Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-k8jHNavmDg-gOj7o-2p1eYuNeQ.roa
File: 1-k8jHNavmDg-gOj7o-2p1eYuNeQ.roa (raw, json)
Hash identifier: p/NinKE837j3Gett5lz0q8hii8dPy/LBZZfAsRZd1/8=
Subject key identifier: FA:4F:23:1C:D6:AF:98:38:3E:80:E8:FB:A3:ED:A9:D5:E6:2E:35:E4
Certificate issuer: /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial: 127E2FEC
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-k8jHNavmDg-gOj7o-2p1eYuNeQ.roa
Signing time: Sat 01 Jan 2022 15:05:38 +0000
ROA not before: Sat 01 Jan 2022 15:05:38 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 64419
IP address blocks: 77.91.120.0/23 maxlen: 32
77.91.120.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 310259692 (0x127e2fec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Validity
Not Before: Jan 1 15:05:38 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fa4f231cd6af98383e80e8fba3eda9d5e62e35e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:41:2e:a7:71:3a:59:7a:60:f5:e6:b9:19:f6:
86:a6:33:66:e2:43:92:ec:b9:de:b3:85:ab:35:05:
a1:83:c0:44:2e:38:26:59:93:a6:3d:8e:fa:5e:cf:
c3:f0:fb:53:82:07:23:53:9c:43:00:55:e8:24:6c:
c8:0c:ff:8d:61:a5:2d:fd:b2:d8:e0:7e:d6:f9:2d:
ac:c4:cd:b5:e5:0e:a5:9c:62:53:52:15:3f:97:b1:
23:79:58:9e:3c:f4:00:d5:51:a4:62:4b:c8:23:f1:
09:cf:1e:b5:50:d4:34:94:4d:a5:74:fa:d6:00:65:
8d:54:5f:12:be:55:9e:6f:8e:c2:af:bd:41:ce:be:
8a:ee:d7:92:44:a7:4d:4f:4e:4c:93:63:a9:7d:f6:
e4:52:60:79:92:16:67:8a:eb:b7:0a:4f:85:dc:9a:
e8:35:47:a0:33:a1:a6:ac:51:fa:63:72:bf:dd:be:
68:a6:68:1c:4c:5f:e4:a3:1a:90:0a:b9:f7:e5:f8:
b0:b1:af:51:e2:66:68:fe:bf:1e:83:42:20:e7:a7:
31:1e:36:1a:a3:76:ed:eb:8a:84:27:14:3e:79:d6:
4c:df:86:07:23:6d:6f:60:b3:f0:ba:66:db:3f:5b:
ba:5b:e1:aa:3d:01:8d:36:b9:4e:ce:ee:df:1d:02:
7e:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:4F:23:1C:D6:AF:98:38:3E:80:E8:FB:A3:ED:A9:D5:E6:2E:35:E4
X509v3 Authority Key Identifier:
keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-k8jHNavmDg-gOj7o-2p1eYuNeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.120.0/23
Signature Algorithm: sha256WithRSAEncryption
56:f8:c5:4e:ed:60:18:9c:a7:89:2a:bb:b6:64:7a:fb:02:84:
08:b6:eb:46:32:3e:64:60:a6:02:38:2b:41:b7:9b:fc:69:bb:
0f:5f:fc:5b:1d:e6:05:70:cc:09:4c:fa:dd:39:12:dc:61:9e:
d7:51:eb:37:02:a7:ed:4a:f5:1a:40:90:39:1b:0c:f3:dd:10:
29:3a:db:3a:76:b1:df:5e:db:87:52:b3:0c:fa:77:47:eb:e1:
dc:43:55:4a:db:57:7e:ff:e4:17:96:8f:af:f7:65:18:cc:9c:
17:3f:2d:54:4d:92:71:40:b9:2f:6e:a0:8c:aa:5a:f5:11:d4:
48:98:c7:2c:33:81:85:43:bd:e6:82:22:b3:b5:4b:6b:1e:88:
a9:d0:67:51:2e:0e:df:4b:b9:d7:bb:eb:72:3a:61:61:b2:ca:
ea:fa:e2:e7:6c:a2:33:6a:91:37:07:2e:bf:bd:38:f1:ae:b1:
f5:9d:fe:2a:5d:b1:fb:38:2c:b2:50:13:57:d2:72:00:62:14:
25:a9:0d:30:f0:0f:1f:9f:5a:7c:28:03:0b:d2:03:3f:61:73:
f9:4c:7f:d0:f7:4d:a0:11:c1:db:29:5b:33:9f:70:cc:34:7b:
cb:7f:6f:cb:ae:3b:75:7b:46:eb:f1:73:d6:42:d4:79:9c:95:
a1:34:00:6c
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEEn4v7DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjMyZTlmNGFhMzJhYmE3MzEyZmFiMDU0YjE3NGRjZThjNTE1Y2EzMB4XDTIyMDEw
MTE1MDUzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmE0ZjIzMWNkNmFm
OTgzODNlODBlOGZiYTNlZGE5ZDVlNjJlMzVlNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMtBLqdxOll6YPXmuRn2hqYzZuJDkuy53rOFqzUFoYPARC44
JlmTpj2O+l7Pw/D7U4IHI1OcQwBV6CRsyAz/jWGlLf2y2OB+1vktrMTNteUOpZxi
U1IVP5exI3lYnjz0ANVRpGJLyCPxCc8etVDUNJRNpXT61gBljVRfEr5Vnm+Owq+9
Qc6+iu7XkkSnTU9OTJNjqX325FJgeZIWZ4rrtwpPhdya6DVHoDOhpqxR+mNyv92+
aKZoHExf5KMakAq59+X4sLGvUeJmaP6/HoNCIOenMR42GqN27euKhCcUPnnWTN+G
ByNtb2Cz8Lpm2z9bulvhqj0BjTa5Ts7u3x0CfqcCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBT6TyMc1q+YOD6A6Puj7anV5i415DAfBgNVHSMEGDAWgBT7Mun0qjKrpzEv
qwVLF03OjFFcozAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY2VyMIGOBggrBgEFBQcBCwSB
gTB/MH0GCCsGAQUFBzALhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2Yv
MS8xLWs4akhOYXZtRGctZ09qN28tMnAxZVl1TmVRLnJvYTCBggYDVR0fBHsweTB3
oHWgc4ZxcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9l
Mi8yNzg2NjMtYjEzNS00ZGIxLWEwNDQtMjA2MjRiM2MxNTdmLzEvMS16THA5S295
cTZjeEw2c0ZTeGROem94UlhLTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU1beDANBgkqhkiG9w0BAQsF
AAOCAQEAVvjFTu1gGJyniSq7tmR6+wKECLbrRjI+ZGCmAjgrQbeb/Gm7D1/8Wx3m
BXDMCUz63TkS3GGe11HrNwKn7Ur1GkCQORsM890QKTrbOnax317bh1KzDPp3R+vh
3ENVSttXfv/kF5aPr/dlGMycFz8tVE2ScUC5L26gjKpa9RHUSJjHLDOBhUO95oIi
s7VLax6IqdBnUS4O30u517vrcjphYbLK6vri52yiM2qRNwcuv7048a6x9Z3+Kl2x
+zgsslATV9JyAGIUJakNMPAPH59afCgDC9IDP2Fz+Ux/0PdNoBHB2ylbM59wzDR7
y39vy647dXtG6/Fz1kLUeZyVoTQAbA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:16 2023 by rpki-client on console-fra.rpki-client.org