Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/ltLi5A_rHhzDCULS4dAd_5GP7wc.roa
File: ltLi5A_rHhzDCULS4dAd_5GP7wc.roa (raw, json)
Hash identifier: Lz56ZUdpTzKYCqJDI4s6nUcHn1DXIVzYb9+gJ807ULY=
Subject key identifier: 96:D2:E2:E4:0F:EB:1E:1C:C3:09:42:D2:E1:D0:1D:FF:91:8F:EF:07
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 37D3271B
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/ltLi5A_rHhzDCULS4dAd_5GP7wc.roa
Signing time: Mon 24 Jan 2022 07:12:55 +0000
ROA not before: Mon 24 Jan 2022 07:12:55 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 205647
IP address blocks: 151.247.224.0/22 maxlen: 22
151.240.80.0/21 maxlen: 21
31.56.116.0/24 maxlen: 24
85.15.49.0/24 maxlen: 24
85.15.48.0/24 maxlen: 24
94.182.206.0/24 maxlen: 24
94.182.204.0/24 maxlen: 24
94.182.204.0/22 maxlen: 22
94.182.205.0/24 maxlen: 24
94.182.207.0/24 maxlen: 24
94.182.226.0/24 maxlen: 24
94.182.8.0/23 maxlen: 23
94.182.12.0/23 maxlen: 23
94.182.228.0/22 maxlen: 22
31.56.64.0/19 maxlen: 19
31.56.96.0/20 maxlen: 20
31.56.0.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 936584987 (0x37d3271b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jan 24 07:12:55 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=96d2e2e40feb1e1cc30942d2e1d01dff918fef07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:6d:cc:6c:66:b7:69:68:87:34:84:c9:40:06:
97:fb:09:b3:31:f5:f7:d0:ac:6a:a8:b0:36:e3:70:
ae:52:8e:b6:23:b2:76:8a:df:29:1a:86:52:59:4a:
01:d3:a0:b9:9d:51:7a:d9:ff:d9:56:75:bd:e3:f5:
5d:e9:c6:d5:3c:06:a8:3a:79:5d:a0:2c:24:12:78:
0d:27:22:0a:1e:81:ca:2a:d9:bf:0d:60:f9:28:50:
ee:59:b0:90:09:c9:19:aa:e9:e0:d0:c2:e2:fc:8d:
fd:68:2f:e9:bc:e0:65:6d:61:ce:3f:4c:f8:9e:4b:
c7:ae:38:7f:e9:b8:19:88:94:ca:86:95:21:9b:e5:
03:67:5b:c8:e0:b5:cc:9c:a4:55:4a:55:68:3a:89:
86:8e:60:bf:7c:90:24:a5:fd:28:d1:25:1b:70:cb:
28:01:3b:34:ff:da:a5:a5:e4:bf:f2:0c:11:6e:a6:
43:38:ad:3f:4f:1d:ef:71:39:a3:4c:85:97:38:7e:
63:54:8f:d3:73:ec:af:db:4e:21:46:cd:c9:a7:8b:
2e:09:7c:66:2d:11:8b:f6:06:66:01:d1:db:0d:53:
90:43:1a:63:56:16:46:ba:f5:34:b3:0f:a2:97:8b:
28:c4:ea:f1:05:35:70:22:fb:bf:1f:08:19:ef:6d:
9e:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:D2:E2:E4:0F:EB:1E:1C:C3:09:42:D2:E1:D0:1D:FF:91:8F:EF:07
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/ltLi5A_rHhzDCULS4dAd_5GP7wc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0-31.56.111.255
31.56.116.0/24
85.15.48.0/23
94.182.8.0/23
94.182.12.0/23
94.182.204.0/22
94.182.226.0/24
94.182.228.0/22
151.240.80.0/21
151.247.224.0/22
Signature Algorithm: sha256WithRSAEncryption
