Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/uj4yQgZSEeOCGwSYCCSo_sAPdo0.roa
File: uj4yQgZSEeOCGwSYCCSo_sAPdo0.roa (raw, json)
Hash identifier: n9Li2HbXFG5g99As6q8Jp1gOPbVUYI60IpcKGyaal9s=
Subject key identifier: BA:3E:32:42:06:52:11:E3:82:1B:04:98:08:24:A8:FE:C0:0F:76:8D
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 018215D449AC3CF408A594CFB604DD544E9F
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/uj4yQgZSEeOCGwSYCCSo_sAPdo0.roa
Signing time: Tue 19 Jul 2022 09:40:10 +0000
ROA not before: Tue 19 Jul 2022 09:40:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208485
IP address blocks: 109.104.148.0/24 maxlen: 24
109.104.147.0/24 maxlen: 24
109.104.150.0/24 maxlen: 24
109.104.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:15:d4:49:ac:3c:f4:08:a5:94:cf:b6:04:dd:54:4e:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Jul 19 09:40:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ba3e3242065211e3821b04980824a8fec00f768d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:cc:99:14:f0:20:93:e7:7b:e8:26:fb:71:e5:
7b:1e:f9:90:23:3a:19:bc:9b:c9:5d:fb:cf:79:ff:
a0:57:6f:34:d1:07:17:29:75:7c:f5:d9:99:73:e6:
d6:39:c2:61:47:f7:dd:7c:dd:e3:ac:d1:57:45:e5:
93:c9:e6:31:d0:1f:75:54:40:4a:3a:54:58:9e:2d:
22:15:0e:24:84:77:33:27:a1:14:c7:03:38:fa:7a:
3b:23:59:6f:6a:8f:b4:97:28:6b:56:6f:cf:0b:75:
b6:25:2a:29:fd:c6:13:16:82:2d:9d:3a:b5:6c:ff:
16:51:0a:4d:f0:99:f7:90:96:5e:dd:ed:ec:00:d8:
cf:86:2c:be:49:ff:8c:cc:fc:01:18:aa:86:70:e6:
52:ae:32:ba:c5:7c:95:29:cd:02:0b:37:c7:d5:31:
61:9e:9f:55:0a:4d:86:73:bc:b3:a3:3a:98:ae:f0:
76:95:24:3b:37:98:cb:a9:5c:b8:76:c0:e2:b3:a4:
0a:dd:aa:36:9d:76:49:87:4b:92:d0:48:29:76:3b:
0e:67:72:d4:2b:b9:ce:0d:77:e7:98:9e:e7:85:53:
db:f6:8e:3b:7c:2a:3d:ba:5c:6a:c3:ec:71:a5:eb:
8e:94:87:aa:cf:5e:e0:ef:60:07:fd:d2:ef:09:14:
55:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:3E:32:42:06:52:11:E3:82:1B:04:98:08:24:A8:FE:C0:0F:76:8D
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/uj4yQgZSEeOCGwSYCCSo_sAPdo0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.104.147.0-109.104.148.255
109.104.150.0/23
Signature Algorithm: sha256WithRSAEncryption
30:fa:df:ea:09:c2:6a:af:45:26:15:49:fa:95:23:6a:1c:dd:
b6:74:75:06:22:f0:e8:1d:f8:b2:50:75:4f:41:18:33:37:88:
85:08:09:ee:c7:a9:83:7f:9f:14:7c:4b:9b:d0:50:bd:b6:25:
bf:1f:9b:ce:52:1b:64:f2:6e:eb:84:e8:08:6c:31:9c:ca:b9:
39:2c:6f:d0:84:87:9f:87:4a:dc:70:8f:39:b2:74:aa:ae:af:
0d:86:1d:01:4a:78:ca:7f:a7:e5:c9:fb:40:76:ef:ff:15:1d:
85:3b:13:aa:46:06:91:83:e9:84:f6:2d:51:a4:06:57:e5:48:
07:15:1f:b0:71:eb:be:27:1e:c6:0e:46:8c:c7:f7:e2:17:71:
d9:16:35:e4:da:14:60:06:5c:d9:6b:00:2b:6f:94:34:d7:63:
c2:69:aa:d8:f2:c5:46:d6:96:8a:d3:7e:43:bf:39:d6:3f:79:
d9:d4:e4:a6:bc:22:21:06:20:e8:e4:8e:bc:ed:5e:ab:f7:1e:
b1:ec:17:eb:c2:37:c6:a6:17:8b:45:1c:8f:4c:19:8f:b1:21:
c6:7c:2d:1d:85:39:a2:f7:81:86:81:c2:1a:07:ef:78:26:dd:
ab:89:b4:d1:00:c7:95:53:8d:7c:39:8e:94:05:85:93:ce:74:
97:4d:4e:44
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYIV1EmsPPQIpZTPtgTdVE6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjIwNzE5MDk0MDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNlMzI0MjA2NTIxMWUzODIxYjA0OTgwODI0YThmZWMwMGY3NjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsyZFPAgk+d76Cb7ceV7HvmQIzoZ
vJvJXfvPef+gV2800QcXKXV89dmZc+bWOcJhR/fdfN3jrNFXReWTyeYx0B91VEBK
OlRYni0iFQ4khHczJ6EUxwM4+no7I1lvao+0lyhrVm/PC3W2JSop/cYTFoItnTq1
bP8WUQpN8Jn3kJZe3e3sANjPhiy+Sf+MzPwBGKqGcOZSrjK6xXyVKc0CCzfH1TFh
np9VCk2Gc7yzozqYrvB2lSQ7N5jLqVy4dsDis6QK3ao2nXZJh0uS0EgpdjsOZ3LU
K7nODXfnmJ7nhVPb9o47fCo9ulxqw+xxpeuOlIeqz17g72AH/dLvCRRVPwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLo+MkIGUhHjghsEmAgkqP7AD3aNMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL3VqNHlRZ1pTRWVPQ0d3U1lDQ1NvX3NBUGRvMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgABMBQwDAMEAG1o
kwMEAG1olAMEAW1oljANBgkqhkiG9w0BAQsFAAOCAQEAMPrf6gnCaq9FJhVJ+pUj
ahzdtnR1BiLw6B34slB1T0EYMzeIhQgJ7sepg3+fFHxLm9BQvbYlvx+bzlIbZPJu
64ToCGwxnMq5OSxv0ISHn4dK3HCPObJ0qq6vDYYdAUp4yn+n5cn7QHbv/xUdhTsT
qkYGkYPphPYtUaQGV+VIBxUfsHHrvicexg5GjMf34hdx2RY15NoUYAZc2WsAK2+U
NNdjwmmq2PLFRtaWitN+Q7851j952dTkprwiIQYg6OSOvO1eq/cesewX68I3xqYX
i0Ucj0wZj7EhxnwtHYU5oveBhoHCGgfveCbdq4m00QDHlVONfDmOlAWFk850l01O
RA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:04 2023 by rpki-client on console-ams.rpki-client.org