Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/gFtNwAVmLpM-8qsqIUyDmw3E5QI.roa
File: gFtNwAVmLpM-8qsqIUyDmw3E5QI.roa (raw, json)
Hash identifier: P6uxi1hy+fBSuvglVd9AgN9KHC2rAbxd38M3GMMCbck=
Subject key identifier: 80:5B:4D:C0:05:66:2E:93:3E:F2:AB:2A:21:4C:83:9B:0D:C4:E5:02
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018BE261CA5AFE064DF58B4C07D3411F50C6
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/gFtNwAVmLpM-8qsqIUyDmw3E5QI.roa
Signing time: Sat 18 Nov 2023 12:22:21 +0000
ROA not before: Sat 18 Nov 2023 12:22:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43395
IP address blocks: 151.238.143.0/24 maxlen: 24
151.238.144.0/23 maxlen: 23
151.238.140.0/23 maxlen: 23
151.247.232.0/22 maxlen: 22
151.247.228.0/22 maxlen: 22
151.247.236.0/22 maxlen: 22
151.247.237.0/24 maxlen: 24
151.247.238.0/24 maxlen: 24
151.247.239.0/24 maxlen: 24
151.247.240.0/24 maxlen: 24
151.247.236.0/24 maxlen: 24
151.247.241.0/24 maxlen: 24
31.58.246.0/24 maxlen: 24
31.58.242.0/24 maxlen: 24
31.58.245.0/24 maxlen: 24
31.58.241.0/24 maxlen: 24
31.58.244.0/24 maxlen: 24
31.58.243.0/24 maxlen: 24
31.58.250.0/24 maxlen: 24
31.58.253.0/24 maxlen: 24
31.58.249.0/24 maxlen: 24
31.58.252.0/24 maxlen: 24
31.58.248.0/24 maxlen: 24
31.58.247.0/24 maxlen: 24
31.58.251.0/24 maxlen: 24
31.58.255.0/24 maxlen: 24
31.59.0.0/23 maxlen: 23
31.58.254.0/24 maxlen: 24
31.59.8.0/24 maxlen: 24
31.59.9.0/24 maxlen: 24
31.59.15.0/24 maxlen: 24
31.59.12.0/24 maxlen: 24
31.59.13.0/24 maxlen: 24
31.59.14.0/24 maxlen: 24
31.58.238.0/24 maxlen: 24
31.58.237.0/24 maxlen: 24
31.58.240.0/24 maxlen: 24
31.58.236.0/24 maxlen: 24
31.58.239.0/24 maxlen: 24
94.182.57.0/24 maxlen: 24
94.182.56.0/22 maxlen: 22
94.182.58.0/24 maxlen: 24
94.182.56.0/24 maxlen: 24
94.182.61.0/24 maxlen: 24
94.182.60.0/22 maxlen: 22
94.182.60.0/24 maxlen: 24
94.182.62.0/24 maxlen: 24
94.182.59.0/24 maxlen: 24
94.182.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:e2:61:ca:5a:fe:06:4d:f5:8b:4c:07:d3:41:1f:50:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Nov 18 12:22:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=805b4dc005662e933ef2ab2a214c839b0dc4e502
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:4e:f8:58:57:b2:50:34:a1:03:f4:96:d3:f3:
40:fd:e6:a8:9b:a8:cd:f9:6d:6d:f4:da:4a:f4:85:
34:03:9e:b8:1d:b3:07:aa:5f:a0:fe:56:a8:40:d9:
2e:fd:37:74:d3:69:d0:9e:14:28:bf:6c:c1:21:b2:
96:5c:9a:d3:88:30:68:9d:21:b1:91:82:65:45:3c:
a3:1e:ed:6b:3e:ed:d0:cf:aa:c2:02:cf:46:6b:1a:
43:0d:aa:6c:b8:bd:64:81:63:59:03:8e:96:a9:35:
ef:a8:5c:78:10:34:71:90:e0:b2:fd:96:d0:ee:22:
53:ae:4a:e2:d3:50:3f:10:02:e7:c1:76:bb:1f:ef:
8b:24:a9:5d:f8:b7:42:22:8c:36:a7:89:25:8d:55:
1a:38:60:1d:07:73:f5:60:d4:7f:6a:66:8b:21:62:
ea:97:99:b9:12:89:84:1f:f5:f9:d7:64:57:88:3b:
40:cd:dd:20:17:ef:6e:a8:82:22:2e:cd:eb:26:38:
