Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/b5cD4iHqX_gdII5F5UCp_5mVW0U.roa
File: b5cD4iHqX_gdII5F5UCp_5mVW0U.roa (raw, json)
Hash identifier: wEnvaeVH0R9zD30y2tylQMRxnCCU+HG0y3REYew+1bQ=
Subject key identifier: 6F:97:03:E2:21:EA:5F:F8:1D:20:8E:45:E5:40:A9:FF:99:95:5B:45
Certificate issuer: /CN=ca96218c20efd8fe53fca9990b725dd7963c885c
Certificate serial: 018D3B4C45662AA01F62A95F4813967FE2FE
Authority key identifier: CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/b5cD4iHqX_gdII5F5UCp_5mVW0U.roa
Signing time: Wed 24 Jan 2024 11:47:50 +0000
ROA not before: Wed 24 Jan 2024 11:47:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9121
IP address blocks: 31.40.240.0/24 maxlen: 24
31.40.242.0/24 maxlen: 24
31.40.243.0/24 maxlen: 24
77.92.96.0/24 maxlen: 24
77.92.97.0/24 maxlen: 24
77.92.98.0/24 maxlen: 24
77.92.99.0/24 maxlen: 24
77.92.100.0/24 maxlen: 24
77.92.101.0/24 maxlen: 24
77.92.102.0/24 maxlen: 24
77.92.103.0/24 maxlen: 24
77.92.104.0/24 maxlen: 24
77.92.105.0/24 maxlen: 24
77.92.106.0/24 maxlen: 24
77.92.107.0/24 maxlen: 24
77.92.108.0/24 maxlen: 24
77.92.109.0/24 maxlen: 24
77.92.110.0/24 maxlen: 24
77.92.111.0/24 maxlen: 24
77.92.112.0/24 maxlen: 24
77.92.113.0/24 maxlen: 24
77.92.114.0/24 maxlen: 24
77.92.115.0/24 maxlen: 24
77.92.116.0/24 maxlen: 24
77.92.117.0/24 maxlen: 24
77.92.118.0/24 maxlen: 24
77.92.119.0/24 maxlen: 24
77.92.120.0/24 maxlen: 24
77.92.121.0/24 maxlen: 24
77.92.122.0/24 maxlen: 24
77.92.123.0/24 maxlen: 24
77.92.124.0/24 maxlen: 24
77.92.125.0/24 maxlen: 24
77.92.126.0/24 maxlen: 24
77.92.127.0/24 maxlen: 24
185.115.208.0/24 maxlen: 24
185.115.210.0/24 maxlen: 24
185.115.211.0/24 maxlen: 24
213.144.96.0/24 maxlen: 24
213.144.97.0/24 maxlen: 24
213.144.98.0/24 maxlen: 24
213.144.99.0/24 maxlen: 24
213.144.100.0/24 maxlen: 24
213.144.101.0/24 maxlen: 24
213.144.102.0/24 maxlen: 24
213.144.103.0/24 maxlen: 24
213.144.104.0/24 maxlen: 24
213.144.105.0/24 maxlen: 24
213.144.106.0/24 maxlen: 24
213.144.107.0/24 maxlen: 24
213.144.108.0/24 maxlen: 24
213.144.109.0/24 maxlen: 24
213.144.110.0/24 maxlen: 24
213.144.111.0/24 maxlen: 24
213.144.112.0/24 maxlen: 24
213.144.113.0/24 maxlen: 24
213.144.114.0/24 maxlen: 24
213.144.115.0/24 maxlen: 24
213.144.116.0/24 maxlen: 24
213.144.117.0/24 maxlen: 24
213.144.118.0/24 maxlen: 24
213.144.119.0/24 maxlen: 24
213.144.120.0/24 maxlen: 24
213.144.121.0/24 maxlen: 24
213.144.122.0/24 maxlen: 24
213.144.123.0/24 maxlen: 24
213.144.124.0/24 maxlen: 24
213.144.125.0/24 maxlen: 24
213.144.126.0/24 maxlen: 24
213.144.127.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3b:4c:45:66:2a:a0:1f:62:a9:5f:48:13:96:7f:e2:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca96218c20efd8fe53fca9990b725dd7963c885c
Validity
Not Before: Jan 24 11:47:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6f9703e221ea5ff81d208e45e540a9ff99955b45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:77:ba:c6:75:93:ca:44:76:22:63:2b:d3:d9:
f3:8d:f3:b8:e8:f3:75:9e:9d:ed:02:45:33:21:a6:
6e:2c:91:8a:d5:1c:b2:de:67:bd:a8:f5:10:8e:69:
e3:f9:d1:67:9d:40:36:75:93:cd:1f:0c:74:fa:3d:
04:c8:48:9b:12:27:3a:ba:6d:68:95:d3:ae:67:6e:
98:5d:7f:4e:fb:98:e4:6a:b0:08:73:5d:51:cb:78:
71:0f:58:33:bf:7a:80:96:37:fb:ca:9b:96:a0:47:
