Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/EYXyT0IlvxYaT1tMOlmgbcBKnek.roa
File: EYXyT0IlvxYaT1tMOlmgbcBKnek.roa (raw, json)
Hash identifier: /UQ3OzME3HEHe5uIhBCnny007e5Qvz9/7mpP8vSjMQ8=
Subject key identifier: 11:85:F2:4F:42:25:BF:16:1A:4F:5B:4C:3A:59:A0:6D:C0:4A:9D:E9
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 018404BEF0904703E1A54FB2792E41D4DF38
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/EYXyT0IlvxYaT1tMOlmgbcBKnek.roa
Signing time: Sun 23 Oct 2022 12:08:53 +0000
ROA not before: Sun 23 Oct 2022 12:08:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.22.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
45.80.128.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:04:be:f0:90:47:03:e1:a5:4f:b2:79:2e:41:d4:df:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Oct 23 12:08:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1185f24f4225bf161a4f5b4c3a59a06dc04a9de9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:67:4e:0d:16:e1:d5:8f:98:51:b9:f3:91:cf:
20:ea:00:af:35:5b:57:74:a2:d9:85:4d:17:57:28:
95:94:e6:78:22:00:29:e2:f6:fb:4a:51:9f:9b:30:
4a:7f:1b:c6:dc:89:ad:7d:e3:a6:fa:da:76:10:4a:
1a:4a:04:57:3c:be:31:9a:94:7a:08:15:57:e7:d0:
98:8e:84:a6:5a:71:99:56:97:a6:ea:7a:eb:c7:9b:
5f:0d:0d:78:e6:c5:eb:12:61:0b:c5:6b:3e:0e:cd:
29:0a:c0:cb:38:32:48:e9:10:08:7e:0a:e1:00:7a:
30:17:1f:bc:5c:d9:b2:86:cb:f3:ef:89:88:54:ad:
8b:55:bd:b3:16:fd:b5:17:07:4e:c8:5a:4f:d6:e6:
3b:43:78:06:bf:fb:eb:92:c5:3c:93:d1:8b:68:4b:
00:21:88:5e:9a:f8:17:4c:3d:60:1c:c6:f1:b8:97:
b6:bc:84:e0:60:65:3d:d6:66:2b:f8:22:31:2d:cb:
db:49:8a:8f:bb:34:ee:c4:94:6a:90:47:11:35:57:
24:4e:90:49:d0:1d:08:27:00:d0:f3:53:6a:94:b0:
01:b6:41:a2:c6:e4:fb:05:5d:4d:68:80:14:95:c9:
d1:cd:fa:f7:c8:7d:fb:00:ad:89:62:51:75:f5:9c:
42:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:85:F2:4F:42:25:BF:16:1A:4F:5B:4C:3A:59:A0:6D:C0:4A:9D:E9
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/EYXyT0IlvxYaT1tMOlmgbcBKnek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.29.255
31.129.31.0/24
45.80.128.0/24
46.16.12.0/24
46.16.14.0/24
Signature Algorithm: sha256WithRSAEncryption
88:61:eb:94:95:62:89:2e:df:9f:b1:d5:c9:af:58:af:07:da:
f1:c3:d8:62:ac:31:b9:a1:11:a1:2f:ef:64:0e:70:be:3c:ce:
8a:d5:b6:56:c2:a4:3e:04:dd:d2:e3:ef:a8:94:ae:e2:bd:cf:
b8:25:25:f6:1f:e7:50:47:68:a1:48:38:3a:21:ef:da:4f:d0:
9e:95:79:3d:d5:ad:35:00:05:ec:4c:8e:6b:29:45:13:a1:6a:
f5:81:32:55:88:32:28:b2:c2:a0:c8:0c:8a:21:43:04:4d:17:
d7:da:ad:b5:5d:99:4d:68:7b:60:1c:fb:6b:72:6c:bb:00:e4:
c5:60:ea:fe:da:8a:60:0e:85:84:92:1f:71:3c:ce:74:03:dd:
96:48:cb:0b:b8:9e:71:c7:d6:a9:37:53:e2:59:27:81:44:f8:
d5:24:f5:69:2b:d2:29:9f:8b:71:91:4e:a8:c8:22:52:0e:91:
95:c5:cc:87:68:27:5d:e6:3e:11:31:54:f6:70:d2:bc:ec:20:
f7:6a:cc:c9:8d:fe:88:74:d9:39:96:dd:ae:7e:1e:f6:28:75:
a6:16:9b:f6:35:f9:a3:aa:54:6d:8a:68:7e:ea:2d:25:7b:49:
fc:71:cc:f2:e5:0d:6f:9e:b2:83:19:a2:4b:18:c0:02:c2:fd:
bb:15:bd:25
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYQEvvCQRwPhpU+yeS5B1N84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMDIzMTIwODUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTg1ZjI0ZjQyMjViZjE2MWE0ZjViNGMzYTU5YTA2ZGMwNGE5ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmdODRbh1Y+YUbnzkc8g6gCvNVtX
dKLZhU0XVyiVlOZ4IgAp4vb7SlGfmzBKfxvG3ImtfeOm+tp2EEoaSgRXPL4xmpR6
CBVX59CYjoSmWnGZVpem6nrrx5tfDQ145sXrEmELxWs+Ds0pCsDLODJI6RAIfgrh
AHowFx+8XNmyhsvz74mIVK2LVb2zFv21FwdOyFpP1uY7Q3gGv/vrksU8k9GLaEsA
IYhemvgXTD1gHMbxuJe2vITgYGU91mYr+CIxLcvbSYqPuzTuxJRqkEcRNVckTpBJ
0B0IJwDQ81NqlLABtkGixuT7BV1NaIAUlcnRzfr3yH37AK2JYlF19ZxCxwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFBGF8k9CJb8WGk9bTDpZoG3ASp3pMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvRVlYeVQwSWx2eFlhVDF0TU9sbWdiY0JLbmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAATAlMAsDAwAfgQME
AR+BHAMEAB+BHwMEAC1QgAMEAC4QDAMEAC4QDjANBgkqhkiG9w0BAQsFAAOCAQEA
iGHrlJViiS7fn7HVya9Yrwfa8cPYYqwxuaERoS/vZA5wvjzOitW2VsKkPgTd0uPv
qJSu4r3PuCUl9h/nUEdooUg4OiHv2k/QnpV5PdWtNQAF7EyOaylFE6Fq9YEyVYgy
KLLCoMgMiiFDBE0X19qttV2ZTWh7YBz7a3JsuwDkxWDq/tqKYA6FhJIfcTzOdAPd
lkjLC7ieccfWqTdT4lkngUT41ST1aSvSKZ+LcZFOqMgiUg6RlcXMh2gnXeY+ETFU
9nDSvOwg92rMyY3+iHTZOZbdrn4e9ih1phab9jX5o6pUbYpofuotJXtJ/HHM8uUN
b56ygxmiSxjAAsL9uxW9JQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:54 2023 by rpki-client on console-fra.rpki-client.org