Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/g0ThHiCIrnr5UFN1ZS-3HiMC4vE.roa
File: g0ThHiCIrnr5UFN1ZS-3HiMC4vE.roa (raw, json)
Hash identifier: eO/bg3/qPgUYDtqjnqKXgA6TsRA63BMJRsK2RcOFOkU=
Subject key identifier: 83:44:E1:1E:20:88:AE:7A:F9:50:53:75:65:2F:B7:1E:23:02:E2:F1
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018D3B1114B6E3E3BAF18FF7BAEFFFC443D1
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/g0ThHiCIrnr5UFN1ZS-3HiMC4vE.roa
Signing time: Wed 24 Jan 2024 10:43:11 +0000
ROA not before: Wed 24 Jan 2024 10:43:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 62.164.128.0/17 maxlen: 17
62.164.144.0/21 maxlen: 21
62.169.128.0/20 maxlen: 20
62.169.144.0/22 maxlen: 22
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.169.154.0/24 maxlen: 24
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
86.54.0.0/16 maxlen: 16
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
194.164.2.0/24 maxlen: 24
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.140.0/22 maxlen: 22
194.164.144.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.32.54.0/23 maxlen: 23
212.32.56.0/21 maxlen: 21
212.32.64.0/18 maxlen: 18
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
212.56.57.0/24 maxlen: 24
213.254.160.0/19 maxlen: 19
217.154.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3b:11:14:b6:e3:e3:ba:f1:8f:f7:ba:ef:ff:c4:43:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 24 10:43:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8344e11e2088ae7af9505375652fb71e2302e2f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:72:aa:61:d9:43:f6:91:48:8b:d7:62:e9:3d:
d5:5d:33:1b:67:05:4a:83:c4:30:a0:f4:57:3a:6e:
d0:7f:9e:85:e1:30:6b:f3:e0:4f:14:11:44:8f:79:
2d:b9:a9:01:14:f8:87:97:0c:ee:87:84:d7:6f:79:
a9:c5:da:63:94:92:d8:e6:b7:c1:b9:1f:70:67:45:
3d:fa:f9:f6:4b:d3:17:85:a0:f9:8e:ca:d3:f3:bb:
99:af:0e:32:f6:88:32:ac:97:9a:18:5e:e4:17:90:
50:d1:d6:48:04:66:f6:a1:6d:9f:ec:62:96:ac:c5:
05:34:b7:a9:f9:20:aa:9a:fb:4c:75:52:d7:51:f7:
96:66:05:35:84:d9:f3:c7:71:80:f3:19:dd:60:84:
00:80:05:ce:ed:7c:1d:df:a8:e4:6b:44:f1:70:7d:
9e:19:9e:ee:d7:85:ee:6b:61:15:ba:41:87:4b:f0:
ef:06:9d:8b:9f:7c:28:96:68:f5:af:09:b9:f3:92:
de:a7:6a:0e:3e:c8:fe:2b:2c:2e:02:16:38:ea:54:
96:41:1b:64:65:5b:86:76:88:48:71:57:63:bf:9f:
dc:68:b3:e3:f2:e6:8f:7b:d1:4c:41:e7:be:d2:fd:
1e:e7:44:2c:aa:62:3e:f2:8b:25:c4:78:65:dd:c2:
00:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:44:E1:1E:20:88:AE:7A:F9:50:53:75:65:2F:B7:1E:23:02:E2:F1
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/g0ThHiCIrnr5UFN1ZS-3HiMC4vE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0-62.169.147.255
62.169.150.0/24
62.169.152.0-62.169.156.255
62.169.158.0/23
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.140.0-194.164.144.255
