Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/vjLLhrPzbcC_8TUFH01H6jc9nHw.roa
File: vjLLhrPzbcC_8TUFH01H6jc9nHw.roa (raw, json)
Hash identifier: lZdIrXpSkNiXMdgDQrn4zgLj0cmuEkuuhewLt6JbH7g=
Subject key identifier: BE:32:CB:86:B3:F3:6D:C0:BF:F1:35:05:1F:4D:47:EA:37:3D:9C:7C
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 129B8D85
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/vjLLhrPzbcC_8TUFH01H6jc9nHw.roa
Signing time: Wed 18 May 2022 05:31:33 +0000
ROA not before: Wed 18 May 2022 05:31:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209371
IP address blocks: 31.129.22.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.30.0/24 maxlen: 24
194.5.94.0/23 maxlen: 23
45.8.99.0/24 maxlen: 24
45.129.184.0/24 maxlen: 24
77.83.116.0/24 maxlen: 24
77.83.117.0/24 maxlen: 24
77.83.119.0/24 maxlen: 24
194.28.193.0/24 maxlen: 24
195.80.48.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 312184197 (0x129b8d85)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: May 18 05:31:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=be32cb86b3f36dc0bff135051f4d47ea373d9c7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:a9:0b:6a:76:76:7b:c4:33:ec:1a:05:b6:6b:
ed:2d:ac:0b:05:14:0e:ad:0c:74:f2:9e:23:40:81:
1b:6e:e6:b6:73:48:9a:ed:37:31:a9:c3:55:08:07:
66:49:50:76:17:bf:e5:ad:82:72:8a:d1:de:21:66:
c8:78:b7:b5:98:25:13:64:83:54:3f:a0:e0:39:04:
30:bf:36:e1:35:fe:51:3a:20:ce:76:c8:e6:aa:1a:
ca:9e:7d:19:08:cc:dd:9f:b0:b7:b8:7b:25:32:3f:
fa:ae:12:fc:11:15:4a:98:b3:01:3b:84:fc:63:dd:
18:5c:28:0a:ad:50:24:9a:ea:cb:d1:93:b5:6a:e4:
98:90:0c:d6:1f:e9:0e:45:f0:75:32:88:10:74:20:
8a:0b:c3:bf:f2:bf:ef:43:00:11:a6:e0:91:48:e9:
a8:29:c0:86:2a:a4:07:f0:af:b7:2b:07:ee:2e:47:
77:1c:fc:89:6d:80:5a:24:65:31:ad:1a:1c:86:27:
11:a9:d5:c2:6e:ec:ea:84:3e:24:67:9d:e3:81:93:
09:a9:db:cf:93:f4:f9:25:d4:29:47:9f:e8:61:3f:
82:c1:a8:20:24:24:fc:99:5a:4a:fb:ef:96:af:98:
af:84:ac:dd:49:6f:dd:57:bd:d5:b4:cd:a2:4b:4a:
e6:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:32:CB:86:B3:F3:6D:C0:BF:F1:35:05:1F:4D:47:EA:37:3D:9C:7C
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/vjLLhrPzbcC_8TUFH01H6jc9nHw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.21.0-31.129.22.255
31.129.30.0/24
45.8.99.0/24
45.129.184.0/24
77.83.116.0/23
77.83.119.0/24
194.5.94.0/23
194.28.193.0/24
195.80.48.0/24
Signature Algorithm: sha256WithRSAEncryption
56:65:53:de:c9:fd:69:e7:c8:c6:33:0a:c6:27:e4:46:74:c4:
dd:96:46:9b:03:8a:5c:0e:d1:a4:b2:4c:a9:4d:2b:1d:15:6d:
