Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/h_-whRUSEiwaiCjMwlwLj9y34cM.roa
File: h_-whRUSEiwaiCjMwlwLj9y34cM.roa (raw, json)
Hash identifier: rYu1flTT9zJtTCWAUFB6/G5qdLvVCXl4ltKYFJes4Eg=
Subject key identifier: 87:FF:B0:85:15:12:12:2C:1A:88:28:CC:C2:5C:0B:8F:DC:B7:E1:C3
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018C59CBEFAE8FA150BFC810FF5BE6B277D9
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/h_-whRUSEiwaiCjMwlwLj9y34cM.roa
Signing time: Mon 11 Dec 2023 16:53:06 +0000
ROA not before: Mon 11 Dec 2023 16:53:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206509
IP address blocks: 194.164.114.0/24 maxlen: 24
217.29.192.0/20 maxlen: 22
62.164.128.0/17 maxlen: 21
213.254.160.0/19 maxlen: 19
62.164.144.0/21 maxlen: 21
212.32.0.0/17 maxlen: 17
193.108.168.0/23 maxlen: 23
86.54.0.0/16 maxlen: 16
194.164.97.0/24 maxlen: 24
194.62.44.0/22 maxlen: 22
217.154.0.0/16 maxlen: 16
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
194.164.181.0/24 maxlen: 24
2001:15e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:59:cb:ef:ae:8f:a1:50:bf:c8:10:ff:5b:e6:b2:77:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Dec 11 16:53:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=87ffb0851512122c1a8828ccc25c0b8fdcb7e1c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:74:cb:f7:37:92:51:ff:b4:13:64:44:12:11:
eb:ed:e1:5a:61:0c:04:5a:0e:13:a8:7a:15:ef:45:
b6:92:56:c9:ce:fd:42:ef:8d:f1:a3:e3:e8:3a:ee:
8a:b6:60:28:8e:20:7c:5d:ef:96:07:ad:b6:a4:7a:
a0:75:f5:46:06:61:45:29:d7:9b:34:04:cf:9b:e0:
55:1a:fb:ca:29:ba:cd:b2:45:06:0d:34:bf:43:c1:
0d:08:35:f1:31:99:86:33:f2:06:bf:f5:e3:26:50:
20:b0:47:16:73:f4:e5:8c:06:71:2b:9e:f3:4d:c5:
90:9c:62:63:a9:a4:10:ca:75:d7:94:3a:2b:97:a7:
fe:41:8a:d3:49:b8:70:46:47:1d:ba:75:3f:32:23:
7a:7a:15:85:5b:fd:1a:72:c0:f5:2f:a2:07:fb:36:
a0:69:60:6c:d7:77:85:75:08:e0:6d:7d:42:12:b2:
8b:ce:e9:c9:64:55:83:ab:d6:95:ae:20:e1:33:9f:
9b:a9:00:b8:67:f0:4c:06:78:0c:a1:6d:53:e1:d1:
39:70:0d:e8:37:c5:78:cf:fa:89:67:d0:97:f6:36:
88:96:6c:83:1f:ce:63:6c:4c:0f:c4:98:31:b6:cf:
47:fc:c2:49:75:34:bc:34:e2:dd:c8:05:52:d1:d3:
bf:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:FF:B0:85:15:12:12:2C:1A:88:28:CC:C2:5C:0B:8F:DC:B7:E1:C3
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/h_-whRUSEiwaiCjMwlwLj9y34cM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.97.0/24
194.164.114.0/24
194.164.181.0/24
