Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rmbS3D-GDdPF9lIW6BV7oH22zi4.roa
File: rmbS3D-GDdPF9lIW6BV7oH22zi4.roa (raw, json)
Hash identifier: SDEupUYHT5+CBZJVuk34M2TBhGMjseCzPG9IaeIqOc4=
Subject key identifier: AE:66:D2:DC:3F:86:0D:D3:C5:F6:52:16:E8:15:7B:A0:7D:B6:CE:2E
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 0181D28AEBAA85B1AE73701CDDBA2AED25C7
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rmbS3D-GDdPF9lIW6BV7oH22zi4.roa
Signing time: Wed 06 Jul 2022 08:05:28 +0000
ROA not before: Wed 06 Jul 2022 08:05:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 205647
IP address blocks: 151.240.80.0/21 maxlen: 21
31.56.116.0/24 maxlen: 24
94.182.206.0/24 maxlen: 24
94.182.204.0/24 maxlen: 24
94.182.204.0/22 maxlen: 22
94.182.205.0/24 maxlen: 24
94.182.207.0/24 maxlen: 24
94.182.217.0/24 maxlen: 24
94.182.226.0/24 maxlen: 24
94.182.228.0/22 maxlen: 22
151.247.216.0/21 maxlen: 21
94.182.41.0/24 maxlen: 24
151.247.214.0/23 maxlen: 23
151.247.224.0/22 maxlen: 22
94.182.72.0/21 maxlen: 21
151.247.248.0/22 maxlen: 22
85.15.49.0/24 maxlen: 24
85.15.48.0/24 maxlen: 24
31.59.12.0/22 maxlen: 22
94.182.8.0/23 maxlen: 23
94.182.12.0/23 maxlen: 23
31.56.64.0/19 maxlen: 19
31.56.96.0/20 maxlen: 20
31.56.0.0/18 maxlen: 18
94.182.116.0/22 maxlen: 22
94.182.114.0/23 maxlen: 23
94.182.120.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:d2:8a:eb:aa:85:b1:ae:73:70:1c:dd:ba:2a:ed:25:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jul 6 08:05:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ae66d2dc3f860dd3c5f65216e8157ba07db6ce2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:7d:3f:50:82:74:c2:11:ed:af:d4:4d:96:f8:
5c:4c:3f:d7:44:45:6e:15:23:cf:5a:20:b0:5e:e5:
da:ad:47:7b:a0:4f:c0:3d:94:a5:bb:6c:5b:8c:0e:
8a:c3:89:ab:71:e2:c0:39:92:ab:b2:87:53:b4:04:
4c:ce:d7:ea:3c:01:3e:5a:07:85:d9:39:e2:48:6f:
27:0f:5f:ee:2f:26:b0:37:3d:24:8d:19:cd:d1:7f:
62:71:fb:8c:5e:a1:f1:8d:70:54:09:24:c2:ec:38:
8f:f3:5e:c5:35:da:b6:a5:4a:c6:b1:70:03:b9:8a:
53:2a:72:16:7e:89:fd:6c:3f:36:c0:9f:1b:fe:95:
04:1c:4e:1d:b1:a9:a3:f1:41:fa:85:54:2d:4a:a3:
6f:c1:7e:40:02:17:9e:c5:6c:7e:37:36:89:50:42:
00:3c:c2:0d:b2:83:fe:c0:1e:81:e4:7b:69:d6:a0:
72:aa:9d:1f:99:f9:5c:01:f0:f2:2d:92:aa:bd:b9:
02:b8:05:29:57:73:60:1d:33:0b:f3:92:df:40:3b:
25:15:7e:ae:12:f3:7c:44:bc:13:fc:b4:3d:95:c8:
f1:7a:b9:98:33:e5:ae:dc:b6:ee:99:8c:c3:3d:00:
7c:03:10:06:cc:69:a7:68:b2:87:3d:e1:89:b3:be:
46:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:66:D2:DC:3F:86:0D:D3:C5:F6:52:16:E8:15:7B:A0:7D:B6:CE:2E
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rmbS3D-GDdPF9lIW6BV7oH22zi4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0-31.56.111.255
