Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sfCfKO0k2piVnxPyvtbxaUARvcI.roa
File: sfCfKO0k2piVnxPyvtbxaUARvcI.roa (raw, json)
Hash identifier: Qadg3wsa0Ct/Oq9QB4qGvC5yUGGW5nxPCbGkvQ6j/NQ=
Subject key identifier: B1:F0:9F:28:ED:24:DA:98:95:9F:13:F2:BE:D6:F1:69:40:11:BD:C2
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 018596811040D4DCAFE91D8653041BC7B1FA
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sfCfKO0k2piVnxPyvtbxaUARvcI.roa
Signing time: Mon 09 Jan 2023 12:28:38 +0000
ROA not before: Mon 09 Jan 2023 12:28:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
212.60.23.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
195.80.50.0/24 maxlen: 24
89.191.232.0/24 maxlen: 24
45.8.98.0/24 maxlen: 24
45.8.97.0/24 maxlen: 24
45.80.130.0/23 maxlen: 23
45.80.129.0/24 maxlen: 24
91.107.124.0/23 maxlen: 23
37.220.80.0/22 maxlen: 22
91.107.127.0/24 maxlen: 24
5.44.46.0/24 maxlen: 24
5.44.47.0/24 maxlen: 24
45.129.187.0/24 maxlen: 24
194.28.192.0/24 maxlen: 24
45.66.117.0/24 maxlen: 24
45.66.119.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:96:81:10:40:d4:dc:af:e9:1d:86:53:04:1b:c7:b1:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 9 12:28:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1f09f28ed24da98959f13f2bed6f1694011bdc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ae:bd:83:61:f9:87:b0:67:33:9d:d6:3c:d4:
f5:85:18:82:b2:0d:2c:a7:ea:7e:99:44:33:e1:2a:
91:34:3c:0e:a6:b0:1b:b0:0d:69:8f:0c:df:ed:44:
48:2b:f5:5b:af:6d:3c:7c:29:9d:7f:09:e9:63:60:
59:c3:27:f7:82:d1:9e:e9:a8:ea:83:70:6b:28:43:
1f:1e:43:ef:bc:2b:2f:66:97:78:96:ff:59:7d:42:
df:90:2b:36:a7:ab:74:05:ec:24:c8:b9:2c:b6:9c:
72:5a:66:07:d8:40:f9:e9:4d:49:2b:8c:80:f6:96:
b7:b7:49:a9:14:9a:0c:5d:67:39:02:19:54:4f:f6:
f6:38:2e:4c:44:1b:00:b3:e2:f3:a6:26:41:fa:92:
b5:4c:77:ee:5a:6c:48:49:18:9d:be:e5:68:70:0b:
bf:1e:72:b3:8e:71:99:d2:67:ac:61:05:11:52:5f:
a0:e3:37:ee:90:70:a5:22:7c:26:f3:9c:d6:81:2c:
87:ec:71:7a:02:af:ac:a4:64:ca:94:fb:fd:41:e5:
b0:53:d8:78:0f:c2:3b:a6:90:71:70:25:01:71:76:
60:e3:e6:a0:7c:1b:97:2b:88:58:04:d9:b5:d8:c2:
66:a9:d7:44:41:9b:b5:f2:2a:60:3f:ee:0d:5c:cd:
d3:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:F0:9F:28:ED:24:DA:98:95:9F:13:F2:BE:D6:F1:69:40:11:BD:C2
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sfCfKO0k2piVnxPyvtbxaUARvcI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.46.0/23
31.129.0.0-31.129.21.255
31.129.23.0-31.129.29.255
31.129.31.0/24
37.220.80.0/22
45.8.97.0-45.8.98.255
45.66.117.0/24
45.66.119.0/24
45.80.129.0-45.80.131.255
