Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/hrIy-EsrpkkUyJnMgHUBFT2kdUI.roa
File: hrIy-EsrpkkUyJnMgHUBFT2kdUI.roa (raw, json)
Hash identifier: itmyWYoxw0tREn0ESTNVTh3xxi32VYJMYC8DncKCoQI=
Subject key identifier: 86:B2:32:F8:4B:2B:A6:49:14:C8:99:CC:80:75:01:15:3D:A4:75:42
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 01874BFEACF48ACC684162F60E0BE41124DD
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/hrIy-EsrpkkUyJnMgHUBFT2kdUI.roa
Signing time: Tue 04 Apr 2023 11:19:54 +0000
ROA not before: Tue 04 Apr 2023 11:19:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.169.128.0/19 maxlen: 19
62.164.128.0/17 maxlen: 17
62.164.144.0/21 maxlen: 21
193.108.168.0/23 maxlen: 23
86.54.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4b:fe:ac:f4:8a:cc:68:41:62:f6:0e:0b:e4:11:24:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Apr 4 11:19:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=86b232f84b2ba64914c899cc807501153da47542
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:c2:a8:ca:11:66:aa:11:04:61:a5:87:0c:5f:
44:fc:8b:89:a8:8c:25:8e:bb:f8:48:92:5c:00:f2:
f3:fc:c4:28:b5:94:b5:c3:d4:35:15:7e:df:3f:7f:
b3:0b:dc:a8:90:6a:25:18:cc:4c:c1:e8:17:25:06:
ed:3d:4d:cf:3b:23:af:24:63:62:6a:90:7b:dc:25:
01:9b:4b:11:aa:a0:2b:2b:97:e0:f0:70:d9:47:5a:
b0:c8:d5:db:64:9b:9e:7d:61:b4:8d:b1:68:e7:a1:
8b:0f:13:e0:58:11:b1:08:f8:37:19:f3:2e:c1:7f:
72:97:bf:d9:26:de:f1:00:78:bb:d6:93:25:b4:22:
ae:96:a3:ca:d2:ec:d2:7f:52:6a:c0:25:a8:02:f1:
18:7b:7f:31:85:e8:35:d8:59:13:66:f8:c1:42:30:
05:78:f1:90:ba:9a:ea:dd:4d:9e:00:54:35:44:e7:
c8:6f:06:78:d9:8f:59:ed:c3:58:37:de:38:b5:7c:
24:83:a6:cb:df:2c:b9:5c:fa:c8:b1:ec:d2:2d:3f:
9d:44:41:e7:e3:3e:2c:9b:a2:eb:28:7a:c7:69:70:
30:19:b1:c6:6f:91:a0:9b:c9:65:26:d7:9a:ac:21:
3a:08:55:31:eb:0e:e0:98:19:d4:ca:09:56:19:22:
44:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:B2:32:F8:4B:2B:A6:49:14:C8:99:CC:80:75:01:15:3D:A4:75:42
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/hrIy-EsrpkkUyJnMgHUBFT2kdUI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0/19
86.54.0.0/16
193.108.168.0/23
Signature Algorithm: sha256WithRSAEncryption
ab:47:d2:06:86:bf:1a:b4:3c:a9:72:c1:04:a5:fd:08:5e:b3:
d4:70:3a:94:80:29:fc:5a:95:2d:29:8d:af:00:d8:ca:fa:95:
7c:31:16:e2:b8:11:3f:fb:a8:8e:c6:8a:5f:08:b3:91:3e:ac:
31:6a:65:f2:5d:77:3e:de:9f:b6:98:f6:a1:12:4c:5b:44:be:
1e:f8:79:a3:c2:3c:50:84:38:26:9d:fd:9c:56:37:7e:d0:7b:
93:9a:07:85:84:06:23:63:9f:95:ab:91:cb:26:ac:c2:8f:84:
ec:d9:93:4a:6f:36:a8:3c:94:fc:92:8f:7f:65:fd:b3:03:55:
f1:07:72:eb:85:eb:e9:11:39:15:d1:58:25:78:62:43:60:33:
a2:5c:c6:f8:23:55:e8:46:bd:c3:be:bf:2a:85:de:0b:28:51:
a3:6c:3e:79:7d:77:71:17:29:ac:5f:65:e4:b5:29:2c:c2:6f:
54:99:a7:00:a3:00:88:c5:cc:36:1d:ff:5e:c2:91:c2:fa:87:
95:5a:03:f0:3a:0d:5c:4f:31:8b:9b:33:3a:9f:f5:f1:f6:6f:
c4:2b:ec:9d:32:fd:21:cb:6b:a0:e7:22:19:cc:7e:1a:84:c0:
11:b1:44:7d:14:d3:76:be:a1:3f:11:3d:1b:0c:89:f2:1f:a9:
5c:84:ab:65
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdL/qz0isxoQWL2DgvkESTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMwNDA0MTExOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIyMzJmODRiMmJhNjQ5MTRjODk5Y2M4MDc1MDExNTNkYTQ3NTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucKoyhFmqhEEYaWHDF9E/IuJqIwl
jrv4SJJcAPLz/MQotZS1w9Q1FX7fP3+zC9yokGolGMxMwegXJQbtPU3POyOvJGNi
apB73CUBm0sRqqArK5fg8HDZR1qwyNXbZJuefWG0jbFo56GLDxPgWBGxCPg3GfMu
wX9yl7/ZJt7xAHi71pMltCKulqPK0uzSf1JqwCWoAvEYe38xheg12FkTZvjBQjAF
ePGQuprq3U2eAFQ1ROfIbwZ42Y9Z7cNYN944tXwkg6bL3yy5XPrIsezSLT+dREHn
4z4sm6LrKHrHaXAwGbHGb5Ggm8llJtearCE6CFUx6w7gmBnUyglWGSJEKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIayMvhLK6ZJFMiZzIB1ARU9pHVCMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvaHJJeS1Fc3Jwa2tVeUpuTWdIVUJGVDJrZFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwQHPqSAAwQF
PqmAAwMAVjYDBAHBbKgwDQYJKoZIhvcNAQELBQADggEBAKtH0gaGvxq0PKlywQSl
/Qhes9RwOpSAKfxalS0pja8A2Mr6lXwxFuK4ET/7qI7Gil8Is5E+rDFqZfJddz7e
n7aY9qESTFtEvh74eaPCPFCEOCad/ZxWN37Qe5OaB4WEBiNjn5WrkcsmrMKPhOzZ
k0pvNqg8lPySj39l/bMDVfEHcuuF6+kRORXRWCV4YkNgM6JcxvgjVehGvcO+vyqF
3gsoUaNsPnl9d3EXKaxfZeS1KSzCb1SZpwCjAIjFzDYd/17CkcL6h5VaA/A6DVxP
MYubMzqf9fH2b8Qr7J0y/SHLa6DnIhnMfhqEwBGxRH0U03a+oT8RPRsMifIfqVyE
q2U=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:09 2025 by rpki-client