Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/aIdx3uNvHv00IyMi5IRNH6CpREI.roa
File: aIdx3uNvHv00IyMi5IRNH6CpREI.roa (raw, json)
Hash identifier: Vuhx22dWgFn4aCt3zmy1J+nRGvuPMZ6WfyM/R+f5k98=
Subject key identifier: 68:87:71:DE:E3:6F:1E:FD:34:23:23:22:E4:84:4D:1F:A0:A9:44:42
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018D6566A637833D3907303704964FEEF8DF
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/aIdx3uNvHv00IyMi5IRNH6CpREI.roa
Signing time: Thu 01 Feb 2024 16:00:42 +0000
ROA not before: Thu 01 Feb 2024 16:00:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 62.164.128.0/18 maxlen: 18
62.164.144.0/21 maxlen: 21
62.164.192.0/21 maxlen: 21
62.169.150.0/24 maxlen: 24
62.169.154.0/24 maxlen: 24
62.169.156.0/24 maxlen: 24
86.54.0.0/16 maxlen: 16
193.108.169.0/24 maxlen: 24
194.62.44.0/22 maxlen: 22
194.164.2.0/24 maxlen: 24
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.144.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
212.32.28.0/23 maxlen: 23
212.32.28.0/24 maxlen: 24
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.44.0/24 maxlen: 24
212.32.54.0/23 maxlen: 23
212.32.55.0/24 maxlen: 24
212.32.66.0/24 maxlen: 24
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
212.56.57.0/24 maxlen: 24
213.254.160.0/19 maxlen: 19
213.254.171.0/24 maxlen: 24
213.254.178.0/24 maxlen: 24
213.254.185.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:65:66:a6:37:83:3d:39:07:30:37:04:96:4f:ee:f8:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Feb 1 16:00:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=688771dee36f1efd34232322e4844d1fa0a94442
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:a7:37:2a:dc:d1:6c:47:08:76:13:29:35:57:
ed:9b:d8:2c:32:d2:d4:cc:ee:24:a9:c2:77:ab:8a:
2b:ac:36:e0:d8:ee:a9:e1:d4:88:bf:ee:f6:c3:c1:
c6:47:3d:bf:b5:41:db:38:ff:03:87:3e:0b:b3:d6:
b8:ac:5c:bb:0c:f1:e0:97:f9:ea:9d:fa:49:23:af:
1e:d0:ce:03:86:24:75:c1:7a:3e:97:3b:d0:a9:15:
0c:38:11:c4:b7:42:dc:a4:2c:de:03:aa:95:3a:43:
24:49:05:05:ff:09:09:6d:9b:9d:d8:79:78:97:02:
2d:db:97:00:13:7b:42:39:a0:d6:67:c9:15:d6:e3:
2a:f1:2b:b7:c2:82:3a:d5:02:29:66:1c:af:e6:09:
a1:a2:fe:08:1d:ec:ac:cc:63:e2:c5:4f:95:8f:3b:
08:06:0c:9d:21:e3:d3:fc:d7:54:85:17:3e:7d:59:
80:57:55:5c:a0:18:8a:e1:ab:18:2e:f2:3c:77:9e:
9a:df:1c:18:a0:73:67:ef:69:56:f5:d7:b6:ad:d8:
4a:cb:9e:65:6d:cc:34:08:e7:87:1d:4b:63:16:9f:
2c:c7:80:5b:ed:38:f5:37:6d:1f:a4:47:19:33:1c:
14:f3:60:ef:03:07:2d:d8:5a:61:d6:0e:2c:c9:cc:
69:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:87:71:DE:E3:6F:1E:FD:34:23:23:22:E4:84:4D:1F:A0:A9:44:42
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/aIdx3uNvHv00IyMi5IRNH6CpREI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0-62.164.199.255
62.169.150.0/24
62.169.154.0/24
62.169.156.0/24
86.54.0.0/16
193.108.169.0/24