13:17:50:e0:b4:96:37:bd:a9:02:f5:8a:7f:2e:21:
d1:22:91:0f:0a:46:ce:be:88:f3:7e:2d:cb:12:fc:
9f:ba:d1:76:02:26:2d:6c:5c:b4:d5:86:cf:ec:4a:
0d:73:14:84:00:38:9a:0e:e6:92:e4:f1:fb:46:02:
7a:65:25:fc:10:39:9b:a7:e2:9a:0d:ac:ed:20:2c:
b7:f8:38:50:26:02:b1:05:b0:c6:1b:67:cb:95:4d:
09:b4:fd:34:22:ae:67:92:16:96:30:1e:8c:b3:aa:
59:94:84:2f:49:94:eb:77:42:3c:61:bb:2e:64:cf:
7b:57:3f:87:0b:b3:48:cb:d8:e1:67:0d:86:51:be:
28:35:86:b3:b4:27:02:04:05:b9:c5:04:52:96:be:
f7:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:97:03:E2:21:EA:5F:F8:1D:20:8E:45:E5:40:A9:FF:99:95:5B:45
X509v3 Authority Key Identifier:
keyid:CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/b5cD4iHqX_gdII5F5UCp_5mVW0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.40.240.0/24
31.40.242.0/23
77.92.96.0/19
185.115.208.0/24
185.115.210.0/23
213.144.96.0/19
Signature Algorithm: sha256WithRSAEncryption
61:b6:1b:70:85:a0:b2:ef:04:89:da:64:b6:e5:86:a5:06:1a:
21:33:9e:25:68:74:bb:7d:35:20:91:be:00:ef:b4:03:e2:fa:
4c:f8:52:1f:1a:ae:3a:d0:49:36:9e:81:0b:43:8e:9d:58:0c:
c8:1f:c1:65:06:be:f1:fc:06:d6:af:73:55:22:c7:38:e7:a0:
70:08:1f:ce:46:f1:6f:68:24:98:45:08:60:38:31:cd:4b:8f:
e9:d0:33:21:83:5a:3c:31:20:f2:e2:80:87:7c:91:31:d7:d0:
ba:13:46:fb:18:f1:e9:35:c0:32:d4:d5:ca:5d:2a:cc:b6:1a:
60:a4:8b:41:ce:c2:2c:40:4b:02:6a:7c:84:ea:f0:48:ef:96:
8f:40:6d:f8:85:c2:db:d2:af:06:24:43:0c:a9:17:93:00:ff:
89:25:94:50:b2:eb:f5:4e:bf:03:9c:8c:0f:0f:4b:65:93:8a:
a8:36:a9:a0:f0:65:56:d4:61:3d:1d:d2:b8:e6:c7:03:3c:96:
22:9a:fb:06:cc:85:9c:e0:87:e9:75:4f:af:d0:01:e0:17:29:
8b:45:c4:8f:e3:dc:38:cd:f5:b6:77:47:11:60:a1:09:bc:db:
3c:80:a6:6b:95:ae:09:c0:4f:bd:ef:e9:13:9f:3c:66:88:72:
77:72:50:88
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY07TEVmKqAfYqlfSBOWf+L+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTYyMThjMjBlZmQ4ZmU1M2ZjYTk5OTBiNzI1ZGQ3OTYz
Yzg4NWMwHhcNMjQwMTI0MTE0NzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjk3MDNlMjIxZWE1ZmY4MWQyMDhlNDVlNTQwYTlmZjk5OTU1YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHe6xnWTykR2ImMr09nzjfO46PN1
np3tAkUzIaZuLJGK1Ryy3me9qPUQjmnj+dFnnUA2dZPNHwx0+j0EyEibEic6um1o
ldOuZ26YXX9O+5jkarAIc11Ry3hxD1gzv3qAljf7ypuWoEcTF1DgtJY3vakC9Yp/
LiHRIpEPCkbOvojzfi3LEvyfutF2AiYtbFy01YbP7EoNcxSEADiaDuaS5PH7RgJ6
ZSX8EDmbp+KaDaztICy3+DhQJgKxBbDGG2fLlU0JtP00Iq5nkhaWMB6Ms6pZlIQv
SZTrd0I8YbsuZM97Vz+HC7NIy9jhZw2GUb4oNYaztCcCBAW5xQRSlr73UwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG+XA+Ih6l/4HSCOReVAqf+ZlVtFMB8GA1UdIwQY
MBaAFMqWIYwg79j+U/ypmQtyXdeWPIhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAt
ZDcxMmQ0NzM4MDQ2LzEvYjVjRDRpSHFYX2dkSUk1RjVVQ3BfNW1WVzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAtZDcxMmQ0NzM4MDQ2
LzEveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAHyjwAwQB
HyjyAwQFTVxgAwQAuXPQAwQBuXPSAwQF1ZBgMA0GCSqGSIb3DQEBCwUAA4IBAQBh
thtwhaCy7wSJ2mS25YalBhohM54laHS7fTUgkb4A77QD4vpM+FIfGq460Ek2noEL
Q46dWAzIH8FlBr7x/AbWr3NVIsc456BwCB/ORvFvaCSYRQhgODHNS4/p0DMhg1o8
MSDy4oCHfJEx19C6E0b7GPHpNcAy1NXKXSrMthpgpItBzsIsQEsCanyE6vBI75aP
QG34hcLb0q8GJEMMqReTAP+JJZRQsuv1Tr8DnIwPD0tlk4qoNqmg8GVW1GE9HdK4
5scDPJYimvsGzIWc4IfpdU+v0AHgFymLRcSP49w4zfW2d0cRYKEJvNs8gKZrla4J
wE+97+kTnzxmiHJ3clCI
-----END CERTIFICATE-----
Generated at Mon Apr 21 07:52:30 2025 by rpki-client