Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/T5NCVhUvZWsFFowPE7oP9P-CmtE.roa
File: T5NCVhUvZWsFFowPE7oP9P-CmtE.roa (raw, json)
Hash identifier: DHKynW38JKFr8+SfvQ9zsaIrPEQw6zzeTC+MYtJZXi0=
Subject key identifier: 4F:93:42:56:15:2F:65:6B:05:16:8C:0F:13:BA:0F:F4:FF:82:9A:D1
Certificate issuer: /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial: 018625B84A0EEC8140BB7129140B0931C5BB
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/T5NCVhUvZWsFFowPE7oP9P-CmtE.roa
Signing time: Mon 06 Feb 2023 07:54:39 +0000
ROA not before: Mon 06 Feb 2023 07:54:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207168
IP address blocks: 77.91.98.0/23 maxlen: 32
2a00:1e68:125::/48 maxlen: 128
2a00:1e68:98::/47 maxlen: 128
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:25:b8:4a:0e:ec:81:40:bb:71:29:14:0b:09:31:c5:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Validity
Not Before: Feb 6 07:54:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4f934256152f656b05168c0f13ba0ff4ff829ad1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:ec:51:43:74:ec:8a:2e:0e:72:26:07:da:ff:
cd:b3:1b:ac:4d:78:81:36:c4:c8:af:11:7d:d0:48:
cd:f8:ff:e9:28:a0:98:ed:af:cf:c9:e6:cb:67:47:
3f:4a:31:ba:7e:d4:65:6b:a7:4b:63:4e:ab:85:12:
d3:9e:b6:52:4e:74:89:4e:cc:03:5b:74:4a:97:c0:
e6:cd:3d:27:97:a4:55:ac:03:4f:89:c8:ac:b7:b9:
34:73:b1:bc:ce:1a:ac:6d:65:c2:6f:28:0f:d7:ed:
b5:b7:e4:27:40:6d:fa:e3:1c:57:cf:ec:41:d4:f9:
33:3b:57:d5:fc:c5:41:6e:8d:79:2a:ca:fc:98:98:
84:f5:37:12:cd:64:31:8f:fa:9f:9a:42:88:a1:d9:
bc:3e:d0:8f:1c:9a:40:00:ce:c8:7f:7b:5b:29:8d:
ad:bd:e5:a1:aa:d5:e5:10:4d:da:ca:af:92:59:96:
64:93:a7:fe:b2:d8:84:83:26:61:22:78:65:49:23:
d2:19:3a:8b:bd:5c:35:dd:c7:f9:f8:ee:18:7e:02:
02:f7:d9:d1:6d:22:f6:f4:bc:3f:f6:e9:f5:35:49:
7f:f1:cf:3d:67:05:e2:e7:d6:cc:9d:03:8a:63:35:
d5:d3:11:ed:93:40:0d:fb:a8:88:87:61:1e:91:7b:
86:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:93:42:56:15:2F:65:6B:05:16:8C:0F:13:BA:0F:F4:FF:82:9A:D1
X509v3 Authority Key Identifier:
keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/T5NCVhUvZWsFFowPE7oP9P-CmtE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.98.0/23
IPv6:
2a00:1e68:98::/47
2a00:1e68:125::/48
Signature Algorithm: sha256WithRSAEncryption
2e:6c:52:a4:b6:06:e7:1c:ba:4e:33:9b:ca:c1:24:01:0b:45:
b4:5e:18:1b:24:9f:84:a9:9f:90:41:d0:1a:b6:20:0d:37:ba:
46:5e:07:5e:a9:23:49:e8:5f:db:0c:df:e4:32:5b:72:37:d0:
a4:36:9c:02:5d:6f:13:6a:92:b7:2e:e6:25:fc:75:e7:3d:51:
4e:08:2d:72:f2:21:ce:bc:08:4d:5d:97:09:b4:a9:40:1d:65:
4c:2f:78:b1:d4:d8:03:06:08:2a:82:f2:1d:9f:5a:81:f3:74:
d9:05:56:ca:f4:a8:59:0d:5f:62:08:a3:b4:c2:1a:20:6b:41:
c5:1b:e3:39:ec:de:c8:58:97:66:aa:30:33:eb:fe:85:0f:fc:
8b:dd:f0:e8:e0:d6:fc:80:72:a6:d6:f3:84:70:78:2a:50:29:
80:3e:53:a0:08:72:c7:5b:9f:8f:06:e0:f5:79:31:06:2e:03:
b3:f2:2b:23:6b:63:a5:c4:6d:47:a5:94:5a:c8:4c:b9:1d:f7:
8d:ac:7f:84:0a:30:fe:43:c0:19:b6:eb:b4:1f:b9:4b:10:46:
58:c9:cb:c2:dc:33:f8:33:81:f1:cc:d8:25:5d:fa:86:61:57:
19:76:f7:e9:eb:25:b4:ae:8c:70:4a:ea:a7:46:e6:e6:fc:28:
84:9e:d8:81
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYYluEoO7IFAu3EpFAsJMcW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMjA2MDc1NDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjkzNDI1NjE1MmY2NTZiMDUxNjhjMGYxM2JhMGZmNGZmODI5YWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOxRQ3Tsii4OciYH2v/NsxusTXiB
NsTIrxF90EjN+P/pKKCY7a/PyebLZ0c/SjG6ftRla6dLY06rhRLTnrZSTnSJTswD
W3RKl8DmzT0nl6RVrANPicist7k0c7G8zhqsbWXCbygP1+21t+QnQG364xxXz+xB
1PkzO1fV/MVBbo15Ksr8mJiE9TcSzWQxj/qfmkKIodm8PtCPHJpAAM7If3tbKY2t
veWhqtXlEE3ayq+SWZZkk6f+stiEgyZhInhlSSPSGTqLvVw13cf5+O4YfgIC99nR
bSL29Lw/9un1NUl/8c89ZwXi59bMnQOKYzXV0xHtk0AN+6iIh2EekXuGTwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFE+TQlYVL2VrBRaMDxO6D/T/gprRMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL1Q1TkNWaFV2WldzRkZvd1BFN29QOVAtQ210RS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOQYIKwYBBQUHAQcBAf8EKjAoMAwEAgABMAYDBAFNW2Iw
GAQCAAIwEgMHASoAHmgAmAMHACoAHmgBJTANBgkqhkiG9w0BAQsFAAOCAQEALmxS
pLYG5xy6TjObysEkAQtFtF4YGySfhKmfkEHQGrYgDTe6Rl4HXqkjSehf2wzf5DJb
cjfQpDacAl1vE2qSty7mJfx15z1RTggtcvIhzrwITV2XCbSpQB1lTC94sdTYAwYI
KoLyHZ9agfN02QVWyvSoWQ1fYgijtMIaIGtBxRvjOezeyFiXZqowM+v+hQ/8i93w
6ODW/IByptbzhHB4KlApgD5ToAhyx1ufjwbg9XkxBi4Ds/IrI2tjpcRtR6WUWshM
uR33jax/hAow/kPAGbbrtB+5SxBGWMnLwtwz+DOB8czYJV36hmFXGXb36esltK6M
cErqp0bm5vwohJ7YgQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:07 2023 by rpki-client on console-ams.rpki-client.org