Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/lCvv0Fam80TXIT5hM4eRq2d6FH0.roa
File: lCvv0Fam80TXIT5hM4eRq2d6FH0.roa (raw, json)
Hash identifier: jBwnT5JmmA1W3rat9hOrvgrsP+BOUw3l9I79MSmRAX4=
Subject key identifier: 94:2B:EF:D0:56:A6:F3:44:D7:21:3E:61:33:87:91:AB:67:7A:14:7D
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 1166FABD
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/lCvv0Fam80TXIT5hM4eRq2d6FH0.roa
Signing time: Sat 01 Jan 2022 05:57:08 +0000
ROA not before: Sat 01 Jan 2022 05:57:08 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209371
IP address blocks: 31.129.22.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.30.0/24 maxlen: 24
194.5.94.0/23 maxlen: 23
194.5.94.0/24 maxlen: 24
194.5.95.0/24 maxlen: 24
45.129.184.0/24 maxlen: 24
77.83.116.0/24 maxlen: 24
77.83.117.0/24 maxlen: 24
77.83.119.0/24 maxlen: 24
194.28.193.0/24 maxlen: 24
195.80.48.0/24 maxlen: 24
45.66.118.0/24 maxlen: 24
45.8.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 291961533 (0x1166fabd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 1 05:57:08 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=942befd056a6f344d7213e61338791ab677a147d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:82:8f:b9:61:57:67:79:df:97:73:2a:fe:14:
7d:e8:d3:b4:36:e4:50:35:48:7e:d5:38:28:7b:06:
4a:a3:f0:43:e2:59:67:51:0b:06:1b:00:57:a6:a7:
63:6c:3b:75:ac:97:ed:3a:c7:d2:16:21:a4:4f:ae:
f0:ab:9e:93:de:53:81:09:82:5e:e5:5b:05:99:52:
c6:6b:64:26:45:e3:91:d4:84:ea:a3:5e:2c:4f:19:
00:37:b1:9c:c6:42:a9:fa:c1:14:e7:ea:d7:1b:6f:
ad:43:e5:1c:1c:61:99:f9:9e:8f:cd:fe:8f:01:fb:
ab:9e:06:7b:c1:73:e2:d8:1d:20:5a:35:b1:76:ba:
68:5a:b1:af:e4:a5:e1:83:cc:31:c1:00:86:b9:5f:
5b:94:2b:6c:2e:44:90:5b:67:d1:a6:a1:5f:0f:a8:
54:50:33:8d:b0:f4:33:a5:3c:31:f1:3c:fa:16:08:
e1:36:47:be:3f:8d:77:05:0b:19:e6:95:4c:9a:34:
00:14:71:8b:69:3e:48:4c:cc:38:5d:d8:4b:ce:de:
d4:45:f9:99:b4:d7:cd:71:ca:61:71:00:a5:8b:79:
96:2f:6b:ba:3b:8e:ef:03:41:a7:3b:8b:79:46:7d:
19:56:fe:56:5a:68:58:6d:50:98:4e:29:3e:af:e0:
0c:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:2B:EF:D0:56:A6:F3:44:D7:21:3E:61:33:87:91:AB:67:7A:14:7D
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/lCvv0Fam80TXIT5hM4eRq2d6FH0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.21.0-31.129.22.255
31.129.30.0/24
45.8.99.0/24
45.66.118.0/24
45.129.184.0/24
77.83.116.0/23
77.83.119.0/24
194.5.94.0/23
194.28.193.0/24
195.80.48.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:bc:4b:32:48:2f:ec:39:a7:b0:b0:48:c2:28:90:1d:f3:2c:
