Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/tGUQDtGVjp9vwx4RNyvKuMLFygo.roa
File: tGUQDtGVjp9vwx4RNyvKuMLFygo.roa (raw, json)
Hash identifier: dA/NUxZ7SYyVz2Zu3wCsHiSZ5tkE/U1yHEsb/rkBMO0=
Subject key identifier: B4:65:10:0E:D1:95:8E:9F:6F:C3:1E:11:37:2B:CA:B8:C2:C5:CA:0A
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018ED6B7B2A97BB465C5F241D62689B1350E
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/tGUQDtGVjp9vwx4RNyvKuMLFygo.roa
Signing time: Sat 13 Apr 2024 09:09:06 +0000
ROA not before: Sat 13 Apr 2024 09:09:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215211
IP address blocks: 31.57.0.0/16 maxlen: 16
31.58.0.0/16 maxlen: 16
151.247.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:d6:b7:b2:a9:7b:b4:65:c5:f2:41:d6:26:89:b1:35:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Apr 13 09:09:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b465100ed1958e9f6fc31e11372bcab8c2c5ca0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:15:f8:3c:32:ec:7c:d7:48:46:ee:f1:98:5e:
e0:97:99:42:37:b7:e8:a7:28:d7:c2:fe:56:f5:d2:
47:31:22:88:9e:16:f6:c6:d2:27:82:dc:92:8b:19:
28:ef:15:f7:2c:a0:5f:b7:de:c4:b9:e7:b3:be:a9:
8d:1c:7f:e9:05:e5:2e:fc:79:7b:fa:93:fb:5a:a6:
3b:21:21:e5:01:3f:36:90:d1:50:d5:d0:7b:99:ce:
8b:4c:ed:2d:28:7e:7e:c0:18:39:3f:c2:19:27:a4:
a4:4f:05:8d:b0:9f:38:c9:70:44:aa:82:8c:31:ff:
cd:12:c9:82:4a:a2:ae:1c:01:22:cb:90:c0:4d:89:
22:6b:76:0f:e5:90:4c:ca:fc:9c:46:a6:fc:f5:d2:
20:0d:f1:f9:9a:47:f5:42:6f:85:0f:07:ff:1d:ea:
85:72:e2:70:a0:63:5b:ef:bb:33:c5:d3:c7:7b:5a:
8f:0a:b0:f0:c8:fd:b3:16:84:d5:e4:15:58:82:88:
f8:00:88:13:a9:14:8f:64:f3:39:fd:33:82:31:1a:
ca:2f:ec:af:37:6d:84:05:87:46:22:a1:87:a8:72:
2e:07:05:36:0b:73:08:b7:13:5a:30:ce:e2:08:f5:
72:73:59:43:87:0c:16:d2:89:01:e3:e9:ec:7b:9c:
fb:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:65:10:0E:D1:95:8E:9F:6F:C3:1E:11:37:2B:CA:B8:C2:C5:CA:0A
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/tGUQDtGVjp9vwx4RNyvKuMLFygo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.57.0.0-31.58.255.255
151.247.207.0/24
Signature Algorithm: sha256WithRSAEncryption
54:a1:99:e6:8f:af:87:ec:b7:12:42:06:10:37:1d:2a:b4:9b:
74:54:90:c4:de:91:fd:2f:54:5c:dd:d3:0f:c4:5d:37:98:83:
0e:02:62:98:a5:db:ce:e7:81:af:15:9e:44:0e:b2:58:f0:e4:
1f:49:92:a5:fc:c8:01:d8:ac:f5:e6:c3:06:b7:b5:95:c8:ec:
0c:18:b5:5d:f1:6c:70:33:30:06:20:fa:84:fe:28:81:c0:ec:
b5:5e:ba:3c:12:c1:d0:6c:0f:2c:35:93:d6:8d:6a:70:5c:70:
6b:cb:64:64:0f:a1:2c:40:f2:3b:a0:c3:03:b8:eb:e5:a0:98:
b5:4b:bf:7e:c4:ca:24:5b:36:af:51:89:07:f3:1d:60:cb:6b:
00:5e:0c:02:f0:ec:39:34:33:26:c8:85:65:99:7f:da:cc:8d:
78:7a:38:e0:d7:df:38:4f:d2:b0:d1:ea:a7:f0:ce:ed:17:53:
a2:69:d8:00:03:5c:ad:a0:61:ba:4b:29:14:75:9e:61:ec:5f:
af:6f:5d:c0:81:b6:60:37:48:98:6c:f5:44:41:1f:5b:d1:9c:
98:d6:fe:5c:f4:49:59:5c:7d:ae:3d:76:37:9f:44:8a:24:ee:
3b:bb:a8:d5:b2:67:eb:02:ea:b2:ce:86:b7:91:d0:fc:2f:b6:
38:af:0f:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7Wt7Kpe7RlxfJB1iaJsTUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwNDEzMDkwOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY1MTAwZWQxOTU4ZTlmNmZjMzFlMTEzNzJiY2FiOGMyYzVjYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxX4PDLsfNdIRu7xmF7gl5lCN7fo
pyjXwv5W9dJHMSKInhb2xtIngtySixko7xX3LKBft97EueezvqmNHH/pBeUu/Hl7
+pP7WqY7ISHlAT82kNFQ1dB7mc6LTO0tKH5+wBg5P8IZJ6SkTwWNsJ84yXBEqoKM
Mf/NEsmCSqKuHAEiy5DATYkia3YP5ZBMyvycRqb89dIgDfH5mkf1Qm+FDwf/HeqF
cuJwoGNb77szxdPHe1qPCrDwyP2zFoTV5BVYgoj4AIgTqRSPZPM5/TOCMRrKL+yv
N22EBYdGIqGHqHIuBwU2C3MItxNaMM7iCPVyc1lDhwwW0okB4+nse5z7AwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLRlEA7RlY6fb8MeETcryrjCxcoKMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvdEdVUUR0R1ZqcDl2d3g0Uk55dkt1TUxGeWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASMAoDAwAfOQMD
AB86AwQAl/fPMA0GCSqGSIb3DQEBCwUAA4IBAQBUoZnmj6+H7LcSQgYQNx0qtJt0
VJDE3pH9L1Rc3dMPxF03mIMOAmKYpdvO54GvFZ5EDrJY8OQfSZKl/MgB2Kz15sMG
t7WVyOwMGLVd8WxwMzAGIPqE/iiBwOy1Xro8EsHQbA8sNZPWjWpwXHBry2RkD6Es
QPI7oMMDuOvloJi1S79+xMokWzavUYkH8x1gy2sAXgwC8Ow5NDMmyIVlmX/azI14
ejjg1984T9Kw0eqn8M7tF1OiadgAA1ytoGG6SykUdZ5h7F+vb13AgbZgN0iYbPVE
QR9b0ZyY1v5c9ElZXH2uPXY3n0SKJO47u6jVsmfrAuqyzoa3kdD8L7Y4rw+Q
-----END CERTIFICATE-----
Generated at Sun May 11 12:21:39 2025 by rpki-client