Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/b6y8z8wTXqmnxAI1Hum-P1_MVxY.roa
File: b6y8z8wTXqmnxAI1Hum-P1_MVxY.roa (raw, json)
Hash identifier: gO6J1lPZfPIL4jYY8Sb0sOLhFOOeK0YRO+5Ss2vmMnw=
Subject key identifier: 6F:AC:BC:CF:CC:13:5E:A9:A7:C4:02:35:1E:E9:BE:3F:5F:CC:57:16
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018CF84C52B8C0012146E6299B664D0FD11F
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/b6y8z8wTXqmnxAI1Hum-P1_MVxY.roa
Signing time: Thu 11 Jan 2024 11:33:20 +0000
ROA not before: Thu 11 Jan 2024 11:33:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
62.164.128.0/17 maxlen: 17
62.164.144.0/21 maxlen: 21
194.164.144.0/24 maxlen: 24
194.164.140.0/22 maxlen: 22
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
194.164.181.0/24 maxlen: 24
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
212.32.56.0/21 maxlen: 21
212.32.54.0/23 maxlen: 23
212.32.64.0/18 maxlen: 18
213.254.160.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.56.57.0/24 maxlen: 24
194.164.2.0/24 maxlen: 24
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
62.169.128.0/20 maxlen: 20
62.169.144.0/22 maxlen: 22
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
195.200.0.0/19 maxlen: 19
86.54.0.0/16 maxlen: 16
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f8:4c:52:b8:c0:01:21:46:e6:29:9b:66:4d:0f:d1:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 11 11:33:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6facbccfcc135ea9a7c402351ee9be3f5fcc5716
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:cf:2f:b3:da:4f:ea:04:46:bd:ee:1c:fb:50:
b7:72:fc:19:2e:33:fe:47:d1:20:db:0e:b7:76:33:
54:d1:a9:7a:47:c0:a7:66:de:d3:81:5c:d7:ef:86:
91:56:b0:41:0b:8b:1e:56:a6:6c:c8:28:0d:d1:7d:
df:0a:3d:27:d9:5a:6f:88:2e:58:29:6d:74:12:3e:
51:4c:9c:3b:be:72:36:b8:f6:6b:b4:7e:67:28:84:
19:37:26:5a:28:f1:f5:9b:e6:19:d7:fb:52:e0:a2:
37:9c:48:86:5f:c1:9d:b8:ca:2e:2f:8a:e3:f8:b3:
e3:41:c5:0c:48:5c:f4:b2:74:dd:c0:67:67:f4:be:
5f:dc:7d:59:96:ed:5c:1b:74:ee:61:78:28:3e:19:
e0:90:15:04:23:44:7b:c2:e5:6d:5a:ab:81:c3:41:
c8:39:12:8e:89:60:34:af:56:63:ac:5a:4e:2e:14:
6a:01:de:86:cb:6d:74:d4:d3:cd:0e:2c:24:81:94:
a1:28:69:fc:76:b7:4b:33:5c:7c:cf:a0:46:2f:ee:
d4:47:01:1c:0e:c4:e2:e6:60:29:b1:f2:4a:73:ec:
93:c7:e5:a0:f0:7f:88:70:56:ad:40:7a:6c:22:a1:
c7:c5:28:06:05:23:8d:44:f6:87:f1:a2:d0:50:7a:
7c:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:AC:BC:CF:CC:13:5E:A9:A7:C4:02:35:1E:E9:BE:3F:5F:CC:57:16
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/b6y8z8wTXqmnxAI1Hum-P1_MVxY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0-62.169.147.255
62.169.150.0/24
62.169.152.0-62.169.156.255
62.169.158.0/23
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.140.0-194.164.144.255
