Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/CitewC7xdflyG-RSWfr8dmaobdQ.roa
File: CitewC7xdflyG-RSWfr8dmaobdQ.roa (raw, json)
Hash identifier: Ey+Xot4nx0gA8y1Y7FTsnlPpsUEN3U7NdgCfagep0Xc=
Subject key identifier: 0A:2B:5E:C0:2E:F1:75:F9:72:1B:E4:52:59:FA:FC:76:66:A8:6D:D4
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0186F530974D8C60542F9F1D60CD4815373E
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/CitewC7xdflyG-RSWfr8dmaobdQ.roa
Signing time: Sat 18 Mar 2023 14:47:27 +0000
ROA not before: Sat 18 Mar 2023 14:47:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
37.220.80.0/22 maxlen: 22
185.166.196.0/23 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
109.236.58.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:f5:30:97:4d:8c:60:54:2f:9f:1d:60:cd:48:15:37:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Mar 18 14:47:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0a2b5ec02ef175f9721be45259fafc7666a86dd4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:73:79:0c:07:fa:a0:87:d1:7b:8e:c3:e7:34:
b5:e6:89:85:3b:a6:24:cf:b0:d7:77:fe:a6:4c:6e:
1e:f1:e2:30:43:02:40:93:1c:87:79:cd:d7:ed:cc:
a6:21:b3:38:5d:77:72:98:d6:0f:6a:c6:77:fd:cc:
95:49:03:25:f9:18:0f:1c:7a:70:95:a0:6b:af:95:
23:7d:ca:9b:7e:64:55:31:ca:f2:cc:6c:8f:1f:88:
dc:4e:6c:26:fc:ce:a4:d8:d2:41:b0:83:14:08:bd:
16:83:f2:84:ce:cf:7c:46:de:51:5f:97:4c:22:22:
2f:89:8f:43:51:d5:02:6b:c5:c8:09:40:7d:bc:36:
2e:7f:2c:77:4e:78:7e:ad:fa:9b:9c:9c:c4:a5:d3:
b7:63:7a:59:01:43:3f:16:5f:ab:d9:5a:4b:08:57:
eb:ee:c9:3c:b4:74:89:a1:58:b9:86:d3:63:87:fd:
b4:5d:52:97:28:08:79:95:be:03:a1:33:00:55:73:
1e:88:71:c8:9d:dd:d6:85:81:91:40:ed:da:8c:4b:
67:a2:27:60:b0:b9:cd:2d:0b:87:62:3f:71:b7:2a:
7d:85:e4:01:a2:ad:23:17:66:89:59:61:50:6c:d9:
57:5a:63:76:e8:92:6c:66:80:39:d8:d0:41:26:b4:
1f:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:2B:5E:C0:2E:F1:75:F9:72:1B:E4:52:59:FA:FC:76:66:A8:6D:D4
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/CitewC7xdflyG-RSWfr8dmaobdQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.20.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.80.129.0-45.80.131.255
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
94.198.216.0-94.198.221.255
109.236.58.0/24
141.98.233.0-141.98.234.255
185.166.196.0/23
Signature Algorithm: sha256WithRSAEncryption
5c:5c:45:d0:ef:bf:89:1a:97:1b:df:6b:f6:65:d1:12:b5:4d:
cf:bf:4e:e0:2b:d9:6b:fc:e1:23:09:93:77:cf:4b:a5:92:04:
7b:5e:6e:b6:32:7d:3d:01:0b:64:c5:21:d6:08:d8:e3:1a:62:
af:14:57:2c:8d:77:8f:40:24:86:74:02:9c:2e:99:71:92:4d:
97:32:61:21:6e:d5:1b:a8:d0:6e:7f:57:16:d4:13:10:48:22:
df:80:5b:4b:ae:31:46:2e:a7:23:34:1c:33:8a:cc:44:0b:9d:
67:d6:eb:cb:da:55:ee:12:d3:6d:99:54:92:0a:e3:96:8a:a2:
cf:5b:0a:57:21:64:f9:5d:52:79:31:44:75:58:38:b0:95:8b:
65:ea:3f:8b:bc:d5:64:dc:f3:9b:4e:0a:7e:3e:d3:ad:97:24:
6a:1a:c9:77:1a:dc:61:cb:e6:f2:b6:d6:17:b5:75:5b:2d:4b:
a1:aa:9f:2d:43:6f:b5:97:63:03:cd:e3:e8:ed:02:1a:b0:77:
b0:f1:59:63:e1:86:21:4c:79:28:b8:5f:f4:de:6e:a4:f1:be:
15:98:03:36:9c:70:53:97:f9:ee:24:49:7f:da:24:51:14:fb:
47:48:68:f3:52:e2:11:84:1e:42:d2:29:46:c7:f5:20:0d:a8:
a0:eb:ba:03
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYb1MJdNjGBUL58dYM1IFTc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMzE4MTQ0NzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTJiNWVjMDJlZjE3NWY5NzIxYmU0NTI1OWZhZmM3NjY2YTg2ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXN5DAf6oIfRe47D5zS15omFO6Yk
z7DXd/6mTG4e8eIwQwJAkxyHec3X7cymIbM4XXdymNYPasZ3/cyVSQMl+RgPHHpw
laBrr5UjfcqbfmRVMcryzGyPH4jcTmwm/M6k2NJBsIMUCL0Wg/KEzs98Rt5RX5dM
IiIviY9DUdUCa8XICUB9vDYufyx3Tnh+rfqbnJzEpdO3Y3pZAUM/Fl+r2VpLCFfr
7sk8tHSJoVi5htNjh/20XVKXKAh5lb4DoTMAVXMeiHHInd3WhYGRQO3ajEtnoidg
sLnNLQuHYj9xtyp9heQBoq0jF2aJWWFQbNlXWmN26JJsZoA52NBBJrQftQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAorXsAu8XX5chvkUln6/HZmqG3UMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvQ2l0ZXdDN3hkZmx5Ry1SU1dmcjhkbWFvYmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjCBgwQCAAEwfTALAwMA
H4EDBAAfgRQwDAMEAB+BFwMEAR+BHAMEAB+BHwMEAiXcUDAMAwQALVCBAwQCLVCA
AwQALhAMAwQBLhAOAwQCLhNAMAwDBARRyJADBAFRyJwwDAMEA17G2AMEAV7G3AME
AG3sOjAMAwQAjWLpAwQAjWLqAwQBuabEMA0GCSqGSIb3DQEBCwUAA4IBAQBcXEXQ
77+JGpcb32v2ZdEStU3Pv07gK9lr/OEjCZN3z0ulkgR7Xm62Mn09AQtkxSHWCNjj
GmKvFFcsjXePQCSGdAKcLplxkk2XMmEhbtUbqNBuf1cW1BMQSCLfgFtLrjFGLqcj
NBwzisxEC51n1uvL2lXuEtNtmVSSCuOWiqLPWwpXIWT5XVJ5MUR1WDiwlYtl6j+L
vNVk3PObTgp+PtOtlyRqGsl3Gtxhy+byttYXtXVbLUuhqp8tQ2+1l2MDzePo7QIa
sHew8Vlj4YYhTHkouF/03m6k8b4VmAM2nHBTl/nuJEl/2iRRFPtHSGjzUuIRhB5C
0ilGx/UgDaig67oD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org