Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/_mXGOM9maSEU4wvuc96MQug1yhc.roa
File: _mXGOM9maSEU4wvuc96MQug1yhc.roa (raw, json)
Hash identifier: QHwETjTm2G3F2k6S4oARrLKMaxNXsvaEucOFXlAItxA=
Subject key identifier: FE:65:C6:38:CF:66:69:21:14:E3:0B:EE:73:DE:8C:42:E8:35:CA:17
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 37904FE5
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/_mXGOM9maSEU4wvuc96MQug1yhc.roa
Signing time: Sat 01 Jan 2022 06:01:49 +0000
ROA not before: Sat 01 Jan 2022 06:01:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34369
IP address blocks: 151.240.0.0/13 maxlen: 24
31.56.0.0/14 maxlen: 24
94.182.0.0/15 maxlen: 24
84.241.0.0/18 maxlen: 24
151.238.0.0/15 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 932204517 (0x37904fe5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jan 1 06:01:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fe65c638cf66692114e30bee73de8c42e835ca17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:b8:4d:e2:e4:33:59:f2:7f:e6:ab:1b:82:55:
7f:39:21:99:cd:c5:9d:da:78:c8:a9:aa:b1:c9:f8:
c7:0f:23:31:a7:f0:ab:1b:c1:4e:81:cf:21:17:c8:
b7:0f:fb:3d:83:c1:80:1c:56:45:9c:0a:8d:dc:da:
16:2b:1f:2a:51:9a:a4:42:8a:49:05:84:59:dc:ff:
06:7c:15:8d:a5:60:2b:2b:1d:8c:a1:16:2c:ff:b9:
db:10:9a:ae:20:50:61:48:e9:2d:6b:a9:21:d0:ed:
d0:eb:09:44:2f:2a:77:38:36:04:b5:26:8e:86:14:
46:f5:1b:ec:3a:8f:08:34:0d:25:9f:59:05:cc:2c:
ea:c7:7a:ef:0e:f4:fc:1e:30:a7:63:33:cb:2e:75:
b3:aa:73:30:cd:92:53:d0:aa:4c:ee:3a:77:05:62:
fb:ea:c4:85:88:0c:a0:fb:18:82:fc:77:ae:a7:7f:
d5:75:99:b1:7e:64:ee:d5:14:f6:4c:56:a8:97:03:
7a:1d:e8:d3:16:f4:fd:9f:cc:dd:5b:c4:57:e0:ca:
23:96:fc:79:98:ef:ab:b4:ee:27:ea:d0:33:3b:90:
39:35:8e:26:3b:fb:15:d3:f7:85:79:19:cd:1e:0c:
8c:64:07:85:8b:be:6e:13:e3:fd:d2:88:c5:e5:c6:
ea:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:65:C6:38:CF:66:69:21:14:E3:0B:EE:73:DE:8C:42:E8:35:CA:17
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/_mXGOM9maSEU4wvuc96MQug1yhc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0/14
84.241.0.0/18
94.182.0.0/15
151.238.0.0-151.247.255.255
Signature Algorithm: sha256WithRSAEncryption
01:90:32:07:7f:50:c7:41:96:f5:25:f9:a3:8a:2b:f4:62:7e:
14:a2:cb:3f:e1:5a:7b:71:17:99:a8:b5:da:d9:35:ea:e5:e6:
00:9c:55:a3:c4:85:64:2e:78:49:c9:28:02:6f:7a:7f:1d:16:
52:75:a6:f6:30:1b:c8:ab:95:ac:09:eb:1d:98:38:0b:39:89:
58:d0:3b:61:e6:5c:6c:9c:57:47:fe:06:e9:f1:48:ef:40:e4:
0d:4b:16:81:f7:b1:cf:fe:fa:f8:6d:24:8c:bd:ed:fd:6e:bc:
60:19:d5:1f:32:26:0f:f2:66:ee:8e:86:6a:78:77:52:fd:d7:
8e:0b:c6:09:2d:df:89:37:e8:18:b7:c6:95:d6:4f:0e:22:0b:
5c:50:56:f8:96:1c:c7:da:79:49:18:2c:87:18:78:2b:b7:34:
32:76:72:7b:63:6c:73:1d:1c:01:11:20:ff:f0:4e:c0:43:92:
ed:e7:4a:d8:40:ba:4d:02:c0:d9:af:67:48:cd:c6:82:b3:cc:
bf:6a:a1:06:2e:50:c1:80:3e:07:ae:4f:7b:f8:96:72:64:4c:
ff:fb:27:5a:34:2f:b4:7a:86:c7:f4:9b:dc:c9:1f:d3:60:43:
59:77:8c:88:3d:ba:2d:2a:16:cc:8f:e4:a7:70:d7:a1:d1:68:
6d:f4:60:dd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIEN5BP5TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZGY0OTE0ODhhN2NkODQ0OGE0MjA5NDU4NzFjMGI5OTY3MmRjNjZlMB4XDTIyMDEw
MTA2MDE0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmU2NWM2MzhjZjY2
NjkyMTE0ZTMwYmVlNzNkZThjNDJlODM1Y2ExNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOm4TeLkM1nyf+arG4JVfzkhmc3Fndp4yKmqscn4xw8jMafw
qxvBToHPIRfItw/7PYPBgBxWRZwKjdzaFisfKlGapEKKSQWEWdz/BnwVjaVgKysd
jKEWLP+52xCariBQYUjpLWupIdDt0OsJRC8qdzg2BLUmjoYURvUb7DqPCDQNJZ9Z
Bcws6sd67w70/B4wp2Mzyy51s6pzMM2SU9CqTO46dwVi++rEhYgMoPsYgvx3rqd/
1XWZsX5k7tUU9kxWqJcDeh3o0xb0/Z/M3VvEV+DKI5b8eZjvq7TuJ+rQMzuQOTWO
Jjv7FdP3hXkZzR4MjGQHhYu+bhPj/dKIxeXG6o8CAwEAAaOCAh8wggIbMB0GA1Ud
DgQWBBT+ZcY4z2ZpIRTjC+5z3oxC6DXKFzAfBgNVHSMEGDAWgBSt9JFIinzYRIpC
CUWHHAuZZy3GbjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JmU1JTSXA4MkVTS1FnbEZoeHdMbVdjdHhtNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzIvNzE1ZDE1LTI4MTAtNDgyNy04ZGJkLTBiZWUwNjEyNmIxYS8x
L19tWEdPTTltYVNFVTR3dnVjOTZNUXVnMXloYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIv
NzE1ZDE1LTI4MTAtNDgyNy04ZGJkLTBiZWUwNjEyNmIxYS8xL3JmU1JTSXA4MkVT
S1FnbEZoeHdMbVdjdHhtNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1
BggrBgEFBQcBBwEB/wQmMCQwIgQCAAEwHAMDAh84AwQGVPEAAwMBXrYwCgMDAZfu
AwMDl/AwDQYJKoZIhvcNAQELBQADggEBAAGQMgd/UMdBlvUl+aOKK/RifhSiyz/h
WntxF5motdrZNerl5gCcVaPEhWQueEnJKAJven8dFlJ1pvYwG8irlawJ6x2YOAs5
iVjQO2HmXGycV0f+BunxSO9A5A1LFoH3sc/++vhtJIy97f1uvGAZ1R8yJg/yZu6O
hmp4d1L9144Lxgkt34k36Bi3xpXWTw4iC1xQVviWHMfaeUkYLIcYeCu3NDJ2cntj
bHMdHAERIP/wTsBDku3nSthAuk0CwNmvZ0jNxoKzzL9qoQYuUMGAPgeuT3v4lnJk
TP/7J1o0L7R6hsf0m9zJH9NgQ1l3jIg9ui0qFsyP5Kdw16HRaG30YN0=
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:04:40 2025 by rpki-client