Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/hWGGkwOOokgOq1P18_HzHinXIDQ.roa
File: hWGGkwOOokgOq1P18_HzHinXIDQ.roa (raw, json)
Hash identifier: 3I1lk2iI1E9aioYLyhgxuCgDuMxKkGAdcrZB7ar+n4A=
Subject key identifier: 85:61:86:93:03:8E:A2:48:0E:AB:53:F5:F3:F1:F3:1E:29:D7:20:34
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0195D1C80F7701AEFCD312B3AD5F7D835AE2
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/hWGGkwOOokgOq1P18_HzHinXIDQ.roa
Signing time: Wed 26 Mar 2025 09:28:24 +0000
ROA not before: Wed 26 Mar 2025 09:28:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21267
IP address blocks: 5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
92.42.120.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a0d:7680::/29 maxlen: 29
2a0d:bf80::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d1:c8:0f:77:01:ae:fc:d3:12:b3:ad:5f:7d:83:5a:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Mar 26 09:28:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85618693038ea2480eab53f5f3f1f31e29d72034
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:b7:0c:38:83:78:49:c8:03:df:8f:e5:5a:77:
86:41:c7:b6:44:85:cc:cb:f0:85:4a:e5:1b:91:5f:
3a:da:fa:f3:32:fe:d2:a9:21:a1:77:25:ad:8c:6f:
bd:da:7e:64:fc:72:4d:d4:87:c0:99:1a:23:ef:55:
63:7d:d0:12:d9:26:55:d5:c7:29:c6:9b:b5:92:81:
b1:c3:34:d3:e0:27:41:7a:9f:ca:87:09:e8:e6:29:
ab:fa:0b:eb:e5:97:74:8a:6f:58:10:0a:23:c6:77:
e5:c7:fa:39:91:27:36:94:69:a4:a1:2d:87:bb:d0:
1a:4a:d5:27:ca:88:19:46:c2:4f:be:53:cd:62:19:
a6:53:db:61:9a:54:16:f0:be:a0:a0:96:13:c2:16:
cd:e3:03:73:e0:8f:77:27:93:66:a6:fc:31:c8:91:
ae:f9:bb:13:7f:b2:b8:47:f1:37:8b:4e:fd:87:87:
56:c3:f9:75:63:de:92:ad:9b:71:f6:be:dd:6b:bc:
ab:f7:20:d7:7c:f8:aa:c1:9f:a7:07:a4:a6:c5:2d:
1f:54:1d:23:dd:28:16:4a:a3:71:f5:95:fe:13:59:
77:de:c1:ab:db:cb:c9:ee:00:b9:41:98:d1:e8:2d:
19:14:64:91:f0:0a:64:2a:38:45:1d:3e:e1:f9:14:
34:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:61:86:93:03:8E:A2:48:0E:AB:53:F5:F3:F1:F3:1E:29:D7:20:34
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/hWGGkwOOokgOq1P18_HzHinXIDQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
83.150.252.0/22
85.95.96.0/19
92.42.120.0/21
95.129.64.0/21
176.58.0.0/21
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a0d:7680::/29
2a0d:bf80::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
6b:a1:5c:52:6c:06:a0:82:e7:22:ae:84:2e:eb:e5:4e:9f:04:
