Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hmj_vtCMW3FbzvNZnOuXE1ZPr74.roa
File: hmj_vtCMW3FbzvNZnOuXE1ZPr74.roa (raw, json)
Hash identifier: BN+ueHwWfm9pxJuKfGRtmKW7txg/H2521btdtdjAAws=
Subject key identifier: 86:68:FF:BE:D0:8C:5B:71:5B:CE:F3:59:9C:EB:97:13:56:4F:AF:BE
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194605BBAA24318A85E13BA6475F0DCC3D4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hmj_vtCMW3FbzvNZnOuXE1ZPr74.roa
Signing time: Mon 13 Jan 2025 15:50:11 +0000
ROA not before: Mon 13 Jan 2025 15:50:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/23 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:60:5b:ba:a2:43:18:a8:5e:13:ba:64:75:f0:dc:c3:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 13 15:50:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8668ffbed08c5b715bcef3599ceb9713564fafbe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:03:4f:cb:db:39:7b:92:94:67:dc:fd:0e:56:
18:35:bf:a8:95:30:69:bb:11:ef:ff:da:48:33:9e:
13:9e:94:3c:2e:5b:86:7d:92:84:93:85:fb:40:b2:
c9:5d:d2:15:c8:2f:82:7e:60:b0:86:9e:db:e4:1e:
e0:9a:32:ef:c5:a4:3e:55:27:49:54:04:33:8a:51:
c9:ce:db:b3:45:68:a4:12:5c:97:01:44:c4:1d:91:
42:2e:9a:89:ac:5e:f3:bb:cd:0c:00:d1:31:90:b8:
4d:a0:61:35:14:ba:02:00:28:00:f2:74:e3:b7:b9:
0b:1e:01:e9:f8:79:1b:04:b9:1a:78:b8:a7:ad:04:
06:46:75:e9:55:b9:2d:96:5e:81:2e:c4:15:96:eb:
1e:34:e3:71:64:0d:4e:8b:4f:4f:bb:e6:a8:37:7c:
30:e7:1b:5d:6b:39:7e:8f:bd:dc:9d:50:62:d6:eb:
05:11:af:6c:fe:6c:c5:8b:55:d4:c1:0a:4a:85:8a:
f7:5a:ea:9a:24:ab:3a:8e:1d:aa:90:9e:1b:c7:34:
f0:ca:26:2b:69:bd:c4:62:de:1c:39:f4:01:17:82:
72:81:6a:2f:3f:a6:2a:d2:e1:c6:af:39:68:5d:b3:
a6:41:5a:34:5f:5f:cb:ee:9e:74:ec:fa:7a:6f:f1:
61:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:68:FF:BE:D0:8C:5B:71:5B:CE:F3:59:9C:EB:97:13:56:4F:AF:BE
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hmj_vtCMW3FbzvNZnOuXE1ZPr74.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.84.0/23
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:a0:9f:f8:40:ff:ae:8f:04:39:46:d1:be:5b:ea:dc:bf:b9:
e3:9f:78:17:c2:b6:f8:cb:01:2a:dc:aa:b2:fa:2d:ef:77:37:
c3:33:e0:d7:36:ae:c3:42:62:e1:c9:da:4f:4b:48:80:d6:c1:
fe:82:79:69:50:bc:f4:05:a5:8f:af:17:01:53:bd:66:d8:ce:
8e:d7:e3:9f:52:68:15:61:dc:c0:a7:a7:79:88:e9:ff:0f:a0:
ca:0f:48:0e:d1:20:98:af:90:ac:86:ba:ae:6b:36:e1:be:71:
0e:af:e7:8e:b5:20:bd:14:a0:f4:e4:5d:9b:82:52:d3:bc:db:
70:03:53:d2:5f:a8:c4:72:22:0e:14:b5:e4:89:3a:31:43:02:
5c:eb:f1:21:fc:bb:39:ad:21:89:97:7b:30:f8:ee:21:a1:ba:
03:ca:36:83:ab:cf:52:ce:aa:df:47:ff:81:25:21:6a:d0:a3:
f7:3d:41:4e:b9:ae:19:ca:cb:41:dc:07:b1:ab:24:4b:10:d1:
56:02:24:a4:50:5c:fd:68:11:22:89:47:4d:e3:42:53:61:69:
11:ac:29:8d:f1:d2:d8:de:b5:d6:19:12:9b:20:31:87:10:eb:
a1:fb:31:b5:ec:00:7c:b1:60:6d:ed:ca:01:5e:00:d6:d5:7a:
5a:31:52:e7
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISAZRgW7qiQxioXhO6ZHXw3MPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTEzMTU1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY4ZmZiZWQwOGM1YjcxNWJjZWYzNTk5Y2ViOTcxMzU2NGZhZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngNPy9s5e5KUZ9z9DlYYNb+olTBp
uxHv/9pIM54TnpQ8LluGfZKEk4X7QLLJXdIVyC+CfmCwhp7b5B7gmjLvxaQ+VSdJ
VAQzilHJztuzRWikElyXAUTEHZFCLpqJrF7zu80MANExkLhNoGE1FLoCACgA8nTj
t7kLHgHp+HkbBLkaeLinrQQGRnXpVbktll6BLsQVluseNONxZA1Oi09Pu+aoN3ww
5xtdazl+j73cnVBi1usFEa9s/mzFi1XUwQpKhYr3WuqaJKs6jh2qkJ4bxzTwyiYr
ab3EYt4cOfQBF4JygWovP6Yq0uHGrzloXbOmQVo0X1/L7p507Pp6b/FhTwIDAQAB
o4IDOzCCAzcwHQYDVR0OBBYEFIZo/77QjFtxW87zWZzrlxNWT6++MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaG1qX3Z0Q01XM0ZienZOWm5PdVhFMVpQcjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTwYIKwYBBQUHAQcBAf8EggE+MIIBOjCCATYEAgABMIIB
LgMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQAVDYwAwQA
VdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3ktAwQBV3lUAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQA
XpqtAwQAXpwLAwQDXpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQA
jWIGAwQAk05kAwQCqxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQA
wjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQBboJ/4QP+ujwQ5RtG+
W+rcv7njn3gXwrb4ywEq3Kqy+i3vdzfDM+DXNq7DQmLhydpPS0iA1sH+gnlpULz0
BaWPrxcBU71m2M6O1+OfUmgVYdzAp6d5iOn/D6DKD0gO0SCYr5CshrquazbhvnEO
r+eOtSC9FKD05F2bglLTvNtwA1PSX6jEciIOFLXkiToxQwJc6/Eh/Ls5rSGJl3sw
+O4hoboDyjaDq89SzqrfR/+BJSFq0KP3PUFOua4ZystB3AexqyRLENFWAiSkUFz9
aBEiiUdN40JTYWkRrCmN8dLY3rXWGRKbIDGHEOuh+zG17AB8sWBt7coBXgDW1Xpa
MVLn
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:45:35 2025 by rpki-client