Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/4mOwkfpVBjBlkg3hDuZdq2q7MVw.roa
File: 4mOwkfpVBjBlkg3hDuZdq2q7MVw.roa (raw, json)
Hash identifier: ktF6PWlw5WEva7s9FYIZpwnKWQlkrcly1OYZQlbhY0c=
Subject key identifier: E2:63:B0:91:FA:55:06:30:65:92:0D:E1:0E:E6:5D:AB:6A:BB:31:5C
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 0188E5D451BD470B42F9B0F563139DE78582
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/4mOwkfpVBjBlkg3hDuZdq2q7MVw.roa
Signing time: Fri 23 Jun 2023 01:17:56 +0000
ROA not before: Fri 23 Jun 2023 01:17:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48265
IP address blocks: 91.210.137.0/24 maxlen: 24
91.210.138.0/24 maxlen: 24
91.210.136.0/24 maxlen: 24
91.210.139.0/24 maxlen: 24
109.104.131.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.129.0/24 maxlen: 24
109.104.130.0/24 maxlen: 24
109.104.128.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.134.0/24 maxlen: 24
109.104.145.0/24 maxlen: 24
109.104.144.0/24 maxlen: 24
109.104.159.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:e5:d4:51:bd:47:0b:42:f9:b0:f5:63:13:9d:e7:85:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Jun 23 01:17:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e263b091fa55063065920de10ee65dab6abb315c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:fa:72:fe:4b:f2:c0:93:d7:f7:b5:44:6f:15:
81:45:10:09:0f:36:d8:b3:a2:ab:49:94:f7:cc:74:
9c:0e:41:1a:2a:08:26:8b:e5:0c:96:e4:2f:46:4a:
87:e9:a8:96:f2:dd:49:c1:9e:7b:a8:47:df:ec:59:
d6:82:85:68:2e:11:d8:bf:96:7c:e4:e4:00:89:9a:
9b:3a:e7:5a:e4:35:f3:92:10:0a:f2:69:33:e1:b0:
98:05:69:7c:c4:f7:1a:9f:44:09:a7:61:48:01:03:
a0:6e:42:de:4a:84:e0:a7:c7:85:1c:70:b2:d8:0b:
2e:ed:ce:d6:59:f1:8e:0d:07:f2:aa:f2:a3:d6:2f:
81:e2:13:f8:f6:99:9d:19:a9:2c:a3:b1:30:94:06:
fa:05:33:bb:d9:cd:c6:2d:06:ba:47:b8:f0:52:1c:
a9:57:30:85:99:51:9c:04:0d:3f:f1:98:ae:d2:ad:
6a:89:15:f1:1a:b0:4a:44:6f:9a:da:ca:01:c6:1c:
9d:cf:64:c0:ec:63:55:3b:65:d6:eb:20:75:84:44:
04:64:21:52:89:18:3b:c6:70:c0:13:a0:85:8a:fd:
38:26:17:d0:a3:7c:0a:ef:44:b0:25:23:ff:aa:5c:
f5:a3:1a:a7:d8:35:e1:98:19:ef:54:d4:20:c0:55:
0a:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:63:B0:91:FA:55:06:30:65:92:0D:E1:0E:E6:5D:AB:6A:BB:31:5C
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/4mOwkfpVBjBlkg3hDuZdq2q7MVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.136.0/22
109.104.128.0-109.104.139.255
109.104.144.0/23
109.104.157.0-109.104.159.255
Signature Algorithm: sha256WithRSAEncryption
37:75:4b:0e:50:f0:9a:35:0c:d6:95:6c:00:1f:ad:35:b4:53:
7c:3b:fb:ef:2a:1e:a6:45:48:64:a4:96:6a:aa:7c:38:e3:02:
6d:f6:e5:0f:87:56:12:7c:45:2f:e0:ea:5b:3c:54:68:23:42:
01:61:42:07:1b:76:6c:31:2c:01:bd:d3:9c:72:74:b6:e7:9a:
b4:fe:31:68:26:b1:d3:00:58:da:95:22:d8:21:d8:cd:cb:46:
7c:66:33:c4:5f:52:ed:97:18:c9:86:f3:02:0f:6d:c3:63:99:
f1:13:9f:e3:55:1d:ad:a7:b1:9e:be:42:60:6f:c4:69:e5:b7:
39:9a:7d:e1:6d:25:d3:84:af:4f:02:a3:de:93:6c:c6:f3:47:
26:ca:5f:c4:89:c0:b4:89:e4:89:7b:eb:a7:d8:62:b4:b9:d3:
dc:16:6a:b1:c3:92:88:f8:d3:83:cb:7e:05:62:aa:f8:f2:29:
21:b1:96:2c:04:bc:ed:2e:84:4d:59:b0:a7:c8:d3:7e:47:15:
8a:97:a7:e5:9e:d9:8d:33:99:53:a9:3b:98:6f:ce:1d:de:ba:
09:75:dc:bb:82:5d:8c:3f:57:5d:d0:d2:e2:af:6c:b9:52:76:
d2:43:2a:f7:d4:3a:49:1e:f0:87:8e:0c:a2:eb:58:55:84:b3:
29:07:4e:d6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYjl1FG9RwtC+bD1YxOd54WCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMwNjIzMDExNzU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjYzYjA5MWZhNTUwNjMwNjU5MjBkZTEwZWU2NWRhYjZhYmIzMTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvpy/kvywJPX97VEbxWBRRAJDzbY
s6KrSZT3zHScDkEaKggmi+UMluQvRkqH6aiW8t1JwZ57qEff7FnWgoVoLhHYv5Z8
5OQAiZqbOuda5DXzkhAK8mkz4bCYBWl8xPcan0QJp2FIAQOgbkLeSoTgp8eFHHCy
2Asu7c7WWfGODQfyqvKj1i+B4hP49pmdGakso7EwlAb6BTO72c3GLQa6R7jwUhyp
VzCFmVGcBA0/8Ziu0q1qiRXxGrBKRG+a2soBxhydz2TA7GNVO2XW6yB1hEQEZCFS
iRg7xnDAE6CFiv04JhfQo3wK70SwJSP/qlz1oxqn2DXhmBnvVNQgwFUK0wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFOJjsJH6VQYwZZIN4Q7mXatquzFcMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xLzRtT3drZnBWQmpCbGtnM2hEdVpkcTJxN01Wdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQQYIKwYBBQUHAQcBAf8EMjAwMC4EAgABMCgDBAJb0ogw
DAMEB21ogAMEAm1oiAMEAW1okDAMAwQAbWidAwQFbWiAMA0GCSqGSIb3DQEBCwUA
A4IBAQA3dUsOUPCaNQzWlWwAH601tFN8O/vvKh6mRUhkpJZqqnw44wJt9uUPh1YS
fEUv4OpbPFRoI0IBYUIHG3ZsMSwBvdOccnS255q0/jFoJrHTAFjalSLYIdjNy0Z8
ZjPEX1LtlxjJhvMCD23DY5nxE5/jVR2tp7GevkJgb8Rp5bc5mn3hbSXThK9PAqPe
k2zG80cmyl/EicC0ieSJe+un2GK0udPcFmqxw5KI+NODy34FYqr48ikhsZYsBLzt
LoRNWbCnyNN+RxWKl6flntmNM5lTqTuYb84d3roJddy7gl2MP1dd0NLir2y5UnbS
Qyr31DpJHvCHjgyi61hVhLMpB07W
-----END CERTIFICATE-----
Generated at Mon May 12 04:04:23 2025 by rpki-client