6b:62:84:c8:1b:17:65:1e:a7:72:a0:9d:3e:95:c4:a3:42:65:
84:3e:c3:78:ff:db:bc:8b:b2:bf:76:01:a4:79:f3:9e:be:4b:
37:6f:3f:b6:14:a1:fe:c7:83:f2:65:d4:32:93:66:01:d5:5a:
1c:94:e3:7b:63:9d:a1:af:7e:ee:e8:e4:0b:58:76:66:b6:1e:
26:a9:3a:77:82:04:7e:c0:02:09:c1:ad:63:09:7b:ac:91:00:
e7:ba:6f:50:17:47:43:36:ce:cd:8c:1a:83:ec:10:5b:8e:b6:
ab:18:a1:84:6b:40:f6:c8:10:c7:53:e5:d4:62:4e:61:6d:52:
90:7b:89:25:03:27:3c:63:2a:5c:dd:e4:e6:9c:6a:e5:23:26:
71:37:6b:3f:73:aa:3d:43:43:e8:a9:36:c3:22:65:c1:be:72:
5b:50:8c:9d:76:94:e8:b1:ae:45:ee:fd:a5:6c:81:dd:31:71:
b2:4c:67:b7:6a:b8:9a:63:86:d5:ea:f7:de:d0:f8:91:b9:dc:
61:0c:3a:d4:19:57:f3:79:60:4d:2e:81:ad:a6:20:6b:b5:d9:
01:c3:da:67:c7:2f:bd:ce:80:5b:bb:14:12:d9:b1:f9:2b:d0:
9f:16:1f:5b
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgISAZXRyA93Aa780xKzrV99g1riMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMzI2MDkyODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTYxODY5MzAzOGVhMjQ4MGVhYjUzZjVmM2YxZjMxZTI5ZDcyMDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7cMOIN4ScgD34/lWneGQce2RIXM
y/CFSuUbkV862vrzMv7SqSGhdyWtjG+92n5k/HJN1IfAmRoj71VjfdAS2SZV1ccp
xpu1koGxwzTT4CdBep/Khwno5imr+gvr5Zd0im9YEAojxnflx/o5kSc2lGmkoS2H
u9AaStUnyogZRsJPvlPNYhmmU9thmlQW8L6goJYTwhbN4wNz4I93J5NmpvwxyJGu
+bsTf7K4R/E3i079h4dWw/l1Y96SrZtx9r7da7yr9yDXfPiqwZ+nB6SmxS0fVB0j
3SgWSqNx9ZX+E1l33sGr28vJ7gC5QZjR6C0ZFGSR8ApkKjhFHT7h+RQ05QIDAQAB
o4IC+zCCAvcwHQYDVR0OBBYEFIVhhpMDjqJIDqtT9fPx8x4p1yA0MB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvaFdHR2t3T09va2dPcTFQMThfSHpIaW5YSURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBDwYIKwYBBQUHAQcBAf8Egf8wgfwwgdUEAgABMIHOAwQD
BZ/QAwQCBbVIAwQDH8BgAwQCLQhkAwQCLYRsAwQCLYksAwQEUErwAwQCU5b8AwQF
VV9gAwQDXCp4AwQDX4FAAwQDsDoAAwQCuU+4AwQCuVoAAwQCuV7MAwQCuWNMAwQC
uZFYAwQCubLYAwQBubbIAwQCuczUAwQCueUEAwQCufaEAwQCuffIAwQCufj8AwQD
vF4QAwQAwRgDAwQAwRgGAwQAwRgNAwQAwRgfAwQFwxogAwQBw1gIMAwDBALUC0QD
BALUC0gDBATZkYAwIgQCAAIwHAMFACoA8cADBQMqDXaAAwUDKg2/gAMFAyoOocAw
DQYJKoZIhvcNAQELBQADggEBAGuhXFJsBqCC5yKuhC7r5U6fBGtihMgbF2Uep3Kg
nT6VxKNCZYQ+w3j/27yLsr92AaR5856+SzdvP7YUof7Hg/Jl1DKTZgHVWhyU43tj
naGvfu7o5AtYdma2HiapOneCBH7AAgnBrWMJe6yRAOe6b1AXR0M2zs2MGoPsEFuO
tqsYoYRrQPbIEMdT5dRiTmFtUpB7iSUDJzxjKlzd5OacauUjJnE3az9zqj1DQ+ip
NsMiZcG+cltQjJ12lOixrkXu/aVsgd0xcbJMZ7dquJpjhtXq997Q+JG53GEMOtQZ
V/N5YE0uga2mIGu12QHD2mfHL73OgFu7FBLZsfkr0J8WH1s=
-----END CERTIFICATE-----
Generated at Tue Apr 22 16:05:17 2025 by rpki-client