Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/xdQyp_-SfX5lSqYN0BwaThddENo.roa
File: xdQyp_-SfX5lSqYN0BwaThddENo.roa (raw, json)
Hash identifier: G4DhnyuOjevdV20HK6nox8TVBpLG778md5AQw3wJLbk=
Subject key identifier: C5:D4:32:A7:FF:92:7D:7E:65:4A:A6:0D:D0:1C:1A:4E:17:5D:10:DA
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0184ECDD5B33D9ABDF3C175178EEC22D2904
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/xdQyp_-SfX5lSqYN0BwaThddENo.roa
Signing time: Wed 07 Dec 2022 13:54:00 +0000
ROA not before: Wed 07 Dec 2022 13:54:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 197706
IP address blocks: 109.104.149.0/24 maxlen: 24
109.104.147.0/24 maxlen: 24
109.104.148.0/24 maxlen: 24
109.104.146.0/24 maxlen: 24
109.104.152.0/24 maxlen: 24
109.104.150.0/24 maxlen: 24
109.104.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:ec:dd:5b:33:d9:ab:df:3c:17:51:78:ee:c2:2d:29:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Dec 7 13:54:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c5d432a7ff927d7e654aa60dd01c1a4e175d10da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:57:af:4b:b6:7b:bc:29:69:49:32:a4:8c:1b:
a1:2a:92:36:47:30:13:3c:d1:7a:c7:38:f7:d0:bc:
5c:d5:9b:4d:de:24:9a:e1:61:db:89:84:d2:36:51:
1d:5f:68:8b:dc:0d:ca:cc:f0:6c:08:8e:17:2a:1d:
cc:59:48:d5:2e:60:68:36:95:3f:1e:69:7c:53:65:
72:e1:40:6b:9c:f4:f3:6a:51:ba:9b:6c:4f:18:cc:
53:78:18:b4:0d:0d:83:4d:19:62:8a:9e:2c:18:34:
8c:4a:8e:55:8a:a8:d4:9b:25:1d:b8:05:38:af:89:
54:b9:02:66:9f:8a:b2:c7:fd:c6:a9:c1:4e:58:62:
42:ea:6e:5b:8c:8d:c2:a1:a5:9a:80:b2:d2:a7:3f:
ba:3b:3c:e8:aa:4e:ae:99:47:d1:53:ee:c4:7c:fc:
ce:df:df:a8:20:46:ab:b2:fe:7c:0e:fe:78:d0:08:
f0:6a:98:93:40:ab:16:d4:9f:d2:0c:ea:66:9f:b1:
bb:27:6b:03:49:5f:c8:cd:20:0c:c2:4d:ca:38:dc:
cb:e6:2f:94:41:fa:cd:10:94:a3:dc:98:b1:b9:a5:
f4:7d:45:60:33:4b:92:be:73:39:dd:3c:09:31:89:
78:1d:71:92:f2:d7:a6:68:a7:da:4b:10:1d:67:92:
da:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:D4:32:A7:FF:92:7D:7E:65:4A:A6:0D:D0:1C:1A:4E:17:5D:10:DA
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/xdQyp_-SfX5lSqYN0BwaThddENo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.104.146.0-109.104.152.255
Signature Algorithm: sha256WithRSAEncryption
55:f9:be:52:2b:8b:eb:e1:86:66:6e:23:d0:65:39:12:08:45:
fd:27:a0:74:ee:f0:7e:23:76:98:7e:95:50:ab:4b:ed:17:25:
48:21:a2:21:25:37:7e:a1:02:49:30:ae:a4:c9:d7:29:6f:90:
36:fc:0d:47:43:f2:d8:48:a9:87:14:f0:47:58:05:5b:96:25:
67:1f:75:1a:10:e1:8e:65:42:6f:a0:cf:a7:53:89:73:d6:0a:
2a:92:80:ee:f1:af:a2:ba:8a:f3:61:54:7d:81:ff:5d:28:47:
3f:f9:77:48:af:a8:75:67:0b:3e:fa:40:30:81:11:9d:c2:ca:
10:3a:08:2b:e3:f3:4a:31:5b:30:f1:40:3d:3d:a7:ae:d7:e3:
bf:d3:3b:ca:8f:30:1b:f4:d4:2e:75:d8:ec:92:a8:18:4e:a1:
e5:c6:81:75:93:89:ca:bf:70:c8:52:d8:25:fd:4c:23:d4:20:
6b:e7:7a:b7:b6:1c:77:3f:c2:33:d2:15:70:75:15:e0:46:44:
6d:b2:a4:3b:7c:76:1c:66:56:c2:35:f9:15:26:ff:7a:c4:e9:
58:05:c9:98:08:aa:08:61:f1:95:83:37:18:77:ba:8d:c6:96:
de:c8:df:fd:be:70:4e:24:a7:16:bf:1a:9e:71:61:d8:1f:c1:
5a:35:47:09
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYTs3Vsz2avfPBdReO7CLSkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjIxMjA3MTM1NDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWQ0MzJhN2ZmOTI3ZDdlNjU0YWE2MGRkMDFjMWE0ZTE3NWQxMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1evS7Z7vClpSTKkjBuhKpI2RzAT
PNF6xzj30Lxc1ZtN3iSa4WHbiYTSNlEdX2iL3A3KzPBsCI4XKh3MWUjVLmBoNpU/
Hml8U2Vy4UBrnPTzalG6m2xPGMxTeBi0DQ2DTRliip4sGDSMSo5ViqjUmyUduAU4
r4lUuQJmn4qyx/3GqcFOWGJC6m5bjI3CoaWagLLSpz+6Ozzoqk6umUfRU+7EfPzO
39+oIEarsv58Dv540AjwapiTQKsW1J/SDOpmn7G7J2sDSV/IzSAMwk3KONzL5i+U
QfrNEJSj3JixuaX0fUVgM0uSvnM53TwJMYl4HXGS8temaKfaSxAdZ5LatwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFMXUMqf/kn1+ZUqmDdAcGk4XXRDaMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL3hkUXlwXy1TZlg1bFNxWU4wQndhVGhkZEVOby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEAW1o
kgMEAG1omDANBgkqhkiG9w0BAQsFAAOCAQEAVfm+UiuL6+GGZm4j0GU5EghF/Seg
dO7wfiN2mH6VUKtL7RclSCGiISU3fqECSTCupMnXKW+QNvwNR0Py2EiphxTwR1gF
W5YlZx91GhDhjmVCb6DPp1OJc9YKKpKA7vGvorqK82FUfYH/XShHP/l3SK+odWcL
PvpAMIERncLKEDoIK+PzSjFbMPFAPT2nrtfjv9M7yo8wG/TULnXY7JKoGE6h5caB
dZOJyr9wyFLYJf1MI9Qga+d6t7Ycdz/CM9IVcHUV4EZEbbKkO3x2HGZWwjX5FSb/
esTpWAXJmAiqCGHxlYM3GHe6jcaW3sjf/b5wTiSnFr8annFh2B/BWjVHCQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:17 2023 by rpki-client on console-fra.rpki-client.org