Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1mtl3kPawcfReTCs2gj1xxcDH-8.roa
File: 1mtl3kPawcfReTCs2gj1xxcDH-8.roa (raw, json)
Hash identifier: lRaRB7Yd11/zSzNlIehYx1KefqeRTVgid4jSM5ZwGkc=
Subject key identifier: D6:6B:65:DE:43:DA:C1:C7:D1:79:30:AC:DA:08:F5:C7:17:03:1F:EF
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018FC991D0DDE708CFEA686B141B741D675C
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1mtl3kPawcfReTCs2gj1xxcDH-8.roa
Signing time: Thu 30 May 2024 12:55:27 +0000
ROA not before: Thu 30 May 2024 12:55:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215211
IP address blocks: 31.57.0.0/16 maxlen: 16
31.59.0.0/16 maxlen: 16
151.247.207.0/24 maxlen: 24
2a0e:5:a::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:c9:91:d0:dd:e7:08:cf:ea:68:6b:14:1b:74:1d:67:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: May 30 12:55:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d66b65de43dac1c7d17930acda08f5c717031fef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:b2:d0:42:ef:28:00:16:4a:41:4e:61:c6:22:
e6:17:f1:9b:df:f5:be:56:4e:7d:68:6e:4f:b9:d7:
8b:6a:03:4b:b4:0b:8f:fa:86:29:70:b0:69:8c:f1:
2f:1c:0f:ba:3a:c9:4d:2a:43:38:e7:20:30:9b:d6:
bb:25:5d:9d:0c:8d:53:0e:a0:3b:36:65:80:62:3f:
25:6c:23:1e:8e:85:73:a9:f6:06:9d:6a:a3:61:ea:
f5:2a:58:d3:f9:9e:b2:81:f1:cd:14:e6:c6:07:95:
b8:07:78:5b:51:e9:90:7a:b5:ec:db:92:92:ba:89:
b0:34:22:53:d5:5e:7b:54:d9:57:0d:e1:a1:f0:d1:
b6:b0:38:53:bb:db:bb:71:a3:ec:d1:a1:df:28:6c:
d8:01:b7:ce:1b:d2:b7:bf:a4:9b:8e:78:ce:75:cb:
e1:45:60:d7:91:ee:e5:86:08:52:4b:83:f6:6b:25:
54:61:22:12:ca:c4:51:58:ce:b9:a3:ea:0c:88:71:
7f:e2:6e:cc:9e:89:ad:4b:4b:35:99:ee:c1:0e:20:
d8:dc:e1:7e:bb:0c:43:5b:97:69:12:04:d3:05:61:
13:41:19:ba:59:9e:2c:1e:1d:93:f4:5e:7e:b9:7c:
d7:f7:a7:c9:c5:8f:cc:63:82:a4:7a:9c:16:68:f2:
69:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:6B:65:DE:43:DA:C1:C7:D1:79:30:AC:DA:08:F5:C7:17:03:1F:EF
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/1mtl3kPawcfReTCs2gj1xxcDH-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.57.0.0/16
31.59.0.0/16
151.247.207.0/24
IPv6:
2a0e:5:a::/48
Signature Algorithm: sha256WithRSAEncryption
31:16:e3:9c:20:75:e0:c9:3c:69:ad:af:09:9b:3d:8b:80:1e:
27:2c:61:f7:23:3a:98:d0:4d:84:d3:c7:39:e0:be:64:7e:30:
0f:2f:19:af:4e:74:02:f0:82:46:95:25:04:71:7e:26:b5:d0:
9d:54:66:86:fd:81:5d:1b:35:9f:69:c3:a9:fb:66:cc:55:b3:
64:5b:14:49:4b:2a:f6:d5:0d:a6:02:8b:8e:e1:55:63:54:ae:
9b:28:61:fd:2b:c6:45:f9:0c:ad:ee:ff:65:76:dc:a6:c7:3e:
4d:42:53:d2:29:66:4f:fe:48:72:98:02:7c:b9:e5:7a:9e:c5:
e3:a0:93:c1:81:4c:bc:15:4e:0c:cb:5d:89:c9:30:08:9e:16:
3f:7e:ae:c2:ec:54:ab:20:24:c3:0d:64:de:82:dc:64:99:4d:
5a:d8:85:40:e1:98:cc:6b:f7:c9:e5:a2:fb:70:42:d0:19:13:
14:af:3f:d4:e9:de:aa:96:31:f1:82:48:12:b1:c7:dc:4f:97:
d0:21:3d:dd:9f:8e:40:9b:76:1c:b1:03:86:9c:66:56:ae:66:
e7:60:c0:c1:71:21:d8:84:0f:5d:ac:9f:09:4c:1a:9c:98:a7:
76:18:09:40:9a:79:2a:d5:01:54:f1:8e:54:d8:41:cd:69:c5:
c2:7a:64:f5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY/JkdDd5wjP6mhrFBt0HWdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwNTMwMTI1NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjZiNjVkZTQzZGFjMWM3ZDE3OTMwYWNkYTA4ZjVjNzE3MDMxZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrLQQu8oABZKQU5hxiLmF/Gb3/W+
Vk59aG5PudeLagNLtAuP+oYpcLBpjPEvHA+6OslNKkM45yAwm9a7JV2dDI1TDqA7
NmWAYj8lbCMejoVzqfYGnWqjYer1KljT+Z6ygfHNFObGB5W4B3hbUemQerXs25KS
uomwNCJT1V57VNlXDeGh8NG2sDhTu9u7caPs0aHfKGzYAbfOG9K3v6SbjnjOdcvh
RWDXke7lhghSS4P2ayVUYSISysRRWM65o+oMiHF/4m7MnomtS0s1me7BDiDY3OF+
uwxDW5dpEgTTBWETQRm6WZ4sHh2T9F5+uXzX96fJxY/MY4KkepwWaPJpRQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNZrZd5D2sHH0XkwrNoI9ccXAx/vMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvMW10bDNrUGF3Y2ZSZVRDczJnajF4eGNESC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAWBAIAATAQAwMAHzkDAwAf
OwMEAJf3zzAPBAIAAjAJAwcAKg4ABQAKMA0GCSqGSIb3DQEBCwUAA4IBAQAxFuOc
IHXgyTxpra8Jmz2LgB4nLGH3IzqY0E2E08c54L5kfjAPLxmvTnQC8IJGlSUEcX4m
tdCdVGaG/YFdGzWfacOp+2bMVbNkWxRJSyr21Q2mAouO4VVjVK6bKGH9K8ZF+Qyt
7v9ldtymxz5NQlPSKWZP/khymAJ8ueV6nsXjoJPBgUy8FU4My12JyTAInhY/fq7C
7FSrICTDDWTegtxkmU1a2IVA4ZjMa/fJ5aL7cELQGRMUrz/U6d6qljHxgkgSscfc
T5fQIT3dn45Am3YcsQOGnGZWrmbnYMDBcSHYhA9drJ8JTBqcmKd2GAlAmnkq1QFU
8Y5U2EHNacXCemT1
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:08:24 2025 by rpki-client