ef:2c:85:5b:ef:07:0e:99:af:75:19:5c:c9:e3:7a:e9:c4:7e:
5a:4d:38:9e:f6:29:3e:dd:60:8f:af:86:99:78:e1:58:af:18:
93:82:99:3e:c2:d9:5c:86:dc:bf:1a:27:db:ac:cd:e3:9c:f7:
c8:25:6e:71:21:98:a1:ce:35:f3:c9:67:66:aa:e9:04:68:9b:
ff:61:09:e5:fd:08:6c:b6:00:cb:1b:6e:69:dc:30:ed:ef:e8:
1d:b3:ee:18:94:09:53:48:bb:90:15:dc:c9:42:eb:83:6b:be:
c1:a4:0d:7e:01:b0:8b:d3:2e:58:c7:22:74:f7:e9:20:dc:0f:
11:07:ac:a4:57:a4:0e:50:a0:a9:bc:15:05:6e:28:ab:8a:7a:
08:3d:4d:14:35:77:24:55:a3:e9:27:b1:b3:c3:52:d2:2f:05:
9b:d5:8c:c5:4a:40:6d:76:1c:eb:e1:8d:29:73:78:95:0f:6d:
cb:6f:3e:bc:76:20:7a:2b:a1:59:19:df:a7:07:92:c4:0b:06:
77:23:f5:fd:b2:64:9b:af:76:46:c5:89:dc:b8:57:60:b3:f2:
0a:15:c2:b0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIEEpuNhTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NWIxZDEzYzJlMjZlMTI3ODYyNDZhNWVjNGM1YmVhNjk4NjRiMjBmMB4XDTIyMDUx
ODA1MzEzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmUzMmNiODZiM2Yz
NmRjMGJmZjEzNTA1MWY0ZDQ3ZWEzNzNkOWM3YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALKpC2p2dnvEM+waBbZr7S2sCwUUDq0MdPKeI0CBG27mtnNI
mu03ManDVQgHZklQdhe/5a2CcorR3iFmyHi3tZglE2SDVD+g4DkEML824TX+UTog
znbI5qoayp59GQjM3Z+wt7h7JTI/+q4S/BEVSpizATuE/GPdGFwoCq1QJJrqy9GT
tWrkmJAM1h/pDkXwdTKIEHQgigvDv/K/70MAEabgkUjpqCnAhiqkB/CvtysH7i5H
dxz8iW2AWiRlMa0aHIYnEanVwm7s6oQ+JGed44GTCanbz5P0+SXUKUef6GE/gsGo
ICQk/JlaSvvvlq+Yr4Ss3Ulv3Ve91bTNoktK5kcCAwEAAaOCAkEwggI9MB0GA1Ud
DgQWBBS+MsuGs/NtwL/xNQUfTUfqNz2cfDAfBgNVHSMEGDAWgBQFsdE8LibhJ4Yk
al7Exb6mmGSyDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JiSFJQQzRtNFNlR0pHcGV4TVctcHBoa3NnOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTgvYzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8x
L3ZqTExoclB6YmNDXzhUVUZIMDFINmpjOW5Idy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgv
YzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8xL0JiSFJQQzRtNFNl
R0pHcGV4TVctcHBoa3NnOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBX
BggrBgEFBQcBBwEB/wRIMEYwRAQCAAEwPjAMAwQAH4EVAwQAH4EWAwQAH4EeAwQA
LQhjAwQALYG4AwQBTVN0AwQATVN3AwQBwgVeAwQAwhzBAwQAw1AwMA0GCSqGSIb3
DQEBCwUAA4IBAQBWZVPeyf1p58jGMwrGJ+RGdMTdlkabA4pcDtGkskypTSsdFW3v
LIVb7wcOma91GVzJ43rpxH5aTTie9ik+3WCPr4aZeOFYrxiTgpk+wtlchty/Gifb
rM3jnPfIJW5xIZihzjXzyWdmqukEaJv/YQnl/QhstgDLG25p3DDt7+gds+4YlAlT
SLuQFdzJQuuDa77BpA1+AbCL0y5YxyJ09+kg3A8RB6ykV6QOUKCpvBUFbiirinoI
PU0UNXckVaPpJ7Gzw1LSLwWb1YzFSkBtdhzr4Y0pc3iVD23Lbz68diB6K6FZGd+n
B5LECwZ3I/X9smSbr3ZGxYncuFdgs/IKFcKw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org