Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/ZH0ENaer9cQjONNKzE75gNL3yK4.roa
File: ZH0ENaer9cQjONNKzE75gNL3yK4.roa (raw, json)
Hash identifier: hiucy/sTYxGllFbh+ilUcuUhNnipinjQGgKoFw7AXRw=
Subject key identifier: 64:7D:04:35:A7:AB:F5:C4:23:38:D3:4A:CC:4E:F9:80:D2:F7:C8:AE
Certificate issuer: /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial: 1278CEEF
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/ZH0ENaer9cQjONNKzE75gNL3yK4.roa
Signing time: Sat 01 Jan 2022 15:05:35 +0000
ROA not before: Sat 01 Jan 2022 15:05:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42861
IP address blocks: 77.91.64.0/18 maxlen: 32
77.91.101.0/24 maxlen: 32
77.91.100.0/23 maxlen: 32
77.91.100.0/24 maxlen: 32
77.91.112.0/24 maxlen: 32
185.149.144.0/22 maxlen: 32
2a00:1e68:112::/48 maxlen: 128
2a00:1e68:100::/48 maxlen: 128
2a00:1e68:100::/47 maxlen: 128
2a00:1e68:101::/48 maxlen: 128
2a00:1e68::/29 maxlen: 128
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 309907183 (0x1278ceef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Validity
Not Before: Jan 1 15:05:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=647d0435a7abf5c42338d34acc4ef980d2f7c8ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:f6:5e:35:53:f5:fc:5a:f4:08:16:13:c5:83:
27:46:60:9f:44:d3:c3:b1:8a:7f:da:b4:22:2c:80:
e9:18:d2:cf:59:a5:13:b7:c4:e9:ed:42:50:46:42:
03:ca:14:39:1d:18:cb:a1:07:42:3a:16:95:de:2d:
01:c4:be:10:04:c8:bc:3e:a0:a9:08:4e:3a:ed:1a:
fb:a2:05:28:de:a0:f3:b9:0e:bb:71:2b:f8:b9:3c:
fe:55:68:1e:a4:b2:9f:4f:d9:bd:30:b4:5f:6b:64:
66:4e:1e:b5:9d:3c:eb:21:23:9c:a7:b4:d0:9a:f9:
1c:6a:5b:55:e3:4b:52:97:42:18:53:ea:51:18:38:
7b:b7:c5:fe:05:d1:e1:97:51:f4:b6:9d:28:80:2c:
93:e7:6e:47:fc:71:65:c7:0d:4f:cf:44:3e:fd:31:
3f:61:65:70:07:e3:47:a6:c0:1b:af:a6:1c:19:3b:
a9:fd:9a:ec:9a:20:94:3d:70:5c:69:3a:26:37:79:
6c:c4:62:a3:ab:54:d1:2d:f5:0a:4c:54:fd:f2:ea:
92:e2:68:63:67:55:81:e7:95:03:ef:b7:40:63:5f:
cb:49:5b:02:e4:24:40:8a:ba:b6:1e:50:74:1a:d5:
ed:43:5e:cf:78:15:67:a4:b7:96:85:27:35:30:8b:
97:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:7D:04:35:A7:AB:F5:C4:23:38:D3:4A:CC:4E:F9:80:D2:F7:C8:AE
X509v3 Authority Key Identifier:
keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/ZH0ENaer9cQjONNKzE75gNL3yK4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.64.0/18
185.149.144.0/22
IPv6:
2a00:1e68::/29
Signature Algorithm: sha256WithRSAEncryption
