Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/xGsP83HgkkcQZQoXGTcsXGYFzrQ.roa
File: xGsP83HgkkcQZQoXGTcsXGYFzrQ.roa (raw, json)
Hash identifier: kO9CLZt4duyYnd1UfQb/gfXjH2sa/+m3JbfMfqusy+A=
Subject key identifier: C4:6B:0F:F3:71:E0:92:47:10:65:0A:17:19:37:2C:5C:66:05:CE:B4
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018EBC6AB77D6F5DCA2E8515B151115730DD
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/xGsP83HgkkcQZQoXGTcsXGYFzrQ.roa
Signing time: Mon 08 Apr 2024 06:34:54 +0000
ROA not before: Mon 08 Apr 2024 06:34:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31549
IP address blocks: 151.244.160.0/22 maxlen: 22
151.244.164.0/22 maxlen: 22
151.244.168.0/22 maxlen: 22
151.244.172.0/22 maxlen: 22
151.244.176.0/22 maxlen: 22
151.244.180.0/22 maxlen: 22
151.244.184.0/22 maxlen: 22
151.244.188.0/22 maxlen: 22
151.244.192.0/22 maxlen: 22
151.244.196.0/22 maxlen: 22
151.244.200.0/22 maxlen: 22
151.244.204.0/22 maxlen: 22
151.244.208.0/22 maxlen: 22
151.244.212.0/22 maxlen: 22
151.244.216.0/23 maxlen: 23
151.244.218.0/23 maxlen: 23
151.244.220.0/23 maxlen: 23
151.244.222.0/23 maxlen: 23
151.244.224.0/23 maxlen: 23
151.244.226.0/23 maxlen: 23
151.245.248.0/21 maxlen: 21
151.245.248.0/22 maxlen: 22
151.245.252.0/22 maxlen: 22
151.247.64.0/18 maxlen: 18
185.73.0.0/22 maxlen: 22
185.73.0.0/23 maxlen: 23
185.73.2.0/23 maxlen: 23
185.73.2.0/24 maxlen: 24
185.73.3.0/24 maxlen: 24
217.60.0.0/16 maxlen: 16
217.60.0.0/18 maxlen: 18
217.60.0.0/19 maxlen: 19
217.60.24.0/21 maxlen: 21
217.60.32.0/20 maxlen: 20
217.60.32.0/22 maxlen: 22
217.60.36.0/22 maxlen: 22
217.60.36.0/23 maxlen: 23
217.60.38.0/23 maxlen: 23
217.60.40.0/21 maxlen: 21
217.60.48.0/20 maxlen: 20
217.60.64.0/18 maxlen: 18
217.60.64.0/20 maxlen: 20
217.60.80.0/20 maxlen: 20
217.60.96.0/21 maxlen: 21
217.60.104.0/22 maxlen: 22
217.60.108.0/22 maxlen: 22
217.60.128.0/18 maxlen: 18
217.60.128.0/19 maxlen: 19
217.60.150.0/24 maxlen: 24
217.60.160.0/19 maxlen: 19
217.60.160.0/20 maxlen: 20
217.60.160.0/21 maxlen: 21
217.60.161.0/24 maxlen: 24
217.60.168.0/23 maxlen: 23
217.60.170.0/24 maxlen: 24
217.60.171.0/24 maxlen: 24
217.60.176.0/21 maxlen: 21
217.60.176.0/24 maxlen: 24
217.60.184.0/22 maxlen: 22
217.60.188.0/22 maxlen: 22
217.60.192.0/18 maxlen: 18
217.60.192.0/20 maxlen: 20
217.60.192.0/22 maxlen: 22
217.60.196.0/22 maxlen: 22
217.60.200.0/22 maxlen: 22
217.60.207.0/24 maxlen: 24
217.60.208.0/20 maxlen: 20
217.60.208.0/23 maxlen: 23
217.60.209.0/24 maxlen: 24
217.60.212.0/22 maxlen: 22
217.60.216.0/21 maxlen: 21
217.60.219.0/24 maxlen: 24
217.60.224.0/20 maxlen: 20
217.60.230.0/24 maxlen: 24
217.60.231.0/24 maxlen: 24
217.60.240.0/20 maxlen: 20
2a0e::/26 maxlen: 26
2a0e:0:1::/52 maxlen: 52
2a0e:0:1:1000::/52 maxlen: 52
2a0e:0:1:2000::/52 maxlen: 52
2a0e:0:1:3000::/52 maxlen: 52
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:bc:6a:b7:7d:6f:5d:ca:2e:85:15:b1:51:11:57:30:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Apr 8 06:34:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c46b0ff371e0924710650a1719372c5c6605ceb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:26:75:a3:e5:3a:4e:bf:5b:f1:37:96:8c:d3:
66:d1:ce:60:b9:64:dc:78:e5:87:ff:ea:99:8c:d2:
5c:c8:2c:10:fc:30:14:02:a3:88:99:81:03:ae:17:
