Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/bpd8vD1sPDDaO_QjtpVQk6FfvCY.roa
File: bpd8vD1sPDDaO_QjtpVQk6FfvCY.roa (raw, json)
Hash identifier: HYa3DKloOc93g4VJXp1p7jeQ50N+lQjWGis0q6njEF0=
Subject key identifier: 6E:97:7C:BC:3D:6C:3C:30:DA:3B:F4:23:B6:95:50:93:A1:5F:BC:26
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01859BF629B267E404512DB901D4FF87E22A
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/bpd8vD1sPDDaO_QjtpVQk6FfvCY.roa
Signing time: Tue 10 Jan 2023 13:54:39 +0000
ROA not before: Tue 10 Jan 2023 13:54:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
212.60.23.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
195.80.50.0/24 maxlen: 24
89.191.232.0/24 maxlen: 24
45.8.98.0/24 maxlen: 24
45.8.97.0/24 maxlen: 24
91.107.116.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
91.107.124.0/23 maxlen: 23
37.220.80.0/22 maxlen: 22
194.31.174.0/24 maxlen: 24
194.31.173.0/24 maxlen: 24
91.107.127.0/24 maxlen: 24
5.44.46.0/24 maxlen: 24
5.44.47.0/24 maxlen: 24
185.166.196.0/23 maxlen: 24
45.129.187.0/24 maxlen: 24
194.28.192.0/24 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
45.66.117.0/24 maxlen: 24
45.66.119.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:9b:f6:29:b2:67:e4:04:51:2d:b9:01:d4:ff:87:e2:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 10 13:54:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6e977cbc3d6c3c30da3bf423b6955093a15fbc26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:93:0e:07:f6:92:a6:ba:33:60:8a:0b:e2:e8:
4e:44:71:0c:81:42:76:b9:c1:85:68:52:b7:4e:5d:
5a:e2:5c:a0:1d:48:6f:23:17:82:6a:3a:59:66:d5:
4c:6a:b5:87:3a:f6:53:cf:82:9b:e0:fd:31:06:96:
16:48:cf:a6:87:97:47:84:d7:c8:46:e6:db:e8:6f:
ce:1d:20:8d:60:4c:e8:64:de:07:6e:4d:23:e6:1f:
9c:c1:83:9d:dd:31:e2:ff:73:4d:b8:66:05:bb:01:
99:68:36:e4:6d:91:a8:b2:87:63:5b:bb:de:67:b7:
13:ec:63:bb:56:8c:b0:21:63:e3:3a:73:8b:d6:8f:
c5:70:61:97:e1:4c:0c:ca:0a:93:25:6e:b0:22:a5:
ea:39:2f:e2:76:44:17:d6:2b:25:cb:87:ef:5f:39:
86:c5:f2:64:04:68:bd:8a:82:c9:1f:05:03:16:82:
74:6d:59:95:14:2b:79:5d:70:d3:54:c5:60:3e:8c:
a4:c5:a2:0a:9d:84:ca:99:0f:60:cd:96:91:b2:cd:
a2:cd:08:8d:b3:66:21:a5:31:c9:f3:58:87:40:b2:
2f:94:a9:8a:e9:71:03:5d:f5:c5:bb:32:98:16:24:
f6:dc:35:1b:f4:b7:ca:4b:73:00:91:be:96:f4:73:
3f:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:97:7C:BC:3D:6C:3C:30:DA:3B:F4:23:B6:95:50:93:A1:5F:BC:26
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/bpd8vD1sPDDaO_QjtpVQk6FfvCY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.46.0/23
31.129.0.0-31.129.21.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.8.97.0-45.8.98.255
45.66.117.0/24
45.66.119.0/24
45.80.129.0-45.80.131.255
45.129.187.0/24
