Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/iB2MXz1obl7WU1gBPNAIypX-doA.roa
File: iB2MXz1obl7WU1gBPNAIypX-doA.roa (raw, json)
Hash identifier: /zfMKX4pqzK+ygXE1FQAJmDX77B5YSVVwdxfgw5RkkA=
Subject key identifier: 88:1D:8C:5F:3D:68:6E:5E:D6:53:58:01:3C:D0:08:CA:95:FE:76:80
Certificate issuer: /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial: 018570305B787182DD82AADD215AAB39D9E8
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/iB2MXz1obl7WU1gBPNAIypX-doA.roa
Signing time: Mon 02 Jan 2023 01:54:55 +0000
ROA not before: Mon 02 Jan 2023 01:54:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44477
IP address blocks: 77.91.75.0/24 maxlen: 24
77.91.103.0/24 maxlen: 24
77.91.101.0/24 maxlen: 24
77.91.122.0/23 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:30:5b:78:71:82:dd:82:aa:dd:21:5a:ab:39:d9:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Validity
Not Before: Jan 2 01:54:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=881d8c5f3d686e5ed65358013cd008ca95fe7680
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:3f:c8:ae:61:cb:1a:e9:3e:bb:61:28:1e:8a:
46:45:19:3a:a5:e8:c6:8d:3b:74:7b:97:93:d9:be:
53:4e:c8:3e:40:97:7a:88:c3:60:06:c1:00:9f:44:
83:1f:2d:19:c4:ec:5d:2f:d6:06:6f:4b:3a:0c:75:
67:0d:8b:f4:9e:17:73:6a:2a:5c:8f:84:7b:79:36:
dd:7a:27:46:7c:45:d2:05:ca:79:05:c6:36:07:bc:
ad:1d:06:06:b4:f3:c2:11:02:c2:f9:8a:66:c7:43:
59:fa:43:6a:7c:a0:b6:76:b6:2c:f1:1f:14:bf:f5:
42:5d:41:52:9e:6e:37:69:53:f5:cc:04:fc:5a:78:
d1:b3:f7:1e:3a:94:97:e4:e2:9b:dc:57:20:64:9b:
a5:19:17:c8:49:e5:0d:16:3b:f8:ba:a4:ff:e0:b3:
4f:f9:16:2c:9e:51:05:a0:d6:63:80:36:c1:d4:4b:
ec:98:2c:9c:23:98:81:1b:bf:5f:6e:3c:0a:e1:b7:
e3:d3:4b:d4:88:44:86:43:31:68:ff:33:8a:06:c7:
d8:d9:85:bb:06:67:97:a2:5e:cf:2e:06:2b:ce:6f:
7b:83:55:20:da:12:c7:7b:aa:25:e0:ba:52:80:7e:
5d:2a:bd:bb:56:ee:7c:5f:92:5e:c9:ea:8a:15:79:
86:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:1D:8C:5F:3D:68:6E:5E:D6:53:58:01:3C:D0:08:CA:95:FE:76:80
X509v3 Authority Key Identifier:
keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/iB2MXz1obl7WU1gBPNAIypX-doA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.75.0/24
77.91.101.0/24
77.91.103.0/24
77.91.122.0/23
Signature Algorithm: sha256WithRSAEncryption
a0:4c:cd:3c:a5:b9:bc:70:6d:51:ce:20:ff:2b:51:e3:b3:26:
3b:06:94:0b:b6:d1:df:11:f5:de:99:21:e0:92:cb:9b:8a:d1:
9c:c8:75:f8:19:c4:01:ac:15:9e:2f:fd:0e:8f:41:c7:a7:30:
55:4d:30:e6:cf:4a:e5:ca:b2:0d:c9:b8:d5:c5:18:d7:55:4b:
e1:71:e7:b4:dd:2a:b7:ef:4e:7b:b5:af:c2:45:24:6e:38:cf:
b4:a9:ab:a4:9c:29:73:1f:e9:8a:9c:f2:74:ce:99:88:16:d7:
db:25:98:f3:8c:63:5a:e9:1e:00:8a:bb:1d:bc:10:d3:91:07:
44:0f:a1:d8:42:9e:f6:11:e3:9b:b6:7a:e1:e3:50:1c:95:32:
96:1d:b2:40:80:a5:23:3d:af:0f:ea:a8:4c:03:61:d4:c4:35:
69:c8:f4:ba:cd:30:c5:20:1b:17:e7:fa:cc:18:3a:5c:c0:6e:
77:e8:ee:0c:49:52:2c:0a:87:1d:34:90:90:2c:8f:e1:e3:9c:
ba:da:d0:ae:d7:d0:d6:8f:d6:37:9c:35:3d:3a:9a:3e:3a:91:
6f:67:e7:b5:87:98:b8:42:88:df:e8:b2:68:14:8c:40:9d:3e:
b1:99:cb:02:c3:e1:60:b8:57:c3:e6:22:79:cf:12:76:23:06:
7e:82:4e:f7
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVwMFt4cYLdgqrdIVqrOdnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMTAyMDE1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODFkOGM1ZjNkNjg2ZTVlZDY1MzU4MDEzY2QwMDhjYTk1ZmU3NjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhD/IrmHLGuk+u2EoHopGRRk6pejG
jTt0e5eT2b5TTsg+QJd6iMNgBsEAn0SDHy0ZxOxdL9YGb0s6DHVnDYv0nhdzaipc
j4R7eTbdeidGfEXSBcp5BcY2B7ytHQYGtPPCEQLC+Ypmx0NZ+kNqfKC2drYs8R8U
v/VCXUFSnm43aVP1zAT8WnjRs/ceOpSX5OKb3FcgZJulGRfISeUNFjv4uqT/4LNP
+RYsnlEFoNZjgDbB1EvsmCycI5iBG79fbjwK4bfj00vUiESGQzFo/zOKBsfY2YW7
BmeXol7PLgYrzm97g1Ug2hLHe6ol4LpSgH5dKr27Vu58X5JeyeqKFXmGUwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIgdjF89aG5e1lNYATzQCMqV/naAMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL2lCMk1YejFvYmw3V1UxZ0JQTkFJeXBYLWRvQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBABNW0sD
BABNW2UDBABNW2cDBAFNW3owDQYJKoZIhvcNAQELBQADggEBAKBMzTylubxwbVHO
IP8rUeOzJjsGlAu20d8R9d6ZIeCSy5uK0ZzIdfgZxAGsFZ4v/Q6PQcenMFVNMObP
SuXKsg3JuNXFGNdVS+Fx57TdKrfvTnu1r8JFJG44z7Spq6ScKXMf6Yqc8nTOmYgW
19slmPOMY1rpHgCKux28ENORB0QPodhCnvYR45u2euHjUByVMpYdskCApSM9rw/q
qEwDYdTENWnI9LrNMMUgGxfn+swYOlzAbnfo7gxJUiwKhx00kJAsj+HjnLra0K7X
0NaP1jecNT06mj46kW9n57WHmLhCiN/osmgUjECdPrGZywLD4WC4V8PmInnPEnYj
Bn6CTvc=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:16 2023 by rpki-client on console-fra.rpki-client.org