Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/4oM7sAdkxNazUvQcQHGW6vwZ0OI.roa
File: 4oM7sAdkxNazUvQcQHGW6vwZ0OI.roa (raw, json)
Hash identifier: 88+Ka638iMO8XZlsxpYp2TjiuU2n4wuujS68GKA8yW4=
Subject key identifier: E2:83:3B:B0:07:64:C4:D6:B3:52:F4:1C:40:71:96:EA:FC:19:D0:E2
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018C1BC01948040AF1D1C8F543DAA8D077EE
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/4oM7sAdkxNazUvQcQHGW6vwZ0OI.roa
Signing time: Wed 29 Nov 2023 15:43:43 +0000
ROA not before: Wed 29 Nov 2023 15:43:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.169.128.0/19 maxlen: 19
62.169.128.0/20 maxlen: 20
217.29.192.0/22 maxlen: 22
62.169.144.0/22 maxlen: 22
62.164.128.0/17 maxlen: 17
62.169.148.0/23 maxlen: 23
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.164.144.0/21 maxlen: 21
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
194.154.32.0/19 maxlen: 19
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
212.32.56.0/21 maxlen: 21
212.32.54.0/23 maxlen: 23
212.32.64.0/18 maxlen: 18
213.254.160.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.47.64.0/19 maxlen: 19
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
86.54.0.0/16 maxlen: 16
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.56.56.0/23 maxlen: 23
194.164.0.0/16 maxlen: 16
212.56.60.0/22 maxlen: 22
217.154.0.0/16 maxlen: 16
212.56.48.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1b:c0:19:48:04:0a:f1:d1:c8:f5:43:da:a8:d0:77:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Nov 29 15:43:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e2833bb00764c4d6b352f41c407196eafc19d0e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:09:a6:33:6a:e4:88:d6:ef:fe:10:c9:b5:70:
9a:86:00:51:7b:f6:27:21:0d:7e:1d:a5:e7:5c:58:
aa:22:b8:18:7d:58:4a:33:30:3b:c6:76:da:79:82:
e3:b6:20:da:12:2b:15:71:00:d1:75:19:22:39:fc:
ed:f8:cd:de:65:92:5f:3d:82:12:e9:b8:89:99:4f:
ec:e1:a2:8a:89:66:9d:18:49:b6:83:29:7d:e2:28:
d8:e7:d9:03:ab:16:88:9a:6d:4c:26:b0:95:b1:66:
4b:54:79:e0:a7:68:27:18:bd:7c:63:1f:e1:15:ab:
f0:3f:39:f8:f0:c6:07:37:dd:f2:00:18:e6:78:28:
b1:8e:31:ff:24:3f:c3:0d:c0:57:50:3a:4f:d1:cd:
fa:88:4a:63:60:41:89:91:c0:c2:12:f0:3f:40:2f:
40:6f:da:34:83:2f:54:7d:41:36:df:83:90:2c:47:
83:50:a2:68:24:47:51:a9:e1:8d:db:58:cd:55:c4:
33:7b:e1:f9:07:85:32:c8:81:42:94:06:bf:94:b6:
e5:00:51:b9:cf:2a:a0:f8:01:62:a0:39:34:75:5f:
5d:a9:89:78:31:01:1f:57:9d:a2:bc:53:22:3e:e1:
90:4f:37:2e:0d:2e:09:65:3e:bc:c5:7b:1e:a4:b7:
cb:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:83:3B:B0:07:64:C4:D6:B3:52:F4:1C:40:71:96:EA:FC:19:D0:E2
