Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qSTYSv8GRVMdq3xTCodnfr89zAg.roa
File: qSTYSv8GRVMdq3xTCodnfr89zAg.roa (raw, json)
Hash identifier: vK4EDfUhXLdlr7ZEyzLppG9Ci5iTsJhtNqWiDMzl5og=
Subject key identifier: A9:24:D8:4A:FF:06:45:53:1D:AB:7C:53:0A:87:67:7E:BF:3D:CC:08
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0191B338FFDA288F70C64658D5D9E9A29060
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qSTYSv8GRVMdq3xTCodnfr89zAg.roa
Signing time: Mon 02 Sep 2024 14:52:22 +0000
ROA not before: Mon 02 Sep 2024 14:52:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.0.0/20 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.17.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
37.220.80.0/22 maxlen: 22
46.19.64.0/22 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
89.191.234.0/24 maxlen: 24
94.198.216.0/22 maxlen: 24
141.98.234.0/24 maxlen: 24
185.166.196.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:b3:38:ff:da:28:8f:70:c6:46:58:d5:d9:e9:a2:90:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Sep 2 14:52:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a924d84aff0645531dab7c530a87677ebf3dcc08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:09:63:76:e7:b8:b8:bf:5f:6a:1e:f8:14:25:
4b:a8:4c:13:6b:f6:ac:d6:b2:32:8d:f0:78:09:7d:
7e:c4:f0:56:a1:aa:9d:38:94:c4:9c:ee:57:89:2f:
6b:17:2a:86:d8:ce:3b:90:fd:8f:89:ad:4d:44:12:
9b:a8:8d:3f:1d:56:a1:ad:a1:af:15:96:12:8d:8a:
c2:cb:d9:48:92:ef:40:d3:36:a7:20:cd:5b:7b:ad:
b2:bd:52:17:2d:48:c3:5e:a5:88:be:73:bd:ac:57:
e9:e6:e0:e3:a7:13:e6:b2:37:8e:5c:26:63:0a:14:
66:eb:e7:85:2f:eb:95:9a:67:1f:fa:38:9d:07:64:
eb:42:8c:57:37:a3:ae:15:3d:0b:5a:6c:42:64:e2:
50:35:72:c8:61:64:1b:03:4b:00:62:61:71:20:b7:
f2:a5:c7:65:b9:2e:54:1c:21:1a:f2:b8:b7:ad:90:
77:0f:3f:cd:45:c4:fe:6e:7b:f5:a2:97:a7:d9:63:
3e:6b:22:ee:23:0b:59:55:bb:7d:4f:3b:62:31:97:
d3:1f:dc:a1:f7:21:10:19:af:da:7e:f4:ce:4f:28:
55:93:b5:2a:a2:02:85:99:d7:f0:cf:31:0e:e7:09:
d7:76:6b:61:a7:23:b0:09:4d:07:a5:fa:ae:93:24:
c0:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:24:D8:4A:FF:06:45:53:1D:AB:7C:53:0A:87:67:7E:BF:3D:CC:08
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qSTYSv8GRVMdq3xTCodnfr89zAg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.20.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
46.19.64.0/22
81.200.144.0-81.200.157.255
89.191.234.0/24
94.198.216.0/22
141.98.234.0/24
185.166.196.0/23
Signature Algorithm: sha256WithRSAEncryption
13:5b:dd:00:ae:8d:68:ab:82:b2:af:b9:4d:14:3a:46:3d:4d:
50:6e:02:58:ad:35:82:4c:f8:eb:43:e3:c9:28:17:0f:09:01:
97:83:06:00:65:cd:44:13:ac:5d:90:ac:a0:ad:47:ca:f9:a3:
94:1d:2f:4e:7e:3b:d9:5f:a4:bf:0e:82:2d:2b:23:fb:c4:52:
d1:89:7c:c7:4b:7f:7d:97:cc:53:56:56:24:be:e9:f5:6d:f2:
3f:8f:a0:9e:6c:64:6b:44:9d:39:cb:56:ca:59:31:58:ff:f2:
17:f1:3b:f7:bc:ed:24:e5:3d:75:6b:d6:6b:4f:64:13:af:c0:
10:ff:1e:fa:f0:12:b8:bb:c1:bd:fc:51:c0:b6:bd:3f:4f:c1:
85:30:bb:be:cf:2e:f9:18:29:fb:ee:ad:e9:e0:71:80:72:74:
0b:9c:4f:60:15:dd:90:7e:ba:b6:a5:1a:61:ad:49:64:36:d3:
1d:59:25:51:65:90:0c:27:ca:94:b0:00:76:ce:f7:27:ec:72:
ca:3e:f0:57:3f:80:f7:73:fe:00:0b:89:07:73:8c:4a:a2:ce:
26:68:cd:66:7f:65:52:10:8f:e8:21:97:2c:36:71:9d:79:c4:
bc:9f:0b:99:09:6e:70:e3:87:e3:73:3b:7b:fa:70:d9:83:12:
49:c2:09:83
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZGzOP/aKI9wxkZY1dnpopBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwOTAyMTQ1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTI0ZDg0YWZmMDY0NTUzMWRhYjdjNTMwYTg3Njc3ZWJmM2RjYzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswljdue4uL9fah74FCVLqEwTa/as
1rIyjfB4CX1+xPBWoaqdOJTEnO5XiS9rFyqG2M47kP2Pia1NRBKbqI0/HVahraGv
FZYSjYrCy9lIku9A0zanIM1be62yvVIXLUjDXqWIvnO9rFfp5uDjpxPmsjeOXCZj
ChRm6+eFL+uVmmcf+jidB2TrQoxXN6OuFT0LWmxCZOJQNXLIYWQbA0sAYmFxILfy
pcdluS5UHCEa8ri3rZB3Dz/NRcT+bnv1open2WM+ayLuIwtZVbt9TztiMZfTH9yh
9yEQGa/afvTOTyhVk7UqogKFmdfwzzEO5wnXdmthpyOwCU0HpfqukyTATwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFKkk2Er/BkVTHat8UwqHZ36/PcwIMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvcVNUWVN2OEdSVk1kcTN4VENvZG5mcjg5ekFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBZBAIAATBTMAsDAwAfgQME
AB+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQCJdxQAwQCLhNAMAwDBARRyJADBAFR
yJwDBABZv+oDBAJextgDBACNYuoDBAG5psQwDQYJKoZIhvcNAQELBQADggEBABNb
3QCujWirgrKvuU0UOkY9TVBuAlitNYJM+OtD48koFw8JAZeDBgBlzUQTrF2QrKCt
R8r5o5QdL05+O9lfpL8Ogi0rI/vEUtGJfMdLf32XzFNWViS+6fVt8j+PoJ5sZGtE
nTnLVspZMVj/8hfxO/e87STlPXVr1mtPZBOvwBD/HvrwEri7wb38UcC2vT9PwYUw
u77PLvkYKfvurengcYBydAucT2AV3ZB+uralGmGtSWQ20x1ZJVFlkAwnypSwAHbO
9yfscso+8Fc/gPdz/gALiQdzjEqiziZozWZ/ZVIQj+ghlyw2cZ15xLyfC5kJbnDj
h+NzO3v6cNmDEknCCYM=
-----END CERTIFICATE-----
Generated at Mon Sep 9 16:31:38 2024 by rpki-client on console-fra.rpki-client.org