:ed:90:49:5f:1b:31:
bd:5d:de:f7:f5:f6:20:38:88:7d:63:cb:5e:35:3a:bc:4c:dc:
78:63:92:ff:1a:15:06:97:bd:37:b2:96:a6:53:35:5a:46:ad:
7c:c4:83:af:78:dd:fe:e5:62:dd:be:82:35:2f:e6:4a:73:29:
c1:13:01:b0:26:87:4d:ed:ee:9d:69:87:e1:ac:0d:3a:b1:52:
1a:c9:35:26:c6:68:98:20:c3:3d:6f:61:cb:52:df:91:b5:df:
a5:a8:e3:01:73:98:f7:c7:9d:58:75:1c:23:d1:c2:5f:c3:9b:
81:cf:28:6b:87:42:36:66:d9:a8:be:fb:19:85:23:92:9d:7b:
fb:b4:b7:48:76:b8:36:3f:c8:a3:1b:7b:a3:d0:82:d4:08:c4:
5c:ae:77:c2:85:6e:a4:98:eb:fa:25:1b:a4:45:be:7f:3e:53:
a6:38:f4:6b:d2:0f:24:50:e7:c0:42:65:1c:e2:98:21:14:f3:
92:73:81:41:ee:13:19:22:09:c7:26:30:dc:15:5d:89:71:6a:
d3:59:29:45:00:70:7c:7e:25:e9:f3:43:ca:de:36:42:cc:e1:
47:f2:93:54
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEDS+QrDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmY2MmY3NjA2MjczZjQxYTZjY2M4ZTI5NTYwNzZmM2MwYTFlYjU0MB4XDTIyMDYy
NDA3MzQxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGQwMDdhYTYxMzFh
NzI4MjI2YWFlODQ0M2RmMzFhYjIzOTVjMmY3YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI7H75gOV1/5yc3cA2JsuAvaBB59h6nAWhvqRTz+QDzX5Dy8
XU6PV5DDkDMx7EAyz5frspHjUyALZWLB8WkgmieaXmugbI6fuEjmgJ9b9KdNghs8
i8kFnS92F7Jq6CZwlwu4ftcY/eF1VLNgaw8QRigyC4zaynqgiA0srzArWr95SFL3
wv6e4rGib9aVyeeznrrhhcdzdMUcVCobsGyNJ7dqJPnhpEidr1GYjxCKdRAJp85u
E6t5NhbL9q+CU9nA3w0o7GJafOhsNRsQKB/SyfrYv2Rgtnk7Or5wLrN4tK/yw77T
gd6wreDhB0zO5zZjCKZVQodP26tMXV8XNIXb+mECAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBSNAHqmExpygiaq6EQ98xqyOVwvfDAfBgNVHSMEGDAWgBT79i92Bic/QabM
yOKVYHbzwKHrVDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzIzLzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIv
MS9qUUI2cGhNYWNvSW1xdWhFUGZNYXNqbGNMM3cucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIz
Lzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIvMS8xLV9ZdmRnWW5Q
MEdtek1qaWxXQjI4OENoNjFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBABtaJMDBABtaJQwDAMEAW1o
lgMEAG1omDANBgkqhkiG9w0BAQsFAAOCAQEAUeAi05jBmPF1PQrx6EZcGRZmXGoI
EcLWSHN2DK6H7ZBJXxsxvV3e9/X2IDiIfWPLXjU6vEzceGOS/xoVBpe9N7KWplM1
WkatfMSDr3jd/uVi3b6CNS/mSnMpwRMBsCaHTe3unWmH4awNOrFSGsk1JsZomCDD
PW9hy1LfkbXfpajjAXOY98edWHUcI9HCX8Obgc8oa4dCNmbZqL77GYUjkp17+7S3
SHa4Nj/Ioxt7o9CC1AjEXK53woVupJjr+iUbpEW+fz5Tpjj0a9IPJFDnwEJlHOKY
IRTzknOBQe4TGSIJxyYw3BVdiXFq01kpRQBwfH4l6fNDyt42QszhR/KTVA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:17 2023 by rpki-client on console-fra.rpki-client.org