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/4oM7sAdkxNazUvQcQHGW6vwZ0OI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0/19
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.154.32.0/19
194.164.0.0/16
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
212.47.64.0/19
212.56.48.0-212.56.57.255
212.56.60.0/22
213.254.160.0/19
217.29.192.0/22
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
78:55:25:e0:d5:5e:70:f1:91:e0:a0:a4:9c:5b:8d:02:2b:46:
71:ec:4e:e0:e0:92:62:74:ba:45:a9:86:80:86:76:13:70:2c:
ca:85:cb:09:24:1a:05:75:ce:21:8b:0a:c1:6d:43:2c:99:d2:
b9:4d:87:7d:e1:fd:d1:67:9a:d8:cb:b7:d3:ef:94:25:da:cd:
fd:f1:8e:c1:83:e1:65:7e:78:52:8b:2d:95:f6:71:af:42:9d:
ba:81:f4:60:86:67:e5:07:95:7a:99:d9:14:76:b6:ad:8d:85:
24:d1:e0:11:48:be:c0:c4:82:06:75:9d:40:fc:d9:fe:c3:bd:
c9:63:91:82:bc:cb:b6:41:08:8e:3e:7a:3c:1e:6d:17:77:fe:
d6:da:78:b6:86:a1:d3:8d:e4:20:87:5b:b2:15:28:01:7b:08:
c8:87:13:bc:75:62:a4:0a:95:26:aa:be:e1:d7:5b:50:87:fd:
8f:c4:0b:9e:82:13:4e:f8:d1:93:b6:40:73:7c:84:32:8a:37:
54:be:02:f5:9d:1a:8a:e8:33:d5:f8:c4:fb:60:07:f9:52:24:
b8:f4:81:59:76:a4:02:72:8d:21:f5:4f:69:cf:66:b6:30:1d:
99:10:7c:d6:67:03:7e:47:0e:79:dc:d0:d8:b8:65:11:fe:7d:
d5:86:0b:37
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYwbwBlIBArx0cj1Q9qo0HfuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMTI5MTU0MzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjgzM2JiMDA3NjRjNGQ2YjM1MmY0MWM0MDcxOTZlYWZjMTlkMGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgmmM2rkiNbv/hDJtXCahgBRe/Yn
IQ1+HaXnXFiqIrgYfVhKMzA7xnbaeYLjtiDaEisVcQDRdRkiOfzt+M3eZZJfPYIS
6biJmU/s4aKKiWadGEm2gyl94ijY59kDqxaImm1MJrCVsWZLVHngp2gnGL18Yx/h
FavwPzn48MYHN93yABjmeCixjjH/JD/DDcBXUDpP0c36iEpjYEGJkcDCEvA/QC9A
b9o0gy9UfUE234OQLEeDUKJoJEdRqeGN21jNVcQze+H5B4UyyIFClAa/lLblAFG5
zyqg+AFioDk0dV9dqYl4MQEfV52ivFMiPuGQTzcuDS4JZT68xXsepLfLnQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFOKDO7AHZMTWs1L0HEBxlur8GdDiMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvNG9NN3NBZGt4TmF6VXZRY1FIR1c2dndaME9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwcQQCAAEwawMEBz6kgAME
BT6pgAMDAFY2AwQBwWyoAwQCwj4sAwQFwpogAwMAwqQDBAXDGuADBAXDuOADBAXD
yAADBAfUIAADBAXUL0AwDAMEBNQ4MAMEAdQ4OAMEAtQ4PAMEBdX+oAMEAtkdwAMD
ANmaMA0GCSqGSIb3DQEBCwUAA4IBAQB4VSXg1V5w8ZHgoKScW40CK0Zx7E7g4JJi
dLpFqYaAhnYTcCzKhcsJJBoFdc4hiwrBbUMsmdK5TYd94f3RZ5rYy7fT75Ql2s39
8Y7Bg+FlfnhSiy2V9nGvQp26gfRghmflB5V6mdkUdratjYUk0eARSL7AxIIGdZ1A
/Nn+w73JY5GCvMu2QQiOPno8Hm0Xd/7W2ni2hqHTjeQgh1uyFSgBewjIhxO8dWKk
CpUmqr7h11tQh/2PxAueghNO+NGTtkBzfIQyijdUvgL1nRqK6DPV+MT7YAf5UiS4
9IFZdqQCco0h9U9pz2a2MB2ZEHzWZwN+Rw553NDYuGUR/n3Vhgs3
-----END CERTIFICATE-----
Generated at Tue Dec 5 13:20:46 2023 by rpki-client on console-ams.rpki-client.org