Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/P6X6gdER7zDYdI_VbmSPr2Pp0V8.roa
File: P6X6gdER7zDYdI_VbmSPr2Pp0V8.roa (raw, json)
Hash identifier: w6uv7qW886tVP/WkADLQTvYtbyt4r4RNBgI3NWto7Sg=
Subject key identifier: 3F:A5:FA:81:D1:11:EF:30:D8:74:8F:D5:6E:64:8F:AF:63:E9:D1:5F
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 38398C23
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/P6X6gdER7zDYdI_VbmSPr2Pp0V8.roa
Signing time: Sat 01 Jan 2022 09:06:22 +0000
ROA not before: Sat 01 Jan 2022 09:06:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8897
IP address blocks: 62.164.128.0/17 maxlen: 21
62.164.144.0/21 maxlen: 21
194.154.32.0/19 maxlen: 19
2001:15e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 943295523 (0x38398c23)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 1 09:06:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3fa5fa81d111ef30d8748fd56e648faf63e9d15f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:25:40:a3:55:ae:01:b5:aa:af:70:36:65:a1:
9c:69:0c:86:26:93:0c:43:22:0b:e7:07:08:60:0c:
87:94:92:09:bb:77:b1:1e:07:6b:f6:92:29:6e:40:
d8:e0:6e:f7:2f:ea:08:06:f1:e6:0c:70:59:c5:80:
1a:ef:97:4e:99:12:c9:6a:8a:44:00:69:a6:e2:d2:
4d:58:6d:a1:8b:6f:75:0a:14:26:0b:56:8f:cc:7c:
c1:f4:8d:bc:76:1a:4d:7a:f5:e9:1a:9b:75:36:01:
5b:37:1a:fb:73:99:8d:8a:ab:7b:b3:c3:9a:7f:4b:
b9:3f:5a:7a:4c:eb:7a:de:fa:7a:77:e7:de:d2:af:
ef:93:8f:f9:61:32:44:14:8d:f9:06:40:e2:6b:7d:
6e:a5:99:4b:25:a0:a3:d5:b6:db:23:ed:e1:1b:5e:
39:9b:11:aa:8b:62:2c:0f:b3:6c:1d:d3:d9:ec:71:
37:0f:d9:cb:ac:9a:90:1e:5c:b8:95:94:15:79:95:
25:f8:60:fe:6a:0c:2a:3e:a6:00:29:9e:cd:7a:5a:
a4:56:28:ac:e4:26:3f:01:b3:e9:b8:0a:2c:1d:54:
40:71:6b:60:e2:62:13:d1:fd:48:51:f1:15:ce:7b:
1a:fe:40:9a:c9:7d:0f:ba:6d:d5:a6:37:2f:74:9b:
da:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:A5:FA:81:D1:11:EF:30:D8:74:8F:D5:6E:64:8F:AF:63:E9:D1:5F
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/P6X6gdER7zDYdI_VbmSPr2Pp0V8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
194.154.32.0/19
IPv6:
2001:15e0::/32
Signature Algorithm: sha256WithRSAEncryption
8b:20:d2:71:fc:8e:f1:6a:d3:16:44:f4:d0:55:b1:a5:38:91:
e4:cb:4e:c5:57:c7:02:e5:ed:57:58:19:f3:18:0d:96:50:fd:
2f:6d:25:2f:e0:f5:51:92:dc:2a:24:f4:99:38:92:4c:2c:49:
ac:af:c0:f8:01:ef:8f:98:b4:33:03:0d:6c:af:3d:83:51:c8:
ed:ec:ba:91:78:ab:54:0f:f9:f5:a4:3d:5c:d4:18:32:4a:dc:
00:50:68:d0:85:3c:0b:4c:ad:1b:92:41:d7:a7:55:ae:17:36:
fc:ab:85:2b:a4:d4:5e:4f:09:1c:1c:83:57:e3:20:05:c3:92:
f0:21:cb:e3:9c:7b:d0:52:07:07:c8:85:b2:04:f0:f9:0e:80:
32:98:65:23:bb:9d:d4:c6:5c:62:95:ae:a8:a4:25:27:06:f5:
8b:e7:d9:73:b7:3d:60:1a:10:22:54:ad:bf:b9:21:90:61:17:
2f:8a:9d:23:8a:8c:6c:22:70:d5:18:21:05:48:c4:67:30:5a:
05:64:74:80:c0:7c:5b:e0:64:1c:b6:68:c0:89:b3:ac:7d:18:
fe:47:94:77:21:8d:c3:3a:63:9b:26:3f:3e:93:cb:c9:fc:57:
ce:53:8e:de:9e:87:83:1d:41:92:a2:91:00:92:33:9a:a8:c1:
d9:e0:20:9b
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEODmMIzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZDAxZjRkZmZkNmZiYTY2Y2RmOGMzNzRjOWIwZjA0NzU1MjcwNWRkMB4XDTIyMDEw
MTA5MDYyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2ZhNWZhODFkMTEx
ZWYzMGQ4NzQ4ZmQ1NmU2NDhmYWY2M2U5ZDE1ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJclQKNVrgG1qq9wNmWhnGkMhiaTDEMiC+cHCGAMh5SSCbt3
sR4Ha/aSKW5A2OBu9y/qCAbx5gxwWcWAGu+XTpkSyWqKRABppuLSTVhtoYtvdQoU
JgtWj8x8wfSNvHYaTXr16RqbdTYBWzca+3OZjYqre7PDmn9LuT9aekzret76enfn
3tKv75OP+WEyRBSN+QZA4mt9bqWZSyWgo9W22yPt4RteOZsRqotiLA+zbB3T2exx
Nw/Zy6yakB5cuJWUFXmVJfhg/moMKj6mACmezXpapFYorOQmPwGz6bgKLB1UQHFr
YOJiE9H9SFHxFc57Gv5Amsl9D7pt1aY3L3Sb2gsCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQ/pfqB0RHvMNh0j9VuZI+vY+nRXzAfBgNVHSMEGDAWgBQdAfTf/W+6Zs34
w3TJsPBHVScF3TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hRSDAzXzF2dW1iTi1NTjB5YkR3UjFVbkJkMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvYjgwMzg0LWYyZmUtNDQ1Ni05Y2FlLWZlNGEwMmNhZWY3Zi8x
L1A2WDZnZEVSN3pEWWRJX1ZibVNQcjJQcDBWOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYv
YjgwMzg0LWYyZmUtNDQ1Ni05Y2FlLWZlNGEwMmNhZWY3Zi8xL0hRSDAzXzF2dW1i
Ti1NTjB5YkR3UjFVbkJkMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBz6kgAMEBcKaIDANBAIAAjAHAwUA
IAEV4DANBgkqhkiG9w0BAQsFAAOCAQEAiyDScfyO8WrTFkT00FWxpTiR5MtOxVfH
AuXtV1gZ8xgNllD9L20lL+D1UZLcKiT0mTiSTCxJrK/A+AHvj5i0MwMNbK89g1HI
7ey6kXirVA/59aQ9XNQYMkrcAFBo0IU8C0ytG5JB16dVrhc2/KuFK6TUXk8JHByD
V+MgBcOS8CHL45x70FIHB8iFsgTw+Q6AMphlI7ud1MZcYpWuqKQlJwb1i+fZc7c9
YBoQIlStv7khkGEXL4qdI4qMbCJw1RghBUjEZzBaBWR0gMB8W+BkHLZowImzrH0Y
/keUdyGNwzpjmyY/PpPLyfxXzlOO3p6Hgx1BkqKRAJIzmqjB2eAgmw==
-----END CERTIFICATE-----
Generated at Mon Apr 21 06:03:17 2025 by rpki-client