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.144.0/24
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.224.0/19
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.28.0/23
212.32.42.0-212.32.45.255
212.32.54.0/23
212.32.66.0/24
212.47.80.0/23
212.47.84.0/24
212.56.57.0/24
213.254.160.0/19
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:07:b7:e3:56:0f:c1:28:02:3c:5c:b1:97:80:23:8f:22:28:
96:3e:64:e3:b4:a4:9a:a7:4b:9c:73:d9:bc:ae:42:f1:da:55:
e7:b0:c7:6d:9f:ae:5c:4a:6a:62:13:d0:6f:7a:78:15:14:8e:
f3:2a:19:c4:25:f3:37:94:b3:6c:9d:7a:29:0b:83:7a:e3:41:
3f:3f:d3:da:9d:d0:b6:fe:5a:6d:42:ca:b0:47:46:22:0d:3e:
f4:48:cd:b7:78:2e:24:a5:85:d0:3a:94:e4:75:bf:ee:2c:2e:
15:1c:b4:8e:f1:fa:be:67:a1:71:c7:bf:37:dd:b4:b7:7e:d0:
ab:30:83:3e:2e:16:fa:ac:1e:36:a3:11:b9:e1:25:06:1a:eb:
77:83:59:3e:b4:63:a4:f6:85:44:7c:c6:e8:84:f4:e6:8e:73:
02:95:f7:ca:f3:d7:b4:95:88:78:a3:6d:b5:0a:e5:84:c4:4a:
12:bd:df:86:6a:cb:03:8f:4d:8c:b0:40:dd:78:c8:65:4b:af:
da:74:99:99:b9:ac:b7:a7:2b:f2:00:f6:96:d0:52:a1:66:1b:
df:f5:8f:cd:88:7f:e7:78:65:f0:c6:64:79:98:7c:8a:99:ec:
bc:f5:17:3b:3a:08:f2:00:fc:a6:47:4b:90:2f:52:d7:ec:35:
58:53:fb:ce
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAY1lZqY3gz05BzA3BJZP7vjfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjAxMTYwMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODg3NzFkZWUzNmYxZWZkMzQyMzIzMjJlNDg0NGQxZmEwYTk0NDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6c3KtzRbEcIdhMpNVftm9gsMtLU
zO4kqcJ3q4orrDbg2O6p4dSIv+72w8HGRz2/tUHbOP8Dhz4Ls9a4rFy7DPHgl/nq
nfpJI68e0M4DhiR1wXo+lzvQqRUMOBHEt0LcpCzeA6qVOkMkSQUF/wkJbZud2Hl4
lwIt25cAE3tCOaDWZ8kV1uMq8Su3woI61QIpZhyv5gmhov4IHeyszGPixU+VjzsI
BgydIePT/NdUhRc+fVmAV1VcoBiK4asYLvI8d56a3xwYoHNn72lW9de2rdhKy55l
bcw0COeHHUtjFp8sx4Bb7Tj1N20fpEcZMxwU82DvAwct2Fph1g4sycxpHQIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFGiHcd7jbx79NCMjIuSETR+gqURCMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvYUlkeDN1TnZIdjAwSXlNaTVJUk5INkNwUkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CjAMAwQHPqSAAwQDPqTAAwQAPqmWAwQAPqmaAwQAPqmcAwMAVjYDBADBbKkDBALC
PiwDBADCpAIDBADCpAwDBADCpCYDBALCpFAwDAMEAMKkVQMEAMKkVgMEAMKkYQME
AMKkZAMEAMKkaAMEAMKkagMEAMKkcgMEAMKkkAMEAMKktQMEAMKk3zAMAwQAwqTn
AwQAwqToAwQAwqTuMAwDBADCpPEDBALCpPADBADCpPcDBAXDGuADBAHDuOQDBADD
uOwDBADDuPUDBAXDyAADBAHUIBwwDAMEAdQgKgMEAdQgLAMEAdQgNgMEANQgQgME
AdQvUAMEANQvVAMEANQ4OQMEBdX+oAMDANmaMA0GCSqGSIb3DQEBCwUAA4IBAQBn
B7fjVg/BKAI8XLGXgCOPIiiWPmTjtKSap0ucc9m8rkLx2lXnsMdtn65cSmpiE9Bv
engVFI7zKhnEJfM3lLNsnXopC4N640E/P9PandC2/lptQsqwR0YiDT70SM23eC4k
pYXQOpTkdb/uLC4VHLSO8fq+Z6Fxx7833bS3ftCrMIM+Lhb6rB42oxG54SUGGut3
g1k+tGOk9oVEfMbohPTmjnMClffK89e0lYh4o221CuWExEoSvd+GassDj02MsEDd
eMhlS6/adJmZuay3pyvyAPaW0FKhZhvf9Y/NiH/neGXwxmR5mHyKmey89Rc7Ogjy
APymR0uQL1LX7DVYU/vO
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:24:22 2025 by rpki-client