Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xYURJvL5SOJBs0cw7OrOVfgFtXA.roa
File: xYURJvL5SOJBs0cw7OrOVfgFtXA.roa (raw, json)
Hash identifier: NDE1T0Gxob7OrMC1SeH/tIr6dUcP/l2jJB+lxVpZYJw=
Subject key identifier: C5:85:11:26:F2:F9:48:E2:41:B3:47:30:EC:EA:CE:55:F8:05:B5:70
Certificate issuer: /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial: 018625B849CD96AA735E6B01BD5AD0477D85
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xYURJvL5SOJBs0cw7OrOVfgFtXA.roa
Signing time: Mon 06 Feb 2023 07:54:39 +0000
ROA not before: Mon 06 Feb 2023 07:54:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 77.91.67.0/24 maxlen: 32
185.149.144.0/24 maxlen: 32
185.149.145.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:25:b8:49:cd:96:aa:73:5e:6b:01:bd:5a:d0:47:7d:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Validity
Not Before: Feb 6 07:54:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5851126f2f948e241b34730eceace55f805b570
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:8e:5b:e4:25:d3:cc:46:17:58:67:c5:ed:a9:
f2:00:00:cb:96:af:86:5f:ef:e8:65:f8:2a:8d:f6:
20:61:64:b6:4c:bd:b6:5b:a2:15:40:da:f5:2d:65:
5f:ce:94:59:40:d9:d8:21:9e:62:d0:76:9b:c5:2b:
b6:6d:6c:59:25:aa:0a:b4:f2:fc:07:e2:a9:bc:49:
d4:32:15:f6:ef:f3:52:77:8c:fa:f8:a7:9b:8b:89:
c1:df:2a:50:b8:2a:fc:15:14:50:60:02:9f:ea:20:
db:df:8e:35:4c:3b:72:73:c0:ff:a3:6c:78:a7:d2:
08:57:bc:7b:ba:9b:68:31:14:bc:c9:06:3c:7c:e7:
72:a7:11:f5:bc:d3:d4:a7:2c:53:a9:5c:23:11:84:
a9:ba:a5:ef:60:90:1f:0c:5d:1c:b9:aa:47:15:43:
ea:bd:f5:a7:e9:d9:60:3f:40:09:37:6c:a1:af:ae:
f2:68:25:11:30:89:9a:8c:b6:6c:f4:7f:25:89:14:
70:1a:42:48:fa:da:b2:c1:1b:7a:45:94:9f:d5:9a:
51:6a:93:72:e5:85:86:23:43:8d:71:83:a4:0c:f9:
c8:1c:dd:b1:c9:4a:3f:80:7b:b7:ee:80:82:57:80:
bc:7a:aa:c2:c0:41:9b:98:3a:31:0a:b7:5c:ad:9c:
a5:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:85:11:26:F2:F9:48:E2:41:B3:47:30:EC:EA:CE:55:F8:05:B5:70
X509v3 Authority Key Identifier:
keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xYURJvL5SOJBs0cw7OrOVfgFtXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.67.0/24
185.149.144.0/23
Signature Algorithm: sha256WithRSAEncryption
01:f1:a7:33:3c:e0:4b:1d:d7:0b:2f:bf:58:29:1c:c9:3c:6d:
79:22:67:5b:a3:35:85:5a:e2:84:3a:5a:6b:9f:fa:1e:94:d9:
25:6c:f5:77:b2:23:57:a0:df:ce:53:da:74:fe:cb:af:d1:1a:
4e:1b:ad:d2:b5:bc:26:32:93:1e:dd:d1:05:6d:45:d6:d9:8e:
fb:66:cd:ca:65:24:03:2a:5b:71:3e:1f:24:d2:b0:39:64:e0:
6b:87:58:25:69:e4:32:7a:23:df:2a:08:8e:8b:e7:1a:25:9a:
67:31:90:15:e5:89:f5:cf:8b:9f:98:10:ab:2c:b7:0b:d9:99:
32:71:db:fe:9e:5b:f0:17:de:6b:4d:ec:c7:46:44:4f:bf:bb:
86:61:1d:85:56:9f:1c:58:75:79:06:56:a9:a9:92:e8:79:63:
97:ff:bd:d2:5a:6f:06:0e:5a:7f:47:c0:f6:15:f7:88:03:e0:
50:45:7c:c5:80:37:51:e9:42:d3:d8:19:a3:0c:fd:20:eb:7f:
c6:fd:66:c5:98:8e:ff:bd:51:f9:9c:2b:a6:58:3f:f5:13:8c:
de:c6:7d:55:49:31:7c:d4:1d:1b:1d:ba:3e:bf:4c:cf:9d:be:
80:31:16:e8:30:1d:4c:f5:0b:d9:3d:ea:e9:d3:dd:d7:3d:59:
86:39:85:e2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYYluEnNlqpzXmsBvVrQR32FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMjA2MDc1NDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTg1MTEyNmYyZjk0OGUyNDFiMzQ3MzBlY2VhY2U1NWY4MDViNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxI5b5CXTzEYXWGfF7anyAADLlq+G
X+/oZfgqjfYgYWS2TL22W6IVQNr1LWVfzpRZQNnYIZ5i0HabxSu2bWxZJaoKtPL8
B+KpvEnUMhX27/NSd4z6+Kebi4nB3ypQuCr8FRRQYAKf6iDb3441TDtyc8D/o2x4
p9IIV7x7uptoMRS8yQY8fOdypxH1vNPUpyxTqVwjEYSpuqXvYJAfDF0cuapHFUPq
vfWn6dlgP0AJN2yhr67yaCURMImajLZs9H8liRRwGkJI+tqywRt6RZSf1ZpRapNy
5YWGI0ONcYOkDPnIHN2xyUo/gHu37oCCV4C8eqrCwEGbmDoxCrdcrZylJQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMWFESby+UjiQbNHMOzqzlX4BbVwMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL3hZVVJKdkw1U09KQnMwY3c3T3JPVmZnRnRYQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABNW0MD
BAG5lZAwDQYJKoZIhvcNAQELBQADggEBAAHxpzM84Esd1wsvv1gpHMk8bXkiZ1uj
NYVa4oQ6Wmuf+h6U2SVs9XeyI1eg385T2nT+y6/RGk4brdK1vCYykx7d0QVtRdbZ
jvtmzcplJAMqW3E+HyTSsDlk4GuHWCVp5DJ6I98qCI6L5xolmmcxkBXlifXPi5+Y
EKsstwvZmTJx2/6eW/AX3mtN7MdGRE+/u4ZhHYVWnxxYdXkGVqmpkuh5Y5f/vdJa
bwYOWn9HwPYV94gD4FBFfMWAN1HpQtPYGaMM/SDrf8b9ZsWYjv+9UfmcK6ZYP/UT
jN7GfVVJMXzUHRsduj6/TM+dvoAxFugwHUz1C9k96unT3dc9WYY5heI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:05 2024 by rpki-client on console-fra.rpki-client.org