Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/F-166HAFhXwl9C_gkKh0TP874ls.roa
File: F-166HAFhXwl9C_gkKh0TP874ls.roa (raw, json)
Hash identifier: KcWMqRTZDHuUldBZNg/XQSksSWO76OY4oVMYF9dQv2o=
Subject key identifier: 17:ED:7A:E8:70:05:85:7C:25:F4:2F:E0:90:A8:74:4C:FF:3B:E2:5B
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018B9A25E424259516ECBDCFA2E5CA295A1A
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/F-166HAFhXwl9C_gkKh0TP874ls.roa
Signing time: Sat 04 Nov 2023 11:44:16 +0000
ROA not before: Sat 04 Nov 2023 11:44:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31549
IP address blocks: 217.60.0.0/19 maxlen: 19
217.60.0.0/18 maxlen: 18
217.60.0.0/16 maxlen: 16
217.60.24.0/21 maxlen: 21
217.60.32.0/22 maxlen: 22
217.60.36.0/22 maxlen: 22
217.60.36.0/23 maxlen: 23
217.60.32.0/20 maxlen: 20
217.60.38.0/23 maxlen: 23
217.60.40.0/21 maxlen: 21
217.60.48.0/20 maxlen: 20
37.148.0.0/18 maxlen: 24
37.148.0.0/17 maxlen: 18
217.60.108.0/22 maxlen: 22
217.60.128.0/18 maxlen: 18
217.60.128.0/19 maxlen: 19
217.60.150.0/24 maxlen: 24
217.60.64.0/20 maxlen: 20
217.60.64.0/18 maxlen: 18
217.60.80.0/20 maxlen: 20
217.60.96.0/21 maxlen: 21
217.60.104.0/22 maxlen: 22
151.244.128.0/19 maxlen: 19
94.183.176.0/21 maxlen: 21
84.241.0.0/18 maxlen: 24
31.56.80.0/20 maxlen: 20
31.56.16.0/20 maxlen: 20
31.56.0.0/14 maxlen: 24
31.56.32.0/20 maxlen: 20
185.73.3.0/24 maxlen: 24
185.73.0.0/22 maxlen: 22
151.238.0.0/15 maxlen: 24
185.73.2.0/24 maxlen: 24
185.73.2.0/23 maxlen: 23
185.73.0.0/23 maxlen: 23
151.240.0.0/13 maxlen: 24
85.15.0.0/18 maxlen: 24
151.247.64.0/18 maxlen: 18
217.60.219.0/24 maxlen: 24
217.60.216.0/21 maxlen: 21
217.60.224.0/20 maxlen: 20
217.60.230.0/24 maxlen: 24
217.60.231.0/24 maxlen: 24
217.60.240.0/20 maxlen: 20
37.202.128.0/18 maxlen: 18
37.202.128.0/17 maxlen: 17
217.60.160.0/19 maxlen: 19
217.60.160.0/21 maxlen: 21
217.60.160.0/20 maxlen: 20
217.60.161.0/24 maxlen: 24
217.60.171.0/24 maxlen: 24
217.60.170.0/24 maxlen: 24
217.60.168.0/23 maxlen: 23
217.60.176.0/21 maxlen: 21
217.60.176.0/24 maxlen: 24
151.245.248.0/22 maxlen: 22
151.245.252.0/22 maxlen: 22
217.60.184.0/22 maxlen: 22
37.148.78.0/24 maxlen: 24
217.60.188.0/22 maxlen: 22
217.60.192.0/22 maxlen: 22
217.60.192.0/20 maxlen: 20
217.60.196.0/22 maxlen: 22
217.60.192.0/18 maxlen: 18
217.60.200.0/22 maxlen: 22
94.182.0.0/15 maxlen: 24
217.60.207.0/24 maxlen: 24
217.60.212.0/22 maxlen: 22
217.60.209.0/24 maxlen: 24
217.60.208.0/20 maxlen: 20
217.60.208.0/23 maxlen: 23
37.202.192.0/18 maxlen: 18
37.202.136.0/24 maxlen: 24
31.57.208.0/20 maxlen: 20
2a0e:0:1:3000::/52 maxlen: 52
2a0e:0:1:2000::/52 maxlen: 52
2a0e:0:1:1000::/52 maxlen: 52
2a0e:0:1::/52 maxlen: 52
2a0e::/26 maxlen: 26
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:9a:25:e4:24:25:95:16:ec:bd:cf:a2:e5:ca:29:5a:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Nov 4 11:44:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=17ed7ae87005857c25f42fe090a8744cff3be25b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:b9:c3:be:4f:a5:77:b8:be:db:cf:76:81:1a:
ab:4b:90:94:47:b3:f8:01:c6:3f:d6:51:59:6d:01:
51:f7:9b:a6:93:56:4e:d4:6e:12:29:8a:97:04:08:
14:4d:01:ea:7f:38:57:23:bf:25:74:e5:2c:3d:88:
21:05:fa:a1:6c:56:46:99:92:f1:60:8a:fa:90:22:
c6:bc:f4:b8:38:fd:a0:ee:3c:02:d3:e1:81:56:a7:
9c:49:59:28:1a:9f:ee:3b:71:23:64:f8:f0:ab:06:
bd:5b:2d:cf:56:37:5b:1a:b8:3c:7e:4e:a9:52:56:
03:4b:ce:f0:0f:fb:5f:81:32:14:74:6e:ab:93:37:
e5:6c:bf:ad:1d:9c:58:39:66:5f:68:5f:3a:a7:23:
e8:df:9e:e7:b9:4f:15:0d:1e:1d:65:38:68:e3:89:
cf:bd:1d:88:5d:6c:59:30:86:7a:1c:d8:4f:2e:ea:
22:19:0f:f5:c1:96:84:72:b3:87:3b:07:45:52:cf:
45:af:ee:18:74:0b:31:64:3d:ea:d5:24:45:8a:08:
ea:1e:39:62:33:e1:b3:09:86:df:d1:ea:25:eb:e4:
66:9e:46:ab:fc:40:17:ce:bf:c3:e0:fd:6a:8a:33:
fe:f9:85:54:73:f5:ab:10:db:55:28:b8:b7:39:11:
35:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:ED:7A:E8:70:05:85:7C:25:F4:2F:E0:90:A8:74:4C:FF:3B:E2:5B
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/F-166HAFhXwl9C_gkKh0TP874ls.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0/14
37.148.0.0/17
37.202.128.0/17
84.241.0.0/18
85.15.0.0/18
94.182.0.0/15
151.238.0.0-151.247.255.255
185.73.0.0/22
217.60.0.0/16
IPv6:
2a0e::/26
Signature Algorithm: sha256WithRSAEncryption
ac:99:65:f4:74:e6:fe:b3:f2:c8:ec:87:ff:50:42:f0:bc:a2:
2d:d7:07:7c:72:1d:33:4d:fb:93:dc:07:e3:22:72:12:dd:5f:
63:74:70:05:50:da:c3:75:91:9c:14:e5:ad:72:1e:02:5c:ba:
ba:7d:d2:9c:55:33:e9:44:89:ad:a3:30:07:4a:c5:e5:60:5f:
82:03:6d:07:ac:1f:a6:3b:b7:38:e6:b9:20:4b:ea:3d:63:1c:
db:f3:b1:e1:79:27:9e:2e:92:67:aa:5c:3b:5e:6b:47:f4:47:
54:cf:ef:4a:a2:56:5f:8b:c3:d9:31:e9:a3:95:5d:25:ad:b8:
62:13:65:f5:bf:7f:a1:5f:ec:2d:2f:7d:1b:0d:7c:5c:7a:50:
05:72:60:9f:9b:77:1a:c9:10:df:83:9c:64:28:97:92:56:6b:
44:bc:3f:fd:da:ca:39:e2:25:2c:e5:79:73:48:77:c2:e4:ac:
f8:43:01:60:bb:47:fa:ad:c7:ca:d7:ab:af:40:58:c5:6d:f1:
69:e0:3f:50:2a:57:d2:15:ce:2e:e9:ef:47:67:b4:c8:71:08:
f6:0e:36:f8:2d:0f:6c:ed:69:01:91:d4:ce:ef:1a:d1:0a:2c:
3e:5b:d1:ff:0d:f3:10:10:4f:c6:8b:cc:77:ad:ee:73:df:ee:
48:bf:f9:7a
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYuaJeQkJZUW7L3PouXKKVoaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjMxMTA0MTE0NDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2VkN2FlODcwMDU4NTdjMjVmNDJmZTA5MGE4NzQ0Y2ZmM2JlMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7nDvk+ld7i+2892gRqrS5CUR7P4
AcY/1lFZbQFR95umk1ZO1G4SKYqXBAgUTQHqfzhXI78ldOUsPYghBfqhbFZGmZLx
YIr6kCLGvPS4OP2g7jwC0+GBVqecSVkoGp/uO3EjZPjwqwa9Wy3PVjdbGrg8fk6p
UlYDS87wD/tfgTIUdG6rkzflbL+tHZxYOWZfaF86pyPo357nuU8VDR4dZTho44nP
vR2IXWxZMIZ6HNhPLuoiGQ/1wZaEcrOHOwdFUs9Fr+4YdAsxZD3q1SRFigjqHjli
M+GzCYbf0eol6+Rmnkar/EAXzr/D4P1qijP++YVUc/WrENtVKLi3ORE1LQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBfteuhwBYV8JfQv4JCodEz/O+JbMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvRi0xNjZIQUZoWHdsOUNfZ2tLaDBUUDg3NGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA/BAIAATA5AwMCHzgDBAcl
lAADBAclyoADBAZU8QADBAZVDwADAwFetjAKAwMBl+4DAwOX8AMEArlJAAMDANk8
MA0EAgACMAcDBQYqDgAAMA0GCSqGSIb3DQEBCwUAA4IBAQCsmWX0dOb+s/LI7If/
UELwvKIt1wd8ch0zTfuT3AfjInIS3V9jdHAFUNrDdZGcFOWtch4CXLq6fdKcVTPp
RImtozAHSsXlYF+CA20HrB+mO7c45rkgS+o9Yxzb87HheSeeLpJnqlw7XmtH9EdU
z+9KolZfi8PZMemjlV0lrbhiE2X1v3+hX+wtL30bDXxcelAFcmCfm3cayRDfg5xk
KJeSVmtEvD/92so54iUs5XlzSHfC5Kz4QwFgu0f6rcfK16uvQFjFbfFp4D9QKlfS
Fc4u6e9HZ7TIcQj2Djb4LQ9s7WkBkdTO7xrRCiw+W9H/DfMQEE/Gi8x3re5z3+5I
v/l6
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:06:57 2025 by rpki-client