Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/2LLhmHDRQcBGC6WSkGCikBeNV6A.roa
File: 2LLhmHDRQcBGC6WSkGCikBeNV6A.roa (raw, json)
Hash identifier: msrqiDkeaPVHEB2bEl+FQJcmpvDm+THCGCIUrTZ+Puw=
Subject key identifier: D8:B2:E1:98:70:D1:41:C0:46:0B:A5:92:90:60:A2:90:17:8D:57:A0
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 01868DE278A1CF82C1BECE9E6F431D053CEF
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/2LLhmHDRQcBGC6WSkGCikBeNV6A.roa
Signing time: Sun 26 Feb 2023 13:21:14 +0000
ROA not before: Sun 26 Feb 2023 13:21:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205647
IP address blocks: 151.240.80.0/21 maxlen: 21
31.56.116.0/24 maxlen: 24
94.182.204.0/24 maxlen: 24
94.182.205.0/24 maxlen: 24
94.182.206.0/24 maxlen: 24
94.182.204.0/22 maxlen: 22
94.182.207.0/24 maxlen: 24
94.182.217.0/24 maxlen: 24
94.182.226.0/24 maxlen: 24
94.182.228.0/22 maxlen: 22
151.241.224.0/21 maxlen: 21
151.240.168.0/22 maxlen: 22
151.240.192.0/21 maxlen: 21
151.247.214.0/23 maxlen: 23
151.247.216.0/21 maxlen: 21
94.182.41.0/24 maxlen: 24
151.247.224.0/22 maxlen: 22
94.182.56.0/22 maxlen: 22
151.247.238.0/23 maxlen: 23
151.247.240.0/24 maxlen: 24
151.247.241.0/24 maxlen: 24
151.247.248.0/22 maxlen: 22
94.182.72.0/21 maxlen: 21
85.15.49.0/24 maxlen: 24
85.15.48.0/24 maxlen: 24
94.182.97.192/28 maxlen: 28
151.240.240.0/21 maxlen: 21
31.59.12.0/22 maxlen: 22
94.182.8.0/23 maxlen: 23
94.182.12.0/23 maxlen: 23
31.56.64.0/19 maxlen: 19
31.56.96.0/20 maxlen: 20
31.56.0.0/18 maxlen: 18
94.182.116.0/22 maxlen: 22
94.182.114.0/23 maxlen: 23
94.182.120.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:8d:e2:78:a1:cf:82:c1:be:ce:9e:6f:43:1d:05:3c:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Feb 26 13:21:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8b2e19870d141c0460ba5929060a290178d57a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:ff:a6:f6:2c:19:95:ad:0e:67:42:a3:43:81:
e2:a4:67:2b:df:53:5d:97:56:3e:49:11:22:ce:ab:
6c:5f:d2:05:f2:31:2e:6f:61:e4:7b:16:b5:da:ca:
c1:43:45:a1:44:71:6a:cd:e7:47:cb:e4:1b:c0:6f:
e4:10:02:22:9b:0e:99:16:9e:44:9e:02:9e:9e:a6:
37:6f:29:20:9a:dd:bf:e5:cd:8c:f0:c9:b8:1c:7a:
34:58:e8:37:bc:90:a6:d2:d3:07:f9:cd:d3:04:11:
a2:ed:c1:f6:98:8e:fc:48:b2:ef:3c:fe:36:0b:e7:
40:0c:01:6b:d3:d0:d7:8b:c8:b4:b1:80:23:1b:7b:
0e:3f:44:8b:f0:86:51:e1:97:71:65:ac:25:49:30:
f9:7d:99:80:27:72:80:f7:49:42:14:92:0f:04:2a:
85:e1:a9:ba:4e:18:49:2b:e8:1e:f4:6f:20:b6:00:
77:64:dd:b7:a2:09:e4:8b:0c:e5:69:4e:87:e2:e1:
e7:68:2c:1d:bf:f4:5b:cb:90:de:f4:7a:53:b6:4c:
da:b5:95:f2:6e:88:ae:e2:51:48:af:f5:0e:34:0b:
8b:dd:e8:96:da:bd:2d:af:de:80:2c:e5:62:f3:f7:
69:ba:d2:94:51:fe:50:b0:39:9b:4a:f5:fd:56:18:
28:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:B2:E1:98:70:D1:41:C0:46:0B:A5:92:90:60:A2:90:17:8D:57:A0
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/2LLhmHDRQcBGC6WSkGCikBeNV6A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0-31.56.111.255
