Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jhzSags3hyP4Qc0QnmSUsF5bdqU.roa
File: jhzSags3hyP4Qc0QnmSUsF5bdqU.roa (raw, json)
Hash identifier: shlGZgXlynjnDp87mf/pivSbRJygecIxLaVIyjtWWDM=
Subject key identifier: 8E:1C:D2:6A:0B:37:87:23:F8:41:CD:10:9E:64:94:B0:5E:5B:76:A5
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194B6301D497C28BD453C48F2CA43F2BE60
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jhzSags3hyP4Qc0QnmSUsF5bdqU.roa
Signing time: Thu 30 Jan 2025 07:49:53 +0000
ROA not before: Thu 30 Jan 2025 07:49:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b6:30:1d:49:7c:28:bd:45:3c:48:f2:ca:43:f2:be:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 30 07:49:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8e1cd26a0b378723f841cd109e6494b05e5b76a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:ac:fc:c4:e7:58:78:2f:07:8e:b3:90:f3:3a:
d4:f9:e3:6f:ea:d8:2c:6d:da:ae:51:1b:f0:b7:3a:
3a:84:a8:02:07:a2:c7:08:22:d3:48:24:80:05:2b:
9a:f7:5e:ec:c8:10:64:26:0f:c9:a1:99:30:8d:f8:
d2:bb:a0:29:17:35:3d:83:76:6c:89:3d:27:b5:19:
f6:d8:c3:a2:a4:cd:4f:87:4c:d2:35:b2:8c:81:ab:
b3:50:8f:d2:e0:34:63:46:33:83:dc:b3:c9:2a:7f:
97:ca:44:dc:94:1e:a6:2a:50:77:27:89:82:63:f5:
03:10:bc:e0:22:6a:10:54:39:97:6d:0d:34:3a:ed:
8b:22:a4:95:1b:84:0f:bd:22:7f:4e:2e:8a:a5:bc:
1a:d0:6d:c0:58:84:0e:4c:42:a8:a4:26:8e:c6:3a:
81:ce:cd:6f:71:28:04:80:ae:72:ef:56:2a:67:8a:
45:11:c6:69:8f:ab:70:dc:f8:0c:ef:03:f7:42:e3:
ae:d5:e0:13:cb:ed:8e:4b:81:fc:f3:88:c0:f7:12:
fb:9d:34:aa:5c:74:35:e8:31:1c:17:ff:40:01:60:
40:34:f3:a5:f8:9b:c9:9b:ac:e3:b8:c0:74:62:d9:
d5:ee:e9:25:f0:0a:df:6a:5c:72:72:00:28:48:4a:
90:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:1C:D2:6A:0B:37:87:23:F8:41:CD:10:9E:64:94:B0:5E:5B:76:A5
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jhzSags3hyP4Qc0QnmSUsF5bdqU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
74:48:81:70:78:42:d6:cd:bd:ff:99:19:26:a4:f8:10:1a:52:
8b:54:db:1e:9c:a9:09:50:d5:f5:2c:c1:44:c5:d1:55:31:08:
33:57:5a:b7:1c:72:bf:ea:c7:b3:16:6e:2d:85:e0:f2:e7:86:
ac:15:b2:06:95:0d:2c:31:8b:cc:90:bc:66:9c:08:0a:f5:c2:
07:a3:97:98:70:19:23:98:b8:1f:01:5e:29:f9:01:ff:e2:08:
c5:69:d6:9e:a6:5b:8b:d1:f6:2f:58:ad:d7:43:21:67:6b:e1:
98:00:45:a0:b0:4f:92:21:f0:60:05:7c:77:07:4c:2a:00:68:
06:3a:5f:2f:fc:08:08:22:92:7f:ba:a7:28:7b:3b:c0:4e:1a:
7b:79:2e:f9:f8:b6:74:d9:4a:fa:1d:c6:8b:71:37:61:13:6f:
cb:92:74:18:14:58:68:3b:2b:87:6b:c3:92:6c:4a:fe:0d:16:
98:7a:59:07:6c:c7:be:f2:82:9e:ba:1f:07:6a:37:e0:60:c1:
c9:47:ad:46:cd:7b:78:f6:27:20:16:fb:cc:4c:77:c9:1f:04:
90:92:3d:68:d2:29:b5:6d:ac:32:2d:af:e7:cc:61:52:d0:3e:
ff:a0:07:e2:a6:aa:e8:a5:02:8a:61:81:d7:71:18:e6:48:0b:
96:ad:04:19
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgISAZS2MB1JfCi9RTxI8spD8r5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTMwMDc0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTFjZDI2YTBiMzc4NzIzZjg0MWNkMTA5ZTY0OTRiMDVlNWI3NmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaz8xOdYeC8HjrOQ8zrU+eNv6tgs
bdquURvwtzo6hKgCB6LHCCLTSCSABSua917syBBkJg/JoZkwjfjSu6ApFzU9g3Zs
iT0ntRn22MOipM1Ph0zSNbKMgauzUI/S4DRjRjOD3LPJKn+XykTclB6mKlB3J4mC
Y/UDELzgImoQVDmXbQ00Ou2LIqSVG4QPvSJ/Ti6Kpbwa0G3AWIQOTEKopCaOxjqB
zs1vcSgEgK5y71YqZ4pFEcZpj6tw3PgM7wP3QuOu1eATy+2OS4H884jA9xL7nTSq
XHQ16DEcF/9AAWBANPOl+JvJm6zjuMB0YtnV7ukl8ArfalxycgAoSEqQOwIDAQAB
o4IDCjCCAwYwHQYDVR0OBBYEFI4c0moLN4cj+EHNEJ5klLBeW3alMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvamh6U2FnczNoeVA0UWMwUW5tU1VzRjViZHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHgYIKwYBBQUHAQcBAf8EggENMIIBCTCCAQUEAgABMIH+
AwQAAjv9AwQCBfyEAwQBLQmcAwQALQ6kAwQALULkAwQALULmAwQALVhAAwQALVpZ
AwQALYtqAwQALY2eMAwDBAAtl1kDBAItl1gDBABPbjIDBABPbj4DBABT22EDBABU
NjADBABXeFcDBABXeKYDBABXeS0DBABXeVcDBAFXeXwDBABXeaIDBABXeaUDBARb
XPADBAFcd8QDBABc+TIDBAJemqADBABenAsDBANenEADBABenLMDBABenPgDBABf
1hsDBACNYgEDBACNYgYDBACTTmQDBAKrFkgDBAK52FQDBAK52lQDBADBGdgDBADC
MV4DBADCN7oDBADCqa8wDQYJKoZIhvcNAQELBQADggEBAHRIgXB4QtbNvf+ZGSak
+BAaUotU2x6cqQlQ1fUswUTF0VUxCDNXWrcccr/qx7MWbi2F4PLnhqwVsgaVDSwx
i8yQvGacCAr1wgejl5hwGSOYuB8BXin5Af/iCMVp1p6mW4vR9i9YrddDIWdr4ZgA
RaCwT5Ih8GAFfHcHTCoAaAY6Xy/8CAgikn+6pyh7O8BOGnt5Lvn4tnTZSvodxotx
N2ETb8uSdBgUWGg7K4drw5JsSv4NFph6WQdsx77ygp66HwdqN+BgwclHrUbNe3j2
JyAW+8xMd8kfBJCSPWjSKbVtrDItr+fMYVLQPv+gB+KmquilAophgddxGOZIC5at
BBk=
-----END CERTIFICATE-----
Generated at Mon Apr 28 05:01:45 2025 by rpki-client