Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/GKyVg42zWvZSdHmZ-Q70FztTa-Y.roa
File: GKyVg42zWvZSdHmZ-Q70FztTa-Y.roa (raw, json)
Hash identifier: YtCAHjYS6MdivCakYZTCPZXMLWsJURb04K7TmLHCTNM=
Subject key identifier: 18:AC:95:83:8D:B3:5A:F6:52:74:79:99:F9:0E:F4:17:3B:53:6B:E6
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 12A0C52C
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/GKyVg42zWvZSdHmZ-Q70FztTa-Y.roa
Signing time: Fri 20 May 2022 07:59:31 +0000
ROA not before: Fri 20 May 2022 07:59:31 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.22.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
5.44.42.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 312526124 (0x12a0c52c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: May 20 07:59:31 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=18ac95838db35af652747999f90ef4173b536be6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:54:a0:fd:3b:2c:0a:49:bb:fb:1b:6f:60:6c:
51:6c:0a:e5:8a:fd:6e:12:bc:a7:7d:33:71:a0:a4:
a1:0c:61:c5:38:24:05:0f:1c:4d:80:dc:c4:a6:71:
f4:90:67:c6:fc:57:80:ca:53:71:6c:bc:46:42:39:
12:bc:9b:51:9e:e6:ad:bb:c1:73:38:ff:4a:e3:4c:
5c:b3:c1:4b:19:12:b0:6b:cb:49:e8:b0:1a:dc:12:
76:30:09:34:72:c3:48:92:ec:46:1b:aa:b2:80:e7:
58:a6:e7:b6:cf:a7:1c:49:2d:4c:55:c6:8c:ee:d4:
e1:a5:f8:d7:63:fb:c8:82:88:13:5e:6a:1a:81:7d:
c9:0b:a6:3e:03:d7:d8:c5:02:b3:ea:6b:2b:94:3b:
e7:bd:44:e5:24:b6:00:e0:3f:c8:23:23:31:97:3a:
42:3d:f3:db:4d:80:69:76:b8:c2:8f:e9:4e:a3:fb:
1e:c6:14:9f:ff:e9:93:54:b2:27:7d:3e:cb:48:5c:
d5:40:f7:9f:45:5f:ff:5d:38:8c:a9:56:0d:9d:9b:
d4:77:f8:1e:9b:03:31:66:f8:07:1e:c1:d3:3b:3c:
2d:dd:02:19:2f:2e:7f:00:f7:fa:d5:32:47:fe:1c:
fa:a3:2d:f7:c4:99:92:dd:13:1d:87:f7:6f:94:e4:
b6:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:AC:95:83:8D:B3:5A:F6:52:74:79:99:F9:0E:F4:17:3B:53:6B:E6
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/GKyVg42zWvZSdHmZ-Q70FztTa-Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.42.0/24
31.129.0.0-31.129.29.255
31.129.31.0/24
46.16.12.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:12:ed:6f:ae:46:5c:4a:73:3e:d3:a4:cd:f9:07:70:62:7c:
f6:0f:e1:0f:8c:b2:e9:68:88:fa:73:33:63:fc:2d:42:3a:07:
68:a5:e4:f5:d6:c2:20:f0:f6:30:a8:b4:ac:42:7e:1c:03:5e:
39:6d:c5:df:6a:a1:27:d5:59:ad:f0:94:ad:86:e7:29:7e:ff:
85:2b:d1:aa:40:b1:20:94:d0:d5:7e:16:94:8b:bf:fa:41:f9:
32:e6:ce:ab:ec:2a:8a:85:06:da:0d:45:47:27:b5:08:d1:19:
46:c9:8a:3d:c4:62:47:81:34:4a:3e:24:fd:3b:31:93:3f:e3:
2b:39:7b:03:c1:e6:4b:0d:ec:c4:30:fb:db:31:ac:87:90:1b:
6d:d2:61:a0:1d:ff:0b:cf:bd:1e:6d:fe:44:4a:fe:45:92:42:
d6:b6:9d:80:92:be:65:87:39:d8:e5:e2:e8:0f:6e:52:7c:fa:
b3:be:ea:96:ec:f4:dd:ec:64:f3:4c:c8:13:63:bb:0c:be:64:
5c:fc:81:33:83:fc:ae:48:d9:ee:9e:53:a3:eb:f0:6d:4c:0d:
86:11:a1:f8:58:be:9a:48:50:a7:39:8c:c7:6d:22:b3:57:97:
cb:c3:52:69:69:e7:a2:a1:00:d7:8f:8b:bf:14:d1:02:d6:a8:
1e:68:f6:38
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIEEqDFLDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NWIxZDEzYzJlMjZlMTI3ODYyNDZhNWVjNGM1YmVhNjk4NjRiMjBmMB4XDTIyMDUy
MDA3NTkzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMThhYzk1ODM4ZGIz
NWFmNjUyNzQ3OTk5ZjkwZWY0MTczYjUzNmJlNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL1UoP07LApJu/sbb2BsUWwK5Yr9bhK8p30zcaCkoQxhxTgk
BQ8cTYDcxKZx9JBnxvxXgMpTcWy8RkI5ErybUZ7mrbvBczj/SuNMXLPBSxkSsGvL
SeiwGtwSdjAJNHLDSJLsRhuqsoDnWKbnts+nHEktTFXGjO7U4aX412P7yIKIE15q
GoF9yQumPgPX2MUCs+prK5Q7571E5SS2AOA/yCMjMZc6Qj3z202AaXa4wo/pTqP7
HsYUn//pk1SyJ30+y0hc1UD3n0Vf/104jKlWDZ2b1Hf4HpsDMWb4Bx7B0zs8Ld0C
GS8ufwD3+tUyR/4c+qMt98SZkt0THYf3b5TktgsCAwEAAaOCAiIwggIeMB0GA1Ud
DgQWBBQYrJWDjbNa9lJ0eZn5DvQXO1Nr5jAfBgNVHSMEGDAWgBQFsdE8LibhJ4Yk
al7Exb6mmGSyDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JiSFJQQzRtNFNlR0pHcGV4TVctcHBoa3NnOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTgvYzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8x
L0dLeVZnNDJ6V3ZaU2RIbVotUTcwRnp0VGEtWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgv
YzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8xL0JiSFJQQzRtNFNl
R0pHcGV4TVctcHBoa3NnOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA4
BggrBgEFBQcBBwEB/wQpMCcwJQQCAAEwHwMEAAUsKjALAwMAH4EDBAEfgRwDBAAf
gR8DBAAuEAwwDQYJKoZIhvcNAQELBQADggEBAI8S7W+uRlxKcz7TpM35B3BifPYP
4Q+MsuloiPpzM2P8LUI6B2il5PXWwiDw9jCotKxCfhwDXjltxd9qoSfVWa3wlK2G
5yl+/4Ur0apAsSCU0NV+FpSLv/pB+TLmzqvsKoqFBtoNRUcntQjRGUbJij3EYkeB
NEo+JP07MZM/4ys5ewPB5ksN7MQw+9sxrIeQG23SYaAd/wvPvR5t/kRK/kWSQta2
nYCSvmWHOdjl4ugPblJ8+rO+6pbs9N3sZPNMyBNjuwy+ZFz8gTOD/K5I2e6eU6Pr
8G1MDYYRofhYvppIUKc5jMdtIrNXl8vDUmlp56KhANePi78U0QLWqB5o9jg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org