cf:26:9a:78:e5:ba:8c:ce:8f:70:3c:53:7b:90:a6:45:60:2b:
97:2e:84:ff:d5:7d:14:d1:a8:13:a6:47:61:06:9a:82:e0:d8:
f3:92:c5:84:d7:fc:b5:b5:8a:5b:8d:0a:7c:dc:0a:4d:45:17:
1a:0b:b4:8d:71:83:3f:57:05:71:95:63:90:a7:2d:78:ee:3a:
7a:2d:4f:ec:15:f3:4b:0c:02:f3:e6:95:62:64:66:9e:94:5b:
81:81:4e:44:48:af:0c:87:a3:1f:80:bd:0b:84:ea:d7:c7:bd:
72:8d:2d:a8:f7:d3:5c:45:df:09:7e:04:5b:22:cd:d7:17:ac:
59:b5:a3:9d:49:85:c6:63:38:76:c0:85:d4:48:1f:16:73:0a:
23:92:10:1a:8f:e8:c9:54:f1:91:0c:e4:97:15:aa:53:25:1f:
63:03:89:ec:c1:b3:c3:50:86:ad:8a:62:7b:e2:4f:46:58:ed:
84:16:1e:b5:83:d0:d2:58:58:39:cf:3c:94:f4:4e:93:e3:4c:
f9:b6:65:7d:ca:52:38:2f:45:cc:15:24:ef:25:2c:14:8f:97:
19:95:39:3d:f4:21:c9:04:48:1c:b0:e5:83:c9:33:d1:f8:8c:
2a:51:f2:0c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEEWb6vTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NWIxZDEzYzJlMjZlMTI3ODYyNDZhNWVjNGM1YmVhNjk4NjRiMjBmMB4XDTIyMDEw
MTA1NTcwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTQyYmVmZDA1NmE2
ZjM0NGQ3MjEzZTYxMzM4NzkxYWI2NzdhMTQ3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKSCj7lhV2d535dzKv4UfejTtDbkUDVIftU4KHsGSqPwQ+JZ
Z1ELBhsAV6anY2w7dayX7TrH0hYhpE+u8Kuek95TgQmCXuVbBZlSxmtkJkXjkdSE
6qNeLE8ZADexnMZCqfrBFOfq1xtvrUPlHBxhmfmej83+jwH7q54Ge8Fz4tgdIFo1
sXa6aFqxr+Sl4YPMMcEAhrlfW5QrbC5EkFtn0aahXw+oVFAzjbD0M6U8MfE8+hYI
4TZHvj+NdwULGeaVTJo0ABRxi2k+SEzMOF3YS87e1EX5mbTXzXHKYXEApYt5li9r
ujuO7wNBpzuLeUZ9GVb+VlpoWG1QmE4pPq/gDNMCAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBSUK+/QVqbzRNchPmEzh5GrZ3oUfTAfBgNVHSMEGDAWgBQFsdE8LibhJ4Yk
al7Exb6mmGSyDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JiSFJQQzRtNFNlR0pHcGV4TVctcHBoa3NnOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTgvYzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8x
L2xDdnYwRmFtODBUWElUNWhNNGVScTJkNkZIMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgv
YzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8xL0JiSFJQQzRtNFNl
R0pHcGV4TVctcHBoa3NnOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRDAMAwQAH4EVAwQAH4EWAwQAH4EeAwQA
LQhjAwQALUJ2AwQALYG4AwQBTVN0AwQATVN3AwQBwgVeAwQAwhzBAwQAw1AwMA0G
CSqGSIb3DQEBCwUAA4IBAQANvEsySC/sOaewsEjCKJAd8yzPJpp45bqMzo9wPFN7
kKZFYCuXLoT/1X0U0agTpkdhBpqC4NjzksWE1/y1tYpbjQp83ApNRRcaC7SNcYM/
VwVxlWOQpy147jp6LU/sFfNLDALz5pViZGaelFuBgU5ESK8Mh6MfgL0LhOrXx71y
jS2o99NcRd8JfgRbIs3XF6xZtaOdSYXGYzh2wIXUSB8WcwojkhAaj+jJVPGRDOSX
FapTJR9jA4nswbPDUIatimJ74k9GWO2EFh61g9DSWFg5zzyU9E6T40z5tmV9ylI4
L0XMFSTvJSwUj5cZlTk99CHJBEgcsOWDyTPR+IwqUfIM
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:54 2023 by rpki-client on console-fra.rpki-client.org