Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/OyOtrwBUCnVyuOC9N3CCkZV7MTE.roa
File: OyOtrwBUCnVyuOC9N3CCkZV7MTE.roa (raw, json)
Hash identifier: fzGHRlF/CjiUfAAtNczcwUFM90ITPEsqqiXGGjWI8t4=
Subject key identifier: 3B:23:AD:AF:00:54:0A:75:72:B8:E0:BD:37:70:82:91:95:7B:31:31
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 0189E4CA5F1F77D84FBF0B709012A121BCB9
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/OyOtrwBUCnVyuOC9N3CCkZV7MTE.roa
Signing time: Fri 11 Aug 2023 13:30:15 +0000
ROA not before: Fri 11 Aug 2023 13:30:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.169.128.0/19 maxlen: 19
217.29.192.0/22 maxlen: 22
62.164.128.0/17 maxlen: 17
213.254.160.0/19 maxlen: 19
62.164.144.0/21 maxlen: 21
212.32.0.0/17 maxlen: 17
194.154.32.0/19 maxlen: 19
193.108.168.0/23 maxlen: 23
212.47.64.0/19 maxlen: 19
86.54.0.0/16 maxlen: 16
194.164.0.0/16 maxlen: 16
194.62.44.0/22 maxlen: 22
217.154.0.0/16 maxlen: 16
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
212.56.32.0/19 maxlen: 19
212.56.48.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:e4:ca:5f:1f:77:d8:4f:bf:0b:70:90:12:a1:21:bc:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Aug 11 13:30:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b23adaf00540a7572b8e0bd37708291957b3131
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a5:45:f2:65:8f:4b:ee:e9:8c:b1:38:38:78:
f0:a0:03:6d:40:1e:35:c5:a9:c3:ec:cf:45:5a:1f:
a6:cf:7b:d7:fb:7e:f8:df:29:3d:3f:c1:a3:ae:22:
61:d6:7d:fa:64:0c:e8:9a:54:e1:05:0b:75:21:af:
5a:72:63:15:47:f8:09:6a:d5:a5:a0:53:5f:0a:e3:
58:54:83:ce:8c:3f:1e:33:fe:26:8a:0e:30:92:15:
74:44:a3:ad:b3:00:22:cd:b7:d6:a9:71:d9:61:02:
6b:fb:46:be:1b:b2:7b:83:ab:a3:10:99:f9:1f:52:
9d:d9:01:79:ad:04:f5:6a:5e:6c:77:f6:b5:df:ea:
92:3f:6b:a2:27:59:66:5c:af:0f:9f:c9:f4:c1:ff:
a3:b2:8c:4a:bf:78:37:fa:80:35:be:4f:03:23:82:
9b:ef:82:f5:51:25:b3:b5:cb:3b:ee:c6:1c:69:50:
b2:85:d7:b4:a5:df:45:65:2c:2f:19:3d:8a:8d:79:
f5:cb:84:2f:9f:62:34:07:0a:96:2f:e8:c5:24:a9:
48:56:9a:94:f5:07:ad:36:7a:a8:f2:49:1e:f0:7d:
17:f4:b6:93:57:34:ed:c2:29:0c:4e:41:63:f0:de:
2f:1b:a3:3c:e2:db:8e:9b:4f:6d:ca:95:2a:ab:5e:
df:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:23:AD:AF:00:54:0A:75:72:B8:E0:BD:37:70:82:91:95:7B:31:31
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/OyOtrwBUCnVyuOC9N3CCkZV7MTE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0/19
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.154.32.0/19
194.164.0.0/16
