Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/f8LFf-IrMumt69GKhZqOcP450HQ.roa
File: f8LFf-IrMumt69GKhZqOcP450HQ.roa (raw, json)
Hash identifier: PNyeTPQ2WuE7H4W8/wWw75qJSQn5RCZySVBO5+jsRjo=
Subject key identifier: 7F:C2:C5:7F:E2:2B:32:E9:AD:EB:D1:8A:85:9A:8E:70:FE:39:D0:74
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0187564789A3D975598E16B864F1A5C6742F
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/f8LFf-IrMumt69GKhZqOcP450HQ.roa
Signing time: Thu 06 Apr 2023 11:15:41 +0000
ROA not before: Thu 06 Apr 2023 11:15:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
85.92.108.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
37.220.80.0/22 maxlen: 22
185.166.196.0/23 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:56:47:89:a3:d9:75:59:8e:16:b8:64:f1:a5:c6:74:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Apr 6 11:15:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7fc2c57fe22b32e9adebd18a859a8e70fe39d074
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:37:71:25:ff:a5:0a:13:93:71:c3:d4:76:df:
1c:e4:3a:bf:c0:52:f9:56:ae:91:ac:91:e4:be:a7:
90:55:61:34:d2:07:af:04:ff:32:25:f7:e8:1d:c6:
da:df:62:6b:e7:08:7b:6c:c4:92:98:ce:39:13:59:
60:e5:06:c8:b1:d5:5f:e6:69:16:d6:66:85:66:ed:
04:69:a5:5a:d3:28:e0:b4:b4:c8:14:63:c8:a9:9b:
de:03:1d:c5:85:e0:6a:ac:ad:a0:a1:17:44:cc:65:
26:31:0d:2f:c6:53:a8:c4:91:82:9a:9e:c1:54:dc:
cc:be:b6:3e:99:05:e7:5b:96:99:77:b1:72:a8:5e:
60:05:a4:f8:d0:11:76:0c:9f:b5:76:65:63:ec:05:
b0:8b:ad:c9:b6:4f:d7:ac:45:03:36:45:53:49:d0:
9f:18:9c:05:90:4a:7a:ec:47:68:81:fd:8f:07:75:
1d:b3:a2:83:b5:46:90:2f:23:cc:ca:dd:c3:a3:d5:
2a:70:b3:a0:93:34:1c:5c:bc:25:16:71:57:3f:80:
1e:a4:06:f6:fd:e4:b6:c2:bd:39:22:01:ef:a3:28:
b5:9b:e5:81:68:cc:9e:44:7f:b2:fa:32:68:40:fe:
87:a6:9b:94:20:c4:6c:f9:03:b4:7d:f2:88:8e:11:
49:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:C2:C5:7F:E2:2B:32:E9:AD:EB:D1:8A:85:9A:8E:70:FE:39:D0:74
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/f8LFf-IrMumt69GKhZqOcP450HQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.20.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.80.129.0-45.80.131.255
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
85.92.108.0/24
94.198.216.0-94.198.221.255
141.98.233.0-141.98.234.255
185.166.196.0/23
Signature Algorithm: sha256WithRSAEncryption
87:0b:4f:13:bc:84:75:31:78:a6:55:e1:26:6c:73:21:f5:6c:
87:9a:9a:d4:56:bd:a3:a3:9f:23:52:ce:00:fd:cd:73:02:e6:
97:85:3b:76:2b:a2:8a:01:33:92:2f:f9:bc:55:51:1d:22:eb:
5d:34:84:58:70:75:c9:57:4a:e6:93:80:0b:f9:19:f9:9a:0c:
6d:9d:83:71:eb:39:b6:bd:69:b4:4f:ac:88:b1:08:85:4c:be:
d3:a4:55:ee:58:cd:c1:a6:96:65:8a:2c:36:be:5d:bd:d9:df:
c0:8c:96:b2:80:09:50:f9:89:86:5f:62:4d:96:a7:a6:61:d2:
bf:45:75:77:84:c6:9e:67:2b:84:18:53:68:a1:12:de:3b:f6:
04:c9:e1:72:30:1d:da:c6:fc:ca:94:23:36:6e:01:82:1a:3d:
0e:eb:cc:98:a0:15:ae:a4:2f:99:19:27:fe:fa:5f:29:9f:60:
d3:17:48:4a:67:c2:06:19:67:6d:4a:71:0b:53:d1:99:c9:90:
3d:0c:32:a0:62:a0:55:6e:74:5f:d4:fa:e9:77:46:32:bc:98:
a1:31:fc:20:1a:ce:9c:8b:7f:b6:c8:39:a3:75:5b:51:58:df:
55:30:aa:d1:5e:2c:15:58:21:8c:a5:ef:fd:41:6b:3a:ac:a6:
9c:55:7b:b4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYdWR4mj2XVZjha4ZPGlxnQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNDA2MTExNTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmMyYzU3ZmUyMmIzMmU5YWRlYmQxOGE4NTlhOGU3MGZlMzlkMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDdxJf+lChOTccPUdt8c5Dq/wFL5
Vq6RrJHkvqeQVWE00gevBP8yJffoHcba32Jr5wh7bMSSmM45E1lg5QbIsdVf5mkW
1maFZu0EaaVa0yjgtLTIFGPIqZveAx3FheBqrK2goRdEzGUmMQ0vxlOoxJGCmp7B
VNzMvrY+mQXnW5aZd7FyqF5gBaT40BF2DJ+1dmVj7AWwi63Jtk/XrEUDNkVTSdCf
GJwFkEp67Edogf2PB3Uds6KDtUaQLyPMyt3Do9UqcLOgkzQcXLwlFnFXP4AepAb2
/eS2wr05IgHvoyi1m+WBaMyeRH+y+jJoQP6HppuUIMRs+QO0ffKIjhFJawIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFH/CxX/iKzLprevRioWajnD+OdB0MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvZjhMRmYtSXJNdW10NjlHS2hacU9jUDQ1MEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjCBgwQCAAEwfTALAwMA
H4EDBAAfgRQwDAMEAB+BFwMEAR+BHAMEAB+BHwMEAiXcUDAMAwQALVCBAwQCLVCA
AwQALhAMAwQBLhAOAwQCLhNAMAwDBARRyJADBAFRyJwDBABVXGwwDAMEA17G2AME
AV7G3DAMAwQAjWLpAwQAjWLqAwQBuabEMA0GCSqGSIb3DQEBCwUAA4IBAQCHC08T
vIR1MXimVeEmbHMh9WyHmprUVr2jo58jUs4A/c1zAuaXhTt2K6KKATOSL/m8VVEd
IutdNIRYcHXJV0rmk4AL+Rn5mgxtnYNx6zm2vWm0T6yIsQiFTL7TpFXuWM3BppZl
iiw2vl292d/AjJaygAlQ+YmGX2JNlqemYdK/RXV3hMaeZyuEGFNooRLeO/YEyeFy
MB3axvzKlCM2bgGCGj0O68yYoBWupC+ZGSf++l8pn2DTF0hKZ8IGGWdtSnELU9GZ
yZA9DDKgYqBVbnRf1Prpd0YyvJihMfwgGs6ci3+2yDmjdVtRWN9VMKrRXiwVWCGM
pe/9QWs6rKacVXu0
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:54 2023 by rpki-client on console-fra.rpki-client.org