Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/o0x4l1DHeQhM2L4lp890oM5i12U.roa
File: o0x4l1DHeQhM2L4lp890oM5i12U.roa (raw, json)
Hash identifier: oAF+nQONoBM0MW8RNEUq4jkOpj2+9TNeRLhNStIXBkU=
Subject key identifier: A3:4C:78:97:50:C7:79:08:4C:D8:BE:25:A7:CF:74:A0:CE:62:D7:65
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 018528F3A8CDD8420136453436519E8FF112
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/o0x4l1DHeQhM2L4lp890oM5i12U.roa
Signing time: Mon 19 Dec 2022 05:55:35 +0000
ROA not before: Mon 19 Dec 2022 05:55:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.159.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
109.104.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:28:f3:a8:cd:d8:42:01:36:45:34:36:51:9e:8f:f1:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Dec 19 05:55:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a34c789750c779084cd8be25a7cf74a0ce62d765
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:97:ce:00:a1:f7:a1:32:55:1b:89:c8:26:03:
39:ee:7b:63:65:28:f0:14:3a:72:56:c1:bc:93:6e:
44:3a:b3:0e:ae:78:d8:f2:52:fb:0c:a1:5e:82:ea:
17:68:35:b1:e2:32:46:97:21:da:e9:e1:d8:4d:3a:
e1:2a:de:9e:3a:dd:b9:49:44:f0:87:fd:97:89:ee:
bb:eb:35:13:97:04:c6:90:78:0f:3f:6e:4f:19:59:
05:9f:22:52:43:a1:30:dc:60:35:2a:cd:cd:d1:34:
a2:e1:20:9d:eb:b8:40:da:73:79:6b:71:fc:c8:41:
03:df:a3:af:79:6d:4e:0c:31:7a:6e:55:e2:6e:c5:
af:c8:50:f1:d5:01:90:ff:70:a1:7f:a0:ee:2c:db:
19:a9:fc:cf:e1:01:b2:f7:a2:a3:1b:04:7f:94:15:
43:98:61:37:ed:7a:59:16:ce:13:53:dd:b6:37:23:
dd:ee:a6:32:f0:8a:0e:04:77:96:77:12:57:48:46:
f9:ac:7f:87:c9:0c:bc:3c:4b:fe:35:21:9c:37:db:
6e:4a:7e:07:e5:0c:f8:a1:a5:f3:c4:a4:bd:99:3a:
e5:02:4b:79:81:85:b3:ca:52:57:5d:88:5a:fb:55:
00:ff:95:81:63:47:d5:c2:26:15:b7:07:58:c9:f8:
07:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:4C:78:97:50:C7:79:08:4C:D8:BE:25:A7:CF:74:A0:CE:62:D7:65
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/o0x4l1DHeQhM2L4lp890oM5i12U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.130.255
109.104.132.0-109.104.134.255
109.104.136.0/24
109.104.138.0/24
109.104.144.0/23
109.104.155.0/24
109.104.157.0-109.104.159.255
Signature Algorithm: sha256WithRSAEncryption
0e:0c:68:76:c9:89:33:ae:d5:d3:19:6b:2a:0a:47:2a:07:4e:
c4:1c:69:43:24:b1:ac:46:0d:c0:c0:1d:89:41:e9:a7:2e:13:
3d:d7:a6:8e:4f:71:ba:22:42:16:cd:d7:b9:b8:ae:c4:01:a3:
3b:43:b5:34:f5:ae:55:c5:d4:e2:e6:93:fd:7f:55:41:26:80:
1c:da:97:66:33:c0:7c:e1:b4:be:45:6c:4e:3b:b7:a0:a5:47:
ea:72:78:52:27:ae:a6:d9:13:51:08:78:58:a5:75:d2:98:ec:
d8:9c:1d:92:d8:d8:70:fd:be:a0:21:fa:dd:64:3b:b4:b4:89:
df:45:48:17:5b:ee:e2:59:4e:3a:21:28:60:62:be:35:b1:00:
3c:1f:61:b6:d1:0d:6f:f8:37:8a:fa:6d:ae:b1:cb:10:04:a7:
02:df:d9:be:27:06:14:dd:d3:22:d0:97:c0:d8:83:0d:19:61:
50:7c:5d:62:8d:4a:73:fa:94:7b:8e:11:ec:50:1b:db:85:0b:
17:c4:f5:55:54:72:2b:21:6d:f3:75:ae:26:85:95:e1:bc:c0:
c0:29:20:fc:1b:79:a5:60:3d:20:0d:80:83:73:8d:d4:c1:c6:
6e:ed:f2:74:1b:1b:ce:3a:59:92:33:9c:59:61:d7:9d:e8:85:
d5:14:fa:ba
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYUo86jN2EIBNkU0NlGej/ESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjIxMjE5MDU1NTM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzRjNzg5NzUwYzc3OTA4NGNkOGJlMjVhN2NmNzRhMGNlNjJkNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpfOAKH3oTJVG4nIJgM57ntjZSjw
FDpyVsG8k25EOrMOrnjY8lL7DKFeguoXaDWx4jJGlyHa6eHYTTrhKt6eOt25SUTw
h/2Xie676zUTlwTGkHgPP25PGVkFnyJSQ6Ew3GA1Ks3N0TSi4SCd67hA2nN5a3H8
yEED36OveW1ODDF6blXibsWvyFDx1QGQ/3Chf6DuLNsZqfzP4QGy96KjGwR/lBVD
mGE37XpZFs4TU922NyPd7qYy8IoOBHeWdxJXSEb5rH+HyQy8PEv+NSGcN9tuSn4H
5Qz4oaXzxKS9mTrlAkt5gYWzylJXXYha+1UA/5WBY0fVwiYVtwdYyfgHiwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFKNMeJdQx3kITNi+JafPdKDOYtdlMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL28weDRsMURIZVFoTTJMNGxwODkwb001aTEyVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwYQYIKwYBBQUHAQcBAf8EUjBQME4EAgABMEgDBAJb0ogw
DAMEB21ogAMEAG1ogjAMAwQCbWiEAwQAbWiGAwQAbWiIAwQAbWiKAwQBbWiQAwQA
bWibMAwDBABtaJ0DBAVtaIAwDQYJKoZIhvcNAQELBQADggEBAA4MaHbJiTOu1dMZ
ayoKRyoHTsQcaUMksaxGDcDAHYlB6acuEz3Xpo5PcboiQhbN17m4rsQBoztDtTT1
rlXF1OLmk/1/VUEmgBzal2YzwHzhtL5FbE47t6ClR+pyeFInrqbZE1EIeFilddKY
7NicHZLY2HD9vqAh+t1kO7S0id9FSBdb7uJZTjohKGBivjWxADwfYbbRDW/4N4r6
ba6xyxAEpwLf2b4nBhTd0yLQl8DYgw0ZYVB8XWKNSnP6lHuOEexQG9uFCxfE9VVU
cishbfN1riaFleG8wMApIPwbeaVgPSANgINzjdTBxm7t8nQbG846WZIznFlh153o
hdUU+ro=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:14 2024 by rpki-client on console-ams.rpki-client.org