Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/FE_O5yTHPopaL2eGcndmjC7xpjs.roa
File: FE_O5yTHPopaL2eGcndmjC7xpjs.roa (raw, json)
Hash identifier: kZuL/gLPlKvf/doDeRdAHPgTSLMt8XJ0MoAK7GHbG6c=
Subject key identifier: 14:4F:CE:E7:24:C7:3E:8A:5A:2F:67:86:72:77:66:8C:2E:F1:A6:3B
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01878F4D9C0FA0FD93A5074E963AB6FA8E89
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/FE_O5yTHPopaL2eGcndmjC7xpjs.roa
Signing time: Mon 17 Apr 2023 13:00:40 +0000
ROA not before: Mon 17 Apr 2023 13:00:40 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
85.92.108.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
37.220.80.0/22 maxlen: 22
185.166.196.0/23 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:8f:4d:9c:0f:a0:fd:93:a5:07:4e:96:3a:b6:fa:8e:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Apr 17 13:00:40 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=144fcee724c73e8a5a2f67867277668c2ef1a63b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:2b:0f:32:26:a5:bd:52:ea:2a:7f:43:56:b3:
88:31:95:62:02:dd:aa:64:f5:87:2c:e9:55:51:4c:
bd:15:64:72:fc:4f:e2:6a:dc:67:e9:d8:b6:23:bd:
79:df:fd:03:6f:6a:70:a8:f5:d7:6f:01:b5:4c:d8:
10:67:08:24:b6:e6:bd:bd:9f:64:4d:bc:a4:20:d4:
1b:27:81:fd:0a:f7:68:ab:26:6f:a7:42:4a:ed:39:
8a:0d:36:9a:3f:a8:aa:0d:78:4d:09:35:14:90:4b:
b8:73:e8:8d:90:64:ac:a1:06:f7:9d:1e:e4:6b:e5:
bd:40:30:ac:78:30:1c:6f:cb:de:db:77:9f:d8:b9:
d6:8a:ce:84:3e:31:3e:8d:d0:a5:6a:a8:37:45:ff:
11:c9:4f:5d:5b:4b:9f:c2:92:e6:32:85:13:f6:e9:
5c:19:7a:e4:45:da:5f:0f:e5:6b:ce:cd:9b:72:cc:
ab:24:e4:c3:a9:98:8c:f6:ef:d5:41:e1:7c:b4:65:
3b:57:ce:40:b5:c9:66:c6:a2:e7:a6:5d:77:d2:96:
f2:78:a7:ba:1e:ad:8a:47:73:3c:6a:fa:9e:36:bb:
45:f8:47:04:9e:b3:96:d4:92:1c:96:00:f3:65:73:
18:91:93:f1:8a:5e:c1:e5:13:31:9d:8e:e3:dc:95:
25:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:4F:CE:E7:24:C7:3E:8A:5A:2F:67:86:72:77:66:8C:2E:F1:A6:3B
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/FE_O5yTHPopaL2eGcndmjC7xpjs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.20.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.80.129.0-45.80.131.255
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
85.92.108.0/24
94.198.216.0-94.198.221.255
141.98.233.0-141.98.234.255
185.166.196.0/23
Signature Algorithm: sha256WithRSAEncryption
6e:8a:a1:ea:e5:dc:92:29:19:7a:36:52:c9:b3:1f:cf:00:12:
46:27:6e:ee:9f:64:1c:96:77:e5:86:a1:1a:7c:96:9d:ac:98:
0d:58:39:78:13:33:58:8c:0e:51:56:8f:fd:82:54:7f:0c:de:
22:6a:ba:d5:58:e7:13:25:e7:f3:76:d5:e6:44:05:20:bb:0c:
75:9b:ab:41:8b:73:75:7b:aa:91:8a:65:0b:5c:ea:10:0b:77:
31:bd:a0:b1:4a:24:3a:e7:5f:f6:a7:e2:c8:21:67:25:ca:38:
78:3e:fc:11:93:bf:0d:75:01:d6:1a:2a:05:30:1c:c9:af:a2:
12:3c:8c:d4:ad:69:7b:98:a5:53:66:ae:b4:56:32:2e:02:94:
9a:9e:fe:0b:17:94:d5:c1:c7:49:d3:82:b5:60:14:e7:0b:3c:
a9:b7:2d:c2:51:68:cc:4f:68:10:1f:82:e3:10:22:16:ba:1d:
13:41:42:c3:d3:cb:11:70:4e:e7:d7:a6:56:57:69:2f:0e:5b:
5c:5e:41:90:a8:83:16:61:ed:07:8f:e7:12:79:69:3a:44:04:
74:fa:0f:8f:d8:53:ad:e3:d4:98:ea:0d:ea:b3:af:0e:38:f9:
1a:f0:47:3f:1d:08:cd:80:3d:6c:29:97:12:de:6c:4a:fe:7b:
21:be:0b:99
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYePTZwPoP2TpQdOljq2+o6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNDE3MTMwMDQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDRmY2VlNzI0YzczZThhNWEyZjY3ODY3Mjc3NjY4YzJlZjFhNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSsPMialvVLqKn9DVrOIMZViAt2q
ZPWHLOlVUUy9FWRy/E/iatxn6di2I7153/0Db2pwqPXXbwG1TNgQZwgktua9vZ9k
TbykINQbJ4H9CvdoqyZvp0JK7TmKDTaaP6iqDXhNCTUUkEu4c+iNkGSsoQb3nR7k
a+W9QDCseDAcb8ve23ef2LnWis6EPjE+jdClaqg3Rf8RyU9dW0ufwpLmMoUT9ulc
GXrkRdpfD+Vrzs2bcsyrJOTDqZiM9u/VQeF8tGU7V85AtclmxqLnpl130pbyeKe6
Hq2KR3M8avqeNrtF+EcEnrOW1JIclgDzZXMYkZPxil7B5RMxnY7j3JUlKQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBRPzuckxz6KWi9nhnJ3Zowu8aY7MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvRkVfTzV5VEhQb3BhTDJlR2NuZG1qQzd4cGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjCBgwQCAAEwfTALAwMA
H4EDBAAfgRQwDAMEAB+BFwMEAR+BHAMEAB+BHwMEAiXcUDAMAwQALVCBAwQCLVCA
AwQALhAMAwQBLhAOAwQCLhNAMAwDBARRyJADBAFRyJwDBABVXGwwDAMEA17G2AME
AV7G3DAMAwQAjWLpAwQAjWLqAwQBuabEMA0GCSqGSIb3DQEBCwUAA4IBAQBuiqHq
5dySKRl6NlLJsx/PABJGJ27un2QclnflhqEafJadrJgNWDl4EzNYjA5RVo/9glR/
DN4iarrVWOcTJefzdtXmRAUguwx1m6tBi3N1e6qRimULXOoQC3cxvaCxSiQ651/2
p+LIIWclyjh4PvwRk78NdQHWGioFMBzJr6ISPIzUrWl7mKVTZq60VjIuApSanv4L
F5TVwcdJ04K1YBTnCzypty3CUWjMT2gQH4LjECIWuh0TQULD08sRcE7n16ZWV2kv
DltcXkGQqIMWYe0Hj+cSeWk6RAR0+g+P2FOt49SY6g3qs68OOPka8Ec/HQjNgD1s
KZcS3mxK/nshvguZ
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:47 2023 by rpki-client on console-ams.rpki-client.org