Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/yPgo_Z30TEkXqY9Genr72i4wUGg.roa
File: yPgo_Z30TEkXqY9Genr72i4wUGg.roa (raw, json)
Hash identifier: TW4VE/utlxirzDFT3n7wcJUWdRGS5utaU6UTLJdwdtw=
Subject key identifier: C8:F8:28:FD:9D:F4:4C:49:17:A9:8F:46:7A:7A:FB:DA:2E:30:50:68
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018C59B7C9A4F80AE03C62DF4FB73E003988
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/yPgo_Z30TEkXqY9Genr72i4wUGg.roa
Signing time: Mon 11 Dec 2023 16:31:06 +0000
ROA not before: Mon 11 Dec 2023 16:31:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 62.169.128.0/20 maxlen: 20
217.29.192.0/22 maxlen: 22
62.169.144.0/22 maxlen: 22
62.164.128.0/17 maxlen: 17
62.169.148.0/23 maxlen: 23
62.169.150.0/24 maxlen: 24
62.169.152.0/22 maxlen: 22
62.164.144.0/21 maxlen: 21
62.169.156.0/24 maxlen: 24
62.169.158.0/23 maxlen: 23
193.108.168.0/23 maxlen: 23
194.164.80.0/22 maxlen: 22
194.164.85.0/24 maxlen: 24
194.164.86.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.62.44.0/22 maxlen: 22
195.26.224.0/19 maxlen: 19
195.200.0.0/19 maxlen: 19
195.184.224.0/19 maxlen: 19
195.184.228.0/23 maxlen: 23
195.184.236.0/24 maxlen: 24
195.184.245.0/24 maxlen: 24
212.32.56.0/21 maxlen: 21
212.32.54.0/23 maxlen: 23
212.32.64.0/18 maxlen: 18
213.254.160.0/19 maxlen: 19
212.32.0.0/17 maxlen: 17
212.32.0.0/20 maxlen: 20
212.32.16.0/21 maxlen: 21
212.32.24.0/22 maxlen: 22
212.32.28.0/23 maxlen: 23
212.32.32.0/21 maxlen: 21
86.54.0.0/16 maxlen: 16
212.47.80.0/23 maxlen: 23
212.47.84.0/24 maxlen: 24
212.32.42.0/23 maxlen: 23
212.32.44.0/23 maxlen: 23
212.32.48.0/22 maxlen: 22
212.56.57.0/24 maxlen: 24
194.164.2.0/24 maxlen: 24
212.56.56.0/23 maxlen: 23
212.56.60.0/22 maxlen: 22
194.164.12.0/24 maxlen: 24
194.164.38.0/24 maxlen: 24
217.154.0.0/16 maxlen: 16
212.56.48.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:59:b7:c9:a4:f8:0a:e0:3c:62:df:4f:b7:3e:00:39:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Dec 11 16:31:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c8f828fd9df44c4917a98f467a7afbda2e305068
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:7d:b2:e9:4d:e9:57:a3:1c:c0:f3:9e:6b:9e:
2a:38:2d:c2:d9:ab:5e:37:a3:c3:6c:57:2d:82:06:
6e:8d:5e:79:42:43:b9:49:02:de:1c:3d:9b:a3:c6:
85:7d:6a:aa:82:a7:79:04:7f:2e:46:b7:35:e9:01:
58:ab:42:90:92:9e:1d:33:03:f6:13:76:07:8e:91:
d1:46:d3:f3:27:a8:ba:45:a3:47:61:71:fc:73:78:
bd:df:fc:7d:03:46:44:8a:75:6f:fb:22:a7:95:bb:
f1:72:c9:2b:0b:80:d4:d2:89:c3:2b:ce:92:ec:ed:
90:f3:b6:d4:8d:a0:aa:11:ed:8e:21:43:65:dd:cf:
a4:7c:12:34:86:01:ba:7c:11:4f:55:67:14:dd:33:
de:15:69:10:cb:7a:72:f5:ad:8c:76:81:0d:6d:1b:
ea:12:b2:72:ab:cf:7a:e2:63:e4:16:a5:76:0f:ea:
30:93:3a:91:01:06:bc:07:ae:5f:37:44:d3:7d:f1:
55:ee:9e:d9:63:5a:cb:58:5d:f5:27:5e:dd:cd:be:
a3:7f:a7:a4:b5:0c:ce:60:44:3b:c8:e4:7c:27:35:
30:ae:c7:7a:d1:d0:36:d8:b2:22:bc:38:ac:b8:3e:
e3:51:9d:da:51:fd:3d:4b:30:06:da:8a:2c:ba:38:
48:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F8:28:FD:9D:F4:4C:49:17:A9:8F:46:7A:7A:FB:DA:2E:30:50:68
