Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Ry9orWBshX3gxGPKe9JHYzPfRmc.roa
File: Ry9orWBshX3gxGPKe9JHYzPfRmc.roa (raw, json)
Hash identifier: 7fVxR/wxpQgotDFXR7I6b2YMcVVrTnRUAn2mUpwXjHk=
Subject key identifier: 47:2F:68:AD:60:6C:85:7D:E0:C4:63:CA:7B:D2:47:63:33:DF:46:67
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01859C0879CFF9C1356248EEF310481B7B9E
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Ry9orWBshX3gxGPKe9JHYzPfRmc.roa
Signing time: Tue 10 Jan 2023 14:14:39 +0000
ROA not before: Tue 10 Jan 2023 14:14:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
212.60.23.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
195.80.50.0/24 maxlen: 24
85.92.109.0/24 maxlen: 24
89.191.232.0/24 maxlen: 24
45.8.98.0/24 maxlen: 24
45.8.97.0/24 maxlen: 24
91.107.116.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
91.107.124.0/23 maxlen: 23
37.220.80.0/22 maxlen: 22
194.31.174.0/24 maxlen: 24
194.31.173.0/24 maxlen: 24
91.107.127.0/24 maxlen: 24
194.5.93.0/24 maxlen: 24
5.44.46.0/24 maxlen: 24
5.44.47.0/24 maxlen: 24
185.166.196.0/23 maxlen: 24
45.129.187.0/24 maxlen: 24
194.28.192.0/24 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
45.66.117.0/24 maxlen: 24
45.66.119.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:9c:08:79:cf:f9:c1:35:62:48:ee:f3:10:48:1b:7b:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 10 14:14:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=472f68ad606c857de0c463ca7bd2476333df4667
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:e7:e2:84:c3:3c:81:2a:41:fd:82:63:d6:91:
28:be:f8:48:c1:15:f9:fd:a6:c8:fa:9d:e3:76:cd:
43:dc:74:89:36:34:44:f7:53:9a:23:5c:b4:fe:15:
52:4c:cd:76:dc:37:28:d4:f9:46:87:73:ac:3b:82:
cb:e8:ed:ae:65:0c:ef:54:f7:9b:f3:75:1c:95:8d:
20:be:8c:c5:08:48:44:2c:b1:c2:b6:55:8c:0d:03:
e0:72:cd:33:b2:73:9a:a9:0f:eb:2a:a6:da:f3:73:
5e:05:62:b7:32:09:44:c2:e7:76:70:b6:ff:cc:d8:
52:a9:a7:1e:ab:7f:ba:90:dd:63:a5:bb:bb:1c:31:
9e:3c:5b:c5:af:49:78:b5:01:03:c1:11:2c:c9:30:
e9:dc:42:0b:8d:23:e8:c4:cb:c4:41:51:5e:36:9b:
07:b7:73:2a:91:19:16:aa:2a:97:0c:08:fe:45:39:
2e:bb:e3:5e:30:e4:44:9f:c4:5f:9e:5f:5e:b4:a5:
70:eb:90:92:51:86:fe:1a:65:7e:35:40:a3:71:39:
a3:45:e3:37:25:5c:23:57:ae:4e:e1:bd:bd:09:81:
f1:ad:07:e5:a2:be:31:29:6e:9f:94:a4:a3:aa:64:
69:9e:d9:18:8d:11:e3:c8:d4:32:59:13:8b:d6:d3:
00:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:2F:68:AD:60:6C:85:7D:E0:C4:63:CA:7B:D2:47:63:33:DF:46:67
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Ry9orWBshX3gxGPKe9JHYzPfRmc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.46.0/23
31.129.0.0-31.129.21.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.8.97.0-45.8.98.255
45.66.117.0/24
45.66.119.0/24
45.80.129.0-45.80.131.255
45.129.187.0/24
