Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/gMvSwK8-nk94zOGdAQxqYPx4RcU.roa
File: gMvSwK8-nk94zOGdAQxqYPx4RcU.roa (raw, json)
Hash identifier: fmhv4i4d9PO0p6slGB6ZpPO+6nJ/DPFQq8k44DZ3xIk=
Subject key identifier: 80:CB:D2:C0:AF:3E:9E:4F:78:CC:E1:9D:01:0C:6A:60:FC:78:45:C5
Certificate issuer: /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial: 0591B9E1
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/gMvSwK8-nk94zOGdAQxqYPx4RcU.roa
Signing time: Sat 01 Jan 2022 06:05:26 +0000
ROA not before: Sat 01 Jan 2022 06:05:26 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 30823
IP address blocks: 31.214.246.0/24 maxlen: 24
31.214.245.0/24 maxlen: 24
31.214.247.0/24 maxlen: 24
95.156.227.0/24 maxlen: 24
109.230.238.0/24 maxlen: 24
31.214.141.0/24 maxlen: 24
134.255.216.0/21 maxlen: 24
134.255.225.0/24 maxlen: 24
134.255.232.0/23 maxlen: 24
134.255.231.0/24 maxlen: 24
134.255.227.0/24 maxlen: 24
134.255.234.0/24 maxlen: 24
134.255.252.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 93436385 (0x591b9e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Validity
Not Before: Jan 1 06:05:26 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=80cbd2c0af3e9e4f78cce19d010c6a60fc7845c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:93:de:15:6b:25:83:2e:bb:82:b2:00:30:49:
78:e8:29:8f:61:fd:2b:6b:00:54:fb:13:78:a4:8a:
01:ad:45:22:f5:de:f6:d2:18:e5:cd:9a:24:63:c8:
5d:67:72:d3:d1:9b:a1:b8:f1:a5:16:91:58:31:bb:
fd:6a:f6:a6:3b:d2:f4:58:17:c6:a4:1e:d0:35:69:
0c:72:56:ef:49:a8:a5:5a:93:6c:92:4a:45:f3:c7:
6f:66:8a:15:64:a1:fa:8b:d8:f1:22:d2:df:c2:df:
e8:ba:f8:b2:2c:5c:45:d6:90:fc:db:04:f7:da:a3:
5f:fc:6c:03:cd:02:91:c9:9e:4f:8e:df:b8:24:24:
89:32:35:23:57:8b:b5:d7:08:19:0f:9a:c5:4e:85:
25:9c:30:0b:66:ff:ba:53:81:d6:33:f2:be:16:c5:
c0:39:a3:ab:d9:10:d7:a7:c8:da:80:0f:6f:1a:f9:
96:b2:87:39:9b:e2:f4:cf:f2:1e:3b:17:13:15:bf:
45:e8:ba:3f:90:db:9f:70:6e:13:e0:e6:5c:04:bd:
20:48:98:9a:2b:29:3f:61:6e:00:05:00:68:20:9e:
b4:e6:68:46:c2:df:52:80:c1:4a:2e:27:6e:c3:0f:
03:1a:7b:e7:87:3f:84:d9:74:ea:e6:c0:44:1a:e1:
37:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:CB:D2:C0:AF:3E:9E:4F:78:CC:E1:9D:01:0C:6A:60:FC:78:45:C5
X509v3 Authority Key Identifier:
keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/gMvSwK8-nk94zOGdAQxqYPx4RcU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.141.0/24
31.214.245.0-31.214.247.255
95.156.227.0/24
109.230.238.0/24
134.255.216.0/21
134.255.225.0/24
134.255.227.0/24
134.255.231.0-134.255.234.255
134.255.252.0/24
Signature Algorithm: sha256WithRSAEncryption
74:3a:5f:41:66:ee:d8:f6:67:77:c0:12:9d:b6:7a:2d:d9:ce:
