Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/k-vBs9apbVkYLFe3Pe6nfKGoVmg.roa
File: k-vBs9apbVkYLFe3Pe6nfKGoVmg.roa (raw, json)
Hash identifier: cpo40tiEtp3IW4NVlY1NAgXVnXlkmbjMG9WFLPQPoK4=
Subject key identifier: 93:EB:C1:B3:D6:A9:6D:59:18:2C:57:B7:3D:EE:A7:7C:A1:A8:56:68
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018C3FA04BB505BD27D864EEA681AB66BAAD
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/k-vBs9apbVkYLFe3Pe6nfKGoVmg.roa
Signing time: Wed 06 Dec 2023 14:55:18 +0000
ROA not before: Wed 06 Dec 2023 14:55:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206509
IP address blocks: 217.29.192.0/20 maxlen: 22
62.164.128.0/17 maxlen: 21
213.254.160.0/19 maxlen: 19
62.164.144.0/21 maxlen: 21
212.32.0.0/17 maxlen: 17
193.108.168.0/23 maxlen: 23
86.54.0.0/16 maxlen: 16
194.62.44.0/22 maxlen: 22
217.154.0.0/16 maxlen: 16
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
2001:15e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3f:a0:4b:b5:05:bd:27:d8:64:ee:a6:81:ab:66:ba:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Dec 6 14:55:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=93ebc1b3d6a96d59182c57b73deea77ca1a85668
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:53:c9:c1:9a:b2:51:ed:1e:73:79:78:7b:42:
4f:b7:05:58:7a:48:61:eb:95:88:16:bb:d3:a5:58:
37:e7:c8:00:b3:e4:ca:eb:42:a5:0d:41:3d:23:43:
8d:5a:03:4a:4c:a8:64:e1:e1:99:5b:d0:73:b4:dc:
d3:14:bb:e7:a3:9b:4c:5a:19:0b:55:b8:f1:f4:e4:
fc:37:47:82:ea:5c:1d:99:2e:ae:dd:8a:1f:fd:7e:
ee:20:7e:79:b7:99:09:7b:02:46:75:37:56:bb:c2:
45:9c:2c:36:a1:9c:ef:a6:2d:90:61:d7:7f:e3:fd:
c7:8d:be:f9:2a:3b:29:cc:f5:36:0a:81:2a:2f:49:
0b:13:ab:cc:5f:42:c8:9f:ad:cd:5f:9b:6f:b0:d3:
08:d2:10:87:19:85:19:30:f9:2e:7b:fd:e4:4e:5d:
cd:c3:97:b7:a4:57:2b:8d:58:72:f8:05:34:e2:67:
87:ad:a9:cc:13:29:1a:70:ed:a6:bf:32:3e:25:86:
89:ac:6b:01:ca:6a:f6:9b:a2:08:81:5f:7c:23:32:
f8:74:c8:0b:f1:ab:b3:16:00:31:5a:73:e2:4b:a0:
aa:aa:bb:f5:a3:59:fe:41:1f:be:3c:e2:ff:88:02:
58:76:77:1e:ab:c4:c8:70:93:aa:a7:c1:ed:fe:d0:
49:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:EB:C1:B3:D6:A9:6D:59:18:2C:57:B7:3D:EE:A7:7C:A1:A8:56:68
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/k-vBs9apbVkYLFe3Pe6nfKGoVmg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
213.254.160.0/19
217.29.192.0/20
217.154.0.0/16
IPv6:
2001:15e0::/32
Signature Algorithm: sha256WithRSAEncryption
3e:b9:5b:ce:4b:68:f7:d6:f9:b4:db:f2:5f:dc:0d:16:74:6f:
3c:8c:19:ec:59:d0:05:a9:cc:73:de:ac:14:c0:d8:26:a8:f0:
17:e6:7b:26:ac:58:a9:e8:e9:7c:53:c4:7a:a4:36:a6:9d:36:
d2:c4:dd:cb:4d:62:6b:16:6e:04:2b:6d:3b:20:77:a2:d9:af:
e6:77:d2:cb:d8:50:66:81:f2:2a:34:a8:17:46:2a:70:dc:3c:
b1:b1:5c:8f:34:a6:0a:74:34:e8:c5:73:39:f5:c3:99:e6:5f:
5f:46:fa:65:ed:43:ca:56:9d:92:76:0c:ed:18:9a:80:b8:7c:
6f:43:41:36:e8:f0:46:53:8b:af:74:48:f0:e7:d8:4e:f0:0c:
65:04:d2:d3:21:8e:f9:92:65:36:ca:7d:d5:02:4a:71:6d:45:
62:f4:04:fa:00:74:1d:cc:1b:86:48:d0:31:f0:18:3c:f4:fe:
31:92:8a:9e:0b:43:c3:e6:72:94:5b:56:88:78:04:50:09:75:
14:1e:77:3c:36:a1:38:a0:db:7d:61:3c:60:a5:38:ba:10:1d:
f7:b3:36:16:4e:59:7e:7f:c3:14:f8:fc:69:98:c7:df:14:92:
e0:53:ff:92:6d:b6:3e:81:0b:69:b5:e5:e3:af:0d:78:c1:c3:
7d:e3:98:b2
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYw/oEu1Bb0n2GTupoGrZrqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjA2MTQ1NTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2ViYzFiM2Q2YTk2ZDU5MTgyYzU3YjczZGVlYTc3Y2ExYTg1NjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulPJwZqyUe0ec3l4e0JPtwVYekhh
65WIFrvTpVg358gAs+TK60KlDUE9I0ONWgNKTKhk4eGZW9BztNzTFLvno5tMWhkL
Vbjx9OT8N0eC6lwdmS6u3Yof/X7uIH55t5kJewJGdTdWu8JFnCw2oZzvpi2QYdd/
4/3Hjb75KjspzPU2CoEqL0kLE6vMX0LIn63NX5tvsNMI0hCHGYUZMPkue/3kTl3N
w5e3pFcrjVhy+AU04meHranMEykacO2mvzI+JYaJrGsBymr2m6IIgV98IzL4dMgL
8auzFgAxWnPiS6Cqqrv1o1n+QR++POL/iAJYdnceq8TIcJOqp8Ht/tBJVQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFJPrwbPWqW1ZGCxXtz3up3yhqFZoMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvay12QnM5YXBiVmtZTEZlM1BlNm5mS0dvVm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQHPqSAAwMA
VjYDBAHBbKgDBALCPiwDBAXDGuADBAXDuOADBAXDyAADBAfUIAADBAXV/qADBATZ
HcADAwDZmjANBAIAAjAHAwUAIAEV4DANBgkqhkiG9w0BAQsFAAOCAQEAPrlbzkto
99b5tNvyX9wNFnRvPIwZ7FnQBanMc96sFMDYJqjwF+Z7JqxYqejpfFPEeqQ2pp02
0sTdy01iaxZuBCttOyB3otmv5nfSy9hQZoHyKjSoF0YqcNw8sbFcjzSmCnQ06MVz
OfXDmeZfX0b6Ze1DyladknYM7RiagLh8b0NBNujwRlOLr3RI8OfYTvAMZQTS0yGO
+ZJlNsp91QJKcW1FYvQE+gB0HcwbhkjQMfAYPPT+MZKKngtDw+ZylFtWiHgEUAl1
FB53PDahOKDbfWE8YKU4uhAd97M2Fk5Zfn/DFPj8aZjH3xSS4FP/km22PoELabXl
468NeMHDfeOYsg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:51 2024 by rpki-client on console-ams.rpki-client.org