Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Qc9mFgDCFdVrMwH_gzAfNsCPUPQ.roa
File: Qc9mFgDCFdVrMwH_gzAfNsCPUPQ.roa (raw, json)
Hash identifier: gLB6EVZhoW//+K2q8YeJsdUKvufNk4HCxU8QtbaJ4XM=
Subject key identifier: 41:CF:66:16:00:C2:15:D5:6B:33:01:FF:83:30:1F:36:C0:8F:50:F4
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018C3A0C0F61B7AB5B947551DB3C6E83DAB6
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Qc9mFgDCFdVrMwH_gzAfNsCPUPQ.roa
Signing time: Tue 05 Dec 2023 12:55:18 +0000
ROA not before: Tue 05 Dec 2023 12:55:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.169.128.0/20 maxlen: 20
217.29.192.0/22 maxlen: 22
62.169.144.0/22 maxlen: 22
62.164.128.0/17 maxlen: 17
62.169.148.0/23 maxlen: 23
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.164.144.0/21 maxlen: 21
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
194.154.32.0/19 maxlen: 19
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
212.32.56.0/21 maxlen: 21
212.32.54.0/23 maxlen: 23
212.32.64.0/18 maxlen: 18
213.254.160.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
86.54.0.0/16 maxlen: 16
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.56.56.0/23 maxlen: 23
212.56.60.0/22 maxlen: 22
217.154.0.0/16 maxlen: 16
212.56.48.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3a:0c:0f:61:b7:ab:5b:94:75:51:db:3c:6e:83:da:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Dec 5 12:55:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41cf661600c215d56b3301ff83301f36c08f50f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:7f:76:24:31:b3:a8:95:02:d8:58:1d:61:c0:
72:50:a0:e7:16:08:e7:7a:a3:b8:eb:74:78:35:50:
68:d3:1b:16:cc:b8:cb:82:f6:0d:e8:bf:fa:90:d3:
bb:6f:53:ef:43:5c:6d:55:f8:97:ff:f7:a4:42:89:
2c:92:72:c5:58:3e:12:3c:02:40:72:24:10:ed:8a:
c8:25:89:a1:00:bb:f4:9c:d5:64:0a:ca:08:cf:e9:
83:23:c7:c8:69:49:78:72:dd:f5:4d:96:e0:2a:69:
1e:f5:b0:eb:db:87:3a:5e:a9:cc:4a:04:78:d5:5a:
35:a5:08:cc:2c:a0:ae:06:62:c8:58:4b:37:9a:41:
5f:33:7f:28:b3:93:bc:22:01:8b:bb:d5:46:3f:17:
7b:9e:07:99:0e:af:a7:62:28:4b:b8:91:c2:ae:f6:
cd:0c:99:90:93:e6:13:73:de:a4:5b:23:70:ec:68:
db:52:48:2d:36:8d:6b:b3:31:10:c9:f4:32:bb:98:
8e:d3:f5:b3:b7:22:ac:97:5b:cd:62:53:df:f7:11:
22:3d:e9:63:80:5e:72:bd:5b:bf:66:5a:54:4f:77:
12:4f:2b:a1:b4:c9:84:fb:ba:42:99:ba:39:79:a8:
8a:77:28:b7:b4:24:49:b7:6a:f9:25:a1:84:b2:09:
8f:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:CF:66:16:00:C2:15:D5:6B:33:01:FF:83:30:1F:36:C0:8F:50:F4
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Qc9mFgDCFdVrMwH_gzAfNsCPUPQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0-62.169.150.255
