Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/r4l8aHDKjmnp34I8_OmjQ7uFeW8.roa
File: r4l8aHDKjmnp34I8_OmjQ7uFeW8.roa (raw, json)
Hash identifier: aMauGQXnTHrBqxN2imwv3UJ1cZCiW27ASAb71SeUhFM=
Subject key identifier: AF:89:7C:68:70:CA:8E:69:E9:DF:82:3C:FC:E9:A3:43:BB:85:79:6F
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018D3B11150D4B88DEFEDE576EFB58B8FA4A
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/r4l8aHDKjmnp34I8_OmjQ7uFeW8.roa
Signing time: Wed 24 Jan 2024 10:43:11 +0000
ROA not before: Wed 24 Jan 2024 10:43:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206509
IP address blocks: 62.164.128.0/17 maxlen: 21
62.164.144.0/21 maxlen: 21
62.169.154.0/24 maxlen: 24
86.54.0.0/16 maxlen: 16
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
194.164.97.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
213.254.160.0/19 maxlen: 19
217.29.192.0/20 maxlen: 22
217.154.0.0/16 maxlen: 16
2001:15e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3b:11:15:0d:4b:88:de:fe:de:57:6e:fb:58:b8:fa:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 24 10:43:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=af897c6870ca8e69e9df823cfce9a343bb85796f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:d4:7b:28:89:55:0d:71:b0:22:e4:a8:87:fa:
7e:d7:4d:91:83:81:63:ea:35:06:a8:59:bb:f3:c3:
ee:5f:3b:cb:cc:be:fd:28:c7:2e:43:83:11:62:cd:
9f:da:58:79:70:b6:ee:bf:91:7e:9f:04:8f:89:ec:
98:20:1a:05:76:92:05:04:2f:fe:ee:54:99:ee:23:
78:b3:39:71:97:95:32:5a:7b:7f:eb:eb:46:56:41:
fc:6a:85:38:38:ce:45:91:72:6c:f3:3d:7d:b9:82:
2d:f4:36:9d:85:d4:18:b1:2a:3c:68:9c:07:d9:d6:
1e:c9:de:83:85:de:b1:1d:17:fd:1d:ba:6c:7e:b4:
aa:5d:bc:66:fa:d3:96:9f:bf:da:94:ca:ed:ec:20:
be:87:99:1f:7a:d2:72:ab:a6:bd:c0:58:c6:1d:1a:
c2:d9:40:06:0d:a8:99:3c:14:1b:36:e4:20:3c:bd:
26:df:df:99:ca:61:13:89:09:44:9e:79:02:d3:f7:
17:20:44:59:53:f3:b0:1a:63:91:72:0e:6a:e3:f2:
79:3f:f7:5b:1f:5a:87:22:a5:2b:34:5b:88:dc:a5:
1c:10:40:06:df:ce:48:4a:78:a9:61:82:5b:d7:b2:
a5:25:b8:0a:5a:3b:37:b2:9b:f7:55:31:1f:cd:0f:
6f:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:89:7C:68:70:CA:8E:69:E9:DF:82:3C:FC:E9:A3:43:BB:85:79:6F
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/r4l8aHDKjmnp34I8_OmjQ7uFeW8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.154.0/24
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.97.0/24
194.164.114.0/24
194.164.181.0/24
195.26.224.0/19
