Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/tveKhDDbwjJzqUp9d4Y3wLLjfNU.roa
File: tveKhDDbwjJzqUp9d4Y3wLLjfNU.roa (raw, json)
Hash identifier: arUcM6mQXGe/kXamXb5/1fSpb1ZkP3ew0AbCQT659a8=
Subject key identifier: B6:F7:8A:84:30:DB:C2:32:73:A9:4A:7D:77:86:37:C0:B2:E3:7C:D5
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01885307F2F9F70091C421E6EED080A9269A
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/tveKhDDbwjJzqUp9d4Y3wLLjfNU.roa
Signing time: Thu 25 May 2023 13:10:09 +0000
ROA not before: Thu 25 May 2023 13:10:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207713
IP address blocks: 31.129.22.0/24 maxlen: 24
212.60.23.0/24 maxlen: 24
5.44.44.0/24 maxlen: 24
5.44.42.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
45.129.184.0/24 maxlen: 24
45.129.187.0/24 maxlen: 24
91.107.116.0/24 maxlen: 24
195.80.49.0/24 maxlen: 24
195.80.48.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:53:07:f2:f9:f7:00:91:c4:21:e6:ee:d0:80:a9:26:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: May 25 13:10:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b6f78a8430dbc23273a94a7d778637c0b2e37cd5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:34:e1:b0:07:38:bf:62:e3:e2:1b:58:ec:0b:
68:ae:13:e6:ab:c3:b0:dc:c9:45:13:52:73:de:07:
cf:96:36:5b:ab:b9:12:04:82:e0:59:88:4e:39:53:
c7:6f:4e:42:a9:af:6f:66:9f:cd:e1:2c:a9:ab:1c:
51:69:29:ec:e1:2b:bd:6d:d9:50:6c:f1:9b:78:76:
48:70:87:3a:1e:45:24:0f:68:79:ee:c4:6d:69:52:
f3:57:47:d2:2c:53:18:84:cc:a1:81:a7:b4:47:33:
f9:3d:e9:7d:38:2e:34:c9:54:d6:d2:e3:72:fa:2a:
d0:a5:81:6a:09:8a:b9:c2:bb:8d:d0:9c:f7:e4:28:
17:4c:45:bd:66:dc:90:9c:28:da:e6:a7:86:ee:72:
4e:7d:e7:62:16:43:20:71:bd:8e:a2:21:ea:ea:50:
a9:e0:8b:a4:e6:62:54:f6:72:d7:2f:a9:3a:7c:5b:
5f:3b:7a:01:09:c8:08:a5:b2:b3:95:44:99:d8:2c:
77:47:41:e5:3a:19:bb:9a:73:8a:e4:1e:14:47:5e:
7c:34:5e:29:30:30:b9:e3:1c:21:d8:ed:fd:79:b1:
b8:54:2b:5e:5c:74:7f:94:a8:95:14:de:98:32:b4:
53:4c:4c:a5:ef:b5:20:f3:57:c9:ef:2a:8e:5f:49:
14:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:F7:8A:84:30:DB:C2:32:73:A9:4A:7D:77:86:37:C0:B2:E3:7C:D5
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/tveKhDDbwjJzqUp9d4Y3wLLjfNU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.42.0/24
5.44.44.0/24
31.129.22.0/24
45.129.184.0/24
45.129.187.0/24
91.107.116.0/24
141.98.234.0/24
195.80.48.0/23
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
10:53:14:79:f0:67:92:9c:52:79:c1:54:c9:08:b4:71:30:4d:
03:6f:46:09:05:d5:94:cf:0a:07:2e:1b:68:05:56:04:51:2b:
fe:ed:b2:26:bc:80:df:8b:1e:19:9d:d0:03:72:04:ea:c8:8e:
25:65:a6:34:2f:97:d4:ae:c9:ec:be:c8:ed:e8:49:18:27:2e:
10:df:63:a9:ed:f4:82:db:c4:ae:7e:6a:33:c9:dc:d5:78:65:
a4:40:5b:46:fa:15:b7:53:98:0c:78:c9:69:67:67:94:03:e2:
6a:82:db:6c:f7:07:79:42:bd:4d:51:4b:1f:8d:af:a3:dd:12:
79:bd:43:da:cc:86:5c:68:af:b4:1b:b4:e8:36:75:fa:26:6e:
b0:e3:5f:72:dd:5a:ff:79:f0:6e:34:ac:e1:1f:0e:69:25:32:
5a:c9:e7:c3:f6:fe:a7:79:00:9b:38:7c:b0:fe:bf:dc:37:f3:
50:9c:b0:f3:1d:dd:57:8f:a6:99:64:eb:48:ab:bd:34:02:8b:
db:c2:a0:21:84:f6:4b:c5:1e:5c:75:89:2b:cf:28:c4:79:a5:
96:90:3e:2d:13:e8:46:b5:43:f5:30:b9:e1:7a:0b:89:2e:73:
b5:19:a2:e1:42:31:dc:c9:4f:ec:bc:f4:dc:33:8e:de:80:20:
c4:fe:11:c8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYhTB/L59wCRxCHm7tCAqSaaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNTI1MTMxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY3OGE4NDMwZGJjMjMyNzNhOTRhN2Q3Nzg2MzdjMGIyZTM3Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTThsAc4v2Lj4htY7AtorhPmq8Ow
3MlFE1Jz3gfPljZbq7kSBILgWYhOOVPHb05Cqa9vZp/N4SypqxxRaSns4Su9bdlQ
bPGbeHZIcIc6HkUkD2h57sRtaVLzV0fSLFMYhMyhgae0RzP5Pel9OC40yVTW0uNy
+irQpYFqCYq5wruN0Jz35CgXTEW9ZtyQnCja5qeG7nJOfediFkMgcb2OoiHq6lCp
4Iuk5mJU9nLXL6k6fFtfO3oBCcgIpbKzlUSZ2Cx3R0HlOhm7mnOK5B4UR158NF4p
MDC54xwh2O39ebG4VCteXHR/lKiVFN6YMrRTTEyl77Ug81fJ7yqOX0kUqQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLb3ioQw28Iyc6lKfXeGN8Cy43zVMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvdHZlS2hERGJ3akp6cVVwOWQ0WTN3TExqZk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQABSwqAwQA
BSwsAwQAH4EWAwQALYG4AwQALYG7AwQAW2t0AwQAjWLqAwQBw1AwAwQA1DwXMA0G
CSqGSIb3DQEBCwUAA4IBAQAQUxR58GeSnFJ5wVTJCLRxME0Db0YJBdWUzwoHLhto
BVYEUSv+7bImvIDfix4ZndADcgTqyI4lZaY0L5fUrsnsvsjt6EkYJy4Q32Op7fSC
28SufmozydzVeGWkQFtG+hW3U5gMeMlpZ2eUA+Jqgtts9wd5Qr1NUUsfja+j3RJ5
vUPazIZcaK+0G7ToNnX6Jm6w419y3Vr/efBuNKzhHw5pJTJayefD9v6neQCbOHyw
/r/cN/NQnLDzHd1Xj6aZZOtIq700AovbwqAhhPZLxR5cdYkrzyjEeaWWkD4tE+hG
tUP1MLnheguJLnO1GaLhQjHcyU/svPTcM47egCDE/hHI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:55 2024 by rpki-client on console-fra.rpki-client.org