Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Uf5La9JL5UYtq4mFXshLfGN8tBo.roa
File: Uf5La9JL5UYtq4mFXshLfGN8tBo.roa (raw, json)
Hash identifier: 4rJ/AgOiuz7oPu8XiAw2xVcLB+FrrL1/pDqMMfv7F1M=
Subject key identifier: 51:FE:4B:6B:D2:4B:E5:46:2D:AB:89:85:5E:C8:4B:7C:63:7C:B4:1A
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018CC5013334B8E5130189638F3FCFA252A0
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Uf5La9JL5UYtq4mFXshLfGN8tBo.roa
Signing time: Mon 01 Jan 2024 12:30:39 +0000
ROA not before: Mon 01 Jan 2024 12:30:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
62.164.128.0/17 maxlen: 17
62.164.144.0/21 maxlen: 21
194.164.144.0/24 maxlen: 24
194.164.140.0/22 maxlen: 22
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
194.164.181.0/24 maxlen: 24
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
212.32.56.0/21 maxlen: 21
212.32.54.0/23 maxlen: 23
212.32.64.0/18 maxlen: 18
213.254.160.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.56.57.0/24 maxlen: 24
194.164.2.0/24 maxlen: 24
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
62.169.128.0/20 maxlen: 20
62.169.144.0/22 maxlen: 22
62.169.148.0/23 maxlen: 23
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
195.200.0.0/19 maxlen: 19
86.54.0.0/16 maxlen: 16
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:33:34:b8:e5:13:01:89:63:8f:3f:cf:a2:52:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 1 12:30:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=51fe4b6bd24be5462dab89855ec84b7c637cb41a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d8:42:e8:d9:fb:0a:cb:09:96:2d:77:2a:2b:
7c:6d:55:81:80:4e:23:f1:9b:46:bd:5f:a1:dd:25:
1f:ad:cd:7e:99:8b:55:22:20:5c:e9:a5:fb:a3:7c:
59:db:b9:c7:df:17:b1:1b:b7:29:ea:17:67:ea:90:
91:22:68:a9:a6:a6:94:4a:f3:06:33:b5:02:c1:6a:
ad:62:88:fb:99:ff:2d:26:53:09:23:b1:0f:36:fe:
41:8f:ad:48:c8:ae:d6:39:dc:0d:5e:19:9b:71:ee:
0d:5a:de:68:e4:24:de:1c:fe:16:93:ed:ab:a5:02:
59:f4:e4:22:d4:cf:0b:40:b2:3c:fc:e2:8f:ad:66:
10:c7:f1:31:e4:fe:7e:1a:9e:26:a9:8e:56:5c:fb:
3f:79:24:76:66:13:80:39:6e:be:f3:3d:76:04:46:
a1:7f:34:0d:26:62:7a:d8:04:d2:ed:9c:9c:fb:41:
2c:81:b2:61:72:69:56:0d:04:c6:27:c1:f2:49:50:
21:64:74:11:1b:00:2e:c0:b2:62:b2:83:d9:f6:7f:
fd:6f:2d:5f:b7:f9:47:84:cf:5f:bc:1d:78:2b:2e:
e1:52:81:b2:9d:cb:e8:ef:67:f0:c3:88:ce:2c:b1:
57:19:a1:b0:34:ff:b6:fc:54:e6:3a:c9:14:4d:e0:
30:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:FE:4B:6B:D2:4B:E5:46:2D:AB:89:85:5E:C8:4B:7C:63:7C:B4:1A
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Uf5La9JL5UYtq4mFXshLfGN8tBo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0-62.169.150.255
62.169.152.0-62.169.156.255
62.169.158.0/23
