Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/jYZqodiaxP_KZ3hNYZTEvDGE3NA.roa
File: jYZqodiaxP_KZ3hNYZTEvDGE3NA.roa (raw, json)
Hash identifier: 30unMsisITozr6UtnBZpyD9DIgkbm+cXd60VuYzQGSg=
Subject key identifier: 8D:86:6A:A1:D8:9A:C4:FF:CA:67:78:4D:61:94:C4:BC:31:84:DC:D0
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018CC50133FD4DD3944D3BA6CFA9002F94A3
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/jYZqodiaxP_KZ3hNYZTEvDGE3NA.roa
Signing time: Mon 01 Jan 2024 12:30:39 +0000
ROA not before: Mon 01 Jan 2024 12:30:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8897
IP address blocks: 62.164.128.0/17 maxlen: 21
62.164.144.0/21 maxlen: 21
2001:15e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:33:fd:4d:d3:94:4d:3b:a6:cf:a9:00:2f:94:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 1 12:30:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8d866aa1d89ac4ffca67784d6194c4bc3184dcd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:76:a7:b3:97:c7:a1:a7:c2:13:8c:5f:f1:5a:
46:9b:14:2f:a2:f8:20:e1:d7:09:52:bd:b1:14:58:
ed:f7:44:ef:18:36:63:d2:ad:a1:54:fd:3a:cb:bf:
4c:dc:52:3b:82:d3:de:5a:1d:da:5e:b4:d3:bc:2f:
6b:9d:e6:11:63:a2:c4:df:31:d5:a8:1c:44:ea:3a:
0d:b3:24:c4:14:b5:f9:e3:4e:45:3c:51:ac:d8:86:
42:a7:19:18:12:71:8e:e4:b8:e0:9b:b2:b3:9d:9d:
e3:d6:03:06:5b:25:4c:00:1b:90:39:de:3b:31:15:
1d:ab:09:92:29:83:67:df:a2:86:fc:8e:cb:09:22:
3f:94:ac:93:c4:ab:4a:32:5e:78:a9:76:b0:3c:6e:
15:30:09:34:aa:b0:d3:11:36:7e:89:56:07:27:eb:
06:df:56:e9:5a:16:fe:8a:b4:69:df:55:9a:63:73:
a9:d0:b0:5f:4b:90:f9:fd:1c:4b:f5:95:24:03:70:
ba:88:3f:3e:d8:81:7d:09:84:56:99:35:82:d8:5e:
8f:dc:61:e5:0a:5a:e4:6f:17:c0:9a:a1:67:e1:a1:
38:9a:df:7d:af:4a:aa:20:50:d2:32:06:81:75:45:
e1:72:3a:90:e0:00:28:e0:59:93:54:bc:16:94:8c:
4a:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:86:6A:A1:D8:9A:C4:FF:CA:67:78:4D:61:94:C4:BC:31:84:DC:D0
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/jYZqodiaxP_KZ3hNYZTEvDGE3NA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
IPv6:
2001:15e0::/32
Signature Algorithm: sha256WithRSAEncryption
12:3b:a5:00:41:c8:71:8a:3a:cd:9d:93:2a:bc:47:de:72:32:
1c:c5:27:59:18:2e:fa:08:c5:8a:be:94:e8:a5:ad:c4:2e:d6:
08:39:10:d9:a5:f3:f8:36:4b:55:fe:f3:42:83:88:fa:20:ec:
8c:a6:34:ef:30:ba:9c:13:86:47:41:5f:b3:e8:cf:56:e7:66:
2d:7d:eb:94:cd:d5:85:b3:1f:80:b3:5f:98:99:0f:7e:df:46:
4e:0d:ee:8f:bd:e7:ca:3d:5c:4d:cc:9b:71:e3:e4:9e:41:42:
59:2f:72:5f:c0:e6:15:5f:c3:2d:17:83:c5:1e:39:3c:44:a9:
26:48:58:11:49:65:7c:f9:14:b0:50:5a:0e:3a:78:0d:c6:75:
53:29:57:d0:40:ec:ce:c2:74:f5:57:3f:56:e3:42:a2:5c:58:
69:71:01:2a:de:a5:91:d3:7d:07:ed:f2:a4:88:dc:4a:cc:ba:
a4:5c:ab:76:55:ff:82:f3:19:c2:57:93:96:4a:cd:8d:da:2a:
ad:ef:6d:fd:35:33:64:94:64:fb:17:d7:97:3a:89:8a:a6:db:
31:fe:6e:2c:1e:6f:dc:d5:df:d4:ef:f6:8b:85:5a:66:8f:cb:
90:db:08:16:0f:c9:e3:60:a1:56:8e:10:1f:39:4e:4a:3a:19:
15:09:aa:5e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFATP9TdOUTTumz6kAL5SjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDg2NmFhMWQ4OWFjNGZmY2E2Nzc4NGQ2MTk0YzRiYzMxODRkY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnans5fHoafCE4xf8VpGmxQvovgg
4dcJUr2xFFjt90TvGDZj0q2hVP06y79M3FI7gtPeWh3aXrTTvC9rneYRY6LE3zHV
qBxE6joNsyTEFLX5405FPFGs2IZCpxkYEnGO5Ljgm7KznZ3j1gMGWyVMABuQOd47
MRUdqwmSKYNn36KG/I7LCSI/lKyTxKtKMl54qXawPG4VMAk0qrDTETZ+iVYHJ+sG
31bpWhb+irRp31WaY3Op0LBfS5D5/RxL9ZUkA3C6iD8+2IF9CYRWmTWC2F6P3GHl
ClrkbxfAmqFn4aE4mt99r0qqIFDSMgaBdUXhcjqQ4AAo4FmTVLwWlIxKGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI2GaqHYmsT/ymd4TWGUxLwxhNzQMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvallacW9kaWF4UF9LWjNoTllaVEV2REdFM05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHPqSAMA0E
AgACMAcDBQAgARXgMA0GCSqGSIb3DQEBCwUAA4IBAQASO6UAQchxijrNnZMqvEfe
cjIcxSdZGC76CMWKvpTopa3ELtYIORDZpfP4NktV/vNCg4j6IOyMpjTvMLqcE4ZH
QV+z6M9W52YtfeuUzdWFsx+As1+YmQ9+30ZODe6PvefKPVxNzJtx4+SeQUJZL3Jf
wOYVX8MtF4PFHjk8RKkmSFgRSWV8+RSwUFoOOngNxnVTKVfQQOzOwnT1Vz9W40Ki
XFhpcQEq3qWR030H7fKkiNxKzLqkXKt2Vf+C8xnCV5OWSs2N2iqt7239NTNklGT7
F9eXOomKptsx/m4sHm/c1d/U7/aLhVpmj8uQ2wgWD8njYKFWjhAfOU5KOhkVCape
-----END CERTIFICATE-----
Generated at Thu Feb 1 19:04:42 2024 by rpki-client on console-fra.rpki-client.org