Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/ALms_vTAIUAxsOAaXEoWGL3DREQ.roa
File: ALms_vTAIUAxsOAaXEoWGL3DREQ.roa (raw, json)
Hash identifier: /hD/lhb74jIv4ewunvCzYBhNyZ29c5ZDOdoGyi2VRWs=
Subject key identifier: 00:B9:AC:FE:F4:C0:21:40:31:B0:E0:1A:5C:4A:16:18:BD:C3:44:44
Certificate issuer: /CN=77d2d928423104e5c3480e21b4a3ed1498b2a27e
Certificate serial: 0194BC773F129CC24CBDB4543741B8301091
Authority key identifier: 77:D2:D9:28:42:31:04:E5:C3:48:0E:21:B4:A3:ED:14:98:B2:A2:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/ALms_vTAIUAxsOAaXEoWGL3DREQ.roa
Signing time: Fri 31 Jan 2025 13:05:19 +0000
ROA not before: Fri 31 Jan 2025 13:05:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62392
IP address blocks: 151.216.128.0/17 maxlen: 17
185.175.216.0/22 maxlen: 22
2001:67c:1810::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:bc:77:3f:12:9c:c2:4c:bd:b4:54:37:41:b8:30:10:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=77d2d928423104e5c3480e21b4a3ed1498b2a27e
Validity
Not Before: Jan 31 13:05:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=00b9acfef4c0214031b0e01a5c4a1618bdc34444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:e1:47:d0:c7:09:cd:6b:96:2b:ac:2c:fa:ba:
38:3c:23:86:6d:d6:b2:1b:b9:1b:43:c8:3d:64:6e:
c6:f9:f5:94:e5:88:92:27:9a:41:c7:38:09:fa:bb:
7e:f8:5a:15:1c:9f:5c:bc:61:56:bc:6b:cb:2c:ac:
9e:e5:6b:41:b2:70:47:0e:d2:6b:c1:de:59:a4:9e:
49:a8:7e:7e:25:2e:bc:44:41:0d:ef:72:6e:1d:d7:
37:09:79:de:d6:aa:9c:26:4d:aa:c2:a6:92:38:19:
4b:11:8b:71:8c:08:be:eb:c1:da:5c:38:b7:62:4f:
95:d8:7c:05:e7:f4:e7:fb:da:c5:31:85:be:f0:de:
ed:33:56:9d:1c:49:13:77:5f:71:21:e2:3a:15:9b:
39:91:18:f7:21:96:64:29:79:04:08:a8:38:1d:3e:
a1:ab:04:1c:d0:cf:b2:5c:b3:32:99:05:d6:2a:7d:
8e:35:32:1c:79:97:66:9a:32:81:fd:4b:79:a1:4e:
56:e0:2b:12:83:ff:37:75:5b:a1:4c:5f:52:43:62:
71:f8:bc:c7:0c:4d:86:31:bf:4f:bb:ec:f1:dc:a8:
2f:77:e8:34:33:fc:33:f6:9c:e9:58:89:61:5c:2b:
0b:fb:de:f0:c6:40:ba:0a:12:d7:ea:00:7a:cb:ec:
e1:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:B9:AC:FE:F4:C0:21:40:31:B0:E0:1A:5C:4A:16:18:BD:C3:44:44
X509v3 Authority Key Identifier:
keyid:77:D2:D9:28:42:31:04:E5:C3:48:0E:21:B4:A3:ED:14:98:B2:A2:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/ALms_vTAIUAxsOAaXEoWGL3DREQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/d9LZKEIxBOXDSA4htKPtFJiyon4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.128.0/17
185.175.216.0/22
IPv6:
2001:67c:1810::/48
Signature Algorithm: sha256WithRSAEncryption