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.140.0-194.164.144.255
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.224.0/19
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.0.0/17
212.47.80.0/23
212.47.84.0/24
212.56.57.0/24
213.254.160.0/19
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:0d:f2:69:02:b9:7e:ab:fc:9b:9b:fa:ad:d6:9a:51:5e:af:
1f:1f:1e:df:fd:49:93:9e:01:3d:dc:4a:e9:8c:c5:25:0f:17:
c5:a6:e7:db:09:ba:04:58:57:bc:a9:9d:f5:18:fe:b3:8c:17:
d5:3f:a7:54:68:17:6c:af:e0:b0:51:85:f9:53:02:7f:72:f0:
2c:3a:80:ee:74:85:b6:df:f3:36:f5:4b:64:26:1d:18:99:da:
74:e7:6e:cf:b9:45:94:68:57:d4:f6:14:a3:9f:59:41:ce:f5:
c4:28:53:75:ca:84:8e:d9:3a:14:11:b0:e4:fc:b0:21:9f:e7:
8f:34:a0:1d:0f:b8:ea:74:12:d8:3e:d3:29:1d:60:1c:fc:a5:
d4:86:22:a5:ec:de:6d:2e:a8:40:13:87:c2:5e:cd:9c:16:fc:
78:34:52:c5:a5:60:63:26:76:64:2d:f1:de:72:e9:c2:30:49:
9f:1e:d2:12:25:a9:15:a5:5a:e4:05:d0:e7:da:33:17:77:db:
38:5f:e1:f9:27:0d:fa:a5:e0:db:68:8c:f9:9f:3b:29:37:8d:
bd:d0:ec:f1:b1:ac:6a:e5:cc:fe:f3:d2:cb:fa:13:62:30:ef:
fb:fa:1e:12:fc:d0:66:b0:c4:a5:09:16:13:4c:b4:92:5d:ef:
b1:b1:a8:aa
-----BEGIN CERTIFICATE-----
MIIGATCCBOmgAwIBAgISAYzFATM0uOUTAYljjz/PolKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWZlNGI2YmQyNGJlNTQ2MmRhYjg5ODU1ZWM4NGI3YzYzN2NiNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsthC6Nn7CssJli13Kit8bVWBgE4j
8ZtGvV+h3SUfrc1+mYtVIiBc6aX7o3xZ27nH3xexG7cp6hdn6pCRImippqaUSvMG
M7UCwWqtYoj7mf8tJlMJI7EPNv5Bj61IyK7WOdwNXhmbce4NWt5o5CTeHP4Wk+2r
pQJZ9OQi1M8LQLI8/OKPrWYQx/Ex5P5+Gp4mqY5WXPs/eSR2ZhOAOW6+8z12BEah
fzQNJmJ62ATS7Zyc+0EsgbJhcmlWDQTGJ8HySVAhZHQRGwAuwLJisoPZ9n/9by1f
t/lHhM9fvB14Ky7hUoGyncvo72fww4jOLLFXGaGwNP+2/FTmOskUTeAwSwIDAQAB
o4IDDTCCAwkwHQYDVR0OBBYEFFH+S2vSS+VGLauJhV7IS3xjfLQaMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvVWY1TGE5Skw1VVl0cTRtRlhzaExmR044dEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIQYIKwYBBQUHAQcBAf8EggEQMIIBDDCCAQgEAgABMIIB
AAMEBz6kgDAMAwQHPqmAAwQAPqmWMAwDBAM+qZgDBAA+qZwDBAE+qZ4DAwBWNgME
AcFsqAMEAsI+LAMEAMKkAgMEAMKkDAMEAMKkJgMEAsKkUDAMAwQAwqRVAwQAwqRW
AwQAwqRhAwQAwqRkAwQAwqRoAwQAwqRqAwQAwqRyMAwDBALCpIwDBADCpJADBADC
pLUDBADCpN8wDAMEAMKk5wMEAMKk6AMEAMKk7jAMAwQAwqTxAwQCwqTwAwQAwqT3
AwQFwxrgAwQBw7jkAwQAw7jsAwQAw7j1AwQFw8gAAwQH1CAAAwQB1C9QAwQA1C9U
AwQA1Dg5AwQF1f6gAwMA2ZowDQYJKoZIhvcNAQELBQADggEBAIQN8mkCuX6r/Jub
+q3WmlFerx8fHt/9SZOeAT3cSumMxSUPF8Wm59sJugRYV7ypnfUY/rOMF9U/p1Ro
F2yv4LBRhflTAn9y8Cw6gO50hbbf8zb1S2QmHRiZ2nTnbs+5RZRoV9T2FKOfWUHO
9cQoU3XKhI7ZOhQRsOT8sCGf5480oB0PuOp0Etg+0ykdYBz8pdSGIqXs3m0uqEAT
h8JezZwW/Hg0UsWlYGMmdmQt8d5y6cIwSZ8e0hIlqRWlWuQF0OfaMxd32zhf4fkn
Dfql4NtojPmfOyk3jb3Q7PGxrGrlzP7z0sv6E2Iw7/v6HhL80GawxKUJFhNMtJJd
77GxqKo=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:08 2025 by rpki-client