Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/KsjNOFafyRhtadtVcZ7pX4b7eck.roa
File: KsjNOFafyRhtadtVcZ7pX4b7eck.roa (raw, json)
Hash identifier: q/qPLsxOxoBMX54x3SxEZk9Oa3QkeMBm4wxfWgwRCcM=
Subject key identifier: 2A:C8:CD:38:56:9F:C9:18:6D:69:DB:55:71:9E:E9:5F:86:FB:79:C9
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0185A0F451869601DE84EF1142A48485691E
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/KsjNOFafyRhtadtVcZ7pX4b7eck.roa
Signing time: Wed 11 Jan 2023 13:10:44 +0000
ROA not before: Wed 11 Jan 2023 13:10:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
212.60.23.0/24 maxlen: 24
141.98.233.0/24 maxlen: 24
141.98.234.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
195.80.50.0/24 maxlen: 24
85.92.109.0/24 maxlen: 24
89.191.232.0/24 maxlen: 24
91.107.116.0/24 maxlen: 24
45.80.129.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
91.107.124.0/23 maxlen: 23
37.220.80.0/22 maxlen: 22
194.31.174.0/24 maxlen: 24
194.31.173.0/24 maxlen: 24
91.107.127.0/24 maxlen: 24
194.5.93.0/24 maxlen: 24
5.44.46.0/24 maxlen: 24
5.44.47.0/24 maxlen: 24
185.166.196.0/23 maxlen: 24
45.129.187.0/24 maxlen: 24
194.28.192.0/24 maxlen: 24
94.198.216.0/22 maxlen: 24
94.198.220.0/23 maxlen: 24
81.200.144.0/21 maxlen: 24
81.200.152.0/22 maxlen: 24
81.200.156.0/23 maxlen: 24
46.19.64.0/22 maxlen: 24
45.66.117.0/24 maxlen: 24
45.66.119.0/24 maxlen: 24
109.236.56.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a0:f4:51:86:96:01:de:84:ef:11:42:a4:84:85:69:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 11 13:10:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2ac8cd38569fc9186d69db55719ee95f86fb79c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:d6:e4:81:2d:e5:da:34:a4:bf:84:8a:18:e3:
5a:ad:0e:4f:a8:4c:43:a8:62:e0:8c:2e:99:b2:5c:
92:8c:1e:3d:93:c2:a6:c5:fe:51:57:d3:53:30:43:
bd:ce:a8:36:53:d7:e8:6a:eb:2e:1e:56:6a:4e:e0:
42:c0:dd:09:8a:2d:d7:df:ce:bf:eb:e3:24:c4:08:
e9:fe:0c:6d:a0:a8:14:d3:a1:af:95:5a:c8:23:c9:
02:2c:17:9f:90:c0:e4:7d:ed:15:ff:bc:dd:fb:fc:
73:85:9e:3e:c6:bc:a3:6d:8a:d8:76:30:f7:a6:52:
63:56:76:05:4e:2c:d3:91:20:31:5f:20:b5:50:ba:
2d:49:dc:29:ac:3c:d5:0d:62:1a:35:cb:66:cc:2d:
f2:ae:93:fe:82:b4:f2:9a:c8:a0:ef:8d:d5:35:f8:
f4:3d:39:50:db:55:3e:96:01:4f:6a:f2:d2:70:3b:
5c:2c:3e:c1:bc:6b:7f:d1:91:22:88:50:1a:40:ab:
50:d0:78:12:6e:4b:51:d1:3a:8d:b6:a0:8a:54:bc:
25:fd:df:9e:62:80:6f:e2:49:1d:62:37:c8:ba:03:
95:c4:74:2c:72:98:6a:76:0b:10:a0:71:e0:e6:75:
96:ed:7e:e4:70:03:b0:ce:d0:08:d3:3f:31:d2:ed:
04:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:C8:CD:38:56:9F:C9:18:6D:69:DB:55:71:9E:E9:5F:86:FB:79:C9
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/KsjNOFafyRhtadtVcZ7pX4b7eck.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.46.0/23
31.129.0.0-31.129.21.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.66.117.0/24
45.66.119.0/24