8d:e3:c3:e5:02:83:7e:4c:80:01:38:1e:f0:9f:56:d6:25:b6:
66:86:0e:e7:e2:ad:89:3f:84:1d:86:76:e9:e3:70:54:f9:73:
be:36:4f:24:03:27:ce:83:d5:56:d6:2d:62:89:c6:38:ee:53:
7a:8b:5e:d3:10:e4:a1:a7:fe:8a:93:87:f5:10:c3:a6:a0:60:
a3:19:bd:be:00:29:fc:26:74:a3:29:4e:7d:78:e8:f1:41:93:
e1:b8:ae:d1:ba:89:59:c0:9a:cb:4b:c4:0b:42:b3:7b:c5:c5:
9c:51:b6:ed:1b:94:5d:62:42:a2:d3:15:77:1c:86:d1:ce:67:
99:fd:38:bb:72:a7:8f:93:64:74:8d:cb:52:a6:62:bc:06:ee:
ed:a1:78:15:b1:a6:57:c9:02:20:e2:13:98:4d:3e:63:6d:fd:
6c:3e:9e:62:d6:b5:8c:3c:98:7e:44:1c:40:a9:3f:4c:2d:d5:
0b:42:7e:fd:f2:bf:e8:a4:b8:2d:d1:0d:ac:a5:76:08:a7:40:
ae:dc:b3:b0:b2:5a:6d:a9:3e:df:21:cb:6c:7d:3d:b2:55:a0:
76:85:87:90:94:a9:cd:ae:50:1c:1e:d5:8e:82:7c:95:0e:85:
7b:d6:e8:ef:84:31:2d:22:b9:0f:f4:15:89:43:67:a2:5e:3f:
ba:e6:ba:ed
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIEN9MnGzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZGY0OTE0ODhhN2NkODQ0OGE0MjA5NDU4NzFjMGI5OTY3MmRjNjZlMB4XDTIyMDEy
NDA3MTI1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTZkMmUyZTQwZmVi
MWUxY2MzMDk0MmQyZTFkMDFkZmY5MThmZWYwNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL9tzGxmt2lohzSEyUAGl/sJszH199CsaqiwNuNwrlKOtiOy
dorfKRqGUllKAdOguZ1Retn/2VZ1veP1XenG1TwGqDp5XaAsJBJ4DSciCh6ByirZ
vw1g+ShQ7lmwkAnJGarp4NDC4vyN/Wgv6bzgZW1hzj9M+J5Lx644f+m4GYiUyoaV
IZvlA2dbyOC1zJykVUpVaDqJho5gv3yQJKX9KNElG3DLKAE7NP/apaXkv/IMEW6m
QzitP08d73E5o0yFlzh+Y1SP03Psr9tOIUbNyaeLLgl8Zi0Ri/YGZgHR2w1TkEMa
Y1YWRrr1NLMPopeLKMTq8QU1cCL7vx8IGe9tnrcCAwEAAaOCAkYwggJCMB0GA1Ud
DgQWBBSW0uLkD+seHMMJQtLh0B3/kY/vBzAfBgNVHSMEGDAWgBSt9JFIinzYRIpC
CUWHHAuZZy3GbjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JmU1JTSXA4MkVTS1FnbEZoeHdMbVdjdHhtNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzIvNzE1ZDE1LTI4MTAtNDgyNy04ZGJkLTBiZWUwNjEyNmIxYS8x
L2x0TGk1QV9ySGh6RENVTFM0ZEFkXzVHUDd3Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIv
NzE1ZDE1LTI4MTAtNDgyNy04ZGJkLTBiZWUwNjEyNmIxYS8xL3JmU1JTSXA4MkVT
S1FnbEZoeHdMbVdjdHhtNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBc
BggrBgEFBQcBBwEB/wRNMEswSQQCAAEwQzALAwMDHzgDBAQfOGADBAAfOHQDBAFV
DzADBAFetggDBAFetgwDBAJetswDBABetuIDBAJetuQDBAOX8FADBAKX9+AwDQYJ
KoZIhvcNAQELBQADggEBAI3jw+UCg35MgAE4HvCfVtYltmaGDufirYk/hB2Gdunj
cFT5c742TyQDJ86D1VbWLWKJxjjuU3qLXtMQ5KGn/oqTh/UQw6agYKMZvb4AKfwm
dKMpTn146PFBk+G4rtG6iVnAmstLxAtCs3vFxZxRtu0blF1iQqLTFXcchtHOZ5n9
OLtyp4+TZHSNy1KmYrwG7u2heBWxplfJAiDiE5hNPmNt/Ww+nmLWtYw8mH5EHECp
P0wt1QtCfv3yv+ikuC3RDayldginQK7cs7CyWm2pPt8hy2x9PbJVoHaFh5CUqc2u
UBwe1Y6CfJUOhXvW6O+EMS0iuQ/0FYlDZ6JeP7rmuu0=
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:04:13 2025 by rpki-client