Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/iLwXcldbD6VdcpSkoiiohs5Nevg.roa
File: iLwXcldbD6VdcpSkoiiohs5Nevg.roa (raw, json)
Hash identifier: Dj6kgFV3aH+h/NEdxXu1iRYFW+Wzmz+QHb7rukh1cG4=
Subject key identifier: 88:BC:17:72:57:5B:0F:A5:5D:72:94:A4:A2:28:A8:86:CE:4D:7A:F8
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0185F3567646DEFD252F6CC3C065FBE709CB
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/iLwXcldbD6VdcpSkoiiohs5Nevg.roa
Signing time: Fri 27 Jan 2023 13:06:47 +0000
ROA not before: Fri 27 Jan 2023 13:06:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
212.60.23.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
91.107.116.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
37.220.80.0/22 maxlen: 22
194.31.174.0/24 maxlen: 24
194.31.173.0/24 maxlen: 24
194.5.93.0/24 maxlen: 24
5.44.46.0/24 maxlen: 24
5.44.47.0/24 maxlen: 24
185.166.196.0/23 maxlen: 24
45.129.187.0/24 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
45.66.117.0/24 maxlen: 24
45.66.119.0/24 maxlen: 24
109.236.56.0/23 maxlen: 23
109.236.58.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:f3:56:76:46:de:fd:25:2f:6c:c3:c0:65:fb:e7:09:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 27 13:06:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=88bc1772575b0fa55d7294a4a228a886ce4d7af8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:04:f2:42:5c:f7:db:72:b2:d5:d7:e2:0e:94:
14:25:24:d5:30:90:d1:1c:fa:83:06:30:6f:08:44:
dd:4a:ad:65:15:03:93:59:08:c0:cd:03:76:6b:c9:
39:2c:bd:24:f9:88:64:6c:de:0b:3c:65:14:31:36:
a4:82:32:2a:02:01:72:3a:4a:1f:e4:fa:0e:26:fd:
7c:90:58:9b:ae:60:24:1b:78:9f:f3:b4:22:f8:cd:
67:9b:95:e5:aa:df:16:0f:a0:90:47:af:6e:81:ea:
18:9c:8f:6e:d4:86:0f:2c:50:82:9c:9e:b1:47:de:
37:cc:24:6f:30:59:fc:0e:c4:e6:7c:2c:bc:1d:ef:
90:a4:93:03:4c:f7:a2:33:3d:3a:21:be:20:3a:34:
59:30:4a:7a:0c:11:ee:c0:10:9f:d2:37:7f:29:05:
c5:b9:c1:e3:7f:0b:99:1c:da:6f:e2:c0:b1:ea:70:
01:40:1e:95:0b:f6:3b:9f:69:08:3b:c5:aa:90:de:
e3:8d:eb:93:75:10:ed:37:5b:a3:5a:9a:a9:20:a8:
5e:2c:f9:2f:df:8d:a0:65:09:c5:39:d9:10:cb:5f:
9a:e0:ac:05:38:af:ee:6c:e8:52:41:9d:0d:d8:3f:
48:0c:b9:2e:99:ea:d4:ac:0f:dd:fc:af:6f:97:0c:
e5:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:BC:17:72:57:5B:0F:A5:5D:72:94:A4:A2:28:A8:86:CE:4D:7A:F8
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/iLwXcldbD6VdcpSkoiiohs5Nevg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.46.0/23
31.129.0.0-31.129.21.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.66.117.0/24
45.66.119.0/24
45.80.129.0-45.80.131.255
45.129.187.0/24
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
91.107.116.0/24
