Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/ICCf7K7W1P5ZrNh-EJZ4rfqx000.roa
File: ICCf7K7W1P5ZrNh-EJZ4rfqx000.roa (raw, json)
Hash identifier: oE0V9TStmHcVf3uPEJnRGmnDeOJJd4TjDfSTuauYIcQ=
Subject key identifier: 20:20:9F:EC:AE:D6:D4:FE:59:AC:D8:7E:10:96:78:AD:FA:B1:D3:4D
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 01874BF1DD80E0EB5DFDB55313C16286065B
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/ICCf7K7W1P5ZrNh-EJZ4rfqx000.roa
Signing time: Tue 04 Apr 2023 11:05:54 +0000
ROA not before: Tue 04 Apr 2023 11:05:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205647
IP address blocks: 151.242.0.0/21 maxlen: 21
151.240.80.0/21 maxlen: 21
31.56.116.0/24 maxlen: 24
94.182.204.0/24 maxlen: 24
94.182.205.0/24 maxlen: 24
94.182.206.0/24 maxlen: 24
94.182.204.0/22 maxlen: 22
94.182.207.0/24 maxlen: 24
94.182.217.0/24 maxlen: 24
94.182.226.0/24 maxlen: 24
94.182.228.0/22 maxlen: 22
151.241.224.0/21 maxlen: 21
151.240.168.0/22 maxlen: 22
151.240.192.0/21 maxlen: 21
151.247.214.0/23 maxlen: 23
151.247.216.0/21 maxlen: 21
94.182.41.0/24 maxlen: 24
151.247.224.0/22 maxlen: 22
94.182.56.0/22 maxlen: 22
151.247.232.0/22 maxlen: 22
151.247.228.0/22 maxlen: 22
151.247.238.0/23 maxlen: 23
151.247.237.0/24 maxlen: 24
151.247.240.0/24 maxlen: 24
151.247.236.0/24 maxlen: 24
151.247.241.0/24 maxlen: 24
151.247.248.0/22 maxlen: 22
94.182.72.0/21 maxlen: 21
85.15.49.0/24 maxlen: 24
85.15.48.0/24 maxlen: 24
94.182.97.192/28 maxlen: 28
151.240.240.0/21 maxlen: 21
31.59.12.0/22 maxlen: 22
94.182.8.0/23 maxlen: 23
94.182.12.0/23 maxlen: 23
31.56.64.0/19 maxlen: 19
31.56.96.0/20 maxlen: 20
31.56.0.0/18 maxlen: 18
94.182.82.0/24 maxlen: 24
94.182.116.0/22 maxlen: 22
94.182.114.0/23 maxlen: 23
94.182.120.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4b:f1:dd:80:e0:eb:5d:fd:b5:53:13:c1:62:86:06:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Apr 4 11:05:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20209fecaed6d4fe59acd87e109678adfab1d34d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:4b:88:b9:d7:8c:eb:9e:d0:a5:5b:f5:76:bf:
32:24:e8:5d:65:d9:f8:e6:07:d4:8a:01:24:be:f3:
ab:0a:09:7b:df:0c:f3:a9:38:ca:1d:89:94:41:92:
58:b3:11:82:50:55:e5:ea:aa:30:c9:f2:bc:16:00:
d9:03:07:73:46:24:7e:20:27:eb:6c:1c:ce:c3:9a:
41:c1:8f:6f:06:12:6e:5d:29:9d:dd:d5:a8:f0:92:
96:13:59:c7:3e:16:b3:b4:60:78:10:d0:d6:c4:43:
a2:f8:e9:d5:13:b7:13:e9:e0:ff:af:4e:4c:49:6d:
3a:ba:2e:57:27:f8:ab:88:37:d7:ad:40:4a:99:d5:
69:2c:1b:b7:13:22:03:3b:cd:b5:af:49:d5:3f:89:
8a:10:98:e4:4a:ea:c5:14:0b:66:53:0e:31:98:bf:
c2:83:b6:04:97:18:3b:fc:14:99:95:9c:a4:38:f5:
f4:4e:b2:d9:7c:ee:93:34:21:ca:6e:66:b5:94:4b:
34:63:3f:d4:5d:44:7c:65:af:a8:89:c2:4e:b7:93:
54:5f:c4:84:84:83:91:06:98:ed:8b:82:85:11:37:
d0:2a:6e:19:9c:c7:e1:a4:86:e0:16:42:5f:82:39:
73:12:4d:f7:cf:18:68:8a:da:16:ca:2c:e1:c1:19:
52:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:20:9F:EC:AE:D6:D4:FE:59:AC:D8:7E:10:96:78:AD:FA:B1:D3:4D
