Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/xS3WoWMjZxeN2xURxaafyxp7mmg.roa
File: xS3WoWMjZxeN2xURxaafyxp7mmg.roa (raw, json)
Hash identifier: u4l14QgV6JPv4bijOqICFIHsNwU6HvzEzmj2MWdZaqU=
Subject key identifier: C5:2D:D6:A1:63:23:67:17:8D:DB:15:11:C5:A6:9F:CB:1A:7B:9A:68
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 01857079BF57FDD927BEFE7314DE17D73E7B
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/xS3WoWMjZxeN2xURxaafyxp7mmg.roa
Signing time: Mon 02 Jan 2023 03:15:05 +0000
ROA not before: Mon 02 Jan 2023 03:15:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43395
IP address blocks: 151.238.136.0/21 maxlen: 21
151.238.144.0/23 maxlen: 23
151.247.232.0/22 maxlen: 22
151.247.228.0/22 maxlen: 22
151.247.237.0/24 maxlen: 24
151.247.239.0/24 maxlen: 24
151.247.236.0/22 maxlen: 22
151.247.240.0/24 maxlen: 24
151.247.236.0/24 maxlen: 24
151.247.238.0/24 maxlen: 24
151.247.241.0/24 maxlen: 24
31.58.246.0/24 maxlen: 24
31.58.242.0/24 maxlen: 24
31.58.244.0/24 maxlen: 24
31.58.245.0/24 maxlen: 24
31.58.241.0/24 maxlen: 24
31.58.243.0/24 maxlen: 24
31.58.252.0/24 maxlen: 24
31.58.248.0/24 maxlen: 24
31.58.250.0/24 maxlen: 24
31.58.247.0/24 maxlen: 24
31.58.253.0/24 maxlen: 24
31.58.249.0/24 maxlen: 24
31.58.251.0/24 maxlen: 24
31.59.3.0/24 maxlen: 24
31.58.255.0/24 maxlen: 24
31.59.0.0/23 maxlen: 23
31.58.254.0/24 maxlen: 24
31.59.4.0/24 maxlen: 24
31.59.5.0/24 maxlen: 24
31.59.9.0/24 maxlen: 24
31.59.8.0/24 maxlen: 24
31.59.13.0/24 maxlen: 24
31.59.15.0/24 maxlen: 24
31.59.14.0/24 maxlen: 24
31.59.12.0/24 maxlen: 24
31.58.238.0/24 maxlen: 24
31.58.240.0/24 maxlen: 24
31.58.236.0/24 maxlen: 24
31.58.239.0/24 maxlen: 24
31.58.237.0/24 maxlen: 24
94.182.57.0/24 maxlen: 24
94.182.56.0/22 maxlen: 22
94.182.56.0/24 maxlen: 24
94.182.58.0/24 maxlen: 24
94.182.59.0/24 maxlen: 24
94.182.61.0/24 maxlen: 24
94.182.63.0/24 maxlen: 24
94.182.62.0/24 maxlen: 24
94.182.60.0/22 maxlen: 22
94.182.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:79:bf:57:fd:d9:27:be:fe:73:14:de:17:d7:3e:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jan 2 03:15:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c52dd6a1632367178ddb1511c5a69fcb1a7b9a68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:b4:ff:88:df:74:55:d7:9a:12:ed:b8:07:69:
11:a2:a2:88:e3:7f:63:3d:95:ce:26:c0:9f:62:3c:
08:e7:16:b3:46:20:74:80:bd:8a:ff:88:89:3b:ac:
06:cd:a2:02:38:e1:15:ef:3f:3e:05:76:95:84:75:
b0:24:dc:c6:60:8c:a0:62:1d:9f:0e:6f:6e:88:21:
9b:26:e5:b4:3d:5e:68:be:d7:32:34:e9:3c:c1:38:
ba:78:07:60:0a:36:c6:94:84:41:5a:e4:b2:53:99:
90:6d:d4:97:20:4c:cc:ce:38:ec:d2:59:7e:8d:eb:
17:0c:0e:59:05:71:5d:aa:f5:f3:67:de:10:f5:86:
bd:0b:be:ad:dc:c8:b7:84:0d:35:cd:43:63:cb:29:
f0:ae:f2:7f:16:31:9a:e2:b1:92:3a:09:81:ac:f0:
b6:37:53:dd:73:7e:b3:dd:80:cb:9c:a6:1f:53:48:
db:83:fb:54:56:e3:2d:b8:d7:f7:a4:6c:b9:08:9f:
0c:09:a7:f9:1c:83:1f:5d:17:07:65:c6:83:fc:cd:
09:de:98:de:de:ef:40:dc:29:03:8f:db:dc:1d:25:
07:28:1b:24:c4:dd:cf:05:0b:d5:1a:d5:9c:54:f2:
1c:fd:d0:00:9d:b5:30:52:4b:22:5f:e2:2a:9b:82:
2d:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:2D:D6:A1:63:23:67:17:8D:DB:15:11:C5:A6:9F:CB:1A:7B:9A:68
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/xS3WoWMjZxeN2xURxaafyxp7mmg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.58.236.0-31.59.1.255
31.59.3.0-31.59.5.255
31.59.8.0/23
31.59.12.0/22
94.182.56.0/21
151.238.136.0-151.238.145.255
151.247.228.0-151.247.241.255
Signature Algorithm: sha256WithRSAEncryption
34:0a:64:ae:a8:dc:1f:fb:6f:b2:35:f1:18:00:e6:70:a1:83:
ef:9f:83:85:55:f8:1e:3c:01:2f:09:a6:4a:03:7d:dc:5f:ad:
ad:5d:2c:83:90:4e:3e:79:66:3e:4e:e8:90:01:6a:e3:54:4e:
f2:f0:f2:8c:e2:68:c7:93:46:4d:fc:70:65:86:7b:01:bd:5d:
ce:42:25:e9:f0:2b:a0:e0:a3:89:ed:de:df:49:70:86:f6:63:
f0:59:0e:9c:28:e1:9c:82:c0:ca:d3:bd:a9:1c:d4:e8:e6:f6:
5a:a5:86:ff:54:e5:62:c9:01:8a:52:2b:96:94:59:51:76:7f:
7e:3e:0e:c2:0f:3c:92:b3:96:cd:5b:75:22:5c:6b:2b:fe:36:
3a:ae:0e:8d:fc:01:64:bf:ab:6c:f4:d5:8b:a1:14:06:85:c1:
8c:3d:a8:cf:ae:f2:25:b3:59:e5:9d:36:b5:2e:c4:10:e0:36:
1b:ff:d3:43:90:5c:95:4c:99:1c:ff:45:c2:69:0f:db:14:3d:
e6:3c:9a:c2:db:19:07:ba:5a:cc:7a:9f:19:54:de:24:2a:e2:
7b:84:29:78:76:de:7c:1c:01:cf:ab:08:28:53:4e:3b:e4:30:
81:db:95:ba:46:48:8c:b6:48:44:9d:a7:1d:b9:db:a7:c3:11:
f1:59:02:ed
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVweb9X/dknvv5zFN4X1z57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjMwMTAyMDMxNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTJkZDZhMTYzMjM2NzE3OGRkYjE1MTFjNWE2OWZjYjFhN2I5YTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLT/iN90VdeaEu24B2kRoqKI439j
PZXOJsCfYjwI5xazRiB0gL2K/4iJO6wGzaICOOEV7z8+BXaVhHWwJNzGYIygYh2f
Dm9uiCGbJuW0PV5ovtcyNOk8wTi6eAdgCjbGlIRBWuSyU5mQbdSXIEzMzjjs0ll+
jesXDA5ZBXFdqvXzZ94Q9Ya9C76t3Mi3hA01zUNjyynwrvJ/FjGa4rGSOgmBrPC2
N1Pdc36z3YDLnKYfU0jbg/tUVuMtuNf3pGy5CJ8MCaf5HIMfXRcHZcaD/M0J3pje
3u9A3CkDj9vcHSUHKBskxN3PBQvVGtWcVPIc/dAAnbUwUksiX+Iqm4It9QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMUt1qFjI2cXjdsVEcWmn8sae5poMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEveFMzV29XTWpaeGVOMnhVUnhhYWZ5eHA3bW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBAIfOuwD
BAEfOwAwDAMEAB87AwMEAR87BAMEAR87CAMEAh87DAMEA162ODAMAwQDl+6IAwQB
l+6QMAwDBAKX9+QDBAGX9/AwDQYJKoZIhvcNAQELBQADggEBADQKZK6o3B/7b7I1
8RgA5nChg++fg4VV+B48AS8JpkoDfdxfra1dLIOQTj55Zj5O6JABauNUTvLw8ozi
aMeTRk38cGWGewG9Xc5CJenwK6Dgo4nt3t9JcIb2Y/BZDpwo4ZyCwMrTvakc1Ojm
9lqlhv9U5WLJAYpSK5aUWVF2f34+DsIPPJKzls1bdSJcayv+NjquDo38AWS/q2z0
1YuhFAaFwYw9qM+u8iWzWeWdNrUuxBDgNhv/00OQXJVMmRz/RcJpD9sUPeY8msLb
GQe6Wsx6nxlU3iQq4nuEKXh23nwcAc+rCChTTjvkMIHblbpGSIy2SESdpx2526fD
EfFZAu0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:52 2024 by rpki-client on console-fra.rpki-client.org