Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/2IGadDDrABp2JJtftNPXUui5UzQ.roa
File: 2IGadDDrABp2JJtftNPXUui5UzQ.roa (raw, json)
Hash identifier: C19aLsUgWAWHnLDdPW1Tv8nimGrms8ccC8ivSbKZl1Q=
Subject key identifier: D8:81:9A:74:30:EB:00:1A:76:24:9B:5F:B4:D3:D7:52:E8:B9:53:34
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018C3FA04B48AB64A61118ADDD96485E8461
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/2IGadDDrABp2JJtftNPXUui5UzQ.roa
Signing time: Wed 06 Dec 2023 14:55:18 +0000
ROA not before: Wed 06 Dec 2023 14:55:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8897
IP address blocks: 62.164.128.0/17 maxlen: 21
62.164.144.0/21 maxlen: 21
2001:15e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3f:a0:4b:48:ab:64:a6:11:18:ad:dd:96:48:5e:84:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Dec 6 14:55:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8819a7430eb001a76249b5fb4d3d752e8b95334
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:5a:23:81:27:c0:00:9e:64:ff:62:d3:9f:a7:
ce:e0:03:ac:03:22:85:f1:08:d3:21:dd:0c:fc:37:
c2:68:ca:09:b5:ea:fd:96:0a:3f:f4:6c:da:7f:5a:
57:b1:d4:61:27:ff:6b:a8:22:ad:91:2b:6a:cf:ab:
2f:74:c6:1a:c4:7b:73:f3:9d:52:b4:37:90:d9:28:
c2:bc:c9:6f:ca:13:a0:dc:7f:7c:a7:fa:ec:6c:d6:
38:61:90:25:a7:c5:eb:e1:de:69:be:2b:a1:7c:37:
f9:e4:c0:ad:27:67:26:60:f4:3c:a7:0d:58:60:b9:
48:13:9b:11:49:45:37:26:cd:91:9e:5b:d5:0c:86:
ec:fa:5e:8f:27:38:a4:7e:ee:ab:ba:1d:d1:b8:9e:
05:c6:86:7e:b3:0e:66:99:c7:d5:54:42:b5:80:77:
4f:fc:9a:42:b8:98:7c:de:14:8f:de:45:5f:aa:bc:
ce:f3:83:4d:0e:ea:2d:3a:a7:53:bd:f5:2b:6c:59:
c4:b7:c1:54:24:cb:98:f1:ae:a2:77:0f:52:6b:fd:
4b:21:8f:01:96:04:ba:04:fc:43:ca:63:cc:6e:13:
3b:e3:cc:2d:81:fd:e7:0d:a3:6f:4b:c8:97:4e:e1:
01:ae:38:a2:38:98:7c:88:03:44:5f:fd:ba:38:cb:
55:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:81:9A:74:30:EB:00:1A:76:24:9B:5F:B4:D3:D7:52:E8:B9:53:34
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/2IGadDDrABp2JJtftNPXUui5UzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
IPv6:
2001:15e0::/32
Signature Algorithm: sha256WithRSAEncryption
3d:c8:b1:6c:d6:6f:e1:ba:85:64:52:58:c7:e6:ac:83:c7:e7:
c7:b7:20:b4:58:e9:3a:63:01:4f:1e:96:20:36:60:66:ce:87:
e1:5e:76:f6:10:1a:f1:b6:1b:ac:ad:5d:d1:10:53:49:95:e7:
74:8c:09:50:11:e0:40:c7:82:fd:c5:55:3d:e0:dd:33:62:62:
b8:6b:ca:85:48:28:8c:ea:22:53:5b:e5:fc:fa:23:cf:3f:27:
75:29:53:5f:7e:09:85:5e:17:72:de:62:f6:6a:cd:6e:9d:83:
d3:23:5e:fa:7c:2c:5a:91:97:a7:00:2a:3c:85:33:b3:97:a2:
85:67:8b:e6:76:1d:c5:c2:bc:b6:11:a6:f6:5e:98:29:f7:35:
5e:11:69:d5:02:8b:cb:91:95:38:4f:35:d9:59:45:ef:5c:2c:
46:ca:23:79:a6:4b:1b:48:38:ee:1d:a0:7f:77:71:4c:e4:3b:
92:20:d2:fb:d8:fc:06:8e:a2:61:60:5e:a6:49:e1:c4:46:1e:
61:a6:60:4b:84:87:38:e3:f0:0f:14:31:97:5a:89:69:94:b6:
3b:12:86:2c:51:3b:80:8f:cf:5f:28:14:fe:22:08:3e:36:01:
74:41:e8:47:fd:83:74:1b:27:c9:1f:96:77:23:b4:9c:6c:36:
14:31:ee:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYw/oEtIq2SmERit3ZZIXoRhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjA2MTQ1NTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODgxOWE3NDMwZWIwMDFhNzYyNDliNWZiNGQzZDc1MmU4Yjk1MzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFojgSfAAJ5k/2LTn6fO4AOsAyKF
8QjTId0M/DfCaMoJter9lgo/9Gzaf1pXsdRhJ/9rqCKtkStqz6svdMYaxHtz851S
tDeQ2SjCvMlvyhOg3H98p/rsbNY4YZAlp8Xr4d5pviuhfDf55MCtJ2cmYPQ8pw1Y
YLlIE5sRSUU3Js2RnlvVDIbs+l6PJzikfu6ruh3RuJ4FxoZ+sw5mmcfVVEK1gHdP
/JpCuJh83hSP3kVfqrzO84NNDuotOqdTvfUrbFnEt8FUJMuY8a6idw9Sa/1LIY8B
lgS6BPxDymPMbhM748wtgf3nDaNvS8iXTuEBrjiiOJh8iANEX/26OMtVIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNiBmnQw6wAadiSbX7TT11LouVM0MB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvMklHYWRERHJBQnAySkp0ZnROUFhVdWk1VXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHPqSAMA0E
AgACMAcDBQAgARXgMA0GCSqGSIb3DQEBCwUAA4IBAQA9yLFs1m/huoVkUljH5qyD
x+fHtyC0WOk6YwFPHpYgNmBmzofhXnb2EBrxthusrV3REFNJled0jAlQEeBAx4L9
xVU94N0zYmK4a8qFSCiM6iJTW+X8+iPPPyd1KVNffgmFXhdy3mL2as1unYPTI176
fCxakZenACo8hTOzl6KFZ4vmdh3Fwry2Eab2Xpgp9zVeEWnVAovLkZU4TzXZWUXv
XCxGyiN5pksbSDjuHaB/d3FM5DuSINL72PwGjqJhYF6mSeHERh5hpmBLhIc44/AP
FDGXWolplLY7EoYsUTuAj89fKBT+Igg+NgF0QehH/YN0GyfJH5Z3I7ScbDYUMe5i
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:51 2024 by rpki-client on console-ams.rpki-client.org