Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Vd54r4ljhkIoeGTKPN6851Lrn1Q.roa
File: Vd54r4ljhkIoeGTKPN6851Lrn1Q.roa (raw, json)
Hash identifier: Ai/NhMqP4XS7QKlpExDxMLJj+YMw54G8cCFeHiL+yqc=
Subject key identifier: 55:DE:78:AF:89:63:86:42:28:78:64:CA:3C:DE:BC:E7:52:EB:9F:54
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018D65A91561935C5D98416C3C9825854388
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Vd54r4ljhkIoeGTKPN6851Lrn1Q.roa
Signing time: Thu 01 Feb 2024 17:13:16 +0000
ROA not before: Thu 01 Feb 2024 17:13:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 62.164.128.0/18 maxlen: 18
62.164.144.0/21 maxlen: 21
62.164.192.0/21 maxlen: 21
62.169.150.0/24 maxlen: 24
62.169.154.0/24 maxlen: 24
62.169.156.0/24 maxlen: 24
86.54.0.0/16 maxlen: 16
193.108.169.0/24 maxlen: 24
194.62.44.0/22 maxlen: 22
194.164.2.0/24 maxlen: 24
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.140.0/22 maxlen: 22
194.164.144.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
212.32.28.0/24 maxlen: 24
212.32.42.0/24 maxlen: 24
212.32.44.0/23 maxlen: 23
212.32.44.0/24 maxlen: 24
212.32.55.0/24 maxlen: 24
212.32.66.0/24 maxlen: 24
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
212.56.57.0/24 maxlen: 24
213.254.171.0/24 maxlen: 24
213.254.178.0/24 maxlen: 24
213.254.185.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:65:a9:15:61:93:5c:5d:98:41:6c:3c:98:25:85:43:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Feb 1 17:13:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=55de78af89638642287864ca3cdebce752eb9f54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:06:45:f1:fe:57:f1:99:13:33:97:88:01:db:
93:7d:ca:19:ed:aa:42:bd:5f:9e:ed:ca:d9:94:8a:
ce:d7:36:b7:30:0d:7e:57:24:96:2b:50:13:31:a7:
77:81:24:a8:4a:27:05:98:fc:95:d2:bf:d2:49:f3:
8c:e5:e3:83:a3:2a:1c:1d:4d:d2:93:27:74:df:f2:
10:af:49:1b:2d:21:0f:26:37:81:2f:61:fe:54:a0:
b4:f0:a4:1f:79:e5:87:7a:69:81:48:57:ea:cb:aa:
78:cc:5f:01:5b:a4:59:61:2d:28:6d:28:4e:ff:80:
e5:b7:72:8e:04:5c:9d:0c:1b:86:8c:f6:66:af:b6:
9e:ba:1c:06:3d:6a:13:e4:90:4f:3a:31:78:7a:58:
16:45:98:1a:3c:6a:a9:ac:a8:29:68:cd:71:32:eb:
33:30:aa:c4:8d:d1:77:35:b6:62:7e:4a:24:06:bf:
c3:43:c5:97:1e:e0:11:c6:f1:72:1b:d7:ee:b0:f4:
10:02:af:50:93:e6:ae:26:9f:56:b3:67:1d:9a:9a:
f9:09:7d:72:16:dc:3e:e0:96:99:70:bb:a9:83:30:
9a:6b:64:b8:47:9c:9c:da:c1:8e:bd:ca:a2:4c:a8:
33:e2:54:0c:ad:88:51:1d:1f:ca:24:60:f3:19:47:
43:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:DE:78:AF:89:63:86:42:28:78:64:CA:3C:DE:BC:E7:52:EB:9F:54
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Vd54r4ljhkIoeGTKPN6851Lrn1Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0-62.164.199.255
62.169.150.0/24
62.169.154.0/24
62.169.156.0/24
86.54.0.0/16
193.108.169.0/24
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.140.0-194.164.144.255
