Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/53yO4nKjQSb-KWQWxcH4ONT8knY.roa
File: 53yO4nKjQSb-KWQWxcH4ONT8knY.roa (raw, json)
Hash identifier: x+LZl8x6LH4Abk6WHhOeqLcEViXpIap7rFAcoOjVBjw=
Subject key identifier: E7:7C:8E:E2:72:A3:41:26:FE:29:64:16:C5:C1:F8:38:D4:FC:92:76
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01856E2FBE13FFE2E97F56253870234168D4
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/53yO4nKjQSb-KWQWxcH4ONT8knY.roa
Signing time: Sun 01 Jan 2023 16:35:00 +0000
ROA not before: Sun 01 Jan 2023 16:35:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:2f:be:13:ff:e2:e9:7f:56:25:38:70:23:41:68:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 1 16:35:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e77c8ee272a34126fe296416c5c1f838d4fc9276
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:3c:64:ff:39:8c:71:9a:44:66:fb:02:5d:bd:
1f:d9:62:9c:da:26:57:c5:0f:ae:73:92:c5:70:87:
ae:8b:b5:d2:84:35:5f:d7:fb:94:e3:39:2f:7d:f2:
5b:7f:d3:e6:de:88:8c:74:17:a6:03:3e:12:00:66:
e9:fc:76:96:ff:fa:46:3b:56:bc:42:07:86:b5:3e:
6b:c7:e0:88:9d:3e:09:31:a5:cb:f6:bb:2a:7a:0f:
4e:e2:d6:66:9d:1d:bb:20:18:f1:f6:2b:d7:48:7e:
d1:63:51:c5:7b:c9:19:a8:ee:f4:5c:23:9f:ba:df:
19:ab:3a:b8:ce:4f:08:f9:47:c1:d7:ac:64:bb:c6:
a3:82:7e:1f:fa:eb:88:0c:92:69:c6:c0:78:96:e3:
ba:2a:d9:e0:d3:25:ed:ee:b8:b7:85:f7:a9:ea:20:
b2:22:59:8c:52:7f:bd:2a:6d:e7:25:68:35:ea:0a:
fa:c2:17:21:5a:5c:4c:1b:41:5a:ba:7e:e0:d8:4e:
ed:ed:4c:20:cd:85:c9:fd:4e:2c:bd:8b:63:4a:ec:
c1:a7:df:b3:c7:75:e4:bc:75:01:ba:0c:16:02:47:
79:61:3b:1e:f2:72:e2:f2:f6:c3:df:c1:e1:b1:5a:
ef:59:97:89:82:c5:98:56:98:2c:a6:7e:62:06:d7:
43:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:7C:8E:E2:72:A3:41:26:FE:29:64:16:C5:C1:F8:38:D4:FC:92:76
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/53yO4nKjQSb-KWQWxcH4ONT8knY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.21.255
31.129.23.0-31.129.29.255
31.129.31.0/24
46.16.12.0/24
46.16.14.0/23
Signature Algorithm: sha256WithRSAEncryption
14:1b:b9:bc:09:12:ad:c4:2f:2c:0b:c2:55:6b:18:8a:85:1b:
eb:81:2a:e7:e0:93:f0:11:6c:d4:c0:e5:69:19:5c:18:01:90:
d6:5a:fc:02:a7:83:7f:32:ad:49:fa:29:48:b4:01:05:7f:e0:
fa:3a:bf:93:ad:c0:39:5e:22:63:7d:33:1e:4d:b8:63:51:fd:
b2:e9:64:c1:f8:8e:b2:08:77:8b:49:cb:2a:56:60:0f:d3:10:
ad:bf:3d:0e:ca:5e:65:39:fa:c0:7e:b4:05:5b:51:b7:aa:ff:
9f:f8:9f:11:32:33:80:98:26:0f:c7:51:7d:17:2d:4d:83:89:
ba:b4:af:38:e5:7e:f4:22:52:90:e7:68:3a:a7:99:0b:aa:ba:
2a:89:37:9f:25:b4:13:c4:dd:f6:84:ea:4c:68:21:0f:20:b8:
49:27:7b:e8:c3:27:7e:93:3b:4e:dc:8d:a0:60:22:9b:eb:c1:
65:3a:40:a7:db:67:1c:37:ec:1b:12:81:03:ed:ea:09:bc:a5:
eb:9a:01:35:b4:f6:40:5a:79:84:84:c6:65:89:7c:e3:79:ad:
cb:a5:36:54:7a:99:bc:21:41:07:b6:72:e7:a4:69:96:32:21:
05:8a:0b:17:19:ef:0c:21:72:a7:73:5f:f0:72:0c:b7:51:0d:
6c:03:47:0e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVuL74T/+Lpf1YlOHAjQWjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTAxMTYzNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzdjOGVlMjcyYTM0MTI2ZmUyOTY0MTZjNWMxZjgzOGQ0ZmM5Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzxk/zmMcZpEZvsCXb0f2WKc2iZX
xQ+uc5LFcIeui7XShDVf1/uU4zkvffJbf9Pm3oiMdBemAz4SAGbp/HaW//pGO1a8
QgeGtT5rx+CInT4JMaXL9rsqeg9O4tZmnR27IBjx9ivXSH7RY1HFe8kZqO70XCOf
ut8Zqzq4zk8I+UfB16xku8ajgn4f+uuIDJJpxsB4luO6Ktng0yXt7ri3hfep6iCy
IlmMUn+9Km3nJWg16gr6whchWlxMG0Faun7g2E7t7UwgzYXJ/U4svYtjSuzBp9+z
x3XkvHUBugwWAkd5YTse8nLi8vbD38HhsVrvWZeJgsWYVpgspn5iBtdDRQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFOd8juJyo0Em/ilkFsXB+DjU/JJ2MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvNTN5TzRuS2pRU2ItS1dRV3hjSDRPTlQ4a25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtMAsDAwAfgQME
AR+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQALhAMAwQBLhAOMA0GCSqGSIb3DQEB
CwUAA4IBAQAUG7m8CRKtxC8sC8JVaxiKhRvrgSrn4JPwEWzUwOVpGVwYAZDWWvwC
p4N/Mq1J+ilItAEFf+D6Or+TrcA5XiJjfTMeTbhjUf2y6WTB+I6yCHeLScsqVmAP
0xCtvz0Oyl5lOfrAfrQFW1G3qv+f+J8RMjOAmCYPx1F9Fy1Ng4m6tK845X70IlKQ
52g6p5kLqroqiTefJbQTxN32hOpMaCEPILhJJ3vowyd+kztO3I2gYCKb68FlOkCn
22ccN+wbEoED7eoJvKXrmgE1tPZAWnmEhMZliXzjea3LpTZUepm8IUEHtnLnpGmW
MiEFigsXGe8MIXKnc1/wcgy3UQ1sA0cO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org