Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/mZgaCQje5Xyy2sNRLf4lN8sDWZA.roa
File: mZgaCQje5Xyy2sNRLf4lN8sDWZA.roa (raw, json)
Hash identifier: IfFVwC7BIN+WJwsXyL3D7x8CdzcCTMe/YpXBWyIFuiM=
Subject key identifier: 99:98:1A:09:08:DE:E5:7C:B2:DA:C3:51:2D:FE:25:37:CB:03:59:90
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0189BB02EC3E2033994297738A2B76E0D856
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/mZgaCQje5Xyy2sNRLf4lN8sDWZA.roa
Signing time: Thu 03 Aug 2023 10:47:58 +0000
ROA not before: Thu 03 Aug 2023 10:47:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:bb:02:ec:3e:20:33:99:42:97:73:8a:2b:76:e0:d8:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Aug 3 10:47:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=99981a0908dee57cb2dac3512dfe2537cb035990
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:e0:a8:d6:b0:21:8d:0b:b2:88:9a:3f:42:f3:
39:52:7f:08:49:38:62:6b:90:92:75:06:47:22:21:
ab:84:c3:2e:2f:e4:0d:19:fb:f7:55:82:5a:0b:b3:
1d:16:05:ef:c1:e1:62:0d:33:b4:38:01:59:4b:24:
3e:87:ee:0c:9b:f8:b4:37:9a:c0:aa:cc:ad:67:40:
c3:ad:49:f2:07:8c:3a:c9:a4:e6:ae:83:4e:fd:ad:
c9:a9:38:d7:7e:ea:22:8b:e9:0a:8c:13:b7:5b:dd:
85:ec:08:9a:04:19:b4:1a:3f:90:93:40:99:72:6c:
b4:15:ff:16:8e:df:ca:fa:f1:e5:f0:d3:48:47:7e:
6e:46:d4:fa:3f:9f:db:01:f1:15:67:fa:bc:66:ac:
35:57:ab:af:b9:a8:ca:4f:35:56:de:34:88:bf:ed:
21:14:99:fd:0c:2a:d3:52:f6:9a:26:0d:cd:fe:b4:
42:fe:68:65:33:82:ed:3b:76:1b:26:80:2c:98:6b:
76:ff:4a:5f:94:79:f8:9c:2b:52:45:59:20:ed:56:
76:a5:32:6b:6f:84:62:32:7f:b1:c4:cf:7e:78:02:
ed:ea:3d:65:9b:74:8c:8e:b2:f1:6e:bb:d6:8d:1c:
08:2f:70:81:41:01:66:7c:02:8a:9e:30:d6:f6:64:
11:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:98:1A:09:08:DE:E5:7C:B2:DA:C3:51:2D:FE:25:37:CB:03:59:90
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/mZgaCQje5Xyy2sNRLf4lN8sDWZA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.137.255
109.104.144.0/23
109.104.157.0-109.104.158.255
Signature Algorithm: sha256WithRSAEncryption
44:14:ef:e9:64:72:da:45:81:d0:ae:7e:15:a3:c0:06:06:16:
e4:9e:4d:c4:4b:92:e8:97:19:f1:15:7a:9f:fd:6f:db:6c:d7:
88:cc:5f:2e:06:ab:78:e2:a4:3f:9c:95:ac:28:3f:2c:9a:18:
f7:1a:4a:b0:12:e5:aa:26:d1:6a:48:c8:54:2c:f2:4b:ee:fe:
10:fe:0c:55:36:be:39:47:02:bc:a5:d2:66:03:d0:bf:72:37:
39:39:a0:67:aa:cd:19:5b:a2:9d:6c:18:19:89:e3:3e:cf:62:
ec:fe:49:ad:89:49:7e:f0:48:32:2a:05:3d:36:3d:fe:fa:56:
53:a7:95:fc:f8:89:f0:86:a1:84:f0:1e:9c:7b:b1:1b:85:9a:
bf:32:42:90:ac:fb:94:b2:af:28:5f:62:c5:cb:34:a9:b4:f7:
f5:3b:2a:43:9f:5d:0c:13:6c:1d:28:d2:e6:0b:ab:1b:79:9d:
f9:7a:7c:7a:45:ff:52:11:00:12:99:a4:2c:b6:09:92:de:b1:
7f:68:a5:44:2c:8e:2a:65:94:92:2f:87:2c:62:72:fb:31:b7:
02:84:63:91:39:7a:aa:d3:df:18:a2:15:3e:e3:a8:62:69:57:
c5:7c:e1:35:8b:28:a9:d1:97:26:ef:7f:c1:e8:0e:39:63:9b:
4f:2f:e0:18
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYm7Auw+IDOZQpdziit24NhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMwODAzMTA0NzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTk4MWEwOTA4ZGVlNTdjYjJkYWMzNTEyZGZlMjUzN2NiMDM1OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOCo1rAhjQuyiJo/QvM5Un8ISThi
a5CSdQZHIiGrhMMuL+QNGfv3VYJaC7MdFgXvweFiDTO0OAFZSyQ+h+4Mm/i0N5rA
qsytZ0DDrUnyB4w6yaTmroNO/a3JqTjXfuoii+kKjBO3W92F7AiaBBm0Gj+Qk0CZ
cmy0Ff8Wjt/K+vHl8NNIR35uRtT6P5/bAfEVZ/q8Zqw1V6uvuajKTzVW3jSIv+0h
FJn9DCrTUvaaJg3N/rRC/mhlM4LtO3YbJoAsmGt2/0pflHn4nCtSRVkg7VZ2pTJr
b4RiMn+xxM9+eALt6j1lm3SMjrLxbrvWjRwIL3CBQQFmfAKKnjDW9mQRywIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJmYGgkI3uV8strDUS3+JTfLA1mQMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL21aZ2FDUWplNVh5eTJzTlJMZjRsTjhzRFdaQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQQYIKwYBBQUHAQcBAf8EMjAwMC4EAgABMCgDBAJb0ogw
DAMEB21ogAMEAW1oiAMEAW1okDAMAwQAbWidAwQAbWieMA0GCSqGSIb3DQEBCwUA
A4IBAQBEFO/pZHLaRYHQrn4Vo8AGBhbknk3ES5LolxnxFXqf/W/bbNeIzF8uBqt4
4qQ/nJWsKD8smhj3GkqwEuWqJtFqSMhULPJL7v4Q/gxVNr45RwK8pdJmA9C/cjc5
OaBnqs0ZW6KdbBgZieM+z2Ls/kmtiUl+8EgyKgU9Nj3++lZTp5X8+InwhqGE8B6c
e7EbhZq/MkKQrPuUsq8oX2LFyzSptPf1OypDn10ME2wdKNLmC6sbeZ35enx6Rf9S
EQASmaQstgmS3rF/aKVELI4qZZSSL4csYnL7MbcChGOROXqq098YohU+46hiaVfF
fOE1iyip0Zcm73/B6A45Y5tPL+AY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:26 2024 by rpki-client on console-fra.rpki-client.org