Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/lZGGV1YgcwoBwePi40l5J6GVXB4.roa
File: lZGGV1YgcwoBwePi40l5J6GVXB4.roa (raw, json)
Hash identifier: vOXfgGExfx2eM0ImV49UGZwjwKHThmGSSF6J3+lvOM0=
Subject key identifier: 95:91:86:57:56:20:73:0A:01:C1:E3:E2:E3:49:79:27:A1:95:5C:1E
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018D3B1FBAB3FC83999DEB25924357E97CC6
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/lZGGV1YgcwoBwePi40l5J6GVXB4.roa
Signing time: Wed 24 Jan 2024 10:59:11 +0000
ROA not before: Wed 24 Jan 2024 10:59:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 62.164.128.0/17 maxlen: 17
62.164.128.0/18 maxlen: 18
62.164.144.0/21 maxlen: 21
62.164.192.0/21 maxlen: 21
62.169.128.0/20 maxlen: 20
62.169.144.0/22 maxlen: 22
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.169.154.0/24 maxlen: 24
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
86.54.0.0/16 maxlen: 16
193.108.168.0/23 maxlen: 23
193.108.169.0/24 maxlen: 24
194.62.44.0/22 maxlen: 22
194.164.2.0/24 maxlen: 24
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.100.0/24 maxlen: 24
194.164.104.0/24 maxlen: 24
194.164.106.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.140.0/22 maxlen: 22
194.164.144.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
194.164.223.0/24 maxlen: 24
194.164.231.0/24 maxlen: 24
194.164.232.0/24 maxlen: 24
194.164.238.0/24 maxlen: 24
194.164.241.0/24 maxlen: 24
194.164.242.0/23 maxlen: 23
194.164.247.0/24 maxlen: 24
195.26.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.28.0/24 maxlen: 24
212.32.32.0/21 maxlen: 21
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.44.0/24 maxlen: 24
212.32.48.0/22 maxlen: 22
212.32.54.0/23 maxlen: 23
212.32.55.0/24 maxlen: 24
212.32.56.0/21 maxlen: 21
212.32.64.0/18 maxlen: 18
212.32.66.0/24 maxlen: 24
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
212.56.57.0/24 maxlen: 24
213.254.160.0/19 maxlen: 19
213.254.171.0/24 maxlen: 24
213.254.178.0/24 maxlen: 24
213.254.185.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3b:1f:ba:b3:fc:83:99:9d:eb:25:92:43:57:e9:7c:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Jan 24 10:59:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=959186575620730a01c1e3e2e3497927a1955c1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:c3:6a:89:30:be:ed:82:5a:51:89:e0:4b:31:
78:ca:90:2a:1e:b4:02:7f:d0:c6:1f:31:5b:f2:cd:
b9:77:9b:04:13:a6:7d:45:c9:e3:5a:bd:cd:2a:9d:
21:fc:5f:07:21:39:1c:ac:80:d5:8a:ed:c8:fb:b8:
5a:90:bc:20:1d:37:43:6b:c3:10:e6:4d:86:5a:34:
91:9e:e7:48:b2:e3:64:84:fa:fd:4d:ac:6e:fc:83:
ea:a7:b1:05:41:47:e5:93:64:d5:ef:2c:da:b7:70:
b9:f6:49:bf:e0:e2:8d:4f:44:4b:7d:38:6d:9a:7c:
4c:5c:64:e9:35:dd:1a:3b:a5:59:94:6f:8a:fd:6e:
88:aa:03:3d:c1:d3:d2:d6:d9:cc:7c:2d:82:d4:46:
21:c1:f5:2d:62:d1:32:ca:12:0d:c7:60:73:3a:7f:
92:9c:cb:e2:b0:fd:6a:d0:97:1a:7b:b3:3b:db:d9:
72:92:21:c9:2e:2b:d2:1f:79:48:c2:dd:35:98:7c:
d9:d2:41:47:d6:8a:58:77:ed:fe:09:f9:3a:7c:ee:
79:d2:25:ed:9d:58:0c:0a:f3:11:48:79:33:b8:cb:
cb:6e:ac:e6:26:af:fe:31:55:df:43:26:e2:7d:74:
6f:48:21:c5:55:2d:bd:42:2c:dc:b4:03:15:69:51:
d8:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:91:86:57:56:20:73:0A:01:C1:E3:E2:E3:49:79:27:A1:95:5C:1E
