Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/eFdqnr3qAks6khPGbtiPOgjmjvE.roa
File: eFdqnr3qAks6khPGbtiPOgjmjvE.roa (raw, json)
Hash identifier: 5X7nFpe6ymXirVCaytBm1ysMvXdObPZxugYbmaRvDWs=
Subject key identifier: 78:57:6A:9E:BD:EA:02:4B:3A:92:13:C6:6E:D8:8F:3A:08:E6:8E:F1
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018764AD76036F2318DB0C8F33A520761E48
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/eFdqnr3qAks6khPGbtiPOgjmjvE.roa
Signing time: Sun 09 Apr 2023 06:21:42 +0000
ROA not before: Sun 09 Apr 2023 06:21:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205647
IP address blocks: 151.242.0.0/21 maxlen: 21
151.240.80.0/21 maxlen: 21
31.56.116.0/24 maxlen: 24
94.182.204.0/24 maxlen: 24
94.182.205.0/24 maxlen: 24
94.182.206.0/24 maxlen: 24
94.182.204.0/22 maxlen: 22
94.182.207.0/24 maxlen: 24
94.182.217.0/24 maxlen: 24
94.182.226.0/24 maxlen: 24
94.182.228.0/22 maxlen: 22
151.241.224.0/21 maxlen: 21
151.240.168.0/22 maxlen: 22
151.240.192.0/21 maxlen: 21
151.247.214.0/23 maxlen: 23
151.247.216.0/21 maxlen: 21
94.182.41.0/24 maxlen: 24
151.247.224.0/22 maxlen: 22
94.182.56.0/22 maxlen: 22
151.247.232.0/22 maxlen: 22
151.247.228.0/22 maxlen: 22
94.182.60.0/22 maxlen: 22
151.247.238.0/23 maxlen: 23
151.247.237.0/24 maxlen: 24
151.247.240.0/24 maxlen: 24
151.247.236.0/24 maxlen: 24
151.247.241.0/24 maxlen: 24
151.247.248.0/22 maxlen: 22
94.182.72.0/21 maxlen: 21
85.15.49.0/24 maxlen: 24
85.15.48.0/24 maxlen: 24
94.182.97.192/28 maxlen: 28
151.240.240.0/21 maxlen: 21
31.59.12.0/22 maxlen: 22
94.182.8.0/23 maxlen: 23
94.182.12.0/23 maxlen: 23
31.56.64.0/19 maxlen: 19
31.56.96.0/20 maxlen: 20
31.56.0.0/18 maxlen: 18
94.182.82.0/24 maxlen: 24
94.182.116.0/22 maxlen: 22
94.182.114.0/23 maxlen: 23
94.182.120.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:64:ad:76:03:6f:23:18:db:0c:8f:33:a5:20:76:1e:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Apr 9 06:21:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=78576a9ebdea024b3a9213c66ed88f3a08e68ef1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:29:ae:3e:89:4c:a1:a7:f9:9b:d5:86:f5:72:
52:09:cf:f8:16:01:eb:c0:99:14:4a:8d:42:56:17:
88:9b:dc:15:b9:6c:9a:fa:ca:53:e0:5c:9f:50:0b:
78:18:e3:a5:1d:d3:ff:ed:1d:6f:31:89:7a:81:f2:
4b:d4:94:85:4e:c5:51:80:bc:f9:74:f3:f0:90:4e:
43:16:7e:84:7d:01:48:8e:c8:82:0d:a5:ff:e9:06:
1f:60:d4:38:59:3e:0a:ea:9a:70:b3:57:cc:74:24:
8b:ec:a2:fc:47:90:75:df:c9:47:0c:4d:c7:34:e8:
6a:17:c7:a3:91:5f:0a:b6:bc:85:e0:1c:5e:86:e0:
41:0d:88:13:5e:63:fb:06:70:b8:8d:b2:83:ab:56:
ae:96:f0:18:6c:c0:f1:04:45:56:bd:13:46:99:e9:
11:fa:16:2b:0b:55:2a:d4:3d:6e:31:96:52:46:27:
10:11:19:e5:c9:3f:06:72:a0:9a:c0:ec:8f:3d:91:
aa:c0:d1:48:5a:6e:93:0c:8f:6b:58:6f:87:32:62:
94:39:c0:53:97:c1:dc:b0:0a:1c:79:e4:20:71:1b:
03:fc:eb:4f:2e:fc:56:dd:af:68:a3:09:57:38:dc:
59:e5:6a:60:78:3c:6d:73:27:0e:64:87:58:e8:09:
65:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:57:6A:9E:BD:EA:02:4B:3A:92:13:C6:6E:D8:8F:3A:08:E6:8E:F1
