Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/xcv5scbax-G7CIsmMtRP3aRVooQ.roa
File: xcv5scbax-G7CIsmMtRP3aRVooQ.roa (raw, json)
Hash identifier: ldOQXavrcc8xyKafln+ByNulX2s/Gza6KVxtD3hmTO8=
Subject key identifier: C5:CB:F9:B1:C6:DA:C7:E1:BB:08:8B:26:32:D4:4F:DD:A4:55:A2:84
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 01874BDEA26CB3F99864B7194F7FDD43A7E6
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/xcv5scbax-G7CIsmMtRP3aRVooQ.roa
Signing time: Tue 04 Apr 2023 10:44:54 +0000
ROA not before: Tue 04 Apr 2023 10:44:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.164.128.0/17 maxlen: 17
62.164.144.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4b:de:a2:6c:b3:f9:98:64:b7:19:4f:7f:dd:43:a7:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Apr 4 10:44:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5cbf9b1c6dac7e1bb088b2632d44fdda455a284
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:2b:af:97:11:4d:49:d8:77:08:56:23:b6:1c:
ee:89:c1:2a:5c:98:f5:ef:2e:c4:80:70:41:95:9f:
a9:89:86:22:56:91:8b:d7:cb:50:4c:15:f9:a0:f6:
a5:e6:21:18:1f:9f:23:f3:0f:68:1e:68:a2:a1:b6:
74:63:43:87:2f:e7:fa:d8:de:fa:ae:05:55:d7:3e:
ad:bf:1f:47:72:5d:65:e3:72:9f:16:32:ed:43:76:
86:cb:f6:c1:4b:4f:aa:71:8e:7c:3d:54:00:bc:c2:
2f:a1:fe:06:fd:66:46:00:d1:00:6e:49:7c:fa:28:
76:d6:76:ff:d9:a8:42:4c:43:b7:8f:e3:32:4f:5b:
d6:4b:29:9d:86:b4:ae:e9:14:c5:bd:f1:9a:f3:16:
a4:56:6d:fa:d3:90:c0:65:7c:c9:21:ea:93:2e:9b:
b3:5a:3e:4c:33:6c:80:8a:f4:b7:4c:e4:35:b5:db:
d3:90:5b:d6:e7:aa:54:a8:86:61:f1:5b:ff:18:18:
2d:2c:03:f1:a2:70:3c:81:fc:f8:8f:3e:1a:90:80:
15:3c:ae:f6:9f:3d:d7:9b:ca:b3:cc:35:eb:16:85:
2e:a9:74:80:62:ab:b9:86:2d:48:5d:3e:e0:bd:bb:
e2:a7:ed:0a:86:5a:d8:30:60:7b:2e:98:25:f1:62:
27:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:CB:F9:B1:C6:DA:C7:E1:BB:08:8B:26:32:D4:4F:DD:A4:55:A2:84
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/xcv5scbax-G7CIsmMtRP3aRVooQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
Signature Algorithm: sha256WithRSAEncryption
75:8b:43:01:25:dd:1c:d6:5c:d5:1a:ca:f0:77:25:92:cc:95:
42:c7:d9:d5:79:65:b0:1f:fa:bd:61:07:90:81:2b:25:80:cd:
f0:b7:ae:8b:ea:75:02:90:3c:47:a1:61:5e:4f:d7:5d:42:ea:
fc:31:7d:f8:51:0c:0b:fe:13:99:c6:dd:06:ee:5d:a4:f0:ee:
e0:f6:a0:0a:13:ed:1e:f0:89:b9:cd:71:22:fd:c0:bd:17:13:
98:63:f5:0d:70:6c:5b:b8:86:37:cf:e8:6c:81:8a:ec:82:28:
cb:15:5f:59:de:2e:11:98:d4:f1:a2:96:f5:3c:ed:f3:e0:41:
fd:d0:c0:b5:f0:91:9d:e9:4b:a7:7d:5e:eb:66:6e:20:9e:2f:
3d:94:77:e3:07:5f:fe:7b:32:7c:d5:dd:db:f1:79:83:68:c9:
78:b7:df:69:13:af:54:54:50:71:68:b2:9d:fe:ac:c4:57:7c:
5d:98:37:17:c2:10:68:36:0d:d2:2c:33:74:af:6d:4a:b3:19:
79:68:e5:12:be:82:ff:59:11:c4:ab:5c:fa:82:13:2a:f9:5b:
a2:97:27:c8:b7:9f:b5:17:cd:c3:28:be:84:7c:da:66:f8:78:
19:8e:79:93:fa:57:41:a2:14:4f:c6:01:80:46:be:d5:78:39:
ce:9f:d2:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdL3qJss/mYZLcZT3/dQ6fmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMwNDA0MTA0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWNiZjliMWM2ZGFjN2UxYmIwODhiMjYzMmQ0NGZkZGE0NTVhMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCuvlxFNSdh3CFYjthzuicEqXJj1
7y7EgHBBlZ+piYYiVpGL18tQTBX5oPal5iEYH58j8w9oHmiiobZ0Y0OHL+f62N76
rgVV1z6tvx9Hcl1l43KfFjLtQ3aGy/bBS0+qcY58PVQAvMIvof4G/WZGANEAbkl8
+ih21nb/2ahCTEO3j+MyT1vWSymdhrSu6RTFvfGa8xakVm3605DAZXzJIeqTLpuz
Wj5MM2yAivS3TOQ1tdvTkFvW56pUqIZh8Vv/GBgtLAPxonA8gfz4jz4akIAVPK72
nz3Xm8qzzDXrFoUuqXSAYqu5hi1IXT7gvbvip+0KhlrYMGB7Lpgl8WInvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXL+bHG2sfhuwiLJjLUT92kVaKEMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEveGN2NXNjYmF4LUc3Q0lzbU10UlAzYVJWb29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHPqSAMA0G
CSqGSIb3DQEBCwUAA4IBAQB1i0MBJd0c1lzVGsrwdyWSzJVCx9nVeWWwH/q9YQeQ
gSslgM3wt66L6nUCkDxHoWFeT9ddQur8MX34UQwL/hOZxt0G7l2k8O7g9qAKE+0e
8Im5zXEi/cC9FxOYY/UNcGxbuIY3z+hsgYrsgijLFV9Z3i4RmNTxopb1PO3z4EH9
0MC18JGd6UunfV7rZm4gni89lHfjB1/+ezJ81d3b8XmDaMl4t99pE69UVFBxaLKd
/qzEV3xdmDcXwhBoNg3SLDN0r21Ksxl5aOUSvoL/WRHEq1z6ghMq+VuilyfIt5+1
F83DKL6EfNpm+HgZjnmT+ldBohRPxgGARr7VeDnOn9Kc
-----END CERTIFICATE-----
Generated at Tue Apr 22 00:50:28 2025 by rpki-client