Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/nCvGqMjMVAAs7LdigbgHht61TyI.roa
File: nCvGqMjMVAAs7LdigbgHht61TyI.roa (raw, json)
Hash identifier: /KAPuLANZqCyWldhQniBowhecR4/PLwbREf4nKsangE=
Subject key identifier: 9C:2B:C6:A8:C8:CC:54:00:2C:EC:B7:62:81:B8:07:86:DE:B5:4F:22
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 01874BED4843F0A6B0444A32314514FCFABD
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/nCvGqMjMVAAs7LdigbgHht61TyI.roa
Signing time: Tue 04 Apr 2023 11:00:54 +0000
ROA not before: Tue 04 Apr 2023 11:00:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.169.128.0/19 maxlen: 19
62.164.128.0/17 maxlen: 17
62.164.144.0/21 maxlen: 21
86.54.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4b:ed:48:43:f0:a6:b0:44:4a:32:31:45:14:fc:fa:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Apr 4 11:00:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9c2bc6a8c8cc54002cecb76281b80786deb54f22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:c7:ab:50:df:af:20:20:80:db:9f:54:dd:86:
f2:2c:f6:3b:2f:45:74:3c:8d:e4:a1:a4:81:41:f1:
95:34:12:0d:2d:e6:9d:59:87:e9:43:33:90:0c:91:
3a:91:99:e0:12:2e:13:22:cd:b8:18:53:06:58:d7:
32:73:8d:4c:b9:8e:52:f5:36:c6:dd:47:97:c1:0a:
18:b8:b7:6b:55:7f:bb:1f:d1:24:b4:1d:e0:24:20:
a7:f7:7e:53:72:45:3f:4e:4e:a8:5f:61:8e:cc:66:
42:43:a5:da:b9:18:65:a1:90:61:c7:cf:24:31:d5:
35:0e:a5:2a:c2:13:6b:e2:3e:58:0a:6c:2b:83:7b:
59:20:c4:c6:44:73:ec:79:63:2c:1f:a1:c3:43:e0:
22:34:e0:3a:30:21:60:85:a1:4f:23:dc:5b:38:67:
06:6d:95:57:83:02:ba:fb:52:9e:aa:87:6b:bd:8e:
3f:12:52:29:ae:a5:f6:e8:dc:ea:73:ac:fe:83:c8:
8d:1c:b8:e1:a1:74:f6:a1:f5:40:a6:8f:79:4c:a5:
62:f2:f1:7d:ab:38:ec:5f:92:27:07:d6:b4:ea:15:
a1:26:d4:50:36:fc:2e:81:0b:07:4a:2e:f2:22:c3:
1e:17:cb:25:19:c8:09:62:aa:e5:e3:c9:9a:c3:db:
bd:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:2B:C6:A8:C8:CC:54:00:2C:EC:B7:62:81:B8:07:86:DE:B5:4F:22
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/nCvGqMjMVAAs7LdigbgHht61TyI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0/19
86.54.0.0/16
Signature Algorithm: sha256WithRSAEncryption
43:5c:c3:bd:1c:e6:d4:2f:4c:4c:28:47:b3:04:36:5c:2b:1f:
80:7f:f2:79:39:66:4d:3e:ee:07:d0:5b:e3:8c:56:ed:8d:d4:
ed:98:b7:40:37:85:a2:e5:f2:5e:f3:4f:0d:70:83:60:a0:8d:
44:72:52:61:11:8e:24:16:50:27:42:2b:b8:47:6e:56:e3:6b:
c8:dd:76:ad:aa:5a:18:d9:49:86:75:24:e0:67:fa:27:2b:c6:
85:30:58:a1:5c:69:32:09:7f:da:cc:a7:53:0c:10:1c:c2:d5:
56:f0:2c:3b:73:3d:fe:61:53:ad:e7:e9:0e:48:41:bb:41:8b:
28:fb:ec:df:4b:42:72:21:73:26:e2:38:69:1d:4d:09:07:14:
c2:a6:e7:e5:8e:00:30:8b:24:44:1b:cd:d7:18:90:11:4c:a3:
e4:58:cb:f6:d3:c9:da:35:02:c1:2c:85:11:e7:b3:cf:d4:62:
de:75:15:69:0e:94:35:3d:32:f6:49:03:f0:64:ed:e9:e2:a9:
d5:9e:80:46:3f:c3:bc:fa:69:86:be:59:cb:a1:b8:2d:8f:e1:
4e:94:21:77:b1:53:2a:ba:95:38:b9:d0:b6:c9:27:33:3e:39:
62:05:b2:33:24:2a:cc:aa:4d:80:12:cc:60:c2:a2:8f:1b:44:
98:93:74:c6
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYdL7UhD8KawREoyMUUU/Pq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMwNDA0MTEwMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzJiYzZhOGM4Y2M1NDAwMmNlY2I3NjI4MWI4MDc4NmRlYjU0ZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0serUN+vICCA259U3YbyLPY7L0V0
PI3koaSBQfGVNBINLeadWYfpQzOQDJE6kZngEi4TIs24GFMGWNcyc41MuY5S9TbG
3UeXwQoYuLdrVX+7H9EktB3gJCCn935TckU/Tk6oX2GOzGZCQ6XauRhloZBhx88k
MdU1DqUqwhNr4j5YCmwrg3tZIMTGRHPseWMsH6HDQ+AiNOA6MCFghaFPI9xbOGcG
bZVXgwK6+1KeqodrvY4/ElIprqX26Nzqc6z+g8iNHLjhoXT2ofVApo95TKVi8vF9
qzjsX5InB9a06hWhJtRQNvwugQsHSi7yIsMeF8slGcgJYqrl48maw9u9gwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFJwrxqjIzFQALOy3YoG4B4betU8iMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvbkN2R3FNak1WQUFzN0xkaWdiZ0hodDYxVHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAATARAwQHPqSAAwQF
PqmAAwMAVjYwDQYJKoZIhvcNAQELBQADggEBAENcw70c5tQvTEwoR7MENlwrH4B/
8nk5Zk0+7gfQW+OMVu2N1O2Yt0A3haLl8l7zTw1wg2CgjURyUmERjiQWUCdCK7hH
blbja8jddq2qWhjZSYZ1JOBn+icrxoUwWKFcaTIJf9rMp1MMEBzC1VbwLDtzPf5h
U63n6Q5IQbtBiyj77N9LQnIhcybiOGkdTQkHFMKm5+WOADCLJEQbzdcYkBFMo+RY
y/bTydo1AsEshRHns8/UYt51FWkOlDU9MvZJA/Bk7eniqdWegEY/w7z6aYa+Wcuh
uC2P4U6UIXexUyq6lTi50LbJJzM+OWIFsjMkKsyqTYASzGDCoo8bRJiTdMY=
-----END CERTIFICATE-----
Generated at Mon Apr 28 00:55:36 2025 by rpki-client