Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/nT6eNNUUM7tIgZO1Zr6W-4vW9fw.roa
File: nT6eNNUUM7tIgZO1Zr6W-4vW9fw.roa (raw, json)
Hash identifier: ddR/n1Yazs7JmAHZHjEfb8uhQaozH1f1a9AwLv0wcl0=
Subject key identifier: 9D:3E:9E:34:D5:14:33:BB:48:81:93:B5:66:BE:96:FB:8B:D6:F5:FC
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018BB9799E242410519FF3A827D9BCDA5870
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/nT6eNNUUM7tIgZO1Zr6W-4vW9fw.roa
Signing time: Fri 10 Nov 2023 13:43:57 +0000
ROA not before: Fri 10 Nov 2023 13:43:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.169.128.0/19 maxlen: 19
62.169.128.0/20 maxlen: 20
217.29.192.0/22 maxlen: 22
62.169.144.0/22 maxlen: 22
62.164.128.0/17 maxlen: 17
62.169.148.0/23 maxlen: 23
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.164.144.0/21 maxlen: 21
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
194.154.32.0/19 maxlen: 19
193.108.168.0/23 maxlen: 23
194.62.44.0/22 maxlen: 22
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
212.32.56.0/21 maxlen: 21
212.32.54.0/23 maxlen: 23
212.32.64.0/18 maxlen: 18
213.254.160.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.47.64.0/19 maxlen: 19
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
86.54.0.0/16 maxlen: 16
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.56.56.0/23 maxlen: 23
194.164.0.0/16 maxlen: 16
212.56.60.0/22 maxlen: 22
217.154.0.0/16 maxlen: 16
212.56.32.0/19 maxlen: 19
212.56.48.0/20 maxlen: 20
212.56.48.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:b9:79:9e:24:24:10:51:9f:f3:a8:27:d9:bc:da:58:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Nov 10 13:43:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9d3e9e34d51433bb488193b566be96fb8bd6f5fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:bb:bd:3a:a1:cc:af:80:8a:ac:cb:c7:ec:18:
52:d4:31:16:7c:22:e1:86:35:6e:b1:9a:1e:65:39:
fe:22:0c:a3:a6:b5:1c:19:6a:4d:4b:0e:e5:41:39:
88:b1:1e:5b:63:a4:6e:12:e0:b7:4a:8a:e4:32:89:
68:38:5f:e9:04:c7:fb:25:d6:53:13:8d:e3:c3:44:
da:51:61:92:df:a1:f6:66:d7:5d:94:66:d0:e4:72:
25:75:a7:a9:de:b5:fc:78:ff:c4:28:f8:fd:c5:f3:
61:8f:42:cf:c1:9b:28:e0:30:b9:5f:ef:52:66:d3:
b7:4b:2a:f4:8c:23:c1:2b:9f:73:fb:a5:f7:f8:21:
9d:6b:a6:ad:a9:fe:b1:d2:80:66:4b:47:5d:69:af:
1e:3b:59:59:a7:bf:41:5b:6b:9f:71:e1:a5:aa:bd:
ad:78:7d:f5:0b:da:d4:32:2a:46:b5:ef:7c:89:32:
a1:d9:99:44:dc:9e:0e:fd:a1:71:f4:07:54:fd:bf:
f4:ab:c7:4e:3c:ab:5d:46:43:04:cd:bb:a9:62:58:
a3:32:52:14:e7:d8:0b:73:85:f6:a0:2a:43:ce:e9:
a4:36:e6:58:b2:56:20:10:6a:74:d3:ec:96:92:da:
7d:5e:d5:5b:a9:88:f6:14:40:e7:a2:b7:54:db:af:
35:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:3E:9E:34:D5:14:33:BB:48:81:93:B5:66:BE:96:FB:8B:D6:F5:FC
