Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/BmvtH6_zyRCVLkj_rSlcFSCllyQ.roa
File: BmvtH6_zyRCVLkj_rSlcFSCllyQ.roa (raw, json)
Hash identifier: JcMdx/KQ5JWcS/aM13I9NuVqEOuKSjO64i7dT5D3Y2s=
Subject key identifier: 06:6B:ED:1F:AF:F3:C9:10:95:2E:48:FF:AD:29:5C:15:20:A5:97:24
Certificate issuer: /CN=d1f5d55a1bb009d181992e241851d5f9939237cc
Certificate serial: 01877FBF19233D5F3F63CA680233BAC9C267
Authority key identifier: D1:F5:D5:5A:1B:B0:09:D1:81:99:2E:24:18:51:D5:F9:93:92:37:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/BmvtH6_zyRCVLkj_rSlcFSCllyQ.roa
Signing time: Fri 14 Apr 2023 12:30:42 +0000
ROA not before: Fri 14 Apr 2023 12:30:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44053
IP address blocks: 31.15.16.0/21 maxlen: 32
31.177.104.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7f:bf:19:23:3d:5f:3f:63:ca:68:02:33:ba:c9:c2:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1f5d55a1bb009d181992e241851d5f9939237cc
Validity
Not Before: Apr 14 12:30:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=066bed1faff3c910952e48ffad295c1520a59724
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:d4:78:69:78:68:50:b0:90:5d:b0:d5:3e:54:
95:2d:61:63:f7:fe:52:0c:8a:71:31:39:02:7e:58:
c6:ec:7c:d0:9f:d0:b9:12:12:b5:98:da:89:9e:5b:
13:b0:4d:77:98:2b:80:4e:c6:ef:b7:e2:68:91:d7:
e6:bc:e0:20:27:64:de:5e:56:87:d6:dc:b5:e9:c0:
66:bc:0c:24:ca:5a:a7:e5:39:f0:9a:82:e0:66:22:
91:5b:d5:37:86:99:0f:85:55:87:ab:07:fd:c7:7b:
a0:43:65:47:e2:73:84:35:ae:00:02:8d:05:d2:82:
0a:7c:9b:c1:e5:d5:68:20:f9:42:5b:f1:19:11:68:
ba:76:b7:9c:15:93:1f:c0:02:3c:ba:ca:6d:e4:47:
58:fb:c4:fe:87:ba:f3:2c:ea:fd:da:d5:bb:59:48:
34:c2:ef:94:ce:06:f6:d2:30:e1:ee:72:f7:4b:46:
06:78:49:6a:39:5b:17:4d:23:f0:0d:3d:91:6b:a8:
e9:2c:07:86:4b:2e:7e:67:9c:22:7c:63:73:5f:d1:
9a:04:eb:f3:5f:16:bd:df:fb:dc:f9:57:f4:b4:1d:
c8:1d:35:58:c8:e9:e8:f4:0e:e4:9e:f1:88:bc:b1:
85:1c:c2:83:77:03:9a:27:f3:13:08:ab:0a:86:46:
8e:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:6B:ED:1F:AF:F3:C9:10:95:2E:48:FF:AD:29:5C:15:20:A5:97:24
X509v3 Authority Key Identifier:
keyid:D1:F5:D5:5A:1B:B0:09:D1:81:99:2E:24:18:51:D5:F9:93:92:37:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/BmvtH6_zyRCVLkj_rSlcFSCllyQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.15.16.0/21
31.177.104.0/21
Signature Algorithm: sha256WithRSAEncryption
a0:d3:84:ee:f3:24:71:4b:83:8a:00:e8:c0:16:03:f9:c4:ea:
d6:b9:d0:06:f1:2b:fc:bf:96:6a:19:a5:df:a7:04:b0:8d:a2:
32:72:95:c8:25:36:4f:6b:01:a2:ff:e7:e6:5d:b4:1e:93:21:
3d:f6:1a:81:2f:d5:45:8c:8e:3b:a2:00:05:b4:f8:55:0c:c5:
d3:a8:ee:1a:5d:a1:07:af:bc:ed:d7:f2:49:07:29:9e:98:38:
7d:05:d1:0b:e0:38:e6:cd:ac:ed:15:3e:50:fb:7d:b7:a7:9f:
50:55:bd:a9:5d:fe:64:84:23:0d:7a:53:0d:b1:d9:45:5e:24:
46:fd:3e:40:c1:de:48:74:8c:86:86:4c:a2:c0:d8:69:7e:20:
38:65:6e:da:0a:03:a8:15:90:39:5e:4d:d7:98:e0:4b:f4:76:
c5:d3:d4:f3:65:fa:f3:69:ed:3c:49:6a:e2:6d:64:ab:9b:4d:
ca:d9:3a:87:94:ee:04:25:0d:74:e8:6c:d7:09:6a:be:98:dd:
25:a2:62:12:28:a0:9c:d6:9b:c5:66:55:0e:b1:c5:74:02:49:
da:0f:fd:a7:ae:4d:f2:78:79:ce:e8:8f:23:75:22:fd:ff:5b:
1b:79:ef:dc:fb:a9:27:00:f5:a5:c7:b3:a9:50:88:0d:14:40:
97:c4:f2:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYd/vxkjPV8/Y8poAjO6ycJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZjVkNTVhMWJiMDA5ZDE4MTk5MmUyNDE4NTFkNWY5OTM5
MjM3Y2MwHhcNMjMwNDE0MTIzMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjZiZWQxZmFmZjNjOTEwOTUyZTQ4ZmZhZDI5NWMxNTIwYTU5NzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldR4aXhoULCQXbDVPlSVLWFj9/5S
DIpxMTkCfljG7HzQn9C5EhK1mNqJnlsTsE13mCuATsbvt+JokdfmvOAgJ2TeXlaH
1ty16cBmvAwkylqn5TnwmoLgZiKRW9U3hpkPhVWHqwf9x3ugQ2VH4nOENa4AAo0F
0oIKfJvB5dVoIPlCW/EZEWi6drecFZMfwAI8uspt5EdY+8T+h7rzLOr92tW7WUg0
wu+Uzgb20jDh7nL3S0YGeElqOVsXTSPwDT2Ra6jpLAeGSy5+Z5wifGNzX9GaBOvz
Xxa93/vc+Vf0tB3IHTVYyOno9A7knvGIvLGFHMKDdwOaJ/MTCKsKhkaO4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAZr7R+v88kQlS5I/60pXBUgpZckMB8GA1UdIwQY
MBaAFNH11VobsAnRgZkuJBhR1fmTkjfMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGZYVldodXdDZEdCbVM0a0dGSFYtWk9TTjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9iOGM4NTEtMTZlYy00NzZmLTk5MTgt
YTYyNDczYWJhYTkxLzEvQm12dEg2X3p5UkNWTGtqX3JTbGNGU0NsbHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9iOGM4NTEtMTZlYy00NzZmLTk5MTgtYTYyNDczYWJhYTkx
LzEvMGZYVldodXdDZEdCbVM0a0dGSFYtWk9TTjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDHw8QAwQD
H7FoMA0GCSqGSIb3DQEBCwUAA4IBAQCg04Tu8yRxS4OKAOjAFgP5xOrWudAG8Sv8
v5ZqGaXfpwSwjaIycpXIJTZPawGi/+fmXbQekyE99hqBL9VFjI47ogAFtPhVDMXT
qO4aXaEHr7zt1/JJBymemDh9BdEL4DjmzaztFT5Q+323p59QVb2pXf5khCMNelMN
sdlFXiRG/T5Awd5IdIyGhkyiwNhpfiA4ZW7aCgOoFZA5Xk3XmOBL9HbF09TzZfrz
ae08SWribWSrm03K2TqHlO4EJQ106GzXCWq+mN0lomISKKCc1pvFZlUOscV0Akna
D/2nrk3yeHnO6I8jdSL9/1sbee/c+6knAPWlx7OpUIgNFECXxPLm
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:01 2023 by rpki-client on console-ams.rpki-client.org