8b:66:22:21:61:46:39:8e:9a:9d:c7:ea:56:ab:a6:e3:6d:47:
45:f2:7e:79:fb:30:0f:cb:14:0b:f5:a2:48:f8:10:0f:c8:e0:
d8:e7:a1:27:2c:d3:60:08:35:6f:8e:d1:0b:ca:3d:ef:43:ed:
a7:24:45:53:83:6c:33:2a:28:82:8d:a1:d7:73:95:b5:db:5f:
ac:b0:fe:fb:ed:11:96:e5:4b:7d:5d:26:b5:f1:c2:3a:7b:6e:
e9:c3:3e:94:a5:f3:8a:17:84:94:b1:04:a6:c6:ed:10:31:9d:
cd:77:fa:ca:b7:c2:c5:d4:d9:c2:a7:7d:0a:58:21:e9:c2:72:
f9:9c:35:eb:46:e8:d1:8f:c2:50:37:5f:bc:4a:6f:c6:fd:6f:
52:b3:4b:60:60:e2:06:c7:bf:66:5b:c6:b5:1e:a4:6c:74:c8:
53:75:51:83:ca:90:06:ce:f6:5e:60:7f:14:22:5d:94:52:76:
60:fc:66:7e:3d:42:40:6e:0d:a5:67:72:c7:b0:e6:54:a8:f5:
b4:07:b0:56:08:cb:3b:2d:d6:26:09:e2:ff:f4:fe:23:d2:9a:
24:b8:59:eb:e3:73:cd:cb:cc:04:3e:e2:41:03:53:d2:01:53:
1e:4c:93:25
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEBZG54TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
YTM3NmM4MDA4ZDZhYmQ5NjIzNDE1NjNkZDJhNGRjY2FmMTUzY2JhMB4XDTIyMDEw
MTA2MDUyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODBjYmQyYzBhZjNl
OWU0Zjc4Y2NlMTlkMDEwYzZhNjBmYzc4NDVjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALOT3hVrJYMuu4KyADBJeOgpj2H9K2sAVPsTeKSKAa1FIvXe
9tIY5c2aJGPIXWdy09GbobjxpRaRWDG7/Wr2pjvS9FgXxqQe0DVpDHJW70mopVqT
bJJKRfPHb2aKFWSh+ovY8SLS38Lf6Lr4sixcRdaQ/NsE99qjX/xsA80CkcmeT47f
uCQkiTI1I1eLtdcIGQ+axU6FJZwwC2b/ulOB1jPyvhbFwDmjq9kQ16fI2oAPbxr5
lrKHOZvi9M/yHjsXExW/Rei6P5Dbn3BuE+DmXAS9IEiYmispP2FuAAUAaCCetOZo
RsLfUoDBSi4nbsMPAxp754c/hNl06ubARBrhN7kCAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBSAy9LArz6eT3jM4Z0BDGpg/HhFxTAfBgNVHSMEGDAWgBRaN2yACNar2WI0
FWPdKk3MrxU8ujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dqZHNnQWpXcTlsaU5CVmozU3BOeks4VlBMby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDIvY2FhNzQzLTFjMTMtNGEyNS05ZjZhLTY1YmU1NTAzMTY1ZC8x
L2dNdlN3Szgtbms5NHpPR2RBUXhxWVB4NFJjVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIv
Y2FhNzQzLTFjMTMtNGEyNS05ZjZhLTY1YmU1NTAzMTY1ZC8xL1dqZHNnQWpXcTls
aU5CVmozU3BOeks4VlBMby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wTAQCAAEwRgMEAB/WjTAMAwQAH9b1AwQDH9bwAwQA
X5zjAwQAbebuAwQDhv/YAwQAhv/hAwQAhv/jMAwDBACG/+cDBACG/+oDBACG//ww
DQYJKoZIhvcNAQELBQADggEBAHQ6X0Fm7tj2Z3fAEp22ei3ZzotmIiFhRjmOmp3H
6larpuNtR0Xyfnn7MA/LFAv1okj4EA/I4NjnoScs02AINW+O0QvKPe9D7ackRVOD
bDMqKIKNoddzlbXbX6yw/vvtEZblS31dJrXxwjp7bunDPpSl84oXhJSxBKbG7RAx
nc13+sq3wsXU2cKnfQpYIenCcvmcNetG6NGPwlA3X7xKb8b9b1KzS2Bg4gbHv2Zb
xrUepGx0yFN1UYPKkAbO9l5gfxQiXZRSdmD8Zn49QkBuDaVncsew5lSo9bQHsFYI
yzst1iYJ4v/0/iPSmiS4Wevjc83LzAQ+4kEDU9IBUx5MkyU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:07 2024 by rpki-client on console-fra.rpki-client.org