62.169.152.0-62.169.156.255
62.169.158.0/23
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.154.32.0/19
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
212.56.48.0-212.56.57.255
212.56.60.0/22
213.254.160.0/19
217.29.192.0/22
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a2:24:12:8d:77:d4:20:0f:74:3d:9b:e7:0a:ef:b0:0c:a4:27:
9f:5b:67:d3:a3:ce:ef:7b:20:a4:0d:ef:5c:01:22:cb:8b:5d:
7b:63:a2:e5:73:de:45:06:b3:23:38:5d:dc:66:24:3a:7a:2d:
16:3e:0b:12:5f:54:d1:11:21:5c:38:0c:48:e2:28:fb:8a:ba:
02:7f:be:53:cc:62:51:fe:64:68:04:5b:de:b1:b2:01:fb:8a:
c6:7b:d2:50:43:f4:79:06:f0:53:ca:4e:1a:ce:a6:82:0b:ae:
54:04:c1:9e:e6:7c:af:ab:96:9b:15:a6:a2:4b:25:8f:76:5d:
69:0c:80:f6:87:51:3a:82:02:04:b7:1a:40:53:cc:1e:0e:5f:
c2:26:97:03:80:9c:9a:62:39:7a:ff:a4:88:62:1a:ae:5b:c1:
7d:05:80:53:df:08:d7:06:22:c1:76:4a:77:f1:a0:dc:e2:fe:
11:68:a6:fd:19:62:bc:c9:2d:5a:a5:81:a0:0a:3a:ee:af:6a:
22:8e:b5:9f:46:76:eb:ce:ff:ca:d9:b8:98:7a:0e:2c:93:00:
e6:29:8a:8a:ca:10:72:6e:90:86:a6:00:2a:69:1b:7b:44:fb:
a2:38:78:18:44:6a:17:88:f3:7e:80:77:9f:67:d1:48:86:49:
20:e2:8d:36
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYw6DA9ht6tblHVR2zxug9q2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjA1MTI1NTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNmNjYxNjAwYzIxNWQ1NmIzMzAxZmY4MzMwMWYzNmMwOGY1MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH92JDGzqJUC2FgdYcByUKDnFgjn
eqO463R4NVBo0xsWzLjLgvYN6L/6kNO7b1PvQ1xtVfiX//ekQoksknLFWD4SPAJA
ciQQ7YrIJYmhALv0nNVkCsoIz+mDI8fIaUl4ct31TZbgKmke9bDr24c6XqnMSgR4
1Vo1pQjMLKCuBmLIWEs3mkFfM38os5O8IgGLu9VGPxd7ngeZDq+nYihLuJHCrvbN
DJmQk+YTc96kWyNw7GjbUkgtNo1rszEQyfQyu5iO0/WztyKsl1vNYlPf9xEiPelj
gF5yvVu/ZlpUT3cSTyuhtMmE+7pCmbo5eaiKdyi3tCRJt2r5JaGEsgmPXQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFEHPZhYAwhXVazMB/4MwHzbAj1D0MB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvUWM5bUZnRENGZFZyTXdIX2d6QWZOc0NQVVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEBz6k
gDAMAwQHPqmAAwQAPqmWMAwDBAM+qZgDBAA+qZwDBAE+qZ4DAwBWNgMEAcFsqAME
AsI+LAMEBcKaIAMEBcMa4AMEBcO44AMEBcPIAAMEB9QgADAMAwQE1DgwAwQB1Dg4
AwQC1Dg8AwQF1f6gAwQC2R3AAwMA2ZowDQYJKoZIhvcNAQELBQADggEBAKIkEo13
1CAPdD2b5wrvsAykJ59bZ9Ojzu97IKQN71wBIsuLXXtjouVz3kUGsyM4XdxmJDp6
LRY+CxJfVNERIVw4DEjiKPuKugJ/vlPMYlH+ZGgEW96xsgH7isZ70lBD9HkG8FPK
ThrOpoILrlQEwZ7mfK+rlpsVpqJLJY92XWkMgPaHUTqCAgS3GkBTzB4OX8ImlwOA
nJpiOXr/pIhiGq5bwX0FgFPfCNcGIsF2SnfxoNzi/hFopv0ZYrzJLVqlgaAKOu6v
aiKOtZ9GduvO/8rZuJh6DiyTAOYpiorKEHJukIamACppG3tE+6I4eBhEaheI836A
d59n0UiGSSDijTY=
-----END CERTIFICATE-----
Generated at Wed Dec 6 15:45:02 2023 by rpki-client on console-fra.rpki-client.org