94.198.216.0-94.198.221.255
109.236.56.0-109.236.58.255
141.98.233.0-141.98.234.255
185.166.196.0/23
194.5.93.0/24
194.31.173.0-194.31.174.255
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
42:4f:87:99:73:2d:3e:24:d2:f5:21:26:4e:a2:ce:5b:14:18:
9a:29:20:41:0d:9f:e9:5c:39:6a:d9:93:4c:c0:58:c5:47:35:
96:6e:a3:11:94:48:82:1e:b3:db:1c:51:36:00:f3:59:21:b6:
de:be:fa:84:e9:03:3e:5c:ee:e1:8e:9d:35:0d:d3:95:d8:7a:
1c:ca:8e:f8:4a:ab:e5:d5:5f:3e:34:5e:b7:13:ae:14:9a:42:
92:f7:58:67:3e:2c:10:31:96:29:d9:26:b2:5f:85:68:54:24:
75:df:e5:c6:d0:95:77:a4:11:ce:f0:c3:e5:78:9a:94:19:2c:
5c:ad:ab:f2:0b:bb:9c:5f:97:09:74:ac:b7:be:7c:0a:e5:78:
2d:7d:a9:e5:c3:46:ba:f4:63:a8:74:bd:28:09:25:19:6c:e9:
6e:42:d4:9f:35:20:8d:ea:33:5e:f6:fa:3c:61:bd:7a:fc:d5:
6d:82:a2:76:73:7d:60:c4:b9:48:86:67:90:10:d0:da:cb:91:
a6:08:a0:3e:90:06:3e:55:aa:3a:7e:28:58:17:a7:a7:94:aa:
1d:e7:cc:8a:0f:bc:95:92:a1:8d:12:54:3c:69:9f:65:61:c9:
2c:8a:ec:2c:55:e5:68:92:96:70:c4:16:7d:23:d8:a4:e6:5f:
1e:69:24:ab
-----BEGIN CERTIFICATE-----
MIIFuTCCBKGgAwIBAgISAYXzVnZG3v0lL2zDwGX75wnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTI3MTMwNjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGJjMTc3MjU3NWIwZmE1NWQ3Mjk0YTRhMjI4YTg4NmNlNGQ3YWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggTyQlz323Ky1dfiDpQUJSTVMJDR
HPqDBjBvCETdSq1lFQOTWQjAzQN2a8k5LL0k+YhkbN4LPGUUMTakgjIqAgFyOkof
5PoOJv18kFibrmAkG3if87Qi+M1nm5Xlqt8WD6CQR69ugeoYnI9u1IYPLFCCnJ6x
R943zCRvMFn8DsTmfCy8He+QpJMDTPeiMz06Ib4gOjRZMEp6DBHuwBCf0jd/KQXF
ucHjfwuZHNpv4sCx6nABQB6VC/Y7n2kIO8WqkN7jjeuTdRDtN1ujWpqpIKheLPkv
342gZQnFOdkQy1+a4KwFOK/ubOhSQZ0N2D9IDLkumerUrA/d/K9vlwzlPQIDAQAB
o4ICxTCCAsEwHQYDVR0OBBYEFIi8F3JXWw+lXXKUpKIoqIbOTXr4MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvaUx3WGNsZGJENlZkY3BTa29paW9oczVOZXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHaBggrBgEFBQcBBwEB/wSByjCBxzCBxAQCAAEwgb0DBAEF
LC4wCwMDAB+BAwQBH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FADBAAtQnUD
BAAtQncwDAMEAC1QgQMEAi1QgAMEAC2BuwMEAC4QDAMEAS4QDgMEAi4TQDAMAwQE
UciQAwQBUcicAwQAW2t0MAwDBANextgDBAFextwwDAMEA23sOAMEAG3sOjAMAwQA
jWLpAwQAjWLqAwQBuabEAwQAwgVdMAwDBADCH60DBADCH64DBADUPBcwDQYJKoZI
hvcNAQELBQADggEBAEJPh5lzLT4k0vUhJk6izlsUGJopIEENn+lcOWrZk0zAWMVH
NZZuoxGUSIIes9scUTYA81khtt6++oTpAz5c7uGOnTUN05XYehzKjvhKq+XVXz40
XrcTrhSaQpL3WGc+LBAxlinZJrJfhWhUJHXf5cbQlXekEc7ww+V4mpQZLFytq/IL
u5xflwl0rLe+fArleC19qeXDRrr0Y6h0vSgJJRls6W5C1J81II3qM172+jxhvXr8
1W2ConZzfWDEuUiGZ5AQ0NrLkaYIoD6QBj5Vqjp+KFgXp6eUqh3nzIoPvJWSoY0S
VDxpn2VhySyK7CxV5WiSlnDEFn0j2KTmXx5pJKs=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:47 2023 by rpki-client on console-ams.rpki-client.org