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
89.191.232.0/24
91.107.116.0/24
91.107.124.0/23
91.107.127.0/24
94.198.216.0-94.198.221.255
141.98.233.0-141.98.234.255
185.166.196.0/23
194.28.192.0/24
194.31.173.0-194.31.174.255
195.80.50.0/24
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
06:0d:a6:d5:cf:2a:1f:18:48:09:03:0b:48:cf:cd:db:b1:43:
6d:5f:0d:78:f6:34:9e:cf:ad:af:01:f0:aa:f7:11:4d:03:bf:
bf:77:ee:87:90:86:90:ad:57:04:df:ff:ea:11:ef:14:58:fb:
67:51:92:0d:16:1d:1f:0e:75:42:2d:3b:f6:15:d7:28:d2:64:
b8:f3:8d:ab:ef:cd:14:fb:fe:89:16:16:11:07:a6:66:87:1b:
7b:b1:bd:84:e2:33:32:c1:d8:2c:b4:ca:d7:f6:7f:25:ae:58:
38:6d:6e:5a:75:a4:44:81:f4:f8:3a:94:6f:ad:d4:5f:bb:61:
44:ba:90:47:11:35:3c:53:ef:b0:9b:82:93:9a:ee:bf:2c:6c:
1e:cd:55:16:44:66:ae:8d:16:bf:00:1b:62:ba:2c:72:b3:ea:
db:61:e3:08:d4:0d:f4:c3:11:6c:dd:41:e2:10:3f:d4:d1:ca:
5d:44:22:68:6e:84:a2:35:92:3d:86:84:0a:f1:2d:27:3a:40:
57:81:0f:d2:9e:94:ed:d4:95:80:8a:fa:f7:b1:25:a2:94:87:
3f:72:35:4c:99:71:0a:64:c7:86:40:a8:d1:b4:4e:97:a1:ac:
24:80:ce:21:ed:c2:66:7f:aa:89:86:21:ae:1a:62:01:70:9b:
20:14:2a:8e
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAYWb9imyZ+QEUS25AdT/h+IqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTEwMTM1NDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk3N2NiYzNkNmMzYzMwZGEzYmY0MjNiNjk1NTA5M2ExNWZiYzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZMOB/aSprozYIoL4uhORHEMgUJ2
ucGFaFK3Tl1a4lygHUhvIxeCajpZZtVMarWHOvZTz4Kb4P0xBpYWSM+mh5dHhNfI
Rubb6G/OHSCNYEzoZN4Hbk0j5h+cwYOd3THi/3NNuGYFuwGZaDbkbZGosodjW7ve
Z7cT7GO7VoywIWPjOnOL1o/FcGGX4UwMygqTJW6wIqXqOS/idkQX1isly4fvXzmG
xfJkBGi9ioLJHwUDFoJ0bVmVFCt5XXDTVMVgPoykxaIKnYTKmQ9gzZaRss2izQiN
s2YhpTHJ81iHQLIvlKmK6XEDXfXFuzKYFiT23DUb9LfKS3MAkb6W9HM/iQIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFG6XfLw9bDww2jv0I7aVUJOhX7wmMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvYnBkOHZEMXNQRERhT19RanRwVlFrNkZmdkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHkBggrBgEFBQcBBwEB/wSB1DCB0TCBzgQCAAEwgccDBAEF
LC4wCwMDAB+BAwQBH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FAwDAMEAC0I
YQMEAC0IYgMEAC1CdQMEAC1CdzAMAwQALVCBAwQCLVCAAwQALYG7AwQALhAMAwQB
LhAOAwQCLhNAAwQAWb/oAwQAW2t0AwQBW2t8AwQAW2t/MAwDBANextgDBAFextww
DAMEAI1i6QMEAI1i6gMEAbmmxAMEAMIcwDAMAwQAwh+tAwQAwh+uAwQAw1AyAwQA
1DwXMA0GCSqGSIb3DQEBCwUAA4IBAQAGDabVzyofGEgJAwtIz83bsUNtXw149jSe
z62vAfCq9xFNA7+/d+6HkIaQrVcE3//qEe8UWPtnUZINFh0fDnVCLTv2Fdco0mS4
842r780U+/6JFhYRB6Zmhxt7sb2E4jMywdgstMrX9n8lrlg4bW5adaREgfT4OpRv
rdRfu2FEupBHETU8U++wm4KTmu6/LGwezVUWRGaujRa/ABtiuixys+rbYeMI1A30
wxFs3UHiED/U0cpdRCJoboSiNZI9hoQK8S0nOkBXgQ/SnpTt1JWAivr3sSWilIc/
cjVMmXEKZMeGQKjRtE6XoawkgM4h7cJmf6qJhiGuGmIBcJsgFCqO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org