b8:bb:ac:8e:2f:52:e4:b0:b5:25:5c:10:80:1c:8d:
11:00:d8:b6:9e:63:53:ef:4a:db:2e:9f:79:89:81:
5b:fc:12:bb:d1:6d:85:84:f5:5a:81:81:8f:d5:ed:
c6:23:62:a8:28:c9:42:19:f0:c3:3d:16:f6:d9:e4:
f2:e3:73:69:c4:3b:25:da:b9:ed:4e:46:78:72:1a:
37:74:e2:47:80:9f:18:6d:59:62:15:26:01:fc:4e:
03:b9:18:dd:8e:b6:55:8c:1c:f4:0e:bf:c6:17:e2:
a8:3d:cd:be:a6:85:1b:25:35:77:6f:76:0a:fe:16:
44:c2:0a:fc:db:71:e6:7f:2a:1a:d2:a1:fc:70:09:
02:68:ad:07:c2:0b:58:b7:76:53:38:97:ef:79:d2:
bc:b9:c4:b5:b0:f4:f9:92:6c:dc:3d:0d:6d:eb:c6:
0b:b2:13:2d:ec:60:78:f8:21:82:83:63:f1:a5:74:
f2:5e:67:4c:a0:fd:e8:d1:4a:25:7d:ab:f8:98:60:
f2:cf:6a:05:92:94:59:d3:1e:1d:23:c6:ad:1e:c9:
ab:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:6B:0F:F3:71:E0:92:47:10:65:0A:17:19:37:2C:5C:66:05:CE:B4
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/xGsP83HgkkcQZQoXGTcsXGYFzrQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.244.160.0-151.244.227.255
151.245.248.0/21
151.247.64.0/18
185.73.0.0/22
217.60.0.0/16
IPv6:
2a0e::/26
Signature Algorithm: sha256WithRSAEncryption
45:fb:4a:9e:7c:8e:21:64:4b:4f:35:d0:f1:3a:99:63:35:d3:
a4:6e:f2:41:62:46:c2:ea:31:de:f6:62:f1:55:62:46:0d:8b:
e0:11:b8:b3:2a:71:28:da:49:8c:a2:5a:65:a3:f1:a8:0d:6f:
43:98:be:a6:7a:55:14:3b:c2:2f:3b:83:fb:d1:c9:65:82:b5:
38:e5:94:58:b5:9e:ee:6f:fd:9f:cb:63:4d:0e:2a:33:9c:12:
14:4f:18:2f:e2:28:49:f9:fd:b3:d9:7f:78:74:ff:7f:4a:08:
29:3b:af:1d:f8:1c:ba:df:ae:7d:79:8f:e8:4f:fa:bb:95:a0:
9b:c5:ff:06:39:3b:c2:47:b5:fa:bc:08:0c:f5:ae:ce:49:e0:
1e:68:f9:91:e5:02:f9:ee:41:8e:3e:c9:62:47:a0:60:23:3a:
66:8c:11:d2:d6:11:70:83:c7:60:a6:d0:37:f3:f0:c3:a9:2d:
dd:d8:c2:a3:7c:47:50:5b:98:f6:63:aa:10:ef:67:59:3e:7a:
88:dc:0a:03:bf:8f:50:63:bd:55:59:79:99:10:29:28:43:e9:
b8:e5:42:d7:39:f6:bf:11:18:cd:12:b8:66:01:fb:d9:13:38:
52:e2:cb:25:6a:e3:c7:9a:04:90:74:70:43:51:81:34:2b:b4:
eb:8b:af:02
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAY68ard9b13KLoUVsVERVzDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwNDA4MDYzNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDZiMGZmMzcxZTA5MjQ3MTA2NTBhMTcxOTM3MmM1YzY2MDVjZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyZ1o+U6Tr9b8TeWjNNm0c5guWTc
eOWH/+qZjNJcyCwQ/DAUAqOImYEDrhe4u6yOL1LksLUlXBCAHI0RANi2nmNT70rb
Lp95iYFb/BK70W2FhPVagYGP1e3GI2KoKMlCGfDDPRb22eTy43NpxDsl2rntTkZ4
cho3dOJHgJ8YbVliFSYB/E4DuRjdjrZVjBz0Dr/GF+KoPc2+poUbJTV3b3YK/hZE
wgr823Hmfyoa0qH8cAkCaK0HwgtYt3ZTOJfvedK8ucS1sPT5kmzcPQ1t68YLshMt
7GB4+CGCg2PxpXTyXmdMoP3o0Uolfav4mGDyz2oFkpRZ0x4dI8atHsmr/QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFMRrD/Nx4JJHEGUKFxk3LFxmBc60MB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEveEdzUDgzSGdra2NRWlFvWEdUY3NYR1lGenJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDArBAIAATAlMAwDBAWX9KAD
BAKX9OADBAOX9fgDBAaX90ADBAK5SQADAwDZPDANBAIAAjAHAwUGKg4AADANBgkq
hkiG9w0BAQsFAAOCAQEARftKnnyOIWRLTzXQ8TqZYzXTpG7yQWJGwuox3vZi8VVi
Rg2L4BG4sypxKNpJjKJaZaPxqA1vQ5i+pnpVFDvCLzuD+9HJZYK1OOWUWLWe7m/9
n8tjTQ4qM5wSFE8YL+IoSfn9s9l/eHT/f0oIKTuvHfgcut+ufXmP6E/6u5Wgm8X/
Bjk7wke1+rwIDPWuzkngHmj5keUC+e5Bjj7JYkegYCM6ZowR0tYRcIPHYKbQN/Pw
w6kt3djCo3xHUFuY9mOqEO9nWT56iNwKA7+PUGO9VVl5mRApKEPpuOVC1zn2vxEY
zRK4ZgH72RM4UuLLJWrjx5oEkHRwQ1GBNCu064uvAg==
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:05:00 2025 by rpki-client