45.129.187.0/24
46.16.12.0/24
46.16.14.0/23
89.191.232.0/24
91.107.124.0/23
91.107.127.0/24
194.28.192.0/24
195.80.50.0/24
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
89:28:e4:88:3f:01:b9:f1:1f:ea:5f:85:02:02:9a:ae:06:7e:
68:2e:c1:0b:9d:1c:0d:03:ba:22:b9:14:df:83:3a:b3:ee:15:
b9:b4:19:95:71:73:04:07:04:74:e2:25:c5:d9:8c:dd:90:e7:
b9:5e:27:b3:af:e9:a7:78:e5:f5:52:9b:2b:45:d9:38:e3:77:
29:0a:65:7d:35:e2:6e:b4:d7:d1:9f:22:f6:40:35:aa:5c:fc:
e7:56:7d:96:ad:1b:67:dd:43:99:2b:cb:6a:0c:4e:10:44:19:
79:e5:57:5d:74:97:cd:89:43:ec:2d:a3:c7:8f:dc:e9:a4:7b:
98:13:aa:9b:4a:7c:f8:b6:e1:61:81:e5:ab:b7:e7:37:58:e6:
0d:35:22:5b:7b:39:55:0e:71:16:f2:80:bb:2e:7f:4f:1c:b7:
a8:05:ac:c5:5e:e5:ff:1c:73:30:c3:a0:98:56:7e:de:f7:60:
a9:e1:07:5d:35:3b:79:f2:cb:8d:f2:24:45:eb:00:41:48:e0:
b5:86:2d:d6:3a:be:80:7a:05:e4:40:24:2c:ea:25:7e:2a:38:
ba:84:31:60:dc:a5:c1:cc:b6:4c:75:79:ed:f8:f8:b2:9b:4c:
3c:76:2f:10:36:d4:0d:6d:a9:d9:d8:07:5b:3e:aa:cf:6d:15:
43:c3:f5:5c
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYWWgRBA1Nyv6R2GUwQbx7H6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTA5MTIyODM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYwOWYyOGVkMjRkYTk4OTU5ZjEzZjJiZWQ2ZjE2OTQwMTFiZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq69g2H5h7BnM53WPNT1hRiCsg0s
p+p+mUQz4SqRNDwOprAbsA1pjwzf7URIK/Vbr208fCmdfwnpY2BZwyf3gtGe6ajq
g3BrKEMfHkPvvCsvZpd4lv9ZfULfkCs2p6t0BewkyLkstpxyWmYH2ED56U1JK4yA
9pa3t0mpFJoMXWc5AhlUT/b2OC5MRBsAs+LzpiZB+pK1THfuWmxISRidvuVocAu/
HnKzjnGZ0mesYQURUl+g4zfukHClInwm85zWgSyH7HF6Aq+spGTKlPv9QeWwU9h4
D8I7ppBxcCUBcXZg4+agfBuXK4hYBNm12MJmqddEQZu18ipgP+4NXM3TWwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLHwnyjtJNqYlZ8T8r7W8WlAEb3CMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvc2ZDZktPMGsycGlWbnhQeXZ0YnhhVUFSdmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGoBggrBgEFBQcBBwEB/wSBmDCBlTCBkgQCAAEwgYsDBAEF
LC4wCwMDAB+BAwQBH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FAwDAMEAC0I
YQMEAC0IYgMEAC1CdQMEAC1CdzAMAwQALVCBAwQCLVCAAwQALYG7AwQALhAMAwQB
LhAOAwQAWb/oAwQBW2t8AwQAW2t/AwQAwhzAAwQAw1AyAwQA1DwXMA0GCSqGSIb3
DQEBCwUAA4IBAQCJKOSIPwG58R/qX4UCApquBn5oLsELnRwNA7oiuRTfgzqz7hW5
tBmVcXMEBwR04iXF2YzdkOe5Xiezr+mneOX1UpsrRdk443cpCmV9NeJutNfRnyL2
QDWqXPznVn2WrRtn3UOZK8tqDE4QRBl55VdddJfNiUPsLaPHj9zppHuYE6qbSnz4
tuFhgeWrt+c3WOYNNSJbezlVDnEW8oC7Ln9PHLeoBazFXuX/HHMww6CYVn7e92Cp
4QddNTt58suN8iRF6wBBSOC1hi3WOr6AegXkQCQs6iV+Kji6hDFg3KXBzLZMdXnt
+Piym0w8di8QNtQNbanZ2AdbPqrPbRVDw/Vc
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:21 2023 by rpki-client on console.sobornost.net