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
85.92.109.0/24
89.191.232.0/24
91.107.116.0/24
91.107.124.0/23
91.107.127.0/24
94.198.216.0-94.198.221.255
141.98.233.0-141.98.234.255
185.166.196.0/23
194.5.93.0/24
194.28.192.0/24
194.31.173.0-194.31.174.255
195.80.50.0/24
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
36:6b:56:13:6d:a9:18:10:3e:f0:f2:49:27:c7:e1:39:2e:ea:
dd:fe:8c:b3:f4:83:9c:99:a3:64:74:aa:e6:25:1e:a6:3a:41:
17:be:a3:84:fe:33:b8:ef:e8:8b:50:32:e2:59:f9:fa:5a:fb:
16:43:e0:c2:70:6e:f1:ea:b9:6f:0d:d6:7d:33:47:9a:6c:5f:
b2:5e:eb:e3:53:e6:1d:11:7f:ea:fd:c6:96:46:56:90:bb:05:
28:a1:e2:c8:21:7b:b8:18:90:3b:85:02:21:98:91:28:66:03:
3b:3d:7d:29:59:9d:78:44:eb:65:e8:87:92:79:ba:5b:67:71:
2a:ed:74:3d:fd:d1:55:22:ed:18:d0:5d:06:ad:17:1f:35:b1:
2c:a3:00:8e:a2:e0:bf:12:4a:6f:cd:6f:c6:72:6f:4c:76:bd:
e4:6e:3f:d3:80:19:2f:34:0d:51:f3:1d:0c:f3:2d:a0:15:fe:
fe:b5:03:46:c4:d4:f4:36:5f:d6:f1:ae:b9:34:71:3a:9e:03:
4c:79:b8:68:d9:6a:1b:e7:72:d0:e4:a4:55:39:52:8d:d0:2f:
97:06:a4:71:1e:fc:31:33:ce:ba:e3:e0:4e:3b:64:5d:87:c4:
17:1a:6c:d8:5d:d0:ea:57:aa:cd:2c:fc:cc:85:45:2c:c5:38:
86:3c:e2:0a
-----BEGIN CERTIFICATE-----
MIIF3TCCBMWgAwIBAgISAYWcCHnP+cE1Ykju8xBIG3ueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTEwMTQxNDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzJmNjhhZDYwNmM4NTdkZTBjNDYzY2E3YmQyNDc2MzMzZGY0NjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+fihMM8gSpB/YJj1pEovvhIwRX5
/abI+p3jds1D3HSJNjRE91OaI1y0/hVSTM123Dco1PlGh3OsO4LL6O2uZQzvVPeb
83UclY0gvozFCEhELLHCtlWMDQPgcs0zsnOaqQ/rKqba83NeBWK3MglEwud2cLb/
zNhSqaceq3+6kN1jpbu7HDGePFvFr0l4tQEDwREsyTDp3EILjSPoxMvEQVFeNpsH
t3MqkRkWqiqXDAj+RTkuu+NeMOREn8Rfnl9etKVw65CSUYb+GmV+NUCjcTmjReM3
JVwjV65O4b29CYHxrQflor4xKW6flKSjqmRpntkYjRHjyNQyWROL1tMA6wIDAQAB
o4IC6TCCAuUwHQYDVR0OBBYEFEcvaK1gbIV94MRjynvSR2Mz30ZnMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvUnk5b3JXQnNoWDNneEdQS2U5SkhZelBmUm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH+BggrBgEFBQcBBwEB/wSB7jCB6zCB6AQCAAEwgeEDBAEF
LC4wCwMDAB+BAwQBH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FAwDAMEAC0I
YQMEAC0IYgMEAC1CdQMEAC1CdzAMAwQALVCBAwQCLVCAAwQALYG7AwQALhAMAwQB
LhAOAwQCLhNAMAwDBARRyJADBAFRyJwDBABVXG0DBABZv+gDBABba3QDBAFba3wD
BABba38wDAMEA17G2AMEAV7G3DAMAwQAjWLpAwQAjWLqAwQBuabEAwQAwgVdAwQA
whzAMAwDBADCH60DBADCH64DBADDUDIDBADUPBcwDQYJKoZIhvcNAQELBQADggEB
ADZrVhNtqRgQPvDySSfH4Tku6t3+jLP0g5yZo2R0quYlHqY6QRe+o4T+M7jv6ItQ
MuJZ+fpa+xZD4MJwbvHquW8N1n0zR5psX7Je6+NT5h0Rf+r9xpZGVpC7BSih4sgh
e7gYkDuFAiGYkShmAzs9fSlZnXhE62Xoh5J5ultncSrtdD390VUi7RjQXQatFx81
sSyjAI6i4L8SSm/Nb8Zyb0x2veRuP9OAGS80DVHzHQzzLaAV/v61A0bE1PQ2X9bx
rrk0cTqeA0x5uGjZahvnctDkpFU5Uo3QL5cGpHEe/DEzzrrj4E47ZF2HxBcabNhd
0OpXqs0s/MyFRSzFOIY84go=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org