Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/DKVoPGbIpmIvTPWEUUMLPQxeKSU.roa
File: DKVoPGbIpmIvTPWEUUMLPQxeKSU.roa (raw, json)
Hash identifier: SNzfzwT9Og8wm2E12ZqMYNGKqAa3RIKC6Q3YorcfTWM=
Subject key identifier: 0C:A5:68:3C:66:C8:A6:62:2F:4C:F5:84:51:43:0B:3D:0C:5E:29:25
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018DC5FABBDB0D23D3114054B54D6AE2DE84
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/DKVoPGbIpmIvTPWEUUMLPQxeKSU.roa
Signing time: Tue 20 Feb 2024 10:06:00 +0000
ROA not before: Tue 20 Feb 2024 10:06:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 62.164.128.0/18 maxlen: 18
62.164.144.0/21 maxlen: 21
62.164.192.0/21 maxlen: 21
62.169.150.0/24 maxlen: 24
62.169.154.0/24 maxlen: 24
62.169.156.0/24 maxlen: 24
86.54.0.0/16 maxlen: 16
193.108.169.0/24 maxlen: 24
194.62.44.0/22 maxlen: 22
194.164.2.0/24 maxlen: 24
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.140.0/22 maxlen: 22
194.164.144.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.228.0/24 maxlen: 24
195.26.236.0/24 maxlen: 24
195.184.228.0/23 maxlen: 23
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
195.200.22.0/24 maxlen: 24
195.200.27.0/24 maxlen: 24
212.32.28.0/24 maxlen: 24
212.32.42.0/24 maxlen: 24
212.32.44.0/23 maxlen: 23
212.32.44.0/24 maxlen: 24
212.32.55.0/24 maxlen: 24
212.32.66.0/24 maxlen: 24
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
212.56.57.0/24 maxlen: 24
213.254.171.0/24 maxlen: 24
213.254.178.0/24 maxlen: 24
213.254.185.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
217.154.12.0/24 maxlen: 24
217.154.25.0/24 maxlen: 24
217.154.28.0/24 maxlen: 24
217.154.30.0/24 maxlen: 24
217.154.31.0/24 maxlen: 24
217.154.39.0/24 maxlen: 24
217.154.46.0/24 maxlen: 24
217.154.49.0/24 maxlen: 24
217.154.72.0/23 maxlen: 23
217.154.90.0/24 maxlen: 24
217.154.96.0/24 maxlen: 24
217.154.103.0/24 maxlen: 24
217.154.104.0/24 maxlen: 24
217.154.109.0/24 maxlen: 24
217.154.110.0/23 maxlen: 23
217.154.122.0/23 maxlen: 23
217.154.127.0/24 maxlen: 24
217.154.131.0/24 maxlen: 24
217.154.132.0/22 maxlen: 22
217.154.137.0/24 maxlen: 24
217.154.138.0/24 maxlen: 24
217.154.141.0/24 maxlen: 24
217.154.151.0/24 maxlen: 24
217.154.157.0/24 maxlen: 24
217.154.158.0/24 maxlen: 24
217.154.176.0/24 maxlen: 24
217.154.187.0/24 maxlen: 24
217.154.209.0/24 maxlen: 24
217.154.219.0/24 maxlen: 24
217.154.221.0/24 maxlen: 24
217.154.230.0/24 maxlen: 24
217.154.236.0/24 maxlen: 24
217.154.246.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:c5:fa:bb:db:0d:23:d3:11:40:54:b5:4d:6a:e2:de:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Feb 20 10:06:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0ca5683c66c8a6622f4cf58451430b3d0c5e2925
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:b4:dd:5b:6c:9d:9d:3f:5f:ce:43:11:b7:a6:
14:8e:51:5c:b8:bd:22:7f:19:80:f6:68:e1:ac:9e:
3b:f8:bd:d5:7b:81:bc:90:46:2d:56:7a:2d:32:0d:
ba:7c:e7:e7:c9:a6:3d:ac:0f:ac:23:6e:82:0c:00:
11:64:5a:e9:6c:bd:b8:3c:f2:85:6a:a8:e2:2d:65:
58:44:27:6b:89:f5:eb:b7:af:c9:b8:60:5e:3e:ad:
76:eb:a2:b0:54:80:14:48:ce:ed:a5:e9:de:a9:ba:
a1:1b:4d:c0:df:27:9a:b9:32:dd:f0:54:45:ea:3a:
d5:8b:de:a5:c6:8c:a6:24:83:1e:61:49:af:ee:44:
b4:ad:49:d4:b3:68:58:4c:54:77:1f:5a:e6:f8:53:
a7:5c:1e:5a:7a:4e:74:08:75:44:d3:fe:9c:38:84:
2f:00:e1:14:13:b6:64:b3:28:00:01:7d:80:d0:a0:
8e:e9:51:49:43:4d:36:48:dd:d8:c1:1c:83:c1:4c:
a3:2c:6d:38:72:26:31:a8:5f:1e:22:52:17:b6:be:
