Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8tIXX12OFXn35GO6Z7CbpqXZmms.roa
File: 8tIXX12OFXn35GO6Z7CbpqXZmms.roa (raw, json)
Hash identifier: s13315VbBFJQHDhbpIZuEGep0sMMAaxPIP+cijpSGVU=
Subject key identifier: F2:D2:17:5F:5D:8E:15:79:F7:E4:63:BA:67:B0:9B:A6:A5:D9:9A:6B
Certificate issuer: /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial: 018570305D50EA4FCB91A585A4DFF1643F84
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8tIXX12OFXn35GO6Z7CbpqXZmms.roa
Signing time: Mon 02 Jan 2023 01:54:55 +0000
ROA not before: Mon 02 Jan 2023 01:54:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52000
IP address blocks: 77.91.73.0/24 maxlen: 24
77.91.127.0/24 maxlen: 24
77.91.126.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:30:5d:50:ea:4f:cb:91:a5:85:a4:df:f1:64:3f:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Validity
Not Before: Jan 2 01:54:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f2d2175f5d8e1579f7e463ba67b09ba6a5d99a6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:a6:d5:17:97:06:2f:b2:b3:37:e1:18:f4:d6:
b5:e3:99:32:d9:98:09:f3:9a:25:cf:7b:ca:90:88:
9f:fd:0f:62:7f:e3:b0:2c:d4:d9:46:b9:6d:b4:be:
67:3a:05:20:06:7b:36:35:01:e4:8c:19:9f:d7:fb:
c5:b4:75:15:42:6f:2c:da:56:ff:69:4c:15:12:20:
ae:df:f3:d9:0d:a5:5b:08:9e:7b:5a:3a:5a:62:2d:
99:da:c7:9c:18:f0:30:bd:9b:fd:c8:93:6b:52:06:
df:99:ed:78:2b:ac:25:15:c6:24:7a:01:50:02:cd:
00:f9:c6:a8:1e:46:f8:c6:ae:74:58:a8:bf:3b:bd:
4f:79:9e:9a:70:7e:29:cb:cb:f7:e3:e2:d3:eb:cb:
b5:5d:37:59:10:69:9f:e8:e4:c0:5e:94:ec:8e:a4:
fa:80:59:3f:a1:22:ca:05:f8:2c:70:35:59:2b:c1:
67:94:ce:50:aa:fc:95:ae:de:02:f4:b3:3e:4c:75:
40:23:50:b0:79:98:d0:bd:e7:f7:ca:fa:65:2f:6e:
4b:78:c5:bc:46:ed:3d:02:a8:8d:1f:3d:cb:44:ac:
c0:5a:17:05:cf:0d:25:2d:43:f7:bc:32:77:b0:bb:
6c:0d:1f:89:c7:2e:c7:7b:1e:49:6b:24:2a:da:d7:
05:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:D2:17:5F:5D:8E:15:79:F7:E4:63:BA:67:B0:9B:A6:A5:D9:9A:6B
X509v3 Authority Key Identifier:
keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8tIXX12OFXn35GO6Z7CbpqXZmms.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.73.0/24
77.91.126.0/23
Signature Algorithm: sha256WithRSAEncryption
a9:6a:38:04:19:04:3e:51:fe:d4:a9:46:0a:93:76:0c:c1:ba:
9b:d5:75:8f:fa:e8:ed:b2:da:fb:e8:d4:04:d7:a7:f9:7f:25:
30:38:85:e6:9a:b5:8e:ee:f6:9e:27:60:b4:61:7e:10:57:cd:
a8:5f:60:96:88:7f:7b:47:e5:c3:7b:c9:20:c1:21:9c:c4:45:
dc:2a:05:75:55:8d:89:76:02:49:cf:c5:a3:a2:d8:8c:5d:dc:
65:1a:56:60:05:d4:1c:44:3e:c5:fc:44:37:ad:bc:84:47:c1:
68:3a:a3:cd:d4:ec:16:fa:73:83:c7:91:29:a7:84:66:89:73:
8e:24:d9:ff:51:0f:b7:7e:5c:7e:ae:9a:3b:96:4b:b5:ac:77:
a6:5c:7f:65:2e:28:76:64:d9:a2:5d:1e:db:ad:a1:11:7d:ac:
d8:2e:98:8d:a7:50:61:f7:db:de:7b:a6:43:8d:b0:e3:dd:2e:
7a:86:65:97:1c:03:07:94:fd:dc:66:36:70:08:ce:af:a0:e5:
ef:1e:5b:fd:c7:3d:a1:fa:81:ed:56:8b:a2:9d:b7:00:68:b2:
be:68:92:d2:50:c6:d2:93:c4:03:c9:d4:07:09:78:22:0f:68:
1b:44:cb:c3:67:77:87:5d:d1:dd:57:5d:02:e4:b5:7c:bf:5c:
59:db:a0:af
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVwMF1Q6k/LkaWFpN/xZD+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMTAyMDE1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQyMTc1ZjVkOGUxNTc5ZjdlNDYzYmE2N2IwOWJhNmE1ZDk5YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqbVF5cGL7KzN+EY9Na145ky2ZgJ
85olz3vKkIif/Q9if+OwLNTZRrlttL5nOgUgBns2NQHkjBmf1/vFtHUVQm8s2lb/
aUwVEiCu3/PZDaVbCJ57WjpaYi2Z2secGPAwvZv9yJNrUgbfme14K6wlFcYkegFQ
As0A+caoHkb4xq50WKi/O71PeZ6acH4py8v34+LT68u1XTdZEGmf6OTAXpTsjqT6
gFk/oSLKBfgscDVZK8FnlM5QqvyVrt4C9LM+THVAI1CweZjQvef3yvplL25LeMW8
Ru09AqiNHz3LRKzAWhcFzw0lLUP3vDJ3sLtsDR+Jxy7Hex5JayQq2tcFHQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPLSF19djhV59+Rjumewm6al2ZprMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xLzh0SVhYMTJPRlhuMzVHTzZaN0NicHFYWm1tcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABNW0kD
BAFNW34wDQYJKoZIhvcNAQELBQADggEBAKlqOAQZBD5R/tSpRgqTdgzBupvVdY/6
6O2y2vvo1ATXp/l/JTA4heaatY7u9p4nYLRhfhBXzahfYJaIf3tH5cN7ySDBIZzE
RdwqBXVVjYl2AknPxaOi2Ixd3GUaVmAF1BxEPsX8RDetvIRHwWg6o83U7Bb6c4PH
kSmnhGaJc44k2f9RD7d+XH6umjuWS7Wsd6Zcf2UuKHZk2aJdHtutoRF9rNgumI2n
UGH32957pkONsOPdLnqGZZccAweU/dxmNnAIzq+g5e8eW/3HPaH6ge1Wi6KdtwBo
sr5oktJQxtKTxAPJ1AcJeCIPaBtEy8Nnd4dd0d1XXQLktXy/XFnboK8=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:06 2023 by rpki-client on console-ams.rpki-client.org