Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HLiJkBNQiLvEPC28NAG9LWBUU4U.roa
File: HLiJkBNQiLvEPC28NAG9LWBUU4U.roa (raw, json)
Hash identifier: vmZzTkO+qtou4ACJOJ8yDW3kmYyv5Utd52neZNrClHo=
Subject key identifier: 1C:B8:89:90:13:50:88:BB:C4:3C:2D:BC:34:01:BD:2D:60:54:53:85
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195ED368D60A3CAD22774874DFFFBF6EAE9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HLiJkBNQiLvEPC28NAG9LWBUU4U.roa
Signing time: Mon 31 Mar 2025 17:18:50 +0000
ROA not before: Mon 31 Mar 2025 17:18:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.113.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ed:36:8d:60:a3:ca:d2:27:74:87:4d:ff:fb:f6:ea:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 31 17:18:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1cb88990135088bbc43c2dbc3401bd2d60545385
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:06:cb:29:ae:69:3e:8a:74:f8:fe:fe:ec:98:
6f:8d:0d:c4:e5:45:76:4c:cf:18:a0:b2:27:bd:ba:
d2:35:bb:22:93:5e:5a:35:4d:96:40:eb:ac:7a:75:
39:c2:f8:6e:29:6f:52:82:61:1e:cd:eb:0c:03:04:
cb:29:79:08:66:20:d4:18:40:50:04:c6:62:bf:c9:
b7:80:fa:b7:81:57:90:31:32:24:c5:99:4d:94:f0:
1e:ad:fc:50:b7:de:70:e3:82:57:9d:47:30:9f:4e:
9e:a1:d9:ce:c0:df:2a:50:a4:18:01:f8:ed:ed:df:
5f:a6:0f:76:3d:21:ff:9f:7b:38:79:0f:46:50:57:
99:53:0b:58:77:56:3f:ee:f8:94:7a:40:f8:03:45:
6c:c4:19:1f:7d:29:22:67:ea:2c:9c:37:56:aa:eb:
5b:a4:5f:49:62:78:31:09:2a:3d:77:b7:85:93:1b:
1e:d3:7a:69:e9:cf:57:c8:35:31:d0:44:3f:1f:2d:
1a:35:0d:63:8a:d2:45:c2:38:32:54:f9:cb:b4:87:
21:3c:44:1f:94:aa:75:44:ad:aa:0d:43:2a:72:eb:
e4:f3:ee:8d:82:0e:6f:cc:2e:98:d7:24:05:57:31:
c8:7a:42:03:f5:58:43:6d:f6:2b:1a:34:bc:74:a7:
e3:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:B8:89:90:13:50:88:BB:C4:3C:2D:BC:34:01:BD:2D:60:54:53:85
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HLiJkBNQiLvEPC28NAG9LWBUU4U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.230.0/23
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.113.0/24
94.156.232.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.73.0-171.22.75.255
178.215.224.0/24
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
37:81:49:e0:19:cf:43:e7:35:af:1e:5a:99:78:bf:97:40:d2:
42:95:50:17:84:7b:80:4c:1c:97:ce:2b:a9:08:64:aa:35:8a:
ef:c6:b5:43:db:cf:65:e5:7f:a8:dc:59:30:7d:c0:4d:e1:d4:
25:01:fc:2c:dd:34:38:78:0f:0d:46:16:85:23:ca:e2:fb:d6:
19:53:55:4f:c7:66:f2:bd:96:e1:70:ac:58:f1:dc:6d:f8:74:
0f:ac:73:e8:85:7a:b1:86:28:66:00:09:3c:ad:05:04:99:5c:
f0:4b:1c:ca:36:21:59:74:e8:6e:fd:2a:54:16:e5:bf:44:77:
ec:b0:52:e9:fe:ab:65:f1:13:70:1d:78:04:58:36:85:be:18:
35:19:0f:c1:98:1d:67:f8:87:7f:f8:b2:77:40:17:d5:58:68:
99:7c:a3:d3:94:b3:e9:79:27:77:da:11:fd:a3:e6:31:2b:3b:
f0:83:e7:0c:b2:ea:3f:e0:78:4f:65:74:41:bf:7a:a2:e5:4d:
97:64:ff:89:d1:9a:2d:07:58:9b:c3:26:ed:cf:07:34:74:0b:
cb:aa:d5:f1:0e:64:c0:49:e7:68:5a:ef:fd:30:0c:d7:6c:bb:
3b:57:d4:0c:7b:89:11:c8:52:30:4a:c3:bd:59:71:2d:bb:72:
8a:22:80:c5
-----BEGIN CERTIFICATE-----
MIIGczCCBVugAwIBAgISAZXtNo1go8rSJ3SHTf/79urpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzMxMTcxODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I4ODk5MDEzNTA4OGJiYzQzYzJkYmMzNDAxYmQyZDYwNTQ1Mzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywbLKa5pPop0+P7+7JhvjQ3E5UV2
TM8YoLInvbrSNbsik15aNU2WQOusenU5wvhuKW9SgmEezesMAwTLKXkIZiDUGEBQ
BMZiv8m3gPq3gVeQMTIkxZlNlPAerfxQt95w44JXnUcwn06eodnOwN8qUKQYAfjt
7d9fpg92PSH/n3s4eQ9GUFeZUwtYd1Y/7viUekD4A0VsxBkffSkiZ+osnDdWqutb
pF9JYngxCSo9d7eFkxse03pp6c9XyDUx0EQ/Hy0aNQ1jitJFwjgyVPnLtIchPEQf
lKp1RK2qDUMqcuvk8+6Ngg5vzC6Y1yQFVzHIekID9VhDbfYrGjS8dKfjEwIDAQAB
o4IDfzCCA3swHQYDVR0OBBYEFBy4iZATUIi7xDwtvDQBvS1gVFOFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSExpSmtCTlFpTHZFUEMyOE5BRzlMV0JVVTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBkwYIKwYBBQUHAQcBAf8EggGCMIIBfjCCAXoEAgABMIIB
cgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAS1C5gMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2AYAMEAC2LagMEAS2NngMEAS2XWgMEAE9u
MgMEAFGh7gMEAFPbYQMEAFQ2MAMEAFd4VzAMAwQEV3hwAwQBV3h0AwQBV3h4AwQA
V3h9AwQAV3imAwQAV3kSAwQAV3kWAwQAV3kmAwQAV3ktAwQAV3lXAwQBV3l8AwQA
V3miAwQAV3mlAwQAW1xGAwQEW1zwAwQAXPkyAwQAXXstAwQAXXsvAwQAXXtVAwQA
XXttAwQAXXt1AwQAXXt3AwQAXmd9AwQCXpqgAwQDXpxAAwQAXpxcAwQAXpxxAwQA
XpzoAwQAbc7tAwQAjWIBAwQAjWIGAwQAk05kMAwDBACrFkkDBAKrFkgDBACy1+AD
BACy1+MDBAK52FQDBADBGdgDBADBIxIDBADCN7oDBADCqa8wDQYJKoZIhvcNAQEL
BQADggEBADeBSeAZz0PnNa8eWpl4v5dA0kKVUBeEe4BMHJfOK6kIZKo1iu/GtUPb
z2Xlf6jcWTB9wE3h1CUB/CzdNDh4Dw1GFoUjyuL71hlTVU/HZvK9luFwrFjx3G34
dA+sc+iFerGGKGYACTytBQSZXPBLHMo2IVl06G79KlQW5b9Ed+ywUun+q2XxE3Ad
eARYNoW+GDUZD8GYHWf4h3/4sndAF9VYaJl8o9OUs+l5J3faEf2j5jErO/CD5wyy
6j/geE9ldEG/eqLlTZdk/4nRmi0HWJvDJu3PBzR0C8uq1fEOZMBJ52ha7/0wDNds
uztX1Ax7iRHIUjBKw71ZcS27cooigMU=
-----END CERTIFICATE-----
Generated at Tue Apr 29 11:15:30 2025 by rpki-client