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
213.254.160.0/19
217.29.192.0/20
217.154.0.0/16
IPv6:
2001:15e0::/32
Signature Algorithm: sha256WithRSAEncryption
82:64:3a:80:0f:d1:04:b0:71:f1:1d:31:9a:b1:bb:a0:65:c4:
bb:b1:a3:90:f2:8f:2d:a2:82:80:d1:1c:c1:4d:a1:c0:6d:fc:
7b:0f:cf:4d:1b:b5:f2:dd:cd:a8:a9:54:02:91:bd:86:2a:f3:
f4:ee:68:65:ac:64:37:30:81:97:8a:b1:64:d4:4a:31:51:87:
a3:1c:f5:91:bf:45:eb:a8:26:9b:54:48:1c:b4:27:14:b2:43:
ff:46:b7:a6:4d:82:8b:12:ec:15:7d:8a:ed:b8:2a:7b:f4:58:
03:4f:66:87:bf:b0:ce:64:54:0a:44:c1:e6:97:60:de:c7:da:
74:50:57:6f:3e:02:a2:4a:21:9c:5e:e7:8d:55:d7:31:6b:66:
ee:40:b8:79:cd:d1:42:b2:f9:00:72:0c:1f:67:d8:77:50:25:
b8:ce:3c:c7:52:e7:9e:11:1c:a7:d2:dd:25:8b:39:6f:92:6f:
5a:07:a1:39:66:a7:21:d0:73:91:e2:02:fd:a2:a2:69:0e:15:
5c:53:b1:c0:ae:4e:3f:94:85:2a:de:da:da:3f:43:fb:55:04:
1d:22:17:51:4c:8c:f1:4b:f9:b4:cb:63:fb:00:02:25:79:a6:
29:42:fd:89:30:8a:d8:c1:61:ad:00:1c:c4:66:49:10:a2:2a:
7b:a9:11:b2
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYxZy++uj6FQv8gQ/1vmsnfZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjExMTY1MzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2ZmYjA4NTE1MTIxMjJjMWE4ODI4Y2NjMjVjMGI4ZmRjYjdlMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHTL9zeSUf+0E2REEhHr7eFaYQwE
Wg4TqHoV70W2klbJzv1C743xo+PoOu6KtmAojiB8Xe+WB622pHqgdfVGBmFFKdeb
NATPm+BVGvvKKbrNskUGDTS/Q8ENCDXxMZmGM/IGv/XjJlAgsEcWc/TljAZxK57z
TcWQnGJjqaQQynXXlDorl6f+QYrTSbhwRkcdunU/MiN6ehWFW/0acsD1L6IH+zag
aWBs13eFdQjgbX1CErKLzunJZFWDq9aVriDhM5+bqQC4Z/BMBngMoW1T4dE5cA3o
N8V4z/qJZ9CX9jaIlmyDH85jbEwPxJgxts9H/MJJdTS8NOLdyAVS0dO/MwIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFIf/sIUVEhIsGogozMJcC4/ct+HDMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvaF8td2hSVVNFaXdhaUNqTXdsd0xqOXkzNGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSAwQHPqSAAwMA
VjYDBAHBbKgDBALCPiwDBADCpGEDBADCpHIDBADCpLUDBAXDGuADBAXDuOADBAXD
yAADBAfUIAADBAXV/qADBATZHcADAwDZmjANBAIAAjAHAwUAIAEV4DANBgkqhkiG
9w0BAQsFAAOCAQEAgmQ6gA/RBLBx8R0xmrG7oGXEu7GjkPKPLaKCgNEcwU2hwG38
ew/PTRu18t3NqKlUApG9hirz9O5oZaxkNzCBl4qxZNRKMVGHoxz1kb9F66gmm1RI
HLQnFLJD/0a3pk2CixLsFX2K7bgqe/RYA09mh7+wzmRUCkTB5pdg3sfadFBXbz4C
okohnF7njVXXMWtm7kC4ec3RQrL5AHIMH2fYd1AluM48x1LnnhEcp9LdJYs5b5Jv
WgehOWanIdBzkeIC/aKiaQ4VXFOxwK5OP5SFKt7a2j9D+1UEHSIXUUyM8Uv5tMtj
+wACJXmmKUL9iTCK2MFhrQAcxGZJEKIqe6kRsg==
-----END CERTIFICATE-----
Generated at Mon Apr 21 03:47:13 2025 by rpki-client