Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/z1bFFvM_dV1tS8jnUHmrXCbfl2M.roa
File: z1bFFvM_dV1tS8jnUHmrXCbfl2M.roa (raw, json)
Hash identifier: pUGORN+X8SzJnnyypDaEq8iGfEmVaqjyCuU2E6MYj9Y=
Subject key identifier: CF:56:C5:16:F3:3F:75:5D:6D:4B:C8:E7:50:79:AB:5C:26:DF:97:63
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 018775905E5ADF139D0C2DC22BE2F87DCAFC
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/z1bFFvM_dV1tS8jnUHmrXCbfl2M.roa
Signing time: Wed 12 Apr 2023 13:03:28 +0000
ROA not before: Wed 12 Apr 2023 13:03:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
85.92.108.0/24 maxlen: 24
45.80.129.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
37.220.80.0/22 maxlen: 22
185.166.196.0/23 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
91.222.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:75:90:5e:5a:df:13:9d:0c:2d:c2:2b:e2:f8:7d:ca:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Apr 12 13:03:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cf56c516f33f755d6d4bc8e75079ab5c26df9763
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:6a:21:a8:07:b0:10:3c:54:aa:78:07:4d:ca:
63:7a:16:67:c6:a1:12:f0:9c:d1:50:d1:ef:63:d3:
c0:83:75:c9:fa:cd:58:5f:c8:60:dc:8d:60:50:1f:
4b:f4:0a:ba:ca:06:04:be:a6:9f:af:65:f6:ef:6e:
22:86:c9:ad:ee:13:68:e8:7a:4c:a4:c1:ca:80:33:
06:1c:75:c0:72:f1:08:d5:68:56:13:cb:86:83:c7:
6d:75:bf:77:71:fe:d3:d2:2f:d2:dc:88:50:5e:51:
70:50:8c:a6:18:b2:72:7f:96:cf:43:8c:38:ab:62:
4f:85:e7:24:81:40:7e:b2:d5:52:a2:84:71:3c:9a:
3e:4e:cd:62:2e:28:c2:d4:9e:ae:0b:27:ae:57:f2:
28:61:14:68:3f:48:49:95:20:e8:d8:9f:70:87:45:
74:f3:38:b7:92:f2:e3:8a:e6:ed:81:46:0a:02:f9:
24:dc:c4:d4:9f:e3:f4:3c:7c:99:60:91:b8:5a:35:
fd:07:2e:b6:7d:24:ae:1e:82:70:36:1d:3d:f2:1d:
92:ac:3a:48:0a:50:c4:48:dd:83:e9:46:55:f6:e6:
89:04:b7:3f:36:97:a6:2d:7e:eb:ef:d7:eb:c8:4c:
48:8a:49:39:a2:8d:8c:2a:28:dc:f9:ce:f4:2c:83:
31:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:56:C5:16:F3:3F:75:5D:6D:4B:C8:E7:50:79:AB:5C:26:DF:97:63
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/z1bFFvM_dV1tS8jnUHmrXCbfl2M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.20.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.80.129.0-45.80.131.255
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
85.92.108.0/24
91.222.238.0/24
94.198.216.0-94.198.221.255
141.98.233.0-141.98.234.255
185.166.196.0/23
Signature Algorithm: sha256WithRSAEncryption
79:15:5a:c7:57:40:5f:37:41:76:34:c6:51:ab:02:52:fd:35:
45:0f:f1:04:35:f2:3e:eb:ee:79:c1:8d:ad:f1:56:1a:17:37:
38:ef:8f:f7:12:99:81:0e:ee:5a:e0:65:aa:0f:c6:b9:ce:fd:
6c:e5:88:89:81:91:74:0d:18:a0:7e:cb:f1:2b:3b:20:ac:5a:
9f:03:01:e8:a5:94:ad:9a:68:04:ea:6c:2d:af:9a:e0:4a:39:
8b:6d:b4:a0:25:df:28:4e:13:f2:e5:15:41:e9:00:20:17:5a:
98:0c:bc:df:a3:66:ba:18:43:a1:3a:ca:b3:bd:85:32:23:05:
32:6f:78:8e:f2:3d:6a:e0:cd:b5:e1:cd:56:be:56:e9:8a:21:
86:df:91:2d:e1:41:50:78:28:4e:4b:2e:fb:df:d3:3e:49:2f:
d6:2d:21:35:d4:d9:ae:83:5d:f2:d5:7b:ab:06:20:84:ca:95:
88:7b:7a:49:86:11:54:93:ea:34:a1:d9:09:a9:8b:3f:fe:c5:
f0:d0:d2:ab:3f:c2:86:d6:95:a9:79:ab:36:5d:20:52:8a:c9:
6e:65:02:2f:fc:15:fc:d7:64:a5:ef:0d:c9:17:8e:a3:46:ca:
ed:1b:19:40:c6:a9:1c:18:80:ac:18:28:1d:5a:17:42:ed:35:
35:81:3a:f2
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgISAYd1kF5a3xOdDC3CK+L4fcr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNDEyMTMwMzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjU2YzUxNmYzM2Y3NTVkNmQ0YmM4ZTc1MDc5YWI1YzI2ZGY5NzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmohqAewEDxUqngHTcpjehZnxqES
8JzRUNHvY9PAg3XJ+s1YX8hg3I1gUB9L9Aq6ygYEvqafr2X2724ihsmt7hNo6HpM
pMHKgDMGHHXAcvEI1WhWE8uGg8dtdb93cf7T0i/S3IhQXlFwUIymGLJyf5bPQ4w4
q2JPheckgUB+stVSooRxPJo+Ts1iLijC1J6uCyeuV/IoYRRoP0hJlSDo2J9wh0V0
8zi3kvLjiubtgUYKAvkk3MTUn+P0PHyZYJG4WjX9By62fSSuHoJwNh098h2SrDpI
ClDESN2D6UZV9uaJBLc/NpemLX7r79fryExIikk5oo2MKijc+c70LIMxUwIDAQAB
o4ICizCCAocwHQYDVR0OBBYEFM9WxRbzP3VdbUvI51B5q1wm35djMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvejFiRkZ2TV9kVjF0UzhqblVIbXJYQ2JmbDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGgBggrBgEFBQcBBwEB/wSBkDCBjTCBigQCAAEwgYMwCwMD
AB+BAwQAH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FAwDAMEAC1QgQMEAi1Q
gAMEAC4QDAMEAS4QDgMEAi4TQDAMAwQEUciQAwQBUcicAwQAVVxsAwQAW97uMAwD
BANextgDBAFextwwDAMEAI1i6QMEAI1i6gMEAbmmxDANBgkqhkiG9w0BAQsFAAOC
AQEAeRVax1dAXzdBdjTGUasCUv01RQ/xBDXyPuvuecGNrfFWGhc3OO+P9xKZgQ7u
WuBlqg/Guc79bOWIiYGRdA0YoH7L8Ss7IKxanwMB6KWUrZpoBOpsLa+a4Eo5i220
oCXfKE4T8uUVQekAIBdamAy836NmuhhDoTrKs72FMiMFMm94jvI9auDNteHNVr5W
6Yohht+RLeFBUHgoTksu+9/TPkkv1i0hNdTZroNd8tV7qwYghMqViHt6SYYRVJPq
NKHZCamLP/7F8NDSqz/ChtaVqXmrNl0gUorJbmUCL/wV/Ndkpe8NyReOo0bK7RsZ
QMapHBiArBgoHVoXQu01NYE68g==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:47 2023 by rpki-client on console-ams.rpki-client.org