Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/hqtl6nZIqHBV3Lff9epfhoTg1So.roa
File: hqtl6nZIqHBV3Lff9epfhoTg1So.roa (raw, json)
Hash identifier: ztLCuNQWjIJRW+qzgQagija5amQOJw7XjaUYz78Ib78=
Subject key identifier: 86:AB:65:EA:76:48:A8:70:55:DC:B7:DF:F5:EA:5F:86:84:E0:D5:2A
Certificate issuer: /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial: 0195B7954C81BC12F38C926B841AA237CA05
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/hqtl6nZIqHBV3Lff9epfhoTg1So.roa
Signing time: Fri 21 Mar 2025 07:22:49 +0000
ROA not before: Fri 21 Mar 2025 07:22:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56655
IP address blocks: 45.88.200.0/24 maxlen: 24
45.88.201.0/24 maxlen: 24
45.88.202.0/24 maxlen: 24
151.216.40.0/22 maxlen: 24
185.14.97.0/24 maxlen: 24
185.125.168.0/22 maxlen: 22
185.181.60.0/22 maxlen: 22
185.243.216.0/24 maxlen: 24
185.243.217.0/24 maxlen: 24
185.243.218.0/24 maxlen: 24
193.200.238.0/24 maxlen: 24
193.243.189.0/24 maxlen: 24
194.32.107.0/24 maxlen: 24
195.16.73.0/24 maxlen: 24
198.140.141.0/24 maxlen: 24
2a03:94e0::/32 maxlen: 32
2a03:94e1::/32 maxlen: 32
2a03:94e2::/32 maxlen: 32
2a03:94e3::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b7:95:4c:81:bc:12:f3:8c:92:6b:84:1a:a2:37:ca:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Validity
Not Before: Mar 21 07:22:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86ab65ea7648a87055dcb7dff5ea5f8684e0d52a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:33:49:35:dd:2f:37:75:ad:85:69:c3:dc:59:
cd:5f:66:95:69:a1:f6:e9:e2:21:9d:2a:8b:87:7d:
c7:ed:b6:bf:d7:e5:9f:e0:be:75:6f:1b:09:ed:3a:
9a:d4:7d:17:46:b7:48:9b:1b:ee:6a:c7:2b:0f:af:
50:77:d4:5e:03:f3:df:20:1f:14:43:f7:e7:3d:4e:
e4:2d:85:02:3a:ca:40:62:94:c2:f7:f9:d8:4c:00:
7c:00:d1:8f:d2:7f:d9:7a:fd:88:46:1f:26:61:20:
c8:7a:00:95:97:db:ed:51:70:8a:c6:b2:15:92:22:
11:5d:c0:da:5f:26:7a:23:c3:41:31:b6:fa:e1:24:
6f:23:e8:55:24:ff:74:67:a8:41:45:e9:f3:d5:ad:
38:5d:a0:e5:72:17:16:a9:9b:92:0b:a9:c7:1c:3d:
cf:9b:4f:e9:ee:c5:cd:f6:10:1c:43:a2:a9:97:28:
fe:de:1b:73:39:e7:c8:93:fd:ab:11:80:12:b9:0c:
52:99:8b:5a:00:40:fd:b8:57:ff:89:48:f1:6e:e5:
10:fc:62:d9:95:f7:0a:d8:ed:07:50:79:6f:5e:7a:
b1:c9:fe:aa:72:ad:16:bb:8d:07:48:26:15:a8:f1:
5e:96:df:99:99:31:58:54:56:48:8c:44:74:19:80:
36:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:AB:65:EA:76:48:A8:70:55:DC:B7:DF:F5:EA:5F:86:84:E0:D5:2A
X509v3 Authority Key Identifier:
keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/hqtl6nZIqHBV3Lff9epfhoTg1So.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.88.200.0-45.88.202.255
