Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/xUkMgVbbaMzKpFE6R6l2P1rgZ9s.roa
File: xUkMgVbbaMzKpFE6R6l2P1rgZ9s.roa (raw, json)
Hash identifier: U6gQfkMxnifZ7JFnSmzB/dnftzgxTaax7sDtQZi2E6U=
Subject key identifier: C5:49:0C:81:56:DB:68:CC:CA:A4:51:3A:47:A9:76:3F:5A:E0:67:DB
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01853D589DB40B5178B0931F43DFC6C15CE0
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/xUkMgVbbaMzKpFE6R6l2P1rgZ9s.roa
Signing time: Fri 23 Dec 2022 04:58:15 +0000
ROA not before: Fri 23 Dec 2022 04:58:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41789
IP address blocks: 31.129.17.0/24 maxlen: 24
31.129.16.0/24 maxlen: 24
31.129.18.0/24 maxlen: 24
31.129.21.0/24 maxlen: 24
31.129.20.0/24 maxlen: 24
31.129.19.0/24 maxlen: 24
31.129.24.0/24 maxlen: 24
31.129.23.0/24 maxlen: 24
31.129.29.0/24 maxlen: 24
31.129.28.0/24 maxlen: 24
31.129.27.0/24 maxlen: 24
31.129.26.0/24 maxlen: 24
31.129.31.0/24 maxlen: 24
31.129.25.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
46.16.14.0/24 maxlen: 24
31.129.0.0/20 maxlen: 24
85.92.111.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:3d:58:9d:b4:0b:51:78:b0:93:1f:43:df:c6:c1:5c:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Dec 23 04:58:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c5490c8156db68cccaa4513a47a9763f5ae067db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:85:e7:ea:a8:23:e6:f4:ea:f0:f1:9b:88:fb:
7d:7b:e0:e4:51:76:6a:f9:07:68:a3:11:c0:31:21:
7b:92:da:18:23:0e:c4:99:77:9d:b1:9d:cc:e8:53:
d3:53:d8:00:f2:f3:90:3f:ac:4b:dd:f9:9e:20:b5:
66:6a:39:8c:d9:b4:fb:97:01:5e:6d:ee:5e:86:89:
d5:cd:33:0d:a8:43:8a:23:61:f1:57:cb:5b:14:61:
1b:1f:4f:c4:8b:07:15:51:8c:23:63:bf:4d:aa:5e:
bf:b2:4b:3d:ad:89:b9:7b:5a:4c:2c:41:48:32:0e:
75:2e:ef:73:ff:87:bc:d9:cd:9c:24:33:a9:3a:2a:
50:26:b0:24:af:3a:44:a3:0f:7b:b1:3f:05:f0:a3:
4d:d8:b0:ff:af:06:12:e5:40:20:c9:31:36:88:57:
3d:b2:95:8f:ba:df:81:1f:08:b0:15:46:33:2b:cd:
16:ae:90:60:47:b2:d5:f2:3e:c8:4b:2e:e6:dc:7f:
24:c9:a3:82:a9:1d:c9:97:d1:b8:67:1f:7d:ad:12:
a5:4f:19:70:d4:de:73:fc:5b:62:58:5e:99:ed:35:
82:b9:17:d4:aa:fb:0a:a1:0d:29:1c:8b:9a:56:24:
66:2b:ba:3f:d7:00:da:57:4b:97:db:6b:3d:bf:b3:
4e:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:49:0C:81:56:DB:68:CC:CA:A4:51:3A:47:A9:76:3F:5A:E0:67:DB
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/xUkMgVbbaMzKpFE6R6l2P1rgZ9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.0.0-31.129.21.255