81:41:69:78:4c:f0:6b:87:f0:0b:4f:c2:0d:82:12:
72:59:4b:70:36:91:ca:38:d4:4f:a6:57:94:cf:a1:
7b:b9:5f:dd:87:65:91:14:b6:dc:81:44:6d:03:4f:
d7:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:A5:68:3C:66:C8:A6:62:2F:4C:F5:84:51:43:0B:3D:0C:5E:29:25
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/DKVoPGbIpmIvTPWEUUMLPQxeKSU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0-62.164.199.255
62.169.150.0/24
62.169.154.0/24
62.169.156.0/24
86.54.0.0/16
193.108.169.0/24
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.140.0-194.164.144.255
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.228.0/24
195.26.236.0/24
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.28.0/24
212.32.42.0/24
212.32.44.0/23
212.32.55.0/24
212.32.66.0/24
212.47.80.0/23
212.47.84.0/24
212.56.57.0/24
213.254.171.0/24
213.254.178.0/24
213.254.185.0/24
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a9:43:a9:b4:45:99:1a:11:cd:fc:fc:b2:61:9e:3e:ca:3a:f4:
73:9a:2c:23:2e:33:d9:87:ba:6c:07:72:0a:0d:ad:fb:13:cb:
3d:e5:02:83:b4:5a:64:f8:82:94:a8:21:5a:8c:cb:25:00:51:
69:e9:e3:8d:55:79:77:b3:01:51:89:36:f3:17:ea:b9:3a:49:
ad:6f:68:3e:74:dc:0e:54:cd:c5:df:ef:f6:9f:8e:87:3c:63:
65:31:e4:3d:ea:b5:2a:30:9e:dc:d5:9d:cf:c6:be:7e:cf:1f:
cb:3a:dd:a7:3d:9a:fb:d3:36:b4:ce:3f:7a:c1:cb:ae:fd:0a:
23:6f:b7:61:0b:11:3d:e3:11:69:8a:d1:a6:83:a4:10:58:fc:
34:84:e6:94:27:b2:c9:fe:ff:53:8c:07:e0:45:72:02:21:29:
02:ff:90:c4:af:41:85:c1:66:fc:ae:ff:4e:d7:d5:f5:17:bc:
0c:ff:3d:7a:f2:63:60:c8:e7:e8:0e:70:e5:67:d9:1b:17:d6:
e9:2a:be:ac:20:1d:2d:e6:76:3c:d0:c4:1b:90:71:11:f1:be:
49:39:07:b2:4c:ad:a7:bd:3b:82:27:85:5d:32:fb:2c:00:de:
fe:13:16:43:f6:18:62:3d:fe:13:6a:e0:e6:2f:5b:02:f7:9c:
7f:b3:30:87
-----BEGIN CERTIFICATE-----
MIIGIzCCBQugAwIBAgISAY3F+rvbDSPTEUBUtU1q4t6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjIwMTAwNjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2E1NjgzYzY2YzhhNjYyMmY0Y2Y1ODQ1MTQzMGIzZDBjNWUyOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7TdW2ydnT9fzkMRt6YUjlFcuL0i
fxmA9mjhrJ47+L3Ve4G8kEYtVnotMg26fOfnyaY9rA+sI26CDAARZFrpbL24PPKF
aqjiLWVYRCdrifXrt6/JuGBePq1266KwVIAUSM7tpeneqbqhG03A3yeauTLd8FRF
6jrVi96lxoymJIMeYUmv7kS0rUnUs2hYTFR3H1rm+FOnXB5aek50CHVE0/6cOIQv
AOEUE7ZksygAAX2A0KCO6VFJQ002SN3YwRyDwUyjLG04ciYxqF8eIlIXtr6BQWl4
TPBrh/ALT8INghJyWUtwNpHKONRPpleUz6F7uV/dh2WRFLbcgURtA0/XTQIDAQAB
o4IDLzCCAyswHQYDVR0OBBYEFAylaDxmyKZiL0z1hFFDCz0MXiklMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvREtWb1BHYklwbUl2VFBXRVVVTUxQUXhlS1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQwYIKwYBBQUHAQcBAf8EggEyMIIBLjCCASoEAgABMIIB
IjAMAwQHPqSAAwQDPqTAAwQAPqmWAwQAPqmaAwQAPqmcAwMAVjYDBADBbKkDBALC
PiwDBADCpAIDBADCpAwDBADCpCYDBALCpFAwDAMEAMKkVQMEAMKkVgMEAMKkYQME
AMKkZAMEAMKkaAMEAMKkagMEAMKkcjAMAwQCwqSMAwQAwqSQAwQAwqS1AwQAwqTf
MAwDBADCpOcDBADCpOgDBADCpO4wDAMEAMKk8QMEAsKk8AMEAMKk9wMEAMMa5AME
AMMa7AMEAcO45AMEAMO47AMEAMO49QMEBcPIAAMEANQgHAMEANQgKgMEAdQgLAME
ANQgNwMEANQgQgMEAdQvUAMEANQvVAMEANQ4OQMEANX+qwMEANX+sgMEANX+uQMD
ANmaMA0GCSqGSIb3DQEBCwUAA4IBAQCpQ6m0RZkaEc38/LJhnj7KOvRzmiwjLjPZ
h7psB3IKDa37E8s95QKDtFpk+IKUqCFajMslAFFp6eONVXl3swFRiTbzF+q5Okmt
b2g+dNwOVM3F3+/2n46HPGNlMeQ96rUqMJ7c1Z3Pxr5+zx/LOt2nPZr70za0zj96
wcuu/Qojb7dhCxE94xFpitGmg6QQWPw0hOaUJ7LJ/v9TjAfgRXICISkC/5DEr0GF
wWb8rv9O19X1F7wM/z168mNgyOfoDnDlZ9kbF9bpKr6sIB0t5nY80MQbkHER8b5J
OQeyTK2nvTuCJ4VdMvssAN7+ExZD9hhiPf4TauDmL1sC95x/szCH
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:46:39 2025 by rpki-client