Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BxuO7uQhXL9D7Uk7FVcftbNdPaU.roa
File: BxuO7uQhXL9D7Uk7FVcftbNdPaU.roa (raw, json)
Hash identifier: Q7VDPNZMrDYLOsGICeLk0pqSCJ7SmD8stUBKO68pyTk=
Subject key identifier: 07:1B:8E:EE:E4:21:5C:BF:43:ED:49:3B:15:57:1F:B5:B3:5D:3D:A5
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01867992C9991148F8CE65551E342B17D6D4
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BxuO7uQhXL9D7Uk7FVcftbNdPaU.roa
Signing time: Wed 22 Feb 2023 14:41:48 +0000
ROA not before: Wed 22 Feb 2023 14:41:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
37.220.80.0/22 maxlen: 22
185.166.196.0/23 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
45.66.117.0/24 maxlen: 24
45.66.119.0/24 maxlen: 24
109.236.56.0/23 maxlen: 23
109.236.58.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:79:92:c9:99:11:48:f8:ce:65:55:1e:34:2b:17:d6:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Feb 22 14:41:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=071b8eeee4215cbf43ed493b15571fb5b35d3da5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:de:e6:4d:f2:55:46:41:c1:9a:4b:f5:a4:c7:
6e:b4:97:c8:59:46:ab:d6:43:ac:49:66:9d:da:a2:
1f:45:dd:fd:77:54:f4:fa:4b:1c:26:2a:23:03:63:
45:7e:1d:82:08:05:0e:c9:d2:1e:b2:e2:93:ac:f5:
e9:d9:4b:b5:5e:79:8b:f4:c7:24:94:8a:b5:bb:a0:
f0:0b:68:e2:66:35:ec:90:49:3e:1b:af:ed:4f:49:
50:97:2b:da:e6:b9:11:20:33:31:88:00:ca:58:12:
6e:20:34:3c:f6:f0:8b:e9:9d:c3:1f:69:7d:dd:70:
f6:96:fe:d2:2e:8b:bb:0c:62:0a:49:64:99:70:d2:
ff:a9:49:9c:23:c3:de:95:43:11:38:c4:14:46:ea:
e3:07:c8:4c:a1:11:85:8f:e7:87:ab:7d:0e:0b:b8:
9d:85:31:16:4f:9d:38:f2:48:b3:4d:1b:25:4c:47:
cb:57:de:0f:c0:f5:40:4d:b4:8e:fc:c7:22:bc:f2:
fe:22:32:7e:7d:b3:db:3f:85:dd:03:90:a5:fe:32:
e5:8c:83:a4:64:ba:b0:52:a2:5d:5c:21:78:92:09:
07:9f:cc:e2:a0:e6:74:40:65:90:4f:3e:81:00:31:
f3:fd:19:6a:2c:c7:ba:b1:5d:b7:66:63:f5:af:ab:
5b:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:1B:8E:EE:E4:21:5C:BF:43:ED:49:3B:15:57:1F:B5:B3:5D:3D:A5
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BxuO7uQhXL9D7Uk7FVcftbNdPaU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.20.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.66.117.0/24
45.66.119.0/24
45.80.129.0-45.80.131.255
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
94.198.216.0-94.198.221.255
109.236.56.0-109.236.58.255
141.98.233.0-141.98.234.255
185.166.196.0/23
Signature Algorithm: sha256WithRSAEncryption
55:26:ce:b1:3d:72:15:75:7d:bb:4d:20:bd:5e:43:d9:ea:d0:
6d:53:e4:f4:11:06:65:05:c1:d5:2b:16:c9:de:c9:99:cc:0a:
d3:a2:f9:dd:9b:ab:9b:15:e5:2c:4e:ed:18:0f:f7:32:28:7a:
d5:d6:fe:9c:92:06:87:4f:ac:9e:b1:89:69:82:6d:8c:04:2e:
b7:12:50:57:2f:61:a4:b4:26:b5:d8:cc:20:26:97:c5:27:20:
f1:58:1a:29:83:77:77:56:22:5a:3e:4b:1f:b3:f3:56:01:1d:
6f:7e:ca:3c:0e:76:f6:f7:9a:3e:54:9f:e5:92:15:b8:2e:20:
78:fb:b0:d1:2d:df:b9:f8:14:3e:d5:dd:7f:2f:f5:f1:cf:55:
08:4c:e1:9d:46:be:a9:4a:8b:56:6d:57:aa:b2:2c:2b:85:eb:
e2:11:13:cb:df:63:45:45:08:19:df:16:10:ce:b8:a0:0f:52:
33:5f:66:11:8a:64:20:d3:70:81:be:0c:5a:d6:42:d4:86:92:
fd:f9:66:aa:c5:dc:41:73:d6:3c:43:36:5a:33:98:df:fc:09:
bd:aa:9c:46:98:33:2f:6d:45:6b:36:8d:7a:57:a9:7f:56:9b:
ba:f5:55:dc:81:2e:f0:74:13:a6:ed:a6:5b:10:5b:88:b8:97:
c6:d3:58:89
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAYZ5ksmZEUj4zmVVHjQrF9bUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMjIyMTQ0MTQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzFiOGVlZWU0MjE1Y2JmNDNlZDQ5M2IxNTU3MWZiNWIzNWQzZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm97mTfJVRkHBmkv1pMdutJfIWUar
1kOsSWad2qIfRd39d1T0+kscJiojA2NFfh2CCAUOydIesuKTrPXp2Uu1XnmL9Mck
lIq1u6DwC2jiZjXskEk+G6/tT0lQlyva5rkRIDMxiADKWBJuIDQ89vCL6Z3DH2l9
3XD2lv7SLou7DGIKSWSZcNL/qUmcI8PelUMROMQURurjB8hMoRGFj+eHq30OC7id
hTEWT5048kizTRslTEfLV94PwPVATbSO/McivPL+IjJ+fbPbP4XdA5Cl/jLljIOk
ZLqwUqJdXCF4kgkHn8zioOZ0QGWQTz6BADHz/RlqLMe6sV23ZmP1r6tbQwIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFAcbju7kIVy/Q+1JOxVXH7WzXT2lMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvQnh1Tzd1UWhYTDlEN1VrN0ZWY2Z0Yk5kUGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGuBggrBgEFBQcBBwEB/wSBnjCBmzCBmAQCAAEwgZEwCwMD
AB+BAwQAH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FADBAAtQnUDBAAtQncw
DAMEAC1QgQMEAi1QgAMEAC4QDAMEAS4QDgMEAi4TQDAMAwQEUciQAwQBUcicMAwD
BANextgDBAFextwwDAMEA23sOAMEAG3sOjAMAwQAjWLpAwQAjWLqAwQBuabEMA0G
CSqGSIb3DQEBCwUAA4IBAQBVJs6xPXIVdX27TSC9XkPZ6tBtU+T0EQZlBcHVKxbJ
3smZzArTovndm6ubFeUsTu0YD/cyKHrV1v6ckgaHT6yesYlpgm2MBC63ElBXL2Gk
tCa12MwgJpfFJyDxWBopg3d3ViJaPksfs/NWAR1vfso8Dnb295o+VJ/lkhW4LiB4
+7DRLd+5+BQ+1d1/L/Xxz1UITOGdRr6pSotWbVeqsiwrheviERPL32NFRQgZ3xYQ
zrigD1IzX2YRimQg03CBvgxa1kLUhpL9+WaqxdxBc9Y8QzZaM5jf/Am9qpxGmDMv
bUVrNo16V6l/Vpu69VXcgS7wdBOm7aZbEFuIuJfG01iJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org