45.80.129.0-45.80.131.255
45.129.187.0/24
46.16.12.0/24
46.16.14.0/23
46.19.64.0/22
81.200.144.0-81.200.157.255
85.92.109.0/24
89.191.232.0/24
91.107.116.0/24
91.107.124.0/23
91.107.127.0/24
94.198.216.0-94.198.221.255
109.236.56.0/23
141.98.233.0-141.98.234.255
185.166.196.0/23
194.5.93.0/24
194.28.192.0/24
194.31.173.0-194.31.174.255
195.80.50.0/24
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
42:00:1f:11:80:7d:a0:48:62:29:63:8d:b5:f0:24:3b:2d:13:
5c:98:8f:50:0d:a5:6a:6b:7c:19:1d:c2:b6:6c:4d:65:62:6f:
46:d9:cf:dd:55:d6:f7:18:77:0d:40:7d:3c:e9:0b:ed:80:36:
c3:11:b8:a6:b8:31:d5:9f:49:89:ef:f9:12:b9:43:dd:27:9f:
0f:c4:01:bd:3f:e3:d8:8a:b4:d6:58:f2:7f:5e:f8:08:1e:80:
a0:0f:50:ba:ba:99:53:e1:b9:0b:b7:3d:3d:c9:1e:a9:8f:2e:
fe:02:8d:b6:02:ae:ee:70:8a:9d:43:53:34:66:e0:9b:fb:5b:
9c:83:16:9d:b7:97:55:9e:2c:f5:8a:5f:59:01:21:27:81:b4:
2e:1c:43:7b:f7:ff:49:fa:96:14:2e:f7:d4:56:11:96:a2:a1:
65:d5:95:10:24:06:f0:df:68:9d:01:f3:37:fb:cb:d0:f0:fb:
44:89:44:73:da:1b:4d:b0:f6:bc:e7:40:3d:cc:15:b5:f6:5e:
3c:f5:2c:c3:80:f0:1f:39:4b:cd:7a:27:61:91:cb:69:7a:f1:
ca:c6:b2:6a:fb:cf:dd:ac:57:db:3d:72:e2:ea:a1:a2:4c:3a:
2b:3a:2c:8a:fc:0c:86:23:d2:71:8a:99:a0:d2:4d:85:5b:5c:
c3:4d:aa:b9
-----BEGIN CERTIFICATE-----
MIIF1TCCBL2gAwIBAgISAYWg9FGGlgHehO8RQqSEhWkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTExMTMxMDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWM4Y2QzODU2OWZjOTE4NmQ2OWRiNTU3MTllZTk1Zjg2ZmI3OWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9bkgS3l2jSkv4SKGONarQ5PqExD
qGLgjC6ZslySjB49k8Kmxf5RV9NTMEO9zqg2U9foausuHlZqTuBCwN0Jii3X386/
6+MkxAjp/gxtoKgU06GvlVrII8kCLBefkMDkfe0V/7zd+/xzhZ4+xryjbYrYdjD3
plJjVnYFTizTkSAxXyC1ULotSdwprDzVDWIaNctmzC3yrpP+grTymsig743VNfj0
PTlQ21U+lgFPavLScDtcLD7BvGt/0ZEiiFAaQKtQ0HgSbktR0TqNtqCKVLwl/d+e
YoBv4kkdYjfIugOVxHQscphqdgsQoHHg5nWW7X7kcAOwztAI0z8x0u0EAwIDAQAB
o4IC4TCCAt0wHQYDVR0OBBYEFCrIzThWn8kYbWnbVXGe6V+G+3nJMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvS3NqTk9GYWZ5Umh0YWR0VmNaN3BYNGI3ZWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH2BggrBgEFBQcBBwEB/wSB5jCB4zCB4AQCAAEwgdkDBAEF
LC4wCwMDAB+BAwQBH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FADBAAtQnUD
BAAtQncwDAMEAC1QgQMEAi1QgAMEAC2BuwMEAC4QDAMEAS4QDgMEAi4TQDAMAwQE
UciQAwQBUcicAwQAVVxtAwQAWb/oAwQAW2t0AwQBW2t8AwQAW2t/MAwDBANextgD
BAFextwDBAFt7DgwDAMEAI1i6QMEAI1i6gMEAbmmxAMEAMIFXQMEAMIcwDAMAwQA
wh+tAwQAwh+uAwQAw1AyAwQA1DwXMA0GCSqGSIb3DQEBCwUAA4IBAQBCAB8RgH2g
SGIpY4218CQ7LRNcmI9QDaVqa3wZHcK2bE1lYm9G2c/dVdb3GHcNQH086QvtgDbD
EbimuDHVn0mJ7/kSuUPdJ58PxAG9P+PYirTWWPJ/XvgIHoCgD1C6uplT4bkLtz09
yR6pjy7+Ao22Aq7ucIqdQ1M0ZuCb+1ucgxadt5dVniz1il9ZASEngbQuHEN79/9J
+pYULvfUVhGWoqFl1ZUQJAbw32idAfM3+8vQ8PtEiURz2htNsPa850A9zBW19l48
9SzDgPAfOUvNeidhkctpevHKxrJq+8/drFfbPXLi6qGiTDorOiyK/AyGI9Jxipmg
0k2FW1zDTaq5
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:20 2023 by rpki-client on console.sobornost.net