31.56.116.0/24
31.59.12.0/22
85.15.48.0/23
94.182.8.0/23
94.182.12.0/23
94.182.41.0/24
94.182.56.0/22
94.182.72.0/21
94.182.97.192/28
94.182.114.0-94.182.127.255
94.182.204.0/22
94.182.217.0/24
94.182.226.0/24
94.182.228.0/22
151.240.80.0/21
151.240.168.0/22
151.240.192.0/21
151.240.240.0/21
151.241.224.0/21
151.247.214.0-151.247.227.255
151.247.238.0-151.247.241.255
151.247.248.0/22
Signature Algorithm: sha256WithRSAEncryption
31:e1:50:01:03:6f:10:b5:93:32:af:df:ef:1a:43:a8:32:a9:
ff:56:51:c4:10:a8:21:49:6f:78:d3:81:5b:9e:c9:e8:d2:49:
b2:2d:d2:6b:c0:63:af:64:4a:d3:11:08:87:aa:ad:ae:27:6c:
2b:ff:96:e6:60:76:50:c5:4f:ff:2b:6f:f2:e9:d7:16:dc:67:
7c:a6:eb:70:99:85:f4:39:93:c6:91:26:12:7f:c3:7d:15:f9:
40:ca:0c:19:51:4c:fd:88:13:31:59:f7:6d:1c:e5:e2:bd:e1:
aa:47:f9:32:dd:20:84:b8:6b:95:e2:bb:45:57:6a:3f:fc:af:
b7:19:f1:78:a4:6f:2c:74:ea:b8:0f:08:b6:9b:e6:23:3e:89:
3e:28:ea:39:7c:c5:b0:0f:f3:20:9c:df:40:8f:a8:d0:3f:3e:
84:f4:52:ff:a3:8f:db:a6:d0:30:fd:ad:33:1d:66:5d:0d:c0:
41:8c:96:3c:cc:82:3b:a0:b6:48:a8:61:6e:d5:09:e3:7d:1f:
01:5e:80:35:6e:4b:1e:79:5c:79:b6:80:1b:04:e9:16:91:6a:
89:a7:40:c3:c8:20:80:67:61:4b:90:90:7b:3a:95:89:c0:b3:
e2:8e:e9:e9:7f:e2:b3:52:4d:4d:85:db:be:26:7f:e9:02:4f:
bd:62:0d:9d
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYaN4nihz4LBvs6eb0MdBTzvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjMwMjI2MTMyMTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGIyZTE5ODcwZDE0MWMwNDYwYmE1OTI5MDYwYTI5MDE3OGQ1N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzf+m9iwZla0OZ0KjQ4HipGcr31Nd
l1Y+SREizqtsX9IF8jEub2Hkexa12srBQ0WhRHFqzedHy+QbwG/kEAIimw6ZFp5E
ngKenqY3bykgmt2/5c2M8Mm4HHo0WOg3vJCm0tMH+c3TBBGi7cH2mI78SLLvPP42
C+dADAFr09DXi8i0sYAjG3sOP0SL8IZR4ZdxZawlSTD5fZmAJ3KA90lCFJIPBCqF
4am6ThhJK+ge9G8gtgB3ZN23ognkiwzlaU6H4uHnaCwdv/Rby5De9HpTtkzatZXy
boiu4lFIr/UONAuL3eiW2r0tr96ALOVi8/dputKUUf5QsDmbSvX9Vhgo7wIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFNiy4Zhw0UHARgulkpBgopAXjVegMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvMkxMaG1IRFJRY0JHQzZXU2tHQ2lrQmVOVjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaowCwMD
Ax84AwQEHzhgAwQAHzh0AwQCHzsMAwQBVQ8wAwQBXrYIAwQBXrYMAwQAXrYpAwQC
XrY4AwQDXrZIAwUEXrZhwDAMAwQBXrZyAwQHXrYAAwQCXrbMAwQAXrbZAwQAXrbi
AwQCXrbkAwQDl/BQAwQCl/CoAwQDl/DAAwQDl/DwAwQDl/HgMAwDBAGX99YDBAKX
9+AwDAMEAZf37gMEAZf38AMEApf3+DANBgkqhkiG9w0BAQsFAAOCAQEAMeFQAQNv
ELWTMq/f7xpDqDKp/1ZRxBCoIUlveNOBW57J6NJJsi3Sa8Bjr2RK0xEIh6qtrids
K/+W5mB2UMVP/ytv8unXFtxnfKbrcJmF9DmTxpEmEn/DfRX5QMoMGVFM/YgTMVn3
bRzl4r3hqkf5Mt0ghLhrleK7RVdqP/yvtxnxeKRvLHTquA8ItpvmIz6JPijqOXzF
sA/zIJzfQI+o0D8+hPRS/6OP26bQMP2tMx1mXQ3AQYyWPMyCO6C2SKhhbtUJ430f
AV6ANW5LHnlcebaAGwTpFpFqiadAw8gggGdhS5CQezqVicCz4o7p6X/is1JNTYXb
viZ/6QJPvWINnQ==
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:02:22 2025 by rpki-client