Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Tg19nvq-YCuWh48pXBCqPRo3kRk.roa
File: Tg19nvq-YCuWh48pXBCqPRo3kRk.roa (raw, json)
Hash identifier: c0wF/VkJVAwY2CiMhRpKUjK7rB5b9mVT/yY/+QXvoOU=
Subject key identifier: 4E:0D:7D:9E:FA:BE:60:2B:96:87:8F:29:5C:10:AA:3D:1A:37:91:19
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018DE9E7F0BEF48E2D3A5C5ABF15FF45C4C9
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Tg19nvq-YCuWh48pXBCqPRo3kRk.roa
Signing time: Tue 27 Feb 2024 09:31:48 +0000
ROA not before: Tue 27 Feb 2024 09:31:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206509
IP address blocks: 62.164.128.0/18 maxlen: 18
193.108.169.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
213.254.171.0/24 maxlen: 24
213.254.178.0/24 maxlen: 24
213.254.185.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:e9:e7:f0:be:f4:8e:2d:3a:5c:5a:bf:15:ff:45:c4:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Feb 27 09:31:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4e0d7d9efabe602b96878f295c10aa3d1a379119
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:fc:98:f1:6b:ab:d6:bc:ad:e4:0b:b9:78:3a:
1a:ce:64:a3:04:28:02:6f:ad:50:7a:63:20:50:6c:
b9:56:f1:16:1b:3c:05:b0:49:d3:70:86:68:5b:08:
f5:df:9b:88:98:0e:51:02:c2:87:01:d9:8f:98:78:
24:ca:ba:36:ed:89:2d:c8:41:be:65:98:33:1b:a7:
89:7a:17:fe:23:76:16:c2:f1:85:14:f6:d9:31:ab:
27:e9:32:90:4c:80:e7:71:48:3b:75:b6:c6:4e:18:
63:7a:f9:18:3f:0e:9f:c5:61:39:66:40:91:60:75:
f4:55:fa:ae:df:c3:76:50:fc:18:b6:0b:9a:34:c4:
16:dc:b4:dd:a0:c9:99:8d:61:55:75:fb:17:44:d1:
ac:5f:74:85:25:54:2c:d7:b2:29:c8:c1:cb:b0:61:
fa:35:d4:cc:de:2c:b7:d2:d8:cc:6b:4b:35:a2:4c:
68:37:d6:c0:5a:1f:66:d1:62:4d:77:b8:58:75:60:
62:d3:6e:ed:fd:37:91:a8:80:73:30:43:52:5e:c6:
3f:62:71:06:09:1e:c6:32:40:88:cd:4c:3a:10:6b:
fb:32:46:c5:36:67:24:d9:ef:64:5b:c9:d9:c2:cb:
5f:62:f1:fd:8d:0f:ff:ab:c5:b3:45:cc:00:d2:b7:
30:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:0D:7D:9E:FA:BE:60:2B:96:87:8F:29:5C:10:AA:3D:1A:37:91:19
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Tg19nvq-YCuWh48pXBCqPRo3kRk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/18
193.108.169.0/24
194.164.97.0/24
194.164.114.0/24
194.164.181.0/24
195.200.0.0/19
213.254.171.0/24
213.254.178.0/24
213.254.185.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:99:17:d0:f7:40:55:a0:fa:2d:8a:61:21:75:a7:08:7c:d2:
f1:06:66:36:d2:b6:33:11:a4:c8:8d:90:d7:21:41:e1:38:25:
b9:58:e6:c8:e4:f4:9c:90:df:6c:33:3b:6f:ab:07:42:8f:a3:
9d:7c:e2:c6:7d:ed:64:14:18:66:02:0e:20:4e:5d:31:dc:a2:
c3:91:53:9a:73:6b:91:e7:a0:43:e7:74:c5:9a:0a:5e:db:94:
8e:f3:5e:31:75:1a:fd:40:19:d0:c1:2b:74:3b:1e:96:5d:3c:
f7:80:ae:86:91:4c:4b:f0:af:a5:f3:10:a3:7f:66:f8:aa:ad:
4c:02:ac:96:fc:ef:10:62:89:9f:41:78:45:a4:c0:85:6d:e9:
b3:99:7a:15:04:67:ee:cc:f6:51:8b:24:79:a5:d2:e4:e6:f0:
92:61:ab:83:20:fb:7f:59:6a:5d:84:10:3b:11:75:05:cf:d6:
c8:0b:19:fc:85:e9:e3:63:a6:38:34:40:2d:59:d0:0a:36:6d:
f7:ff:cf:ea:98:d2:b0:b8:fd:5e:15:4b:5d:c0:a0:b1:f1:10:
2a:3e:b5:b5:01:51:7d:01:0f:a1:e2:f5:11:4a:bd:b6:ff:93:
f3:ef:49:6d:49:74:8b:f8:d7:5d:65:fb:09:97:92:fe:5b:1d:
fd:fd:58:18
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY3p5/C+9I4tOlxavxX/RcTJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjI3MDkzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTBkN2Q5ZWZhYmU2MDJiOTY4NzhmMjk1YzEwYWEzZDFhMzc5MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfyY8Wur1ryt5Au5eDoazmSjBCgC
b61QemMgUGy5VvEWGzwFsEnTcIZoWwj135uImA5RAsKHAdmPmHgkyro27YktyEG+
ZZgzG6eJehf+I3YWwvGFFPbZMasn6TKQTIDncUg7dbbGThhjevkYPw6fxWE5ZkCR
YHX0Vfqu38N2UPwYtguaNMQW3LTdoMmZjWFVdfsXRNGsX3SFJVQs17IpyMHLsGH6
NdTM3iy30tjMa0s1okxoN9bAWh9m0WJNd7hYdWBi027t/TeRqIBzMENSXsY/YnEG
CR7GMkCIzUw6EGv7MkbFNmck2e9kW8nZwstfYvH9jQ//q8WzRcwA0rcwLwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFE4NfZ76vmArloePKVwQqj0aN5EZMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvVGcxOW52cS1ZQ3VXaDQ4cFhCQ3FQUm8za1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQGPqSAAwQA
wWypAwQAwqRhAwQAwqRyAwQAwqS1AwQFw8gAAwQA1f6rAwQA1f6yAwQA1f65MA0G
CSqGSIb3DQEBCwUAA4IBAQAemRfQ90BVoPotimEhdacIfNLxBmY20rYzEaTIjZDX
IUHhOCW5WObI5PSckN9sMztvqwdCj6OdfOLGfe1kFBhmAg4gTl0x3KLDkVOac2uR
56BD53TFmgpe25SO814xdRr9QBnQwSt0Ox6WXTz3gK6GkUxL8K+l8xCjf2b4qq1M
AqyW/O8QYomfQXhFpMCFbemzmXoVBGfuzPZRiyR5pdLk5vCSYauDIPt/WWpdhBA7
EXUFz9bICxn8henjY6Y4NEAtWdAKNm33/8/qmNKwuP1eFUtdwKCx8RAqPrW1AVF9
AQ+h4vURSr22/5Pz70ltSXSL+NddZfsJl5L+Wx39/VgY
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:16 2024 by rpki-client on console-fra.rpki-client.org