Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sMbLtim3veEc6mUTyBbUsqmPywo.roa
File: sMbLtim3veEc6mUTyBbUsqmPywo.roa (raw, json)
Hash identifier: xtwN3yY61w0qKcPj0mw2ATXHF89jIDvXc30HZLPBrJk=
Subject key identifier: B0:C6:CB:B6:29:B7:BD:E1:1C:EA:65:13:C8:16:D4:B2:A9:8F:CB:0A
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01888F3EB6F1AB2B29C099DA6B497E29EA52
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sMbLtim3veEc6mUTyBbUsqmPywo.roa
Signing time: Tue 06 Jun 2023 05:47:11 +0000
ROA not before: Tue 06 Jun 2023 05:47:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207713
IP address blocks: 31.129.22.0/24 maxlen: 24
212.60.23.0/24 maxlen: 24
5.44.44.0/24 maxlen: 24
5.44.42.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
45.129.184.0/24 maxlen: 24
45.129.187.0/24 maxlen: 24
91.107.116.0/24 maxlen: 24
37.220.87.0/24 maxlen: 24
195.80.49.0/24 maxlen: 24
195.80.48.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:8f:3e:b6:f1:ab:2b:29:c0:99:da:6b:49:7e:29:ea:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jun 6 05:47:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b0c6cbb629b7bde11cea6513c816d4b2a98fcb0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:c5:8f:33:cc:72:6a:ee:5e:ac:c8:81:c4:f3:
d1:dc:cc:67:31:22:9f:5f:b8:de:f4:12:3d:84:03:
38:83:40:ee:87:4b:a3:9e:ac:5c:da:6e:ca:2c:82:
64:ef:4d:78:ba:98:e0:b2:ee:61:a7:35:5d:8c:3a:
14:35:5d:d9:17:b2:c6:ce:92:fd:00:4e:f7:2d:20:
3c:23:cb:4b:41:81:88:64:b6:8a:6f:c0:7e:ea:e3:
79:d1:06:17:88:f9:4f:ea:b4:a5:b5:e8:5c:80:07:
a5:cc:1b:72:26:d2:03:52:1b:24:95:b1:30:f4:20:
86:02:7d:56:b9:c5:51:6d:91:20:a5:4c:f3:1a:cd:
7c:0a:19:19:2d:a3:5c:d7:23:86:71:63:be:b8:4a:
66:fe:b6:3e:5a:6c:43:75:68:c1:23:20:ab:84:d3:
69:db:1a:df:6c:64:e1:1d:70:ff:ea:66:6e:be:f8:
ad:00:8c:80:1b:99:17:4c:91:ae:6c:d8:6e:94:b5:
2a:ac:a8:5c:6a:e9:89:f2:fe:c7:85:c6:5e:26:07:
11:ce:5e:fa:13:a7:9d:77:4b:50:6a:8c:7d:6c:d7:
a5:d6:30:12:38:20:2e:1e:57:04:d0:83:fb:35:4e:
21:47:bc:98:88:d8:c4:7e:4f:9a:08:20:89:68:2d:
95:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:C6:CB:B6:29:B7:BD:E1:1C:EA:65:13:C8:16:D4:B2:A9:8F:CB:0A
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sMbLtim3veEc6mUTyBbUsqmPywo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.42.0/24
5.44.44.0/24
31.129.22.0/24
37.220.87.0/24
45.129.184.0/24
45.129.187.0/24
91.107.116.0/24
141.98.234.0/24
195.80.48.0/23
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
90:c2:0f:8a:a9:33:fb:68:34:01:c0:37:ea:0d:1e:6c:bb:19:
94:de:d9:f1:53:ef:c6:dc:9f:de:5b:39:a1:ae:37:fd:99:22:
0d:d1:7a:cb:8a:b0:ec:f8:ac:c1:1c:39:b7:7c:26:74:c0:1e:
9a:aa:9d:5c:20:f0:de:b3:ab:7b:20:64:73:52:5e:17:98:13:
82:da:f8:03:ea:d2:11:30:35:3b:f5:dc:3d:f0:b4:c2:ba:1f:
83:84:3e:75:85:ab:1c:c5:e0:99:30:05:c8:fb:8d:62:9e:07:
24:1d:31:bd:23:35:80:e4:05:22:f0:b7:79:81:1b:46:87:4c:
f6:fa:0f:ea:71:ce:98:37:fa:ae:0f:0c:e3:c8:8a:18:40:e8:
b2:1f:ff:0a:1a:ed:b7:17:f7:1d:d6:7b:fb:26:c9:9a:ce:7f:
aa:3c:99:26:b4:91:87:4f:11:04:4b:96:7b:49:5b:84:40:62:
fb:4b:97:c2:6d:30:39:c5:24:ed:28:ee:8e:e9:e4:02:d3:3f:
94:93:8b:1e:1c:83:87:f1:2a:ab:d1:89:9b:66:5c:62:c8:2b:
2e:d6:40:ec:be:f8:05:81:7f:fd:99:74:52:fa:0f:cf:6f:ae:
99:8d:1d:b0:5d:ae:3c:dd:ea:9b:d3:55:1e:38:62:bf:50:54:
ff:ed:9f:68
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYiPPrbxqyspwJnaa0l+KepSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNjA2MDU0NzExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM2Y2JiNjI5YjdiZGUxMWNlYTY1MTNjODE2ZDRiMmE5OGZjYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8WPM8xyau5erMiBxPPR3MxnMSKf
X7je9BI9hAM4g0Duh0ujnqxc2m7KLIJk7014upjgsu5hpzVdjDoUNV3ZF7LGzpL9
AE73LSA8I8tLQYGIZLaKb8B+6uN50QYXiPlP6rSltehcgAelzBtyJtIDUhsklbEw
9CCGAn1WucVRbZEgpUzzGs18ChkZLaNc1yOGcWO+uEpm/rY+WmxDdWjBIyCrhNNp
2xrfbGThHXD/6mZuvvitAIyAG5kXTJGubNhulLUqrKhcaumJ8v7HhcZeJgcRzl76
E6edd0tQaox9bNel1jASOCAuHlcE0IP7NU4hR7yYiNjEfk+aCCCJaC2VlQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLDGy7Ypt73hHOplE8gW1LKpj8sKMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvc01iTHRpbTN2ZUVjNm1VVHlCYlVzcW1QeXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABSwqAwQA
BSwsAwQAH4EWAwQAJdxXAwQALYG4AwQALYG7AwQAW2t0AwQAjWLqAwQBw1AwAwQA
1DwXMA0GCSqGSIb3DQEBCwUAA4IBAQCQwg+KqTP7aDQBwDfqDR5suxmU3tnxU+/G
3J/eWzmhrjf9mSIN0XrLirDs+KzBHDm3fCZ0wB6aqp1cIPDes6t7IGRzUl4XmBOC
2vgD6tIRMDU79dw98LTCuh+DhD51hascxeCZMAXI+41ingckHTG9IzWA5AUi8Ld5
gRtGh0z2+g/qcc6YN/quDwzjyIoYQOiyH/8KGu23F/cd1nv7Jsmazn+qPJkmtJGH
TxEES5Z7SVuEQGL7S5fCbTA5xSTtKO6O6eQC0z+Uk4seHIOH8Sqr0YmbZlxiyCsu
1kDsvvgFgX/9mXRS+g/Pb66ZjR2wXa483eqb01UeOGK/UFT/7Z9o
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org