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/eFdqnr3qAks6khPGbtiPOgjmjvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0-31.56.111.255
31.56.116.0/24
31.59.12.0/22
85.15.48.0/23
94.182.8.0/23
94.182.12.0/23
94.182.41.0/24
94.182.56.0/21
94.182.72.0/21
94.182.82.0/24
94.182.97.192/28
94.182.114.0-94.182.127.255
94.182.204.0/22
94.182.217.0/24
94.182.226.0/24
94.182.228.0/22
151.240.80.0/21
151.240.168.0/22
151.240.192.0/21
151.240.240.0/21
151.241.224.0/21
151.242.0.0/21
151.247.214.0-151.247.241.255
151.247.248.0/22
Signature Algorithm: sha256WithRSAEncryption
70:96:20:ef:ee:04:55:3c:3e:1d:a4:1f:f0:43:ab:a3:94:ff:
33:6d:56:d2:48:91:26:02:00:c8:81:e1:b3:8a:54:2a:63:78:
b9:56:32:63:e7:83:9e:99:2c:82:82:1e:82:b1:e5:6a:65:b3:
d1:8d:80:0f:c3:9e:4d:51:7b:d8:57:cd:6c:d0:1f:fa:e2:c8:
b0:a9:5a:2f:fa:3b:d0:a9:e0:40:af:db:0a:90:ed:62:fa:90:
76:cb:99:ee:d0:47:55:b5:38:43:f2:77:d3:c6:77:48:18:a8:
86:d2:04:37:37:fd:ee:6d:61:53:0c:06:e3:93:13:a9:03:e1:
8d:00:9e:9d:bf:db:eb:fa:5f:02:c9:a3:bb:e3:44:1d:c5:f6:
54:e6:05:0e:47:c3:f9:7b:fc:df:08:a9:74:df:5a:93:5c:98:
bd:13:52:ab:91:b4:83:a7:f1:c0:bb:2d:98:9d:49:8a:f6:d0:
c2:af:cd:12:67:54:00:6d:3a:ef:67:2b:87:86:2b:ce:e5:61:
f2:21:2f:6a:13:bf:36:ed:4d:8b:c8:1d:01:95:14:b8:8c:8e:
3d:16:7b:ce:be:23:63:1b:9b:c9:27:f5:0e:b3:14:4f:68:94:
4d:a0:f1:27:20:9b:28:0d:72:b3:57:cf:94:bb:92:4c:96:44:
d9:b6:4b:2b
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAYdkrXYDbyMY2wyPM6Ugdh5IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjMwNDA5MDYyMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODU3NmE5ZWJkZWEwMjRiM2E5MjEzYzY2ZWQ4OGYzYTA4ZTY4ZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiimuPolMoaf5m9WG9XJSCc/4FgHr
wJkUSo1CVheIm9wVuWya+spT4FyfUAt4GOOlHdP/7R1vMYl6gfJL1JSFTsVRgLz5
dPPwkE5DFn6EfQFIjsiCDaX/6QYfYNQ4WT4K6ppws1fMdCSL7KL8R5B138lHDE3H
NOhqF8ejkV8KtryF4BxehuBBDYgTXmP7BnC4jbKDq1aulvAYbMDxBEVWvRNGmekR
+hYrC1Uq1D1uMZZSRicQERnlyT8GcqCawOyPPZGqwNFIWm6TDI9rWG+HMmKUOcBT
l8HcsAoceeQgcRsD/OtPLvxW3a9oowlXONxZ5WpgeDxtcycOZIdY6AllxQIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFHhXap696gJLOpITxm7YjzoI5o7xMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvZUZkcW5yM3FBa3M2a2hQR2J0aVBPZ2ptanZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagwCwMD
Ax84AwQEHzhgAwQAHzh0AwQCHzsMAwQBVQ8wAwQBXrYIAwQBXrYMAwQAXrYpAwQD
XrY4AwQDXrZIAwQAXrZSAwUEXrZhwDAMAwQBXrZyAwQHXrYAAwQCXrbMAwQAXrbZ
AwQAXrbiAwQCXrbkAwQDl/BQAwQCl/CoAwQDl/DAAwQDl/DwAwQDl/HgAwQDl/IA
MAwDBAGX99YDBAGX9/ADBAKX9/gwDQYJKoZIhvcNAQELBQADggEBAHCWIO/uBFU8
Ph2kH/BDq6OU/zNtVtJIkSYCAMiB4bOKVCpjeLlWMmPng56ZLIKCHoKx5Wpls9GN
gA/Dnk1Re9hXzWzQH/riyLCpWi/6O9Cp4ECv2wqQ7WL6kHbLme7QR1W1OEPyd9PG
d0gYqIbSBDc3/e5tYVMMBuOTE6kD4Y0Anp2/2+v6XwLJo7vjRB3F9lTmBQ5Hw/l7
/N8IqXTfWpNcmL0TUquRtIOn8cC7LZidSYr20MKvzRJnVABtOu9nK4eGK87lYfIh
L2oTvzbtTYvIHQGVFLiMjj0We86+I2Mbm8kn9Q6zFE9olE2g8ScgmygNcrNXz5S7
kkyWRNm2Sys=
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:03:41 2025 by rpki-client