Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/5h4-W4AgLCpovtzL618NJw60w9E.roa
File: 5h4-W4AgLCpovtzL618NJw60w9E.roa (raw, json)
Hash identifier: zybYFeWdWAUsOz07cHXBPl1YGb7uOcr7ivb/AtuPQLc=
Subject key identifier: E6:1E:3E:5B:80:20:2C:2A:68:BE:DC:CB:EB:5F:0D:27:0E:B4:C3:D1
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018C62FB016BFF97831A42CDD85ADF4711F2
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/5h4-W4AgLCpovtzL618NJw60w9E.roa
Signing time: Wed 13 Dec 2023 11:41:06 +0000
ROA not before: Wed 13 Dec 2023 11:41:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
217.29.192.0/22 maxlen: 22
62.164.128.0/17 maxlen: 17
62.164.144.0/21 maxlen: 21
194.164.144.0/24 maxlen: 24
194.164.140.0/22 maxlen: 22
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
194.164.181.0/24 maxlen: 24
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
212.32.56.0/21 maxlen: 21
212.32.54.0/23 maxlen: 23
212.32.64.0/18 maxlen: 18
213.254.160.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.56.57.0/24 maxlen: 24
194.164.2.0/24 maxlen: 24
212.56.56.0/23 maxlen: 23
212.56.60.0/22 maxlen: 22
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
212.56.48.0/21 maxlen: 21
62.169.128.0/20 maxlen: 20
62.169.144.0/22 maxlen: 22
62.169.148.0/23 maxlen: 23
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
195.200.0.0/19 maxlen: 19
86.54.0.0/16 maxlen: 16
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:62:fb:01:6b:ff:97:83:1a:42:cd:d8:5a:df:47:11:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Dec 13 11:41:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e61e3e5b80202c2a68bedccbeb5f0d270eb4c3d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:30:73:80:d1:5f:a1:5d:c0:84:24:9d:c6:82:
47:9a:17:66:32:ae:fd:5d:05:da:64:5d:80:3f:2b:
56:fc:a2:1d:49:0e:36:94:53:f8:ac:29:fe:df:d8:
1e:8c:bb:70:58:42:1e:5f:ff:4b:e7:81:5a:e2:2e:
f4:ba:1c:c3:bd:18:ed:5f:6b:d4:93:1a:6e:0b:bc:
f7:9c:d1:7d:79:64:82:28:ac:f8:f2:f9:0f:05:97:
fd:99:76:33:62:16:de:8e:a4:5f:eb:ff:62:54:5d:
f4:ac:38:90:cc:92:dc:04:6f:d2:f3:6c:fc:ce:0d:
9e:fc:b9:72:fd:51:9a:77:0b:45:82:26:d5:12:11:
39:cd:a2:5e:52:7e:48:a0:14:7e:c9:eb:93:eb:7c:
8e:37:68:05:cf:9f:2f:19:60:f3:09:21:4c:05:bd:
b3:af:59:25:db:87:4c:72:48:93:de:af:8c:b1:3a:
59:c8:64:86:64:89:1f:90:3b:ca:37:a5:66:f3:53:
25:a1:40:e6:ff:16:8b:01:87:1a:48:db:98:e4:a3:
fb:4d:18:12:ac:33:8e:ed:b1:30:73:a5:4a:4d:38:
35:94:5a:8f:08:dc:bf:23:d7:2d:71:ac:09:3b:be:
b7:48:1e:f4:88:ea:bb:1d:66:1a:d2:c7:fa:b3:0a:
5a:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:1E:3E:5B:80:20:2C:2A:68:BE:DC:CB:EB:5F:0D:27:0E:B4:C3:D1
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/5h4-W4AgLCpovtzL618NJw60w9E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0-62.169.150.255
62.169.152.0-62.169.156.255
62.169.158.0/23
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.140.0-194.164.144.255
