Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/3JO9Y3toUQaWLaOHH9SovJTPvCE.roa
File: 3JO9Y3toUQaWLaOHH9SovJTPvCE.roa (raw, json)
Hash identifier: CNdvYVN5SUwKe49amOKDX9f8iR8dQgppV1PQeVQcz40=
Subject key identifier: DC:93:BD:63:7B:68:51:06:96:2D:A3:87:1F:D4:A8:BC:94:CF:BC:21
Certificate issuer: /CN=0a39f9a00278e69d1b3dddaa0bf0cd17d2e66708
Certificate serial: 0184A565B2B32B36AF176CB65D964B61047B
Authority key identifier: 0A:39:F9:A0:02:78:E6:9D:1B:3D:DD:AA:0B:F0:CD:17:D2:E6:67:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/3JO9Y3toUQaWLaOHH9SovJTPvCE.roa
Signing time: Wed 23 Nov 2022 16:50:16 +0000
ROA not before: Wed 23 Nov 2022 16:50:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8866
IP address blocks: 77.76.0.0/20 maxlen: 24
77.76.0.0/19 maxlen: 24
77.76.16.0/20 maxlen: 24
77.76.32.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:a5:65:b2:b3:2b:36:af:17:6c:b6:5d:96:4b:61:04:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a39f9a00278e69d1b3dddaa0bf0cd17d2e66708
Validity
Not Before: Nov 23 16:50:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dc93bd637b685106962da3871fd4a8bc94cfbc21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:14:25:08:81:3e:b7:23:b8:70:75:18:49:5e:
56:c8:b0:69:44:f8:a3:22:df:7b:3f:3f:99:1b:a6:
01:22:eb:f3:13:ee:99:25:ad:b6:76:29:32:44:3a:
49:a8:b3:2f:a9:b1:85:e1:c4:01:0b:cf:a0:d1:5e:
e2:a2:5e:99:ef:c4:e1:d4:48:02:58:bd:f9:43:4c:
e7:eb:17:e4:ca:a1:9c:34:0d:fa:05:73:fe:57:0f:
06:d2:9f:50:15:5b:5e:1c:30:4a:25:15:1c:86:57:
bb:19:b2:53:14:ee:b1:32:58:9a:07:99:5b:df:72:
b2:55:b1:77:bb:71:3b:95:d7:b5:71:29:88:2c:8f:
7d:d9:64:26:9a:26:49:30:78:2f:1e:17:df:b8:20:
cc:32:0c:ce:7d:40:59:3a:b2:9b:77:da:2a:1d:d2:
a1:66:8a:8c:e5:99:b5:6b:27:7e:a8:ba:d4:13:cb:
9a:8d:86:bf:2b:1b:da:92:48:5c:1c:47:1e:6f:2f:
33:31:b0:6c:16:80:69:8e:11:0a:cb:3a:cf:1f:9b:
f6:2b:be:be:4d:1c:d2:b9:d9:28:30:dd:9c:e0:dc:
94:f1:35:00:82:83:8a:1c:a8:17:da:b1:76:40:20:
dd:b5:c2:fe:f6:99:15:2d:5a:08:5c:8f:55:59:4d:
80:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:93:BD:63:7B:68:51:06:96:2D:A3:87:1F:D4:A8:BC:94:CF:BC:21
X509v3 Authority Key Identifier:
keyid:0A:39:F9:A0:02:78:E6:9D:1B:3D:DD:AA:0B:F0:CD:17:D2:E6:67:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/3JO9Y3toUQaWLaOHH9SovJTPvCE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/a9af0e-e91a-4f1c-b72c-1e2b1c87d317/1/Cjn5oAJ45p0bPd2qC_DNF9LmZwg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.76.0.0/18
Signature Algorithm: sha256WithRSAEncryption
