Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/L_DlAas_Swg5afujhYXXMCFhDa8.roa
File: L_DlAas_Swg5afujhYXXMCFhDa8.roa (raw, json)
Hash identifier: tKTuGwSBS3r9mtdY4iRKOwqLMUQtzO+9h+ikCe4ryFA=
Subject key identifier: 2F:F0:E5:01:AB:3F:4B:08:39:69:FB:A3:85:85:D7:30:21:61:0D:AF
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 0195663145071DBD5240764E6925AB1D9319
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/L_DlAas_Swg5afujhYXXMCFhDa8.roa
Signing time: Wed 05 Mar 2025 12:04:19 +0000
ROA not before: Wed 05 Mar 2025 12:04:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212997
IP address blocks: 151.216.35.0/24 maxlen: 24
2001:7fc:4::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:66:31:45:07:1d:bd:52:40:76:4e:69:25:ab:1d:93:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Mar 5 12:04:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ff0e501ab3f4b083969fba38585d73021610daf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a1:c8:5a:ad:9b:33:db:9f:d7:5b:31:02:ff:
59:e9:49:84:d4:6a:b7:9d:53:ac:6e:81:d9:9d:92:
43:67:33:35:ed:82:4d:0e:a4:22:bb:7b:77:35:d2:
d9:38:a0:24:0c:cc:26:7b:75:b5:1b:57:68:7e:c3:
1d:0a:ae:3d:a0:a5:08:55:2d:d3:e1:92:59:f5:a7:
a0:1a:73:ff:83:6c:2c:5f:56:7a:d4:3e:26:8a:ab:
2d:bc:54:8c:2f:61:04:f9:b1:2a:03:a6:e0:30:c7:
9b:73:ab:12:8a:94:18:02:9b:7b:03:c6:3f:fe:14:
80:99:35:63:38:f0:d4:d7:8a:1d:56:c5:f4:7b:3a:
39:32:78:09:d5:40:f7:4e:de:18:8c:10:e8:f2:f8:
a7:33:d2:f4:6d:16:13:83:73:6e:65:0c:06:71:ca:
52:46:2b:bb:56:c7:c2:25:98:a6:80:9e:8f:49:fc:
e5:00:6d:eb:ca:56:44:3a:08:20:07:ed:68:30:95:
07:59:5f:c0:29:77:c1:15:e5:15:b5:56:ef:ef:4e:
fd:91:98:7f:57:91:e6:74:5d:31:52:4b:07:9b:e2:
1d:5e:7c:b8:85:73:cb:bd:39:5c:91:1b:69:f0:cd:
44:74:14:30:e7:9b:c7:9b:65:1a:41:5b:cc:05:9c:
5f:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:F0:E5:01:AB:3F:4B:08:39:69:FB:A3:85:85:D7:30:21:61:0D:AF
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/L_DlAas_Swg5afujhYXXMCFhDa8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.35.0/24
IPv6:
2001:7fc:4::/48
Signature Algorithm: sha256WithRSAEncryption
34:19:d4:5e:42:2b:f3:27:50:cc:08:f3:8c:9d:77:01:f8:9f:
dd:73:2a:77:ea:23:b5:15:c1:ab:ea:89:9e:a5:fa:3f:17:09:
df:56:ee:98:7c:a7:aa:d3:e8:39:c9:a5:82:36:fb:ec:2b:b2:
00:e4:a6:22:d8:55:a5:6c:0e:cf:0b:ea:2a:43:95:9f:f3:fb:
e1:c1:7a:f4:fd:28:9c:15:1a:44:4f:66:0d:2a:54:34:94:be:
1a:77:11:1b:ec:a9:35:1b:4d:76:fb:53:9b:03:2b:ec:7f:6e:
c9:03:bb:4a:31:ce:69:69:47:02:20:2c:1f:84:92:a3:7f:56:
7b:30:27:a3:e0:fd:3f:e5:98:fe:ee:79:be:54:44:d7:ba:33:
bf:1f:5a:5b:eb:0e:eb:20:cd:43:49:cd:38:5c:68:76:1f:f5:
23:ec:27:0a:fd:67:d4:77:f5:c2:c1:62:65:2a:96:3e:dc:2b:
c9:d1:08:c1:5a:b5:b9:a0:e4:84:c2:8f:33:9f:44:a2:1e:dd:
8a:4e:6f:24:33:17:5a:f4:b4:14:0e:18:bb:08:6c:c8:f9:03:
2b:73:0f:55:f8:71:a7:f0:8a:a8:36:41:c0:69:18:83:7d:ba:
1d:11:01:84:80:28:ff:a1:30:08:0f:25:33:d8:fc:ea:6b:51:
1d:f8:49:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZVmMUUHHb1SQHZOaSWrHZMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwMzA1MTIwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmYwZTUwMWFiM2Y0YjA4Mzk2OWZiYTM4NTg1ZDczMDIxNjEwZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqHIWq2bM9uf11sxAv9Z6UmE1Gq3
nVOsboHZnZJDZzM17YJNDqQiu3t3NdLZOKAkDMwme3W1G1dofsMdCq49oKUIVS3T
4ZJZ9aegGnP/g2wsX1Z61D4miqstvFSML2EE+bEqA6bgMMebc6sSipQYApt7A8Y/
/hSAmTVjOPDU14odVsX0ezo5MngJ1UD3Tt4YjBDo8vinM9L0bRYTg3NuZQwGccpS
Riu7VsfCJZimgJ6PSfzlAG3rylZEOgggB+1oMJUHWV/AKXfBFeUVtVbv7079kZh/
V5HmdF0xUksHm+IdXny4hXPLvTlckRtp8M1EdBQw55vHm2UaQVvMBZxfPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC/w5QGrP0sIOWn7o4WF1zAhYQ2vMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvTF9EbEFhc19Td2c1YWZ1amhZWFhNQ0ZoRGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl9gjMA8E
AgACMAkDBwAgAQf8AAQwDQYJKoZIhvcNAQELBQADggEBADQZ1F5CK/MnUMwI84yd
dwH4n91zKnfqI7UVwavqiZ6l+j8XCd9W7ph8p6rT6DnJpYI2++wrsgDkpiLYVaVs
Ds8L6ipDlZ/z++HBevT9KJwVGkRPZg0qVDSUvhp3ERvsqTUbTXb7U5sDK+x/bskD
u0oxzmlpRwIgLB+EkqN/VnswJ6Pg/T/lmP7ueb5URNe6M78fWlvrDusgzUNJzThc
aHYf9SPsJwr9Z9R39cLBYmUqlj7cK8nRCMFatbmg5ITCjzOfRKIe3YpObyQzF1r0
tBQOGLsIbMj5AytzD1X4cafwiqg2QcBpGIN9uh0RAYSAKP+hMAgPJTPY/OprUR34
SRU=
-----END CERTIFICATE-----
Generated at Mon Apr 28 11:17:21 2025 by rpki-client