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/lZGGV1YgcwoBwePi40l5J6GVXB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0-62.169.147.255
62.169.150.0/24
62.169.152.0-62.169.156.255
62.169.158.0/23
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
194.164.100.0/24
194.164.104.0/24
194.164.106.0/24
194.164.114.0/24
194.164.140.0-194.164.144.255
194.164.181.0/24
194.164.223.0/24
194.164.231.0-194.164.232.255
194.164.238.0/24
194.164.241.0-194.164.243.255
194.164.247.0/24
195.26.224.0/19
195.184.228.0/23
195.184.236.0/24
195.184.245.0/24
195.200.0.0/19
212.32.0.0/17
212.47.80.0/23
212.47.84.0/24
212.56.57.0/24
213.254.160.0/19
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:0f:29:ab:1a:2b:67:b2:0a:5a:69:25:71:19:03:98:b9:bc:
7f:3b:aa:24:6a:70:23:31:36:ba:14:f7:0b:f8:21:59:b2:91:
48:dd:2f:fd:c3:49:8a:1c:88:3c:2b:b7:16:b3:33:9c:cc:14:
20:96:89:e4:1d:3b:4c:3d:a2:47:3b:b3:27:43:68:d6:06:ba:
d8:df:9a:c3:60:ef:9b:83:2a:a7:10:07:de:bc:bd:0c:a0:e0:
c1:39:a9:87:d4:83:53:13:4f:c5:0d:84:06:7b:32:42:35:aa:
da:67:80:d4:b0:40:e8:82:59:51:4e:f7:fc:fb:d8:1a:05:23:
04:02:fa:b2:11:70:07:b1:4a:1c:98:64:1c:19:01:ce:63:1d:
06:a3:9e:c1:ea:cf:40:57:30:9e:58:f6:4d:3c:7a:22:58:33:
b5:a3:5a:4c:16:6f:32:94:de:b9:31:55:d3:30:c9:03:ce:bb:
46:fc:55:f2:65:fa:a7:60:bb:a0:b5:02:9e:57:02:97:56:85:
2f:88:11:2d:d0:64:58:42:e5:8a:e0:60:ab:46:28:e2:74:2f:
98:77:a8:bd:05:36:f8:8d:f2:75:72:21:c9:fb:f9:8d:62:16:
8b:9d:b3:21:b3:4e:e9:ee:cd:27:71:29:61:6a:d7:a8:b3:c7:
83:ed:8d:a6
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgISAY07H7qz/IOZneslkkNX6XzGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMTI0MTA1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTkxODY1NzU2MjA3MzBhMDFjMWUzZTJlMzQ5NzkyN2ExOTU1YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8NqiTC+7YJaUYngSzF4ypAqHrQC
f9DGHzFb8s25d5sEE6Z9RcnjWr3NKp0h/F8HITkcrIDViu3I+7hakLwgHTdDa8MQ
5k2GWjSRnudIsuNkhPr9Taxu/IPqp7EFQUflk2TV7yzat3C59km/4OKNT0RLfTht
mnxMXGTpNd0aO6VZlG+K/W6IqgM9wdPS1tnMfC2C1EYhwfUtYtEyyhINx2BzOn+S
nMvisP1q0Jcae7M729lykiHJLivSH3lIwt01mHzZ0kFH1opYd+3+Cfk6fO550iXt
nVgMCvMRSHkzuMvLbqzmJq/+MVXfQybifXRvSCHFVS29QizctAMVaVHYCQIDAQAB
o4IDEzCCAw8wHQYDVR0OBBYEFJWRhldWIHMKAcHj4uNJeSehlVweMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvbFpHR1YxWWdjd29Cd2VQaTQwbDVKNkdWWEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJwYIKwYBBQUHAQcBAf8EggEWMIIBEjCCAQ4EAgABMIIB
BgMEBz6kgDAMAwQHPqmAAwQCPqmQAwQAPqmWMAwDBAM+qZgDBAA+qZwDBAE+qZ4D
AwBWNgMEAcFsqAMEAsI+LAMEAMKkAgMEAMKkDAMEAMKkJgMEAsKkUDAMAwQAwqRV
AwQAwqRWAwQAwqRhAwQAwqRkAwQAwqRoAwQAwqRqAwQAwqRyMAwDBALCpIwDBADC
pJADBADCpLUDBADCpN8wDAMEAMKk5wMEAMKk6AMEAMKk7jAMAwQAwqTxAwQCwqTw
AwQAwqT3AwQFwxrgAwQBw7jkAwQAw7jsAwQAw7j1AwQFw8gAAwQH1CAAAwQB1C9Q
AwQA1C9UAwQA1Dg5AwQF1f6gAwMA2ZowDQYJKoZIhvcNAQELBQADggEBAGcPKasa
K2eyClppJXEZA5i5vH87qiRqcCMxNroU9wv4IVmykUjdL/3DSYociDwrtxazM5zM
FCCWieQdO0w9okc7sydDaNYGutjfmsNg75uDKqcQB968vQyg4ME5qYfUg1MTT8UN
hAZ7MkI1qtpngNSwQOiCWVFO9/z72BoFIwQC+rIRcAexShyYZBwZAc5jHQajnsHq
z0BXMJ5Y9k08eiJYM7WjWkwWbzKU3rkxVdMwyQPOu0b8VfJl+qdgu6C1Ap5XApdW
hS+IES3QZFhC5YrgYKtGKOJ0L5h3qL0FNviN8nVyIcn7+Y1iFoudsyGzTunuzSdx
KWFq16izx4PtjaY=
-----END CERTIFICATE-----
Generated at Thu Feb 1 19:04:42 2024 by rpki-client on console-fra.rpki-client.org