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.224.0/19
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.0.0/17
212.47.80.0/23
212.47.84.0/24
212.56.48.0-212.56.57.255
212.56.60.0/22
213.254.160.0/19
217.29.192.0/22
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
18:e0:3b:4f:3a:e9:5e:8d:27:df:06:a1:2e:ea:64:1c:17:dd:
e1:7c:9b:be:b8:c8:57:0f:ce:a1:9d:60:01:5f:ff:c7:f0:93:
1b:ad:e6:7c:3a:7a:f9:db:57:49:cd:d7:03:af:97:80:c2:5e:
a7:b5:9a:aa:9a:10:fa:7e:3a:c0:aa:b8:a6:ea:c7:5a:b7:e4:
80:af:5a:e5:56:02:bc:9a:4f:c5:cf:5c:4e:15:ca:4e:64:8b:
2a:d5:9f:9f:67:67:a9:16:16:d9:dd:02:d8:44:48:f8:70:00:
1b:76:ed:8d:ef:96:73:a3:7a:a3:11:02:08:91:e3:50:0c:61:
1b:a4:60:8b:dd:06:66:e2:bf:b9:bd:2d:a3:ff:5d:99:03:4a:
8e:f7:99:65:da:4c:50:2f:e0:6c:fb:d6:73:63:8e:8e:5c:b3:
f8:38:c6:de:d4:29:6c:53:fd:63:91:5a:07:40:9c:35:54:13:
36:10:a3:ef:ef:35:7b:6e:dc:b6:c0:15:a2:06:b2:29:aa:16:
fc:63:c3:48:f5:8e:c9:01:53:8a:9f:b7:a2:4a:57:73:8b:9a:
10:c8:25:26:4d:1d:ea:97:60:4a:45:7d:48:f3:7a:f4:1f:06:
91:af:c8:87:c4:8a:9f:7f:d4:da:04:70:77:9c:43:7e:ea:a7:
9a:f4:40:95
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgISAYxi+wFr/5eDGkLN2FrfRxHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjEzMTE0MTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFlM2U1YjgwMjAyYzJhNjhiZWRjY2JlYjVmMGQyNzBlYjRjM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjBzgNFfoV3AhCSdxoJHmhdmMq79
XQXaZF2APytW/KIdSQ42lFP4rCn+39gejLtwWEIeX/9L54Fa4i70uhzDvRjtX2vU
kxpuC7z3nNF9eWSCKKz48vkPBZf9mXYzYhbejqRf6/9iVF30rDiQzJLcBG/S82z8
zg2e/Lly/VGadwtFgibVEhE5zaJeUn5IoBR+yeuT63yON2gFz58vGWDzCSFMBb2z
r1kl24dMckiT3q+MsTpZyGSGZIkfkDvKN6Vm81MloUDm/xaLAYcaSNuY5KP7TRgS
rDOO7bEwc6VKTTg1lFqPCNy/I9ctcawJO763SB70iOq7HWYa0sf6swpa3QIDAQAB
o4IDITCCAx0wHQYDVR0OBBYEFOYePluAICwqaL7cy+tfDScOtMPRMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvNWg0LVc0QWdMQ3BvdnR6TDYxOE5KdzYwdzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNQYIKwYBBQUHAQcBAf8EggEkMIIBIDCCARwEAgABMIIB
FAMEBz6kgDAMAwQHPqmAAwQAPqmWMAwDBAM+qZgDBAA+qZwDBAE+qZ4DAwBWNgME
AcFsqAMEAsI+LAMEAMKkAgMEAMKkDAMEAMKkJgMEAsKkUDAMAwQAwqRVAwQAwqRW
AwQAwqRhAwQAwqRkAwQAwqRoAwQAwqRqAwQAwqRyMAwDBALCpIwDBADCpJADBADC
pLUDBADCpN8wDAMEAMKk5wMEAMKk6AMEAMKk7jAMAwQAwqTxAwQCwqTwAwQAwqT3
AwQFwxrgAwQBw7jkAwQAw7jsAwQAw7j1AwQFw8gAAwQH1CAAAwQB1C9QAwQA1C9U
MAwDBATUODADBAHUODgDBALUODwDBAXV/qADBALZHcADAwDZmjANBgkqhkiG9w0B
AQsFAAOCAQEAGOA7TzrpXo0n3wahLupkHBfd4XybvrjIVw/OoZ1gAV//x/CTG63m
fDp6+dtXSc3XA6+XgMJep7WaqpoQ+n46wKq4purHWrfkgK9a5VYCvJpPxc9cThXK
TmSLKtWfn2dnqRYW2d0C2ERI+HAAG3btje+Wc6N6oxECCJHjUAxhG6Rgi90GZuK/
ub0to/9dmQNKjveZZdpMUC/gbPvWc2OOjlyz+DjG3tQpbFP9Y5FaB0CcNVQTNhCj
7+81e27ctsAVogayKaoW/GPDSPWOyQFTip+3okpXc4uaEMglJk0d6pdgSkV9SPN6
9B8Gka/Ih8SKn3/U2gRwd5xDfuqnmvRAlQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:11:08 2025 by rpki-client