61:31:89:f3:4f:64:d4:6f:b1:94:4a:fd:8e:c4:ab:
0f:96:81:0f:81:be:05:c2:13:3d:0d:54:9b:85:f2:
1a:fe:d3:77:f8:d8:0e:de:b9:d2:a4:45:c7:6c:ec:
fa:cb:2a:8a:8d:2e:c2:b9:22:c9:e5:39:a2:cd:22:
ce:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:5B:4D:C0:05:66:2E:93:3E:F2:AB:2A:21:4C:83:9B:0D:C4:E5:02
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/gFtNwAVmLpM-8qsqIUyDmw3E5QI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.58.236.0-31.59.1.255
31.59.8.0/23
31.59.12.0/22
94.182.56.0/21
151.238.140.0/23
151.238.143.0-151.238.145.255
151.247.228.0-151.247.241.255
Signature Algorithm: sha256WithRSAEncryption
3f:59:49:ab:22:82:7b:e1:8e:f1:82:46:af:5d:88:a7:e3:a0:
af:60:fb:68:1b:5d:28:56:a3:cb:49:34:11:ca:3a:26:c0:62:
47:b1:71:2f:f5:93:62:24:c1:65:5f:dc:a2:91:04:c9:54:12:
26:62:ff:b1:32:b5:2f:9c:ee:7f:9b:ef:53:16:ca:70:f1:e1:
f7:62:f9:1b:1a:a6:a8:96:09:dd:c4:79:38:a2:ee:cc:af:bc:
76:ec:6d:0d:40:1d:7e:0c:a5:4e:1b:b9:39:ba:16:bb:6b:e9:
28:43:9c:72:1b:1d:95:44:63:00:f9:73:e1:66:55:0a:e7:65:
9c:b3:e0:5f:3f:17:fa:b2:32:00:73:56:ad:24:3a:53:2c:8c:
dd:58:ba:55:3e:83:12:cb:6b:06:95:7d:08:c5:b4:e0:e6:da:
7a:5f:71:c0:17:1e:b2:73:d1:d1:01:9d:49:ca:bb:0e:22:3c:
93:54:97:13:53:b8:81:5b:c7:46:10:eb:e2:da:35:a3:03:c5:
e2:f6:be:07:7c:70:d9:4f:e1:7a:4e:9d:5b:a1:b5:0b:ab:38:
ff:f4:38:12:7e:20:b6:8e:e1:fc:85:c9:f4:b7:d3:a8:e0:92:
bc:6b:aa:25:00:af:58:d4:71:e4:f1:a9:dc:94:e7:ba:45:ae:
d3:12:a0:eb
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYviYcpa/gZN9YtMB9NBH1DGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjMxMTE4MTIyMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDViNGRjMDA1NjYyZTkzM2VmMmFiMmEyMTRjODM5YjBkYzRlNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyE74WFeyUDShA/SW0/NA/eaom6jN
+W1t9NpK9IU0A564HbMHql+g/laoQNku/Td002nQnhQov2zBIbKWXJrTiDBonSGx
kYJlRTyjHu1rPu3Qz6rCAs9GaxpDDapsuL1kgWNZA46WqTXvqFx4EDRxkOCy/ZbQ
7iJTrkri01A/EALnwXa7H++LJKld+LdCIow2p4kljVUaOGAdB3P1YNR/amaLIWLq
l5m5EomEH/X512RXiDtAzd0gF+9uqIIiLs3rJjhhMYnzT2TUb7GUSv2OxKsPloEP
gb4FwhM9DVSbhfIa/tN3+NgO3rnSpEXHbOz6yyqKjS7CuSLJ5TmizSLOMwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIBbTcAFZi6TPvKrKiFMg5sNxOUCMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvZ0Z0TndBVm1McE0tOHFzcUlVeURtdzNFNVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBAIfOuwD
BAEfOwADBAEfOwgDBAIfOwwDBANetjgDBAGX7owwDAMEAJfujwMEAZfukDAMAwQC
l/fkAwQBl/fwMA0GCSqGSIb3DQEBCwUAA4IBAQA/WUmrIoJ74Y7xgkavXYin46Cv
YPtoG10oVqPLSTQRyjomwGJHsXEv9ZNiJMFlX9yikQTJVBImYv+xMrUvnO5/m+9T
Fspw8eH3YvkbGqaolgndxHk4ou7Mr7x27G0NQB1+DKVOG7k5uha7a+koQ5xyGx2V
RGMA+XPhZlUK52Wcs+BfPxf6sjIAc1atJDpTLIzdWLpVPoMSy2sGlX0IxbTg5tp6
X3HAFx6yc9HRAZ1JyrsOIjyTVJcTU7iBW8dGEOvi2jWjA8Xi9r4HfHDZT+F6Tp1b
obULqzj/9DgSfiC2juH8hcn0t9Oo4JK8a6olAK9Y1HHk8anclOe6Ra7TEqDr
-----END CERTIFICATE-----
Generated at Thu Mar 13 08:36:45 2025 by rpki-client