24:35:7a:82:98:3e:a8:09:39:4a:e1:4e:cd:b7:60:50:1d:01:
55:28:cb:a0:ae:c1:57:28:98:d4:d3:e8:1f:09:de:c2:61:9b:
a3:50:2f:10:9a:dc:52:0a:5d:b5:60:bd:3b:95:67:0b:2a:7d:
dc:bb:59:17:99:e4:ed:80:9f:b7:59:48:4e:5a:54:05:8a:c8:
4c:5d:3b:3b:a5:bb:c2:11:50:4d:8c:36:75:72:43:40:56:a4:
d1:c4:7b:2a:53:3c:2f:6c:20:ed:0d:65:2b:29:1e:e7:79:4e:
4a:34:0d:dc:31:16:f9:73:e9:eb:03:59:81:c1:b4:99:d7:5b:
2b:70:62:1e:0a:27:3a:df:62:53:31:02:21:c8:85:90:54:f7:
72:c2:6f:4f:41:0d:45:53:2e:be:20:c5:71:ba:58:56:6b:ae:
b7:a1:3f:a5:f8:9e:8d:41:9d:eb:63:8d:60:b7:42:98:36:c9:
ba:ba:91:30:11:72:31:4c:f8:92:cf:67:15:2d:90:99:46:36:
ef:32:70:07:9d:58:d1:cd:52:e5:4f:ce:cb:19:cd:3f:ec:09:
24:cd:b3:e7:b2:37:86:53:ce:a1:c0:70:0e:54:fd:8e:05:34:
0d:4c:ae:99:66:cc:1f:da:91:f3:91:d5:8d:b5:46:f1:91:27:
38:eb:67:6e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZS8dz8SnMJMvbRUN0G4MBCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZDJkOTI4NDIzMTA0ZTVjMzQ4MGUyMWI0YTNlZDE0OThi
MmEyN2UwHhcNMjUwMTMxMTMwNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGI5YWNmZWY0YzAyMTQwMzFiMGUwMWE1YzRhMTYxOGJkYzM0NDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOFH0McJzWuWK6ws+ro4PCOGbday
G7kbQ8g9ZG7G+fWU5YiSJ5pBxzgJ+rt++FoVHJ9cvGFWvGvLLKye5WtBsnBHDtJr
wd5ZpJ5JqH5+JS68REEN73JuHdc3CXne1qqcJk2qwqaSOBlLEYtxjAi+68HaXDi3
Yk+V2HwF5/Tn+9rFMYW+8N7tM1adHEkTd19xIeI6FZs5kRj3IZZkKXkECKg4HT6h
qwQc0M+yXLMymQXWKn2ONTIceZdmmjKB/Ut5oU5W4CsSg/83dVuhTF9SQ2Jx+LzH
DE2GMb9Pu+zx3Kgvd+g0M/wz9pzpWIlhXCsL+97wxkC6ChLX6gB6y+zhPwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAC5rP70wCFAMbDgGlxKFhi9w0REMB8GA1UdIwQY
MBaAFHfS2ShCMQTlw0gOIbSj7RSYsqJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDlMWktFSXhCT1hEU0E0aHRLUHRGSml5b240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8yYjllMjktZDU2OC00ZDUzLWIxMjgt
NDg4NzkyMzg4ZTViLzEvQUxtc192VEFJVUF4c09BYVhFb1dHTDNEUkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8yYjllMjktZDU2OC00ZDUzLWIxMjgtNDg4NzkyMzg4ZTVi
LzEvZDlMWktFSXhCT1hEU0E0aHRLUHRGSml5b240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQHl9iAAwQC
ua/YMA8EAgACMAkDBwAgAQZ8GBAwDQYJKoZIhvcNAQELBQADggEBACQ1eoKYPqgJ
OUrhTs23YFAdAVUoy6CuwVcomNTT6B8J3sJhm6NQLxCa3FIKXbVgvTuVZwsqfdy7
WReZ5O2An7dZSE5aVAWKyExdOzulu8IRUE2MNnVyQ0BWpNHEeypTPC9sIO0NZSsp
Hud5Tko0DdwxFvlz6esDWYHBtJnXWytwYh4KJzrfYlMxAiHIhZBU93LCb09BDUVT
Lr4gxXG6WFZrrrehP6X4no1BnetjjWC3Qpg2ybq6kTARcjFM+JLPZxUtkJlGNu8y
cAedWNHNUuVPzssZzT/sCSTNs+eyN4ZTzqHAcA5U/Y4FNA1MrplmzB/akfOR1Y21
RvGRJzjrZ24=
-----END CERTIFICATE-----
Generated at Tue Apr 29 07:00:46 2025 by rpki-client