Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/QXFawmjNfMN2goBWmdYHaHJ3DxA.roa
File: QXFawmjNfMN2goBWmdYHaHJ3DxA.roa (raw, json)
Hash identifier: iTwcXV7jPZuz2ByekETi6bR9szysJ6jMHt/fflIgLJA=
Subject key identifier: 41:71:5A:C2:68:CD:7C:C3:76:82:80:56:99:D6:07:68:72:77:0F:10
Certificate issuer: /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial: 018489CF21BC811DBC027E922DBA71FCD6C0
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/QXFawmjNfMN2goBWmdYHaHJ3DxA.roa
Signing time: Fri 18 Nov 2022 08:16:03 +0000
ROA not before: Fri 18 Nov 2022 08:16:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44477
IP address blocks: 77.91.75.0/24 maxlen: 24
77.91.101.0/24 maxlen: 24
77.91.122.0/23 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:89:cf:21:bc:81:1d:bc:02:7e:92:2d:ba:71:fc:d6:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Validity
Not Before: Nov 18 08:16:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=41715ac268cd7cc37682805699d6076872770f10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:e5:b8:d5:58:75:cc:89:2c:6b:99:83:f2:5a:
2a:b1:4c:14:07:a6:16:60:72:38:49:3f:97:11:c8:
f9:fe:5a:4a:f2:69:10:23:f0:db:95:d6:85:01:93:
cd:60:2c:e0:f0:27:9d:50:75:92:9c:1e:3e:9e:7e:
19:d7:03:e4:dd:68:1e:f6:67:02:0e:d6:c1:08:d7:
ea:a1:f7:d8:b9:8e:9c:4a:bb:74:35:cb:94:26:fb:
f3:49:41:50:83:b6:c5:99:2f:6a:58:23:60:2a:94:
2b:cd:9c:c1:88:08:a1:78:5e:56:1e:f3:10:9a:dc:
e8:e9:ed:b5:e1:3a:97:40:fa:97:37:ff:c9:f0:2a:
ac:28:b4:70:bc:77:3c:22:dc:22:36:35:83:5c:f2:
7d:02:5a:26:61:15:75:ca:7a:73:88:93:71:5a:81:
8f:79:e3:da:41:e9:51:b8:94:3d:13:66:15:a5:76:
56:1a:cb:d0:8f:59:20:16:7a:b6:38:8b:e9:1e:36:
02:19:fe:78:71:fd:80:b7:df:88:c6:6d:37:28:33:
a0:08:9b:10:f8:4c:42:34:fc:a4:87:1e:e8:fc:10:
41:24:47:8d:32:64:36:54:31:cc:61:19:45:33:c6:
79:4a:7b:70:5d:8b:a6:e8:0e:9b:e9:a2:c2:71:a5:
ab:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:71:5A:C2:68:CD:7C:C3:76:82:80:56:99:D6:07:68:72:77:0F:10
X509v3 Authority Key Identifier:
keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/QXFawmjNfMN2goBWmdYHaHJ3DxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.75.0/24
77.91.101.0/24
77.91.122.0/23
Signature Algorithm: sha256WithRSAEncryption
0f:42:6b:75:f6:57:31:ba:a8:01:9b:11:e1:15:5d:27:ac:30:
3a:5c:5e:1f:9e:e4:be:b7:54:1b:9c:5b:bf:db:5f:74:07:1a:
0d:77:fd:73:7c:ae:f2:bf:f4:0d:ea:b4:0c:42:6b:ec:53:6a:
67:ca:fc:b3:cd:1a:8b:6a:85:87:60:a5:f2:49:b9:65:3b:f0:
e3:be:f7:47:0e:67:b7:ab:6c:2c:f8:25:8f:86:18:98:15:48:
db:01:47:a9:94:47:6f:95:98:89:18:9b:a3:69:3f:ff:dd:9d:
58:f3:37:32:a8:ea:0d:89:2f:f1:8c:34:95:73:a4:13:4a:9a:
a7:5e:2a:07:2b:18:79:d0:6e:79:8e:8a:c4:86:a5:3a:a8:9e:
70:f2:b1:a6:84:71:8c:79:e4:36:75:14:e2:08:ca:24:74:9f:
5d:29:df:55:7b:3e:d3:73:fe:ca:56:10:bf:dd:9e:a8:d2:2b:
0d:6b:3d:fb:4e:ed:07:b0:1c:d8:9b:0c:0b:c4:3f:4e:d1:48:
ee:b1:d3:8b:c0:54:4b:1c:22:e7:f0:00:81:29:9a:10:1c:7d:
00:23:99:2b:33:ce:92:65:10:d2:2b:74:53:d7:d3:ce:90:af:
10:0d:3f:07:7b:d4:be:51:d9:12:db:3c:01:9e:df:25:aa:3e:
34:d9:bf:41
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYSJzyG8gR28An6SLbpx/NbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjIxMTE4MDgxNjAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcxNWFjMjY4Y2Q3Y2MzNzY4MjgwNTY5OWQ2MDc2ODcyNzcwZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuW41Vh1zIksa5mD8loqsUwUB6YW
YHI4ST+XEcj5/lpK8mkQI/DbldaFAZPNYCzg8CedUHWSnB4+nn4Z1wPk3Wge9mcC
DtbBCNfqoffYuY6cSrt0NcuUJvvzSUFQg7bFmS9qWCNgKpQrzZzBiAiheF5WHvMQ
mtzo6e214TqXQPqXN//J8CqsKLRwvHc8ItwiNjWDXPJ9AlomYRV1ynpziJNxWoGP
eePaQelRuJQ9E2YVpXZWGsvQj1kgFnq2OIvpHjYCGf54cf2At9+Ixm03KDOgCJsQ
+ExCNPykhx7o/BBBJEeNMmQ2VDHMYRlFM8Z5SntwXYum6A6b6aLCcaWrVwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEFxWsJozXzDdoKAVpnWB2hydw8QMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL1FYRmF3bWpOZk1OMmdvQldtZFlIYUhKM0R4QS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABNW0sD
BABNW2UDBAFNW3owDQYJKoZIhvcNAQELBQADggEBAA9Ca3X2VzG6qAGbEeEVXSes
MDpcXh+e5L63VBucW7/bX3QHGg13/XN8rvK/9A3qtAxCa+xTamfK/LPNGotqhYdg
pfJJuWU78OO+90cOZ7erbCz4JY+GGJgVSNsBR6mUR2+VmIkYm6NpP//dnVjzNzKo
6g2JL/GMNJVzpBNKmqdeKgcrGHnQbnmOisSGpTqonnDysaaEcYx55DZ1FOIIyiR0
n10p31V7PtNz/spWEL/dnqjSKw1rPftO7QewHNibDAvEP07RSO6x04vAVEscIufw
AIEpmhAcfQAjmSszzpJlENIrdFPX086QrxANPwd71L5R2RLbPAGe3yWqPjTZv0E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org