Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1-_Hi27xRhpaDGR2MpUJUnIQvw24.roa
File: 1-_Hi27xRhpaDGR2MpUJUnIQvw24.roa (raw, json)
Hash identifier: 2VTlmLAKKMB8iFN1jSbmxivQUQtZCvnMRA+76JHBdnA=
Subject key identifier: FB:F1:E2:DB:BC:51:86:96:83:19:1D:8C:A5:42:54:9C:84:2F:C3:6E
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 01857079BD44C2EFD1D357198F94B0955E2E
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1-_Hi27xRhpaDGR2MpUJUnIQvw24.roa
Signing time: Mon 02 Jan 2023 03:15:04 +0000
ROA not before: Mon 02 Jan 2023 03:15:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31549
IP address blocks: 217.60.0.0/19 maxlen: 19
217.60.0.0/18 maxlen: 18
217.60.0.0/16 maxlen: 16
217.60.24.0/21 maxlen: 21
217.60.36.0/23 maxlen: 23
217.60.32.0/22 maxlen: 22
217.60.32.0/20 maxlen: 20
217.60.36.0/22 maxlen: 22
217.60.38.0/23 maxlen: 23
217.60.40.0/21 maxlen: 21
217.60.48.0/20 maxlen: 20
37.148.0.0/18 maxlen: 24
37.148.0.0/17 maxlen: 18
217.60.108.0/22 maxlen: 22
217.60.128.0/18 maxlen: 18
217.60.128.0/19 maxlen: 19
217.60.150.0/24 maxlen: 24
217.60.64.0/20 maxlen: 20
217.60.64.0/18 maxlen: 18
217.60.80.0/20 maxlen: 20
217.60.96.0/21 maxlen: 21
217.60.104.0/22 maxlen: 22
151.244.128.0/19 maxlen: 19
94.183.176.0/21 maxlen: 21
84.241.0.0/18 maxlen: 24
31.56.80.0/20 maxlen: 20
31.56.16.0/20 maxlen: 20
31.56.0.0/14 maxlen: 24
31.56.32.0/20 maxlen: 20
185.73.3.0/24 maxlen: 24
185.73.0.0/22 maxlen: 22
151.238.0.0/15 maxlen: 24
185.73.2.0/24 maxlen: 24
185.73.2.0/23 maxlen: 23
185.73.0.0/23 maxlen: 23
151.240.0.0/13 maxlen: 24
85.15.0.0/18 maxlen: 24
151.247.64.0/18 maxlen: 18
217.60.219.0/24 maxlen: 24
217.60.216.0/21 maxlen: 21
217.60.224.0/20 maxlen: 20
217.60.230.0/24 maxlen: 24
217.60.231.0/24 maxlen: 24
217.60.240.0/20 maxlen: 20
37.202.128.0/18 maxlen: 18
37.202.128.0/17 maxlen: 17
217.60.160.0/19 maxlen: 19
217.60.160.0/21 maxlen: 21
217.60.160.0/20 maxlen: 20
217.60.161.0/24 maxlen: 24
217.60.171.0/24 maxlen: 24
217.60.168.0/23 maxlen: 23
217.60.170.0/24 maxlen: 24
217.60.176.0/21 maxlen: 21
217.60.176.0/24 maxlen: 24
217.60.184.0/22 maxlen: 22
37.148.78.0/24 maxlen: 24
217.60.188.0/22 maxlen: 22
217.60.192.0/22 maxlen: 22
217.60.192.0/20 maxlen: 20
217.60.192.0/18 maxlen: 18
217.60.196.0/22 maxlen: 22
217.60.200.0/22 maxlen: 22
94.182.0.0/15 maxlen: 24
217.60.207.0/24 maxlen: 24
217.60.209.0/24 maxlen: 24
217.60.208.0/20 maxlen: 20
217.60.212.0/22 maxlen: 22
217.60.208.0/23 maxlen: 23
37.202.192.0/18 maxlen: 18
37.202.136.0/24 maxlen: 24
31.57.208.0/20 maxlen: 20
2a0e::/26 maxlen: 26
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:79:bd:44:c2:ef:d1:d3:57:19:8f:94:b0:95:5e:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jan 2 03:15:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fbf1e2dbbc51869683191d8ca542549c842fc36e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:fd:8c:ff:cc:ec:46:61:85:b8:6b:11:00:5f:
47:78:f4:17:60:99:5b:35:eb:7b:73:b3:3f:40:84:
fd:07:70:1f:fd:8b:f5:7e:20:c8:09:7f:29:4e:f0:
b2:cb:44:c4:fd:5f:90:87:8b:5a:18:8c:c2:37:77:
14:a7:28:76:18:9f:b2:22:a3:eb:78:5f:4f:43:23:
09:bd:8b:3c:d8:a8:ec:d9:98:9b:dc:11:90:c5:67:
21:9c:df:8a:b7:fe:ed:1c:cc:82:39:d9:f8:a5:9d:
f0:28:6b:91:a8:c7:6d:77:6b:05:1b:cd:f7:5a:d2:
03:da:e7:e5:f2:b7:5a:9f:63:d5:ea:76:87:83:d3:
69:47:3e:44:cb:38:9e:b2:1f:72:7a:74:f0:31:9f:
d2:b0:a5:4c:fd:30:bb:74:95:f8:91:d2:d3:89:96:
fb:77:d3:05:27:e7:c5:a4:92:c0:08:d2:a7:ab:37:
91:65:84:1a:a0:17:64:d1:49:24:69:86:48:9d:3b:
5b:5b:50:11:a7:71:fa:25:aa:8b:25:07:ed:e9:b7:
4a:51:55:c8:63:2b:03:f3:37:5e:21:e0:9a:ff:9a:
13:43:9a:fc:63:61:e2:ae:1d:2d:a6:cb:f0:c2:93:
90:35:b9:f0:92:be:c5:92:45:e6:2e:c9:d4:80:59:
0f:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:F1:E2:DB:BC:51:86:96:83:19:1D:8C:A5:42:54:9C:84:2F:C3:6E
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1-_Hi27xRhpaDGR2MpUJUnIQvw24.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0/14
37.148.0.0/17
37.202.128.0/17
84.241.0.0/18
85.15.0.0/18
94.182.0.0/15
151.238.0.0-151.247.255.255
185.73.0.0/22
217.60.0.0/16
IPv6:
2a0e::/26
Signature Algorithm: sha256WithRSAEncryption
6e:0c:46:19:06:1b:c4:54:39:cd:33:57:96:ad:34:01:26:d6:
e0:df:ed:3c:60:ef:eb:af:ac:dd:30:dd:7e:b1:94:af:bc:9c:
af:1a:5a:5e:88:6d:35:8a:04:dc:a5:b7:d6:87:f1:9a:28:b4:
09:86:ab:a0:a0:69:61:1d:64:75:f2:7a:c4:e7:36:94:00:50:
27:86:cd:2e:83:ff:4d:11:5c:71:f2:c8:ec:be:6a:b2:10:86:
1b:94:96:73:09:20:46:d0:d5:34:f4:ba:17:54:9f:f9:16:bf:
11:32:32:04:15:d6:e8:97:6c:ff:c9:1b:f0:6e:8e:d1:7d:23:
5e:70:55:78:76:0e:57:1a:84:84:b8:a3:28:98:a1:90:b0:f3:
87:39:1f:cd:b0:3c:74:0e:bc:19:b2:d5:76:d9:3f:9b:c7:de:
f9:82:96:4b:d5:3e:82:b0:91:3b:fa:7a:b5:7e:10:c2:f9:ea:
df:ff:9e:ce:3d:34:60:28:ec:bc:4f:0b:fc:90:64:7e:b8:e4:
43:4e:53:56:aa:b9:78:33:7c:7f:48:6c:03:ae:e7:06:b1:f6:
f9:9e:38:e0:cf:78:c9:1b:61:27:38:7a:42:54:77:27:80:8a:
3d:f4:e3:c4:1c:22:c1:15:d6:6c:be:d6:4a:b3:de:c0:bc:ad:
f2:7a:42:08
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYVweb1Ewu/R01cZj5SwlV4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjMwMTAyMDMxNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmYxZTJkYmJjNTE4Njk2ODMxOTFkOGNhNTQyNTQ5Yzg0MmZjMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAof2M/8zsRmGFuGsRAF9HePQXYJlb
Net7c7M/QIT9B3Af/Yv1fiDICX8pTvCyy0TE/V+Qh4taGIzCN3cUpyh2GJ+yIqPr
eF9PQyMJvYs82Kjs2Zib3BGQxWchnN+Kt/7tHMyCOdn4pZ3wKGuRqMdtd2sFG833
WtID2ufl8rdan2PV6naHg9NpRz5Eyziesh9yenTwMZ/SsKVM/TC7dJX4kdLTiZb7
d9MFJ+fFpJLACNKnqzeRZYQaoBdk0UkkaYZInTtbW1ARp3H6JaqLJQft6bdKUVXI
YysD8zdeIeCa/5oTQ5r8Y2Hirh0tpsvwwpOQNbnwkr7FkkXmLsnUgFkP5QIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFPvx4tu8UYaWgxkdjKVCVJyEL8NuMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvMS1fSGkyN3hSaHBhREdSMk1wVUpVbklRdncyNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzIvNzE1ZDE1LTI4MTAtNDgyNy04ZGJkLTBiZWUwNjEyNmIx
YS8xL3JmU1JTSXA4MkVTS1FnbEZoeHdMbVdjdHhtNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBhBggrBgEFBQcBBwEB/wRSMFAwPwQCAAEwOQMDAh84AwQH
JZQAAwQHJcqAAwQGVPEAAwQGVQ8AAwMBXrYwCgMDAZfuAwMDl/ADBAK5SQADAwDZ
PDANBAIAAjAHAwUGKg4AADANBgkqhkiG9w0BAQsFAAOCAQEAbgxGGQYbxFQ5zTNX
lq00ASbW4N/tPGDv66+s3TDdfrGUr7ycrxpaXohtNYoE3KW31ofxmii0CYaroKBp
YR1kdfJ6xOc2lABQJ4bNLoP/TRFccfLI7L5qshCGG5SWcwkgRtDVNPS6F1Sf+Ra/
ETIyBBXW6Jds/8kb8G6O0X0jXnBVeHYOVxqEhLijKJihkLDzhzkfzbA8dA68GbLV
dtk/m8fe+YKWS9U+grCRO/p6tX4Qwvnq3/+ezj00YCjsvE8L/JBkfrjkQ05TVqq5
eDN8f0hsA67nBrH2+Z444M94yRthJzh6QlR3J4CKPfTjxBwiwRXWbL7WSrPewLyt
8npCCA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:51 2024 by rpki-client on console-fra.rpki-client.org