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/ICCf7K7W1P5ZrNh-EJZ4rfqx000.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0-31.56.111.255
31.56.116.0/24
31.59.12.0/22
85.15.48.0/23
94.182.8.0/23
94.182.12.0/23
94.182.41.0/24
94.182.56.0/22
94.182.72.0/21
94.182.82.0/24
94.182.97.192/28
94.182.114.0-94.182.127.255
94.182.204.0/22
94.182.217.0/24
94.182.226.0/24
94.182.228.0/22
151.240.80.0/21
151.240.168.0/22
151.240.192.0/21
151.240.240.0/21
151.241.224.0/21
151.242.0.0/21
151.247.214.0-151.247.241.255
151.247.248.0/22
Signature Algorithm: sha256WithRSAEncryption
0b:0a:a3:fd:f3:51:3a:bf:84:b1:1b:9f:5a:ce:0c:ae:06:ff:
da:fa:c2:32:3b:9e:7e:8d:62:79:c8:65:84:af:24:89:d3:6b:
05:dc:b1:ea:95:cd:cb:e5:b0:25:1c:fd:9a:ce:3d:e4:d6:ca:
42:8d:cf:f5:8e:3c:b7:cd:f0:fc:ff:d8:80:f3:45:49:23:bf:
69:04:dc:05:f5:ef:89:31:0c:e5:9b:f4:ae:59:d8:0f:40:82:
1a:0f:3f:b4:ad:ea:9a:e7:47:b6:07:45:78:c3:25:a5:4a:e8:
1a:5e:e8:ff:0f:c4:6d:d3:e4:87:53:91:2a:70:17:4d:42:c9:
d9:91:d5:49:97:e4:66:f6:28:cc:5c:b7:be:60:68:0b:33:02:
f9:d9:f2:61:1b:05:44:53:7f:bb:e6:21:2c:9e:ea:c9:0e:b7:
be:58:d9:23:8c:3d:81:15:09:2f:49:da:2c:32:cd:fe:84:f7:
68:01:a0:98:04:c0:52:ab:49:bc:da:c6:ba:b8:f6:ef:bc:ba:
26:4c:92:ed:4f:ad:16:3d:2d:59:29:d3:f3:a9:6a:bc:df:4e:
d4:35:b3:7f:76:c7:5a:85:f6:3d:15:0f:8f:31:62:0b:76:16:
3f:84:6b:10:31:d6:00:1a:0a:1c:7c:bb:1a:b0:4f:76:3c:66:
4e:34:bf:ce
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAYdL8d2A4Otd/bVTE8FihgZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjMwNDA0MTEwNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDIwOWZlY2FlZDZkNGZlNTlhY2Q4N2UxMDk2NzhhZGZhYjFkMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0uIudeM657QpVv1dr8yJOhdZdn4
5gfUigEkvvOrCgl73wzzqTjKHYmUQZJYsxGCUFXl6qowyfK8FgDZAwdzRiR+ICfr
bBzOw5pBwY9vBhJuXSmd3dWo8JKWE1nHPhaztGB4ENDWxEOi+OnVE7cT6eD/r05M
SW06ui5XJ/iriDfXrUBKmdVpLBu3EyIDO821r0nVP4mKEJjkSurFFAtmUw4xmL/C
g7YElxg7/BSZlZykOPX0TrLZfO6TNCHKbma1lEs0Yz/UXUR8Za+oicJOt5NUX8SE
hIORBpjti4KFETfQKm4ZnMfhpIbgFkJfgjlzEk33zxhoitoWyizhwRlS3wIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFCAgn+yu1tT+WazYfhCWeK36sdNNMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvSUNDZjdLN1cxUDVack5oLUVKWjRyZnF4MDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagwCwMD
Ax84AwQEHzhgAwQAHzh0AwQCHzsMAwQBVQ8wAwQBXrYIAwQBXrYMAwQAXrYpAwQC
XrY4AwQDXrZIAwQAXrZSAwUEXrZhwDAMAwQBXrZyAwQHXrYAAwQCXrbMAwQAXrbZ
AwQAXrbiAwQCXrbkAwQDl/BQAwQCl/CoAwQDl/DAAwQDl/DwAwQDl/HgAwQDl/IA
MAwDBAGX99YDBAGX9/ADBAKX9/gwDQYJKoZIhvcNAQELBQADggEBAAsKo/3zUTq/
hLEbn1rODK4G/9r6wjI7nn6NYnnIZYSvJInTawXcseqVzcvlsCUc/ZrOPeTWykKN
z/WOPLfN8Pz/2IDzRUkjv2kE3AX174kxDOWb9K5Z2A9AghoPP7St6prnR7YHRXjD
JaVK6Bpe6P8PxG3T5IdTkSpwF01CydmR1UmX5Gb2KMxct75gaAszAvnZ8mEbBURT
f7vmISye6skOt75Y2SOMPYEVCS9J2iwyzf6E92gBoJgEwFKrSbzaxrq49u+8uiZM
ku1PrRY9LVkp0/OparzfTtQ1s392x1qF9j0VD48xYgt2Fj+EaxAx1gAaChx8uxqw
T3Y8Zk40v84=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:51 2024 by rpki-client on console-fra.rpki-client.org