Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/OsS7BA8m3H3LTTHa67k-bJkbGcQ.roa
File: OsS7BA8m3H3LTTHa67k-bJkbGcQ.roa (raw, json)
Hash identifier: yYmAY6J2/1cYscflgs09YDAViBeYM0rkdldXkJvnz3I=
Subject key identifier: 3A:C4:BB:04:0F:26:DC:7D:CB:4D:31:DA:EB:B9:3E:6C:99:1B:19:C4
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 01856BCA2FC6606750CD6260028C049263DB
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/OsS7BA8m3H3LTTHa67k-bJkbGcQ.roa
Signing time: Sun 01 Jan 2023 05:24:50 +0000
ROA not before: Sun 01 Jan 2023 05:24:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206509
IP address blocks: 62.169.128.0/19 maxlen: 19
217.29.192.0/20 maxlen: 22
62.164.128.0/17 maxlen: 21
213.254.160.0/19 maxlen: 19
62.164.144.0/21 maxlen: 21
212.32.0.0/17 maxlen: 17
193.108.168.0/23 maxlen: 23
194.154.32.0/19 maxlen: 19
212.47.64.0/19 maxlen: 19
86.54.0.0/16 maxlen: 16
194.164.0.0/16 maxlen: 16
194.62.44.0/22 maxlen: 22
217.154.0.0/16 maxlen: 16
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
212.56.48.0/20 maxlen: 20
2001:15e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ca:2f:c6:60:67:50:cd:62:60:02:8c:04:92:63:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 1 05:24:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3ac4bb040f26dc7dcb4d31daebb93e6c991b19c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:8c:50:14:95:e3:b1:55:47:46:77:33:87:3e:
1c:53:2a:76:b2:87:fe:a1:c6:ef:0c:a6:45:0b:f0:
02:ac:a3:63:87:d4:33:74:9d:dd:78:f1:84:72:75:
8a:9c:55:49:72:c6:a6:3f:63:3e:cf:0d:02:27:50:
a8:2f:19:15:bc:cd:fa:88:dc:82:a1:63:68:be:a3:
08:0f:ea:7c:60:82:f3:83:e9:02:99:5c:f3:e7:0f:
a6:0b:0c:2a:dd:6f:6b:ef:c2:f7:6e:10:a6:73:a7:
f6:19:b9:44:ac:5c:08:06:d1:de:76:fa:91:20:ec:
31:6b:d8:08:6d:97:71:45:29:78:52:f8:a9:91:ac:
80:9e:fb:58:a8:20:d6:3a:a5:77:01:8d:95:c9:a9:
3e:5a:1a:62:43:f1:7e:32:09:a0:3e:e2:9e:e1:c8:
e8:07:49:0c:7d:55:e7:e8:28:26:1d:b1:78:5e:bb:
5d:3a:fd:15:36:cd:86:43:cf:5d:65:2c:09:15:b6:
dc:c4:68:b2:50:76:29:b9:0d:b1:f9:f3:a7:b7:cd:
9c:58:96:b0:a4:57:a4:46:97:eb:4f:2e:88:7f:94:
8e:15:7f:48:3f:ef:2b:f1:0a:25:61:74:57:f4:86:
28:c2:df:40:86:6d:45:30:8d:6c:d2:96:fa:d8:cb:
ff:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:C4:BB:04:0F:26:DC:7D:CB:4D:31:DA:EB:B9:3E:6C:99:1B:19:C4
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/OsS7BA8m3H3LTTHa67k-bJkbGcQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0/19
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.154.32.0/19
194.164.0.0/16