be:ec:a5:29:0c:9a:38:7a:2c:95:8f:89:0c:58:ef:d0:64:cd:
ea:39:aa:17:ec:12:39:a2:6e:93:81:8a:19:67:01:9f:e0:6d:
50:9f:bb:bf:0b:07:d7:d1:77:61:8b:26:f3:da:08:69:aa:32:
a7:92:c4:5d:2c:57:3a:db:5f:8b:70:72:98:35:61:cd:bf:00:
76:51:5d:d0:40:b6:0f:a1:a1:72:0c:b7:b7:ce:e4:61:24:b0:
c2:a5:2e:92:e4:21:91:61:63:9a:55:0e:b4:5d:75:94:f4:af:
4c:5b:37:7e:74:1c:64:2b:d7:67:3b:5c:c0:1c:46:6b:a9:90:
2d:a4:15:f2:b1:9f:48:14:dd:6a:08:75:f2:48:1b:c0:b9:83:
8d:7d:2e:7e:cd:fb:0d:b6:d7:92:30:27:46:de:d6:7a:e1:c7:
81:a8:06:fe:04:5a:fa:e5:29:f4:2e:e2:99:fd:cf:ec:49:6e:
0a:56:b2:29:36:6b:30:6a:ef:74:5d:c8:dd:aa:d5:44:85:c1:
c5:67:e2:4a:9b:06:7b:0f:42:46:53:dd:af:32:14:8d:3a:f7:
0b:8e:72:34:ae:b3:24:25:99:0f:6b:6e:b5:cd:7e:97:d4:60:
fe:10:06:86:5e:14:7d:2e:f1:12:b8:5e:ba:db:37:71:c6:f5:
a0:7f:d3:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSlZbKzKzavF2y2XZZLYQR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzlmOWEwMDI3OGU2OWQxYjNkZGRhYTBiZjBjZDE3ZDJl
NjY3MDgwHhcNMjIxMTIzMTY1MDE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzkzYmQ2MzdiNjg1MTA2OTYyZGEzODcxZmQ0YThiYzk0Y2ZiYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghQlCIE+tyO4cHUYSV5WyLBpRPij
It97Pz+ZG6YBIuvzE+6ZJa22dikyRDpJqLMvqbGF4cQBC8+g0V7iol6Z78Th1EgC
WL35Q0zn6xfkyqGcNA36BXP+Vw8G0p9QFVteHDBKJRUchle7GbJTFO6xMliaB5lb
33KyVbF3u3E7lde1cSmILI992WQmmiZJMHgvHhffuCDMMgzOfUBZOrKbd9oqHdKh
ZoqM5Zm1ayd+qLrUE8uajYa/KxvakkhcHEceby8zMbBsFoBpjhEKyzrPH5v2K76+
TRzSudkoMN2c4NyU8TUAgoOKHKgX2rF2QCDdtcL+9pkVLVoIXI9VWU2AwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyTvWN7aFEGli2jhx/UqLyUz7whMB8GA1UdIwQY
MBaAFAo5+aACeOadGz3dqgvwzRfS5mcIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2puNW9BSjQ1cDBiUGQycUNfRE5GOUxtWndnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9hOWFmMGUtZTkxYS00ZjFjLWI3MmMt
MWUyYjFjODdkMzE3LzEvM0pPOVkzdG9VUWFXTGFPSEg5U292SlRQdkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9hOWFmMGUtZTkxYS00ZjFjLWI3MmMtMWUyYjFjODdkMzE3
LzEvQ2puNW9BSjQ1cDBiUGQycUNfRE5GOUxtWndnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGTUwAMA0G
CSqGSIb3DQEBCwUAA4IBAQC+7KUpDJo4eiyVj4kMWO/QZM3qOaoX7BI5om6TgYoZ
ZwGf4G1Qn7u/CwfX0Xdhiybz2ghpqjKnksRdLFc621+LcHKYNWHNvwB2UV3QQLYP
oaFyDLe3zuRhJLDCpS6S5CGRYWOaVQ60XXWU9K9MWzd+dBxkK9dnO1zAHEZrqZAt
pBXysZ9IFN1qCHXySBvAuYONfS5+zfsNtteSMCdG3tZ64ceBqAb+BFr65Sn0LuKZ
/c/sSW4KVrIpNmswau90XcjdqtVEhcHFZ+JKmwZ7D0JGU92vMhSNOvcLjnI0rrMk
JZkPa261zX6X1GD+EAaGXhR9LvESuF662zdxxvWgf9OK
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:58 2023 by rpki-client on console.sobornost.net