31.129.23.0-31.129.29.255
31.129.31.0/24
46.16.12.0/24
46.16.14.0/23
85.92.111.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:b5:75:07:ea:06:72:a4:54:f3:76:87:28:e8:93:fc:b8:57:
c0:fc:7f:09:92:a2:3e:85:08:ae:78:30:fc:17:42:af:a3:4a:
3d:76:7a:8f:bf:d8:29:e6:97:8b:c0:dd:b2:61:3b:98:38:f5:
ed:92:8f:a6:12:08:65:77:6d:be:6b:64:7f:48:fb:d4:3f:20:
c4:9f:36:e1:24:1e:cc:6f:15:6d:0a:18:82:54:b7:32:02:2d:
44:97:a9:40:0d:e9:95:08:b0:0e:c2:9b:a5:d2:d8:79:1c:05:
7b:56:b1:df:c2:6a:bf:69:a8:ac:f7:f7:43:17:5d:5c:ae:df:
13:f6:54:ea:8b:69:3a:73:90:d2:55:24:c4:5f:73:5f:49:8f:
25:ae:5f:1e:a1:ef:87:23:17:82:d1:b7:2e:5c:27:67:63:8c:
8c:7f:79:54:2a:de:87:fb:63:32:65:f7:0d:a2:15:39:e7:b2:
5b:26:39:b0:f5:57:c1:65:84:69:71:ba:e6:78:af:65:9e:cd:
6d:4e:b9:c9:87:7e:fc:b7:3d:85:42:1b:41:b5:a1:2c:fc:4c:
64:d1:18:a2:42:04:ed:02:13:1a:12:e4:2d:03:f5:fe:11:df:
79:00:52:bb:da:7b:d0:e3:09:93:25:3d:c2:c3:33:03:62:00:
f7:b9:27:66
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYU9WJ20C1F4sJMfQ9/GwVzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMjIzMDQ1ODE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQ5MGM4MTU2ZGI2OGNjY2FhNDUxM2E0N2E5NzYzZjVhZTA2N2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIXn6qgj5vTq8PGbiPt9e+DkUXZq
+QdooxHAMSF7ktoYIw7EmXedsZ3M6FPTU9gA8vOQP6xL3fmeILVmajmM2bT7lwFe
be5ehonVzTMNqEOKI2HxV8tbFGEbH0/EiwcVUYwjY79Nql6/sks9rYm5e1pMLEFI
Mg51Lu9z/4e82c2cJDOpOipQJrAkrzpEow97sT8F8KNN2LD/rwYS5UAgyTE2iFc9
spWPut+BHwiwFUYzK80WrpBgR7LV8j7ISy7m3H8kyaOCqR3Jl9G4Zx99rRKlTxlw
1N5z/FtiWF6Z7TWCuRfUqvsKoQ0pHIuaViRmK7o/1wDaV0uX22s9v7NO/wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMVJDIFW22jMyqRROkepdj9a4GfbMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEveFVrTWdWYmJhTXpLcEZFNlI2bDJQMXJnWjlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzA5BAIAATAzMAsDAwAfgQME
AR+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQALhAMAwQBLhAOAwQAVVxvMA0GCSqG
SIb3DQEBCwUAA4IBAQCOtXUH6gZypFTzdoco6JP8uFfA/H8JkqI+hQiueDD8F0Kv
o0o9dnqPv9gp5peLwN2yYTuYOPXtko+mEghld22+a2R/SPvUPyDEnzbhJB7MbxVt
ChiCVLcyAi1El6lADemVCLAOwpul0th5HAV7VrHfwmq/aais9/dDF11crt8T9lTq
i2k6c5DSVSTEX3NfSY8lrl8eoe+HIxeC0bcuXCdnY4yMf3lUKt6H+2MyZfcNohU5
57JbJjmw9VfBZYRpcbrmeK9lns1tTrnJh378tz2FQhtBtaEs/Exk0RiiQgTtAhMa
EuQtA/X+Ed95AFK72nvQ4wmTJT3CwzMDYgD3uSdm
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:53 2023 by rpki-client on console.sobornost.net