Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Hf0R1Uz0oHtwg3F2DWr0LODNhg4.roa
File: Hf0R1Uz0oHtwg3F2DWr0LODNhg4.roa (raw, json)
Hash identifier: yjnFVlg9PxWqeiMR/3yxEiRT5R5c6Bx8gvHsFcYbLco=
Subject key identifier: 1D:FD:11:D5:4C:F4:A0:7B:70:83:71:76:0D:6A:F4:2C:E0:CD:86:0E
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 018404C1AC3778344B1C7514D561D0116142
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Hf0R1Uz0oHtwg3F2DWr0LODNhg4.roa
Signing time: Sun 23 Oct 2022 12:11:52 +0000
ROA not before: Sun 23 Oct 2022 12:11:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.22.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
45.80.128.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:04:c1:ac:37:78:34:4b:1c:75:14:d5:61:d0:11:61:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Oct 23 12:11:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1dfd11d54cf4a07b708371760d6af42ce0cd860e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fb:70:d8:31:dd:b7:dc:ab:ce:27:7b:16:ba:08:
4e:9c:8b:6a:a7:4f:6a:6f:b6:9a:44:bb:e8:13:c9:
7b:83:5c:43:9e:bd:e2:e0:ea:94:fb:c5:74:4b:01:
e5:86:01:1e:4e:31:24:ad:ba:c8:b9:81:2d:21:d8:
d7:aa:b1:55:6b:d5:52:ad:79:ca:0f:32:ff:79:44:
bc:25:0d:03:50:51:62:ff:47:51:53:67:13:e0:8e:
5d:83:80:79:28:d1:29:fc:b9:ff:3b:09:64:54:ed:
68:05:b7:01:c6:44:0d:4b:4e:85:ff:91:4f:e9:59:
b8:9c:04:90:f7:df:0b:49:e2:34:ed:89:a8:76:ed:
8f:98:60:f7:eb:da:7d:7a:6d:2e:2f:1a:85:a7:d4:
13:bd:1b:34:ca:c3:ed:c1:1d:e8:f8:ce:b4:ec:39:
70:fa:10:07:fd:6d:79:41:26:75:db:0d:e1:70:f7:
05:35:b2:a9:48:0f:bf:b5:d2:47:d8:55:f8:79:e3:
28:34:24:43:3c:a8:65:b6:a0:14:8f:a2:10:1a:b5:
e8:f6:18:02:34:6d:f9:e4:f2:1d:a4:ed:c3:0d:38:
14:a5:0c:9a:ba:31:f1:66:bb:e7:38:e9:ab:22:b7:
34:76:d9:39:9b:87:4c:c9:a3:97:95:ab:bf:95:0b:
bb:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:FD:11:D5:4C:F4:A0:7B:70:83:71:76:0D:6A:F4:2C:E0:CD:86:0E
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Hf0R1Uz0oHtwg3F2DWr0LODNhg4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.29.255
31.129.31.0/24
45.80.128.0/24
46.16.12.0/24
46.16.14.0/23
Signature Algorithm: sha256WithRSAEncryption
04:75:e5:f1:d8:7f:d2:2c:23:a3:d3:a4:45:12:00:0d:2b:f9:
7c:f3:45:97:c2:93:06:61:eb:e6:38:e8:25:3e:4c:41:f8:3e:
91:87:41:be:6c:dc:cf:90:47:d5:de:a8:37:b7:3b:ee:e0:96:
e3:da:3a:03:29:6e:b9:96:49:2c:b9:25:3a:b2:bc:19:e7:a6:
4a:0a:e9:42:4a:a0:35:2a:46:49:d7:08:a9:42:8a:41:93:35:
a7:49:95:bf:52:71:4b:a2:9e:b1:09:b5:15:7e:6c:9e:13:7f:
7c:4d:51:3e:31:d9:96:92:55:ee:a0:49:bd:51:b5:55:4b:e3:
7b:d2:d6:2c:b2:bd:7c:13:cb:f8:99:19:4c:e8:a2:bc:54:89:
aa:86:df:89:47:5b:59:80:e3:82:74:52:1b:4d:a3:71:54:5f:
ab:ba:fe:e2:39:6a:73:7c:69:43:0a:15:1d:c7:53:c5:29:d3:
d7:2c:7b:5c:04:3e:c1:58:82:7b:52:9d:cf:7e:6d:aa:a8:27:
b7:4d:f7:ee:03:03:4e:79:dc:a1:15:2d:c1:b4:f4:f0:d3:9e:
a9:6f:0a:1c:e3:f1:3b:51:35:12:e3:e1:13:05:51:8c:01:38:
b8:f4:54:8f:7b:31:f8:2c:c1:97:80:fa:b2:db:38:46:46:b5:
c0:5d:09:ec
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYQEwaw3eDRLHHUU1WHQEWFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMDIzMTIxMTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGZkMTFkNTRjZjRhMDdiNzA4MzcxNzYwZDZhZjQyY2UwY2Q4NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+3DYMd233KvOJ3sWughOnItqp09q
b7aaRLvoE8l7g1xDnr3i4OqU+8V0SwHlhgEeTjEkrbrIuYEtIdjXqrFVa9VSrXnK
DzL/eUS8JQ0DUFFi/0dRU2cT4I5dg4B5KNEp/Ln/OwlkVO1oBbcBxkQNS06F/5FP
6Vm4nASQ998LSeI07Ymodu2PmGD369p9em0uLxqFp9QTvRs0ysPtwR3o+M607Dlw
+hAH/W15QSZ12w3hcPcFNbKpSA+/tdJH2FX4eeMoNCRDPKhltqAUj6IQGrXo9hgC
NG355PIdpO3DDTgUpQyaujHxZrvnOOmrIrc0dtk5m4dMyaOXlau/lQu7ewIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFB39EdVM9KB7cINxdg1q9CzgzYYOMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvSGYwUjFVejBvSHR3ZzNGMkRXcjBMT0ROaGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAATAlMAsDAwAfgQME
AR+BHAMEAB+BHwMEAC1QgAMEAC4QDAMEAS4QDjANBgkqhkiG9w0BAQsFAAOCAQEA
BHXl8dh/0iwjo9OkRRIADSv5fPNFl8KTBmHr5jjoJT5MQfg+kYdBvmzcz5BH1d6o
N7c77uCW49o6AyluuZZJLLklOrK8GeemSgrpQkqgNSpGSdcIqUKKQZM1p0mVv1Jx
S6KesQm1FX5snhN/fE1RPjHZlpJV7qBJvVG1VUvje9LWLLK9fBPL+JkZTOiivFSJ
qobfiUdbWYDjgnRSG02jcVRfq7r+4jlqc3xpQwoVHcdTxSnT1yx7XAQ+wViCe1Kd
z35tqqgnt0337gMDTnncoRUtwbT08NOeqW8KHOPxO1E1EuPhEwVRjAE4uPRUj3sx
+CzBl4D6sts4Rka1wF0J7A==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:54 2023 by rpki-client on console-fra.rpki-client.org