31.56.116.0/24
31.59.12.0/22
85.15.48.0/23
94.182.8.0/23
94.182.12.0/23
94.182.41.0/24
94.182.72.0/21
94.182.114.0-94.182.127.255
94.182.204.0/22
94.182.217.0/24
94.182.226.0/24
94.182.228.0/22
151.240.80.0/21
151.247.214.0-151.247.227.255
151.247.248.0/22
Signature Algorithm: sha256WithRSAEncryption
5c:93:a8:16:c1:7f:5d:5a:71:07:74:90:b9:37:2b:f4:c9:26:
73:a1:bc:27:5f:00:29:20:5b:96:19:52:c1:c2:10:12:43:98:
8a:10:26:9f:74:1d:1e:4f:b3:a1:28:5a:23:1d:b9:8a:b0:f6:
1a:2d:52:9f:c8:00:56:f9:0a:60:21:66:3d:e3:08:ff:45:a0:
bf:82:fa:dc:75:07:27:da:11:49:76:dc:63:08:0e:5c:ec:f8:
d2:e6:4a:d0:7e:dc:64:da:c2:c8:65:86:29:7a:63:09:d1:99:
ac:b6:2d:e0:6c:a1:d3:02:8b:9e:b0:22:3e:33:64:45:58:b8:
3e:ee:f8:5c:72:c5:d1:20:9f:30:1f:86:70:92:d5:58:6c:d1:
53:49:d8:c5:f1:45:d0:65:1c:e9:a9:d3:79:8e:04:77:d1:c3:
a5:7a:81:fb:46:3d:ac:53:f2:97:17:96:47:3c:76:df:19:0b:
46:2f:ab:bc:d7:00:68:36:09:1f:79:a7:d7:22:38:1b:bd:41:
a4:fc:2d:ca:13:36:15:8d:75:b1:22:f2:33:42:bb:59:57:01:
de:32:ec:50:de:da:c7:16:7d:c6:b5:68:a1:18:fd:43:3d:55:
db:31:1f:51:3f:b3:8d:a6:4e:f9:33:bd:3f:e4:6c:db:67:d5:
9f:b7:08:3b
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAYHSiuuqhbGuc3Ac3boq7SXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjIwNzA2MDgwNTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTY2ZDJkYzNmODYwZGQzYzVmNjUyMTZlODE1N2JhMDdkYjZjZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn30/UIJ0whHtr9RNlvhcTD/XREVu
FSPPWiCwXuXarUd7oE/APZSlu2xbjA6Kw4mrceLAOZKrsodTtARMztfqPAE+WgeF
2TniSG8nD1/uLyawNz0kjRnN0X9icfuMXqHxjXBUCSTC7DiP817FNdq2pUrGsXAD
uYpTKnIWfon9bD82wJ8b/pUEHE4dsamj8UH6hVQtSqNvwX5AAheexWx+NzaJUEIA
PMINsoP+wB6B5Htp1qByqp0fmflcAfDyLZKqvbkCuAUpV3NgHTML85LfQDslFX6u
EvN8RLwT/LQ9lcjxermYM+Wu3LbumYzDPQB8AxAGzGmnaLKHPeGJs75GpQIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFK5m0tw/hg3TxfZSFugVe6B9ts4uMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvcm1iUzNELUdEZFBGOWxJVzZCVjdvSDIyemk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MH0EAgABMHcwCwMDAx84
AwQEHzhgAwQAHzh0AwQCHzsMAwQBVQ8wAwQBXrYIAwQBXrYMAwQAXrYpAwQDXrZI
MAwDBAFetnIDBAdetgADBAJetswDBABettkDBABetuIDBAJetuQDBAOX8FAwDAME
AZf31gMEApf34AMEApf3+DANBgkqhkiG9w0BAQsFAAOCAQEAXJOoFsF/XVpxB3SQ
uTcr9Mkmc6G8J18AKSBblhlSwcIQEkOYihAmn3QdHk+zoShaIx25irD2Gi1Sn8gA
VvkKYCFmPeMI/0Wgv4L63HUHJ9oRSXbcYwgOXOz40uZK0H7cZNrCyGWGKXpjCdGZ
rLYt4Gyh0wKLnrAiPjNkRVi4Pu74XHLF0SCfMB+GcJLVWGzRU0nYxfFF0GUc6anT
eY4Ed9HDpXqB+0Y9rFPylxeWRzx23xkLRi+rvNcAaDYJH3mn1yI4G71BpPwtyhM2
FY11sSLyM0K7WVcB3jLsUN7axxZ9xrVooRj9Qz1V2zEfUT+zjaZO+TO9P+Rs22fV
n7cIOw==
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:05:18 2025 by rpki-client