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/nT6eNNUUM7tIgZO1Zr6W-4vW9fw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0/19
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.154.32.0/19
194.164.0.0/16
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
212.47.64.0/19
212.56.32.0/19
213.254.160.0/19
217.29.192.0/22
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1d:cf:fb:e4:6a:31:d3:85:c6:cc:90:b2:2f:81:c5:d6:66:e2:
68:ac:70:e7:3f:5f:e9:2b:a3:3d:f7:27:68:9e:54:a5:ec:1f:
91:d8:2a:c8:6e:7b:8f:9d:2d:95:07:dd:d9:90:92:00:1f:a0:
b9:57:91:ad:09:48:46:64:cd:6a:45:73:34:76:1c:3a:27:a6:
71:1e:cc:1c:65:29:d1:bc:87:76:06:09:42:be:c1:ba:2d:f3:
ef:21:45:14:93:b4:da:28:2b:ba:6a:78:db:5a:1a:8e:4d:bf:
96:bf:84:14:65:61:af:fa:67:a8:18:30:1a:bd:7b:0c:c7:09:
9d:7b:1d:05:ab:ef:11:a4:cc:7c:61:c3:db:c9:20:fd:39:f6:
84:72:8f:e9:cc:d5:a9:c5:e8:a6:aa:aa:49:23:6a:ce:bf:5b:
d9:19:9a:1a:27:b0:84:08:93:d3:a9:8a:af:70:71:9c:b2:90:
28:bc:06:1f:9f:f3:6d:73:95:80:4f:33:47:73:34:ae:93:56:
15:35:76:5f:a1:ad:a5:c5:ef:72:ce:a0:09:4a:5b:2e:79:e4:
7b:5b:c1:04:a4:60:86:ce:08:c6:66:7a:66:b0:a5:ef:b2:a2:
e6:da:e1:cc:d3:86:ce:06:3d:e2:40:79:dc:a2:c8:2d:ef:78:
e3:b4:36:18
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYu5eZ4kJBBRn/OoJ9m82lhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMTEwMTM0MzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNlOWUzNGQ1MTQzM2JiNDg4MTkzYjU2NmJlOTZmYjhiZDZmNWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLu9OqHMr4CKrMvH7BhS1DEWfCLh
hjVusZoeZTn+IgyjprUcGWpNSw7lQTmIsR5bY6RuEuC3SorkMoloOF/pBMf7JdZT
E43jw0TaUWGS36H2ZtddlGbQ5HIldaep3rX8eP/EKPj9xfNhj0LPwZso4DC5X+9S
ZtO3Syr0jCPBK59z+6X3+CGda6atqf6x0oBmS0ddaa8eO1lZp79BW2ufceGlqr2t
eH31C9rUMipGte98iTKh2ZlE3J4O/aFx9AdU/b/0q8dOPKtdRkMEzbupYlijMlIU
59gLc4X2oCpDzumkNuZYslYgEGp00+yWktp9XtVbqYj2FEDnordU2681IwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFJ0+njTVFDO7SIGTtWa+lvuL1vX8MB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvblQ2ZU5OVVVNN3RJZ1pPMVpyNlctNHZXOWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBjBAIAATBdAwQHPqSAAwQF
PqmAAwMAVjYDBAHBbKgDBALCPiwDBAXCmiADAwDCpAMEBcMa4AMEBcO44AMEBcPI
AAMEB9QgAAMEBdQvQAMEBdQ4IAMEBdX+oAMEAtkdwAMDANmaMA0GCSqGSIb3DQEB
CwUAA4IBAQAdz/vkajHThcbMkLIvgcXWZuJorHDnP1/pK6M99ydonlSl7B+R2CrI
bnuPnS2VB93ZkJIAH6C5V5GtCUhGZM1qRXM0dhw6J6ZxHswcZSnRvId2BglCvsG6
LfPvIUUUk7TaKCu6anjbWhqOTb+Wv4QUZWGv+meoGDAavXsMxwmdex0Fq+8RpMx8
YcPbySD9OfaEco/pzNWpxeimqqpJI2rOv1vZGZoaJ7CECJPTqYqvcHGcspAovAYf
n/Ntc5WATzNHczSuk1YVNXZfoa2lxe9yzqAJSlsueeR7W8EEpGCGzgjGZnpmsKXv
sqLm2uHM04bOBj3iQHncosgt73jjtDYY
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:34:27 2025 by rpki-client