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
212.47.64.0/19
212.56.48.0/20
213.254.160.0/19
217.29.192.0/20
217.154.0.0/16
IPv6:
2001:15e0::/32
Signature Algorithm: sha256WithRSAEncryption
33:60:05:d3:24:9f:bb:03:49:2b:a8:d5:8d:a2:6b:fa:80:89:
4f:c0:4f:02:f1:6d:0b:cc:37:59:77:65:7c:c9:1d:c6:da:39:
ae:d6:24:ee:2b:ac:2c:02:7d:e6:e1:5b:92:09:89:0b:63:5b:
db:f4:c9:bb:83:9e:21:d8:04:42:31:46:01:9d:83:de:f4:53:
9d:d0:57:0e:9f:b9:f0:38:b7:74:df:3e:17:dd:06:c0:ee:df:
98:f7:1d:8f:d3:b0:bd:c0:59:d2:55:45:01:ab:7b:60:17:84:
0e:56:6f:f8:20:0f:ee:cd:5c:05:ce:24:42:7f:24:85:37:d3:
ee:0e:e7:61:24:ff:43:83:8e:62:eb:4c:f0:dd:35:10:73:cc:
19:b2:ca:af:a6:22:d9:e1:eb:9b:80:5d:b0:f8:b0:8b:7f:83:
bb:07:bb:0f:b7:cb:7a:cb:1b:37:cc:d2:e6:90:79:de:22:11:
08:fa:28:ef:8a:6c:6f:e6:98:de:03:96:d0:fd:bd:01:49:8a:
9f:50:35:a7:4c:16:47:bb:a1:97:8b:42:25:dc:c2:54:39:d2:
9c:93:37:e5:52:39:80:1e:ce:b3:38:4f:fa:0c:e1:48:14:c0:
8c:2e:41:a3:bd:2a:b1:70:b2:63:98:fa:63:4d:0b:be:1e:54:
34:24:b5:fb
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAYVryi/GYGdQzWJgAowEkmPbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMwMTAxMDUyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWM0YmIwNDBmMjZkYzdkY2I0ZDMxZGFlYmI5M2U2Yzk5MWIxOWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4xQFJXjsVVHRnczhz4cUyp2sof+
ocbvDKZFC/ACrKNjh9QzdJ3dePGEcnWKnFVJcsamP2M+zw0CJ1CoLxkVvM36iNyC
oWNovqMID+p8YILzg+kCmVzz5w+mCwwq3W9r78L3bhCmc6f2GblErFwIBtHedvqR
IOwxa9gIbZdxRSl4UvipkayAnvtYqCDWOqV3AY2Vyak+WhpiQ/F+MgmgPuKe4cjo
B0kMfVXn6CgmHbF4XrtdOv0VNs2GQ89dZSwJFbbcxGiyUHYpuQ2x+fOnt82cWJaw
pFekRpfrTy6If5SOFX9IP+8r8QolYXRX9IYowt9Ahm1FMI1s0pb62Mv/swIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFDrEuwQPJtx9y00x2uu5PmyZGxnEMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvT3NTN0JBOG0zSDNMVFRIYTY3ay1iSmtiR2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwYwQCAAEwXQMEBz6kgAME
BT6pgAMDAFY2AwQBwWyoAwQCwj4sAwQFwpogAwMAwqQDBAXDGuADBAXDuOADBAXD
yAADBAfUIAADBAXUL0ADBATUODADBAXV/qADBATZHcADAwDZmjANBAIAAjAHAwUA
IAEV4DANBgkqhkiG9w0BAQsFAAOCAQEAM2AF0ySfuwNJK6jVjaJr+oCJT8BPAvFt
C8w3WXdlfMkdxto5rtYk7iusLAJ95uFbkgmJC2Nb2/TJu4OeIdgEQjFGAZ2D3vRT
ndBXDp+58Di3dN8+F90GwO7fmPcdj9OwvcBZ0lVFAat7YBeEDlZv+CAP7s1cBc4k
Qn8khTfT7g7nYST/Q4OOYutM8N01EHPMGbLKr6Yi2eHrm4BdsPiwi3+Duwe7D7fL
essbN8zS5pB53iIRCPoo74psb+aY3gOW0P29AUmKn1A1p0wWR7uhl4tCJdzCVDnS
nJM35VI5gB7OszhP+gzhSBTAjC5Bo70qsXCyY5j6Y00Lvh5UNCS1+w==
-----END CERTIFICATE-----
Generated at Tue Apr 29 09:45:06 2025 by rpki-client