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.224.0/19
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.28.0/24
212.32.42.0/24
212.32.44.0/23
212.32.55.0/24
212.32.66.0/24
212.47.80.0/23
212.47.84.0/24
212.56.57.0/24
213.254.171.0/24
213.254.178.0/24
213.254.185.0/24
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
13:55:25:a3:8b:d7:4d:70:a8:1b:fb:52:83:c2:ec:82:41:3e:
e8:2c:fb:57:40:55:4c:48:0a:ea:38:e7:7f:5c:69:68:97:5c:
f7:e3:60:ac:ee:cb:97:42:e8:c3:b6:13:52:0d:ab:ed:1c:ee:
b4:f2:4f:c9:ed:27:a4:93:1d:14:bf:5b:64:31:6c:67:7e:e9:
aa:f5:d5:26:16:6e:dd:ff:4b:b3:9b:39:ed:ec:5f:b8:61:15:
7e:e3:f3:28:8d:a8:ac:a4:3a:85:6b:87:f8:ac:d0:a8:5c:cb:
f3:75:7c:95:7d:94:52:43:b6:f7:17:00:78:85:e7:42:fa:12:
9d:60:a8:e9:05:b7:6f:c0:bb:ae:54:4e:47:7a:e0:d6:6f:dc:
28:40:f1:8c:45:34:40:2f:38:70:53:c0:b2:46:6a:a6:cb:72:
7e:d7:3f:9f:ea:b8:45:95:c8:a2:99:89:9f:cf:e6:b7:6d:c8:
2e:fd:8b:41:d6:86:8f:81:da:e6:fb:29:ca:a1:4d:13:b8:66:
e8:06:b3:38:2b:23:02:6c:dd:ab:86:f9:2d:ec:b5:77:85:fc:
74:a1:f2:6f:b9:12:3c:33:9a:c2:09:cd:ee:4d:63:2f:99:a3:
9a:93:a4:b7:f2:fa:22:b4:e2:a1:6a:6c:e2:42:04:d2:c9:4c:
bd:2f:fd:dd
-----BEGIN CERTIFICATE-----
MIIGHTCCBQWgAwIBAgISAY1lqRVhk1xdmEFsPJglhUOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjAxMTcxMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWRlNzhhZjg5NjM4NjQyMjg3ODY0Y2EzY2RlYmNlNzUyZWI5ZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAZF8f5X8ZkTM5eIAduTfcoZ7apC
vV+e7crZlIrO1za3MA1+VySWK1ATMad3gSSoSicFmPyV0r/SSfOM5eODoyocHU3S
kyd03/IQr0kbLSEPJjeBL2H+VKC08KQfeeWHemmBSFfqy6p4zF8BW6RZYS0obShO
/4Dlt3KOBFydDBuGjPZmr7aeuhwGPWoT5JBPOjF4elgWRZgaPGqprKgpaM1xMusz
MKrEjdF3NbZifkokBr/DQ8WXHuARxvFyG9fusPQQAq9Qk+auJp9Ws2cdmpr5CX1y
Ftw+4JaZcLupgzCaa2S4R5yc2sGOvcqiTKgz4lQMrYhRHR/KJGDzGUdDgwIDAQAB
o4IDKTCCAyUwHQYDVR0OBBYEFFXeeK+JY4ZCKHhkyjzevOdS659UMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvVmQ1NHI0bGpoa0lvZUdUS1BONjg1MUxybjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPQYIKwYBBQUHAQcBAf8EggEsMIIBKDCCASQEAgABMIIB
HDAMAwQHPqSAAwQDPqTAAwQAPqmWAwQAPqmaAwQAPqmcAwMAVjYDBADBbKkDBALC
PiwDBADCpAIDBADCpAwDBADCpCYDBALCpFAwDAMEAMKkVQMEAMKkVgMEAMKkYQME
AMKkZAMEAMKkaAMEAMKkagMEAMKkcjAMAwQCwqSMAwQAwqSQAwQAwqS1AwQAwqTf
MAwDBADCpOcDBADCpOgDBADCpO4wDAMEAMKk8QMEAsKk8AMEAMKk9wMEBcMa4AME
AcO45AMEAMO47AMEAMO49QMEBcPIAAMEANQgHAMEANQgKgMEAdQgLAMEANQgNwME
ANQgQgMEAdQvUAMEANQvVAMEANQ4OQMEANX+qwMEANX+sgMEANX+uQMDANmaMA0G
CSqGSIb3DQEBCwUAA4IBAQATVSWji9dNcKgb+1KDwuyCQT7oLPtXQFVMSArqOOd/
XGlol1z342Cs7suXQujDthNSDavtHO608k/J7Sekkx0Uv1tkMWxnfumq9dUmFm7d
/0uzmznt7F+4YRV+4/MojaispDqFa4f4rNCoXMvzdXyVfZRSQ7b3FwB4hedC+hKd
YKjpBbdvwLuuVE5HeuDWb9woQPGMRTRALzhwU8CyRmqmy3J+1z+f6rhFlciimYmf
z+a3bcgu/YtB1oaPgdrm+ynKoU0TuGboBrM4KyMCbN2rhvkt7LV3hfx0ofJvuRI8
M5rCCc3uTWMvmaOak6S38voitOKhamziQgTSyUy9L/3d
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:37 2025 by rpki-client