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.224.0/19
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.0.0/17
212.47.80.0/23
212.47.84.0/24
212.56.57.0/24
213.254.160.0/19
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
95:74:fa:ba:0f:59:7a:a7:f7:f6:f9:a2:14:69:bb:79:0b:8e:
09:b3:59:8a:d9:7a:25:91:a5:64:ad:77:94:b6:8d:ef:c7:82:
7d:25:44:95:53:9f:9d:bb:8e:3f:0b:95:71:63:57:08:d9:c4:
1d:f4:e1:34:66:81:a3:2b:43:c7:7c:ac:8d:39:72:4a:2e:2e:
c2:0a:0b:c9:b7:cc:59:c7:17:f8:67:80:cd:cd:9b:e2:0d:26:
f7:ae:3d:c1:9c:26:a0:b1:ac:2c:f3:14:8c:75:9f:34:47:9f:
89:a8:7d:dd:38:a1:c2:f7:bb:e2:41:7f:dd:7f:7e:b2:39:77:
35:0e:b7:79:c7:a1:8d:41:40:05:9e:bc:13:3c:4c:50:59:61:
a0:ec:de:b5:d9:2d:24:99:11:46:b0:1b:dd:5c:f4:20:fc:5a:
7b:0c:7a:a1:2d:d8:7d:ac:b5:5c:07:70:69:1f:00:39:9f:78:
fa:3c:53:01:c1:c5:90:6e:f1:fe:5f:cf:e1:37:43:71:d2:d9:
95:5d:70:39:c7:eb:f6:69:46:41:36:d9:7a:9d:0f:c1:7b:ad:
72:3e:61:b9:da:ce:fb:70:a1:fc:22:8e:90:74:ff:6e:92:91:
b2:9b:dc:cf:70:2f:f1:3d:43:55:ae:76:bd:c8:53:f2:a1:cc:
40:0c:68:cb
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgISAY07ERS24+O68Y/3uu//xEPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMTI0MTA0MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ0ZTExZTIwODhhZTdhZjk1MDUzNzU2NTJmYjcxZTIzMDJlMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3KqYdlD9pFIi9di6T3VXTMbZwVK
g8QwoPRXOm7Qf56F4TBr8+BPFBFEj3ktuakBFPiHlwzuh4TXb3mpxdpjlJLY5rfB
uR9wZ0U9+vn2S9MXhaD5jsrT87uZrw4y9ogyrJeaGF7kF5BQ0dZIBGb2oW2f7GKW
rMUFNLep+SCqmvtMdVLXUfeWZgU1hNnzx3GA8xndYIQAgAXO7Xwd36jka0TxcH2e
GZ7u14Xua2EVukGHS/DvBp2Ln3wolmj1rwm585Lep2oOPsj+KywuAhY46lSWQRtk
ZVuGdohIcVdjv5/caLPj8uaPe9FMQee+0v0e50QsqmI+8oslxHhl3cIAjQIDAQAB
o4IDEzCCAw8wHQYDVR0OBBYEFINE4R4giK56+VBTdWUvtx4jAuLxMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvZzBUaEhpQ0lybnI1VUZOMVpTLTNIaU1DNHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJwYIKwYBBQUHAQcBAf8EggEWMIIBEjCCAQ4EAgABMIIB
BgMEBz6kgDAMAwQHPqmAAwQCPqmQAwQAPqmWMAwDBAM+qZgDBAA+qZwDBAE+qZ4D
AwBWNgMEAcFsqAMEAsI+LAMEAMKkAgMEAMKkDAMEAMKkJgMEAsKkUDAMAwQAwqRV
AwQAwqRWAwQAwqRhAwQAwqRkAwQAwqRoAwQAwqRqAwQAwqRyMAwDBALCpIwDBADC
pJADBADCpLUDBADCpN8wDAMEAMKk5wMEAMKk6AMEAMKk7jAMAwQAwqTxAwQCwqTw
AwQAwqT3AwQFwxrgAwQBw7jkAwQAw7jsAwQAw7j1AwQFw8gAAwQH1CAAAwQB1C9Q
AwQA1C9UAwQA1Dg5AwQF1f6gAwMA2ZowDQYJKoZIhvcNAQELBQADggEBAJV0+roP
WXqn9/b5ohRpu3kLjgmzWYrZeiWRpWStd5S2je/Hgn0lRJVTn527jj8LlXFjVwjZ
xB304TRmgaMrQ8d8rI05ckouLsIKC8m3zFnHF/hngM3Nm+INJveuPcGcJqCxrCzz
FIx1nzRHn4mofd04ocL3u+JBf91/frI5dzUOt3nHoY1BQAWevBM8TFBZYaDs3rXZ
LSSZEUawG91c9CD8WnsMeqEt2H2stVwHcGkfADmfePo8UwHBxZBu8f5fz+E3Q3HS
2ZVdcDnH6/ZpRkE22XqdD8F7rXI+YbnazvtwofwijpB0/26SkbKb3M9wL/E9Q1Wu
dr3IU/KhzEAMaMs=
-----END CERTIFICATE-----
Generated at Mon Apr 28 14:19:51 2025 by rpki-client