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/yPgo_Z30TEkXqY9Genr72i4wUGg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.128.0/17
62.169.128.0-62.169.150.255
62.169.152.0-62.169.156.255
62.169.158.0/23
86.54.0.0/16
193.108.168.0/23
194.62.44.0/22
194.164.2.0/24
194.164.12.0/24
194.164.38.0/24
194.164.80.0/22
194.164.85.0-194.164.86.255
194.164.97.0/24
195.26.224.0/19
195.184.224.0/19
195.200.0.0/19
212.32.0.0/17
212.47.80.0/23
212.47.84.0/24
212.56.48.0-212.56.57.255
212.56.60.0/22
213.254.160.0/19
217.29.192.0/22
217.154.0.0/16
Signature Algorithm: sha256WithRSAEncryption
55:8b:a3:1e:9a:12:d1:61:56:23:7d:f7:ff:61:f4:b8:b0:f3:
52:f2:96:43:57:d4:b1:e3:e9:d3:5c:d0:17:07:da:44:2c:47:
ad:c9:76:11:d4:b5:11:51:6b:66:b6:7f:84:89:40:68:48:9b:
ec:c0:4a:1f:4f:b7:55:2d:02:dd:14:b2:a7:4a:c3:9b:9e:f0:
dd:65:db:8f:a3:7f:da:6c:61:54:f1:79:5c:24:dd:f9:ab:3a:
09:85:88:22:9c:00:bf:76:f9:93:d4:b4:c2:92:98:dc:04:c4:
00:97:51:7b:da:c6:77:26:8f:2b:7c:b8:84:13:30:af:d3:99:
2a:6e:86:96:4a:d1:0d:2c:64:8e:52:72:a8:01:df:09:72:a8:
c3:d5:87:91:31:38:70:ec:2f:26:3c:44:7c:7f:23:4f:b9:9c:
d6:ba:b6:ed:d4:be:b6:0c:87:5c:ac:7c:8d:27:82:83:d3:b7:
07:5e:1c:c0:24:43:58:92:0a:91:8b:53:07:96:80:1f:f6:8a:
6c:a0:24:7d:69:81:61:26:4c:b5:fe:8b:5d:b7:b1:c3:68:84:
b3:bf:de:4a:c3:bf:c0:23:e6:17:dc:04:67:b9:b4:b4:df:b7:
0d:16:c7:c7:66:45:39:2c:ea:ea:40:95:a8:b6:fb:18:04:c6:
b2:e0:b1:5a
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgISAYxZt8mk+ArgPGLfT7c+ADmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjExMTYzMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY4MjhmZDlkZjQ0YzQ5MTdhOThmNDY3YTdhZmJkYTJlMzA1MDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH2y6U3pV6McwPOea54qOC3C2ate
N6PDbFctggZujV55QkO5SQLeHD2bo8aFfWqqgqd5BH8uRrc16QFYq0KQkp4dMwP2
E3YHjpHRRtPzJ6i6RaNHYXH8c3i93/x9A0ZEinVv+yKnlbvxcskrC4DU0onDK86S
7O2Q87bUjaCqEe2OIUNl3c+kfBI0hgG6fBFPVWcU3TPeFWkQy3py9a2MdoENbRvq
ErJyq8964mPkFqV2D+owkzqRAQa8B65fN0TTffFV7p7ZY1rLWF31J17dzb6jf6ek
tQzOYEQ7yOR8JzUwrsd60dA22LIivDisuD7jUZ3aUf09SzAG2oosujhIpwIDAQAB
o4ICtjCCArIwHQYDVR0OBBYEFMj4KP2d9ExJF6mPRnp6+9ouMFBoMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEveVBnb19aMzBURWtYcVk5R2VucjcyaTR3VUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHLBggrBgEFBQcBBwEB/wSBuzCBuDCBtQQCAAEwga4DBAc+
pIAwDAMEBz6pgAMEAD6pljAMAwQDPqmYAwQAPqmcAwQBPqmeAwMAVjYDBAHBbKgD
BALCPiwDBADCpAIDBADCpAwDBADCpCYDBALCpFAwDAMEAMKkVQMEAMKkVgMEAMKk
YQMEBcMa4AMEBcO44AMEBcPIAAMEB9QgAAMEAdQvUAMEANQvVDAMAwQE1DgwAwQB
1Dg4AwQC1Dg8AwQF1f6gAwQC2R3AAwMA2ZowDQYJKoZIhvcNAQELBQADggEBAFWL
ox6aEtFhViN99/9h9Liw81LylkNX1LHj6dNc0BcH2kQsR63JdhHUtRFRa2a2f4SJ
QGhIm+zASh9Pt1UtAt0UsqdKw5ue8N1l24+jf9psYVTxeVwk3fmrOgmFiCKcAL92
+ZPUtMKSmNwExACXUXvaxncmjyt8uIQTMK/TmSpuhpZK0Q0sZI5ScqgB3wlyqMPV
h5ExOHDsLyY8RHx/I0+5nNa6tu3UvrYMh1ysfI0ngoPTtwdeHMAkQ1iSCpGLUweW
gB/2imygJH1pgWEmTLX+i123scNohLO/3krDv8Aj5hfcBGe5tLTftw0Wx8dmRTks
6upAlai2+xgExrLgsVo=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:43:07 2023 by rpki-client on console.sobornost.net