99:34:49:a4:01:14:58:cd:61:2f:a0:0b:28:6c:c9:6b:9a:f8:
ed:38:09:22:8b:73:e0:85:fe:0e:13:d8:63:00:f3:78:25:b3:
6c:e4:bb:11:51:0d:ad:3b:f6:12:b1:92:6d:93:29:72:95:57:
69:a1:a8:8e:2a:ca:31:ce:e5:a2:bb:dc:c5:56:52:bf:5b:7f:
92:e5:ec:63:66:84:6c:f3:03:5e:4e:40:8f:77:93:b2:a0:c6:
34:94:6e:e0:55:73:06:ea:3c:c4:e5:5c:df:25:00:59:2c:f6:
83:fd:81:6d:10:8b:0d:f8:d3:f2:dd:bb:0e:36:af:14:45:f9:
34:bf:08:67:c1:20:fd:43:69:9d:ad:6d:a9:40:5a:4f:df:c7:
cb:5e:fd:76:ee:cc:3c:1e:98:97:dc:84:4b:ff:de:8c:af:c9:
23:c1:e2:d6:90:a9:f2:95:81:2b:ea:be:90:eb:6f:18:99:d7:
e3:05:b0:d5:91:7d:3d:8d:21:e2:10:10:80:b5:f2:ab:c1:21:
50:4f:28:3e:4a:fd:6c:11:18:63:58:9f:19:0c:5a:26:20:01:
48:f5:d2:19:fc:27:ec:88:b1:6a:b5:2e:d0:b1:44:b8:b1:60:
bd:5e:ec:8f:da:6f:85:38:66:44:4a:aa:bb:81:8f:7f:b5:3e:
07:6d:90:b9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIEEnjO7zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjMyZTlmNGFhMzJhYmE3MzEyZmFiMDU0YjE3NGRjZThjNTE1Y2EzMB4XDTIyMDEw
MTE1MDUzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjQ3ZDA0MzVhN2Fi
ZjVjNDIzMzhkMzRhY2M0ZWY5ODBkMmY3YzhhZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ32XjVT9fxa9AgWE8WDJ0Zgn0TTw7GKf9q0IiyA6RjSz1ml
E7fE6e1CUEZCA8oUOR0Yy6EHQjoWld4tAcS+EATIvD6gqQhOOu0a+6IFKN6g87kO
u3Er+Lk8/lVoHqSyn0/ZvTC0X2tkZk4etZ086yEjnKe00Jr5HGpbVeNLUpdCGFPq
URg4e7fF/gXR4ZdR9LadKIAsk+duR/xxZccNT89EPv0xP2FlcAfjR6bAG6+mHBk7
qf2a7JoglD1wXGk6Jjd5bMRio6tU0S31CkxU/fLqkuJoY2dVgeeVA++3QGNfy0lb
AuQkQIq6th5QdBrV7UNez3gVZ6S3loUnNTCLl8MCAwEAAaOCAiAwggIcMB0GA1Ud
DgQWBBRkfQQ1p6v1xCM400rMTvmA0vfIrjAfBgNVHSMEGDAWgBT7Mun0qjKrpzEv
qwVLF03OjFFcozAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2Yv
MS9aSDBFTmFlcjljUWpPTk5LekU3NWdOTDN5SzQucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Uy
LzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2YvMS8xLXpMcDlLb3lx
NmN4TDZzRlN4ZE56b3hSWEtNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGTVtAAwQCuZWQMA0EAgACMAcD
BQMqAB5oMA0GCSqGSIb3DQEBCwUAA4IBAQCZNEmkARRYzWEvoAsobMlrmvjtOAki
i3Pghf4OE9hjAPN4JbNs5LsRUQ2tO/YSsZJtkylylVdpoaiOKsoxzuWiu9zFVlK/
W3+S5exjZoRs8wNeTkCPd5OyoMY0lG7gVXMG6jzE5VzfJQBZLPaD/YFtEIsN+NPy
3bsONq8URfk0vwhnwSD9Q2mdrW2pQFpP38fLXv127sw8HpiX3IRL/96Mr8kjweLW
kKnylYEr6r6Q628YmdfjBbDVkX09jSHiEBCAtfKrwSFQTyg+Sv1sERhjWJ8ZDFom
IAFI9dIZ/CfsiLFqtS7QsUS4sWC9XuyP2m+FOGZESqq7gY9/tT4HbZC5
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:16 2023 by rpki-client on console-fra.rpki-client.org