195.200.0.0/19
212.32.0.0/17
213.254.160.0/19
217.29.192.0/20
217.154.0.0/16
IPv6:
2001:15e0::/32
Signature Algorithm: sha256WithRSAEncryption
23:b4:1b:78:20:de:fb:b9:a4:76:41:b2:75:12:fa:ec:38:64:
22:68:5d:d5:3d:41:b5:ae:a9:bb:be:8a:7d:b5:f3:cb:df:fd:
68:fe:ac:8c:e5:36:ad:19:69:c1:ca:79:5a:92:4d:02:a0:11:
8b:39:f9:c0:85:f9:ff:5a:ba:d8:3e:72:6f:b3:90:20:9f:d2:
4e:f9:3f:d9:df:4f:a0:7d:86:fc:40:7b:5c:cd:96:62:e5:2b:
bb:1c:5d:70:ff:88:61:66:89:9d:81:2f:fe:7d:56:09:8c:9e:
82:50:bb:9a:90:34:9c:a3:0f:cb:33:e7:b0:8a:be:51:cc:fa:
c4:26:e2:e9:f2:fc:cc:5e:24:e3:0c:c9:9e:f3:10:06:80:25:
2f:2d:67:f9:5e:1a:eb:e1:af:cb:74:86:de:16:55:04:c6:d0:
26:69:3e:72:22:05:ac:76:a8:b3:4e:61:c5:ff:1a:2b:24:af:
73:3b:33:73:16:52:19:46:70:cd:62:ae:d6:ce:4d:a3:3d:63:
41:e4:3c:aa:40:fa:fd:36:c1:e9:0f:b1:bf:2a:d6:e0:95:50:
d8:96:49:fe:b8:19:96:de:ed:eb:3f:74:15:89:a5:f6:51:55:
b0:dc:c7:c6:13:71:1e:d1:2d:2b:d2:8a:b1:8f:0e:84:10:ef:
0e:e7:54:dc
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAY07ERUNS4je/t5XbvtYuPpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMTI0MTA0MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjg5N2M2ODcwY2E4ZTY5ZTlkZjgyM2NmY2U5YTM0M2JiODU3OTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9R7KIlVDXGwIuSoh/p+102Rg4Fj
6jUGqFm788PuXzvLzL79KMcuQ4MRYs2f2lh5cLbuv5F+nwSPieyYIBoFdpIFBC/+
7lSZ7iN4szlxl5UyWnt/6+tGVkH8aoU4OM5FkXJs8z19uYIt9DadhdQYsSo8aJwH
2dYeyd6Dhd6xHRf9HbpsfrSqXbxm+tOWn7/alMrt7CC+h5kfetJyq6a9wFjGHRrC
2UAGDaiZPBQbNuQgPL0m39+ZymETiQlEnnkC0/cXIERZU/OwGmORcg5q4/J5P/db
H1qHIqUrNFuI3KUcEEAG385ISnipYYJb17KlJbgKWjs3spv3VTEfzQ9vWwIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFK+JfGhwyo5p6d+CPPzpo0O7hXlvMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvcjRsOGFIREtqbW5wMzRJOF9PbWpRN3VGZVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSAwQHPqSAAwQA
PqmaAwMAVjYDBAHBbKgDBALCPiwDBADCpGEDBADCpHIDBADCpLUDBAXDGuADBAXD
yAADBAfUIAADBAXV/qADBATZHcADAwDZmjANBAIAAjAHAwUAIAEV4DANBgkqhkiG
9w0BAQsFAAOCAQEAI7QbeCDe+7mkdkGydRL67DhkImhd1T1Bta6pu76KfbXzy9/9
aP6sjOU2rRlpwcp5WpJNAqARizn5wIX5/1q62D5yb7OQIJ/STvk/2d9PoH2G/EB7
XM2WYuUruxxdcP+IYWaJnYEv/n1WCYyeglC7mpA0nKMPyzPnsIq+Ucz6xCbi6fL8
zF4k4wzJnvMQBoAlLy1n+V4a6+Gvy3SG3hZVBMbQJmk+ciIFrHaos05hxf8aKySv
czszcxZSGUZwzWKu1s5Noz1jQeQ8qkD6/TbB6Q+xvyrW4JVQ2JZJ/rgZlt7t6z90
FYml9lFVsNzHxhNxHtEtK9KKsY8OhBDvDudU3A==
-----END CERTIFICATE-----
Generated at Sun Jun 15 06:23:52 2025 by rpki-client