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
212.47.64.0/19
212.56.32.0/19
213.254.160.0/19
217.29.192.0/22
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a4:7e:7d:08:fa:d9:ea:a0:3c:3e:9f:f7:f7:16:d3:fd:3e:98:
56:8b:12:51:e5:a7:35:e3:99:22:4f:df:ca:97:d4:f6:0d:cf:
6b:85:69:26:11:ba:e9:35:cf:80:1c:48:b9:55:dc:95:29:6b:
2e:cd:14:a9:f5:92:20:3d:88:00:e3:61:46:a3:28:4b:ca:3e:
3a:9c:1d:f9:a2:ef:74:a1:51:e6:6d:61:48:6f:38:05:43:fd:
80:9b:c2:24:69:f3:73:9e:cf:d9:fe:10:66:3a:1c:cb:b9:d9:
9d:b8:e3:57:98:64:92:83:06:a7:f0:d0:11:f0:e7:b8:89:cc:
e9:b9:cb:0a:00:63:14:fa:07:a7:97:78:91:61:a4:0d:f7:68:
95:87:3a:ca:d2:f9:d4:74:63:7b:cf:fc:f1:42:a4:34:97:2c:
1c:dc:39:7f:46:3e:9d:ec:9a:9b:09:2d:50:7b:17:69:d8:2c:
fd:97:2c:0d:a6:9b:d8:83:68:8a:42:a2:9a:95:d2:96:1e:72:
bc:45:b7:1a:79:3d:70:71:4f:72:dd:84:31:e2:1a:11:73:c8:
47:3f:63:09:f8:4a:63:af:78:cd:6d:2d:14:2f:1c:f8:be:85:
93:4c:05:a0:31:15:f0:ea:69:95:b4:17:fd:50:2a:ad:54:0e:
8e:d8:b5:fd
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYnkyl8fd9hPvwtwkBKhIby5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMwODExMTMzMDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjIzYWRhZjAwNTQwYTc1NzJiOGUwYmQzNzcwODI5MTk1N2IzMTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaVF8mWPS+7pjLE4OHjwoANtQB41
xanD7M9FWh+mz3vX+3743yk9P8GjriJh1n36ZAzomlThBQt1Ia9acmMVR/gJatWl
oFNfCuNYVIPOjD8eM/4mig4wkhV0RKOtswAizbfWqXHZYQJr+0a+G7J7g6ujEJn5
H1Kd2QF5rQT1al5sd/a13+qSP2uiJ1lmXK8Pn8n0wf+jsoxKv3g3+oA1vk8DI4Kb
74L1USWztcs77sYcaVCyhde0pd9FZSwvGT2KjXn1y4Qvn2I0BwqWL+jFJKlIVpqU
9QetNnqo8kke8H0X9LaTVzTtwikMTkFj8N4vG6M84tuOm09typUqq17fnwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFDsjra8AVAp1crjgvTdwgpGVezExMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvT3lPdHJ3QlVDblZ5dU9DOU4zQ0NrWlY3TVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBjBAIAATBdAwQHPqSAAwQF
PqmAAwMAVjYDBAHBbKgDBALCPiwDBAXCmiADAwDCpAMEBcMa4AMEBcO44AMEBcPI
AAMEB9QgAAMEBdQvQAMEBdQ4IAMEBdX+oAMEAtkdwAMDANmaMA0GCSqGSIb3DQEB
CwUAA4IBAQCkfn0I+tnqoDw+n/f3FtP9PphWixJR5ac145kiT9/Kl9T2Dc9rhWkm
EbrpNc+AHEi5VdyVKWsuzRSp9ZIgPYgA42FGoyhLyj46nB35ou90oVHmbWFIbzgF
Q/2Am8IkafNzns/Z/hBmOhzLudmduONXmGSSgwan8NAR8Oe4iczpucsKAGMU+gen
l3iRYaQN92iVhzrK0vnUdGN7z/zxQqQ0lywc3Dl/Rj6d7JqbCS1Qexdp2Cz9lywN
ppvYg2iKQqKaldKWHnK8RbcaeT1wcU9y3YQx4hoRc8hHP2MJ+Epjr3jNbS0ULxz4
voWTTAWgMRXw6mmVtBf9UCqtVA6O2LX9
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:16 2024 by rpki-client on console-fra.rpki-client.org