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.224.0/19
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.0.0/17
212.47.80.0/23
212.47.84.0/24
212.56.57.0/24
213.254.160.0/19
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8e:df:ac:c2:25:e3:50:f2:37:76:c9:8a:ac:d2:a7:6a:b8:e8:
e7:c2:4d:bf:73:91:e3:2a:e9:e7:6c:4b:a1:62:bf:a9:79:bd:
4b:ce:9d:4c:18:2d:46:f9:5f:d1:9f:fa:d1:0e:88:69:de:84:
07:78:0a:a8:8d:03:dc:12:c3:ac:09:f0:b3:5b:6c:96:19:0a:
1f:b4:0f:7f:41:04:b9:08:89:c8:e2:ef:45:2a:60:16:ff:6a:
8e:59:b8:03:0b:42:08:c0:08:e5:a0:a2:04:f3:9f:e9:4a:97:
ba:f4:71:c9:d7:9c:4f:ed:2c:15:24:38:e4:94:89:eb:3b:10:
39:ca:15:e6:30:ab:b5:5c:2c:e4:8e:a2:32:30:80:02:36:ff:
db:d9:0d:4e:3c:6b:ce:66:31:94:eb:0e:c7:e9:63:75:d8:41:
9b:c6:ab:d1:b6:9d:85:1d:ca:14:29:10:69:03:4e:d6:67:16:
98:ff:5c:72:e9:b5:0a:16:28:32:c5:43:20:3e:59:6c:dc:6f:
e9:b3:1e:3b:c5:d3:10:82:ad:e7:9c:30:51:5f:fd:e1:2b:4c:
25:78:e9:5c:e5:d2:84:b5:e4:33:e0:44:07:a7:6d:3e:b4:67:
e9:85:64:b4:ef:25:50:27:00:db:09:b2:51:d1:d9:8d:39:3b:
8e:19:ce:05
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgISAYz4TFK4wAEhRuYpm2ZND9EfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMTExMTEzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmFjYmNjZmNjMTM1ZWE5YTdjNDAyMzUxZWU5YmUzZjVmY2M1NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg88vs9pP6gRGve4c+1C3cvwZLjP+
R9Eg2w63djNU0al6R8CnZt7TgVzX74aRVrBBC4seVqZsyCgN0X3fCj0n2VpviC5Y
KW10Ej5RTJw7vnI2uPZrtH5nKIQZNyZaKPH1m+YZ1/tS4KI3nEiGX8GduMouL4rj
+LPjQcUMSFz0snTdwGdn9L5f3H1Zlu1cG3TuYXgoPhngkBUEI0R7wuVtWquBw0HI
ORKOiWA0r1ZjrFpOLhRqAd6Gy2101NPNDiwkgZShKGn8drdLM1x8z6BGL+7URwEc
DsTi5mApsfJKc+yTx+Wg8H+IcFatQHpsIqHHxSgGBSONRPaH8aLQUHp8hwIDAQAB
o4IDEzCCAw8wHQYDVR0OBBYEFG+svM/ME16pp8QCNR7pvj9fzFcWMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvYjZ5OHo4d1RYcW1ueEFJMUh1bS1QMV9NVnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJwYIKwYBBQUHAQcBAf8EggEWMIIBEjCCAQ4EAgABMIIB
BgMEBz6kgDAMAwQHPqmAAwQCPqmQAwQAPqmWMAwDBAM+qZgDBAA+qZwDBAE+qZ4D
AwBWNgMEAcFsqAMEAsI+LAMEAMKkAgMEAMKkDAMEAMKkJgMEAsKkUDAMAwQAwqRV
AwQAwqRWAwQAwqRhAwQAwqRkAwQAwqRoAwQAwqRqAwQAwqRyMAwDBALCpIwDBADC
pJADBADCpLUDBADCpN8wDAMEAMKk5wMEAMKk6AMEAMKk7jAMAwQAwqTxAwQCwqTw
AwQAwqT3AwQFwxrgAwQBw7jkAwQAw7jsAwQAw7j1AwQFw8gAAwQH1CAAAwQB1C9Q
AwQA1C9UAwQA1Dg5AwQF1f6gAwMA2ZowDQYJKoZIhvcNAQELBQADggEBAI7frMIl
41DyN3bJiqzSp2q46OfCTb9zkeMq6edsS6Fiv6l5vUvOnUwYLUb5X9Gf+tEOiGne
hAd4CqiNA9wSw6wJ8LNbbJYZCh+0D39BBLkIicji70UqYBb/ao5ZuAMLQgjACOWg
ogTzn+lKl7r0ccnXnE/tLBUkOOSUies7EDnKFeYwq7VcLOSOojIwgAI2/9vZDU48
a85mMZTrDsfpY3XYQZvGq9G2nYUdyhQpEGkDTtZnFpj/XHLptQoWKDLFQyA+WWzc
b+mzHjvF0xCCreecMFFf/eErTCV46Vzl0oS15DPgRAenbT60Z+mFZLTvJVAnANsJ
slHR2Y05O44ZzgU=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:54 2025 by rpki-client