151.216.40.0/22
185.14.97.0/24
185.125.168.0/22
185.181.60.0/22
185.243.216.0-185.243.218.255
193.200.238.0/24
193.243.189.0/24
194.32.107.0/24
195.16.73.0/24
198.140.141.0/24
IPv6:
2a03:94e0::/30
Signature Algorithm: sha256WithRSAEncryption
28:c0:6f:2d:cf:8a:27:e5:02:b0:1c:07:08:dc:cc:57:c9:0a:
d3:84:74:98:20:0b:c3:1e:79:84:e4:af:e3:ea:c1:8e:c7:01:
96:09:8b:9a:5e:7b:8f:e2:33:2b:3c:41:12:65:9f:a9:b0:17:
38:74:ae:48:9a:46:8c:d2:12:a3:8e:55:88:d8:0b:fb:e7:d3:
9f:bd:e4:ae:59:07:b3:6e:13:0b:c4:a0:03:4c:80:c7:d3:65:
bd:93:49:1c:3c:c4:c4:a2:ff:73:ce:99:7d:72:47:ac:ee:e8:
96:7d:04:f7:ed:6f:6b:e7:d7:bb:57:db:a4:2f:26:4f:86:67:
6e:27:42:18:07:08:fd:2a:00:6f:6b:4b:3a:b5:fa:b5:24:b5:
da:8b:d3:8c:b2:c4:2b:a7:ca:4e:85:f1:23:1a:83:a0:f0:fa:
16:ae:f7:67:ab:ce:27:df:b8:2c:4a:1c:c8:a5:f4:36:39:87:
2a:9e:62:40:82:6f:d5:57:bd:81:00:eb:f7:3d:c4:12:3e:10:
a3:44:76:1e:34:93:c0:db:c0:28:02:b0:d0:d2:8a:4a:aa:ee:
b6:89:5a:55:75:73:e3:9e:fe:19:89:dd:4d:c7:ae:8f:43:cb:
d4:b3:3c:39:f7:ab:34:97:f1:d6:ee:b6:68:7a:bf:44:ca:9c:
e7:1e:50:70
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAZW3lUyBvBLzjJJrhBqiN8oFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjUwMzIxMDcyMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmFiNjVlYTc2NDhhODcwNTVkY2I3ZGZmNWVhNWY4Njg0ZTBkNTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzNJNd0vN3WthWnD3FnNX2aVaaH2
6eIhnSqLh33H7ba/1+Wf4L51bxsJ7Tqa1H0XRrdImxvuascrD69Qd9ReA/PfIB8U
Q/fnPU7kLYUCOspAYpTC9/nYTAB8ANGP0n/Zev2IRh8mYSDIegCVl9vtUXCKxrIV
kiIRXcDaXyZ6I8NBMbb64SRvI+hVJP90Z6hBRenz1a04XaDlchcWqZuSC6nHHD3P
m0/p7sXN9hAcQ6Kplyj+3htzOefIk/2rEYASuQxSmYtaAED9uFf/iUjxbuUQ/GLZ
lfcK2O0HUHlvXnqxyf6qcq0Wu40HSCYVqPFelt+ZmTFYVFZIjER0GYA2RQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFIarZep2SKhwVdy33/XqX4aE4NUqMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvaHF0bDZuWklxSEJWM0xmZjllcGZob1RnMVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSMAwDBAMtWMgD
BAAtWMoDBAKX2CgDBAC5DmEDBAK5fagDBAK5tTwwDAMEA7nz2AMEALnz2gMEAMHI
7gMEAMHzvQMEAMIgawMEAMMQSQMEAMaMjTANBAIAAjAHAwUCKgOU4DANBgkqhkiG
9w0BAQsFAAOCAQEAKMBvLc+KJ+UCsBwHCNzMV8kK04R0mCALwx55hOSv4+rBjscB
lgmLml57j+IzKzxBEmWfqbAXOHSuSJpGjNISo45ViNgL++fTn73krlkHs24TC8Sg
A0yAx9NlvZNJHDzExKL/c86ZfXJHrO7oln0E9+1va+fXu1fbpC8mT4ZnbidCGAcI
/SoAb2tLOrX6tSS12ovTjLLEK6fKToXxIxqDoPD6Fq73Z6vOJ9+4LEocyKX0NjmH
Kp5iQIJv1Ve9gQDr9z3EEj4Qo0R2HjSTwNvAKAKw0NKKSqrutolaVXVz457+GYnd
Tceuj0PL1LM8OferNJfx1u62aHq/RMqc5x5QcA==
-----END CERTIFICATE-----
Generated at Mon Apr 21 16:39:47 2025 by rpki-client