Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/H1-LM5k__IRWwVtqlJm2eUsaQic.roa
File: H1-LM5k__IRWwVtqlJm2eUsaQic.roa (raw, json)
Hash identifier: xSN/enWKYFfc+gGMYBRMUf37d87126ayU5kBKJHdWhE=
Subject key identifier: 1F:5F:8B:33:99:3F:FC:84:56:C1:5B:6A:94:99:B6:79:4B:1A:42:27
Certificate issuer: /CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Certificate serial: 018692B204BA4BE81F4F69FFB86CEC6EFECC
Authority key identifier: E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/H1-LM5k__IRWwVtqlJm2eUsaQic.roa
Signing time: Mon 27 Feb 2023 11:46:25 +0000
ROA not before: Mon 27 Feb 2023 11:46:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39501
IP address blocks: 89.33.18.0/23 maxlen: 23
89.46.94.0/23 maxlen: 23
89.39.186.0/23 maxlen: 23
89.33.128.0/23 maxlen: 23
89.40.78.0/23 maxlen: 23
89.40.90.0/23 maxlen: 23
89.40.38.0/23 maxlen: 23
89.38.242.0/23 maxlen: 23
45.140.28.0/22 maxlen: 22
89.45.126.0/23 maxlen: 23
89.46.44.0/23 maxlen: 23
89.32.196.0/23 maxlen: 23
89.46.60.0/23 maxlen: 23
185.46.0.0/22 maxlen: 22
188.159.96.0/19 maxlen: 19
188.159.128.0/19 maxlen: 19
188.159.128.0/18 maxlen: 18
188.159.64.0/19 maxlen: 19
89.44.190.0/23 maxlen: 23
89.44.202.0/23 maxlen: 23
89.38.24.0/23 maxlen: 23
89.45.68.0/23 maxlen: 23
89.45.80.0/23 maxlen: 23
188.159.224.0/19 maxlen: 19
89.38.102.0/23 maxlen: 23
188.159.192.0/19 maxlen: 19
89.165.64.0/18 maxlen: 18
89.165.80.0/21 maxlen: 21
188.158.160.0/21 maxlen: 21
188.158.160.0/20 maxlen: 20
188.158.160.0/19 maxlen: 19
89.165.105.0/24 maxlen: 24
89.37.102.0/23 maxlen: 23
89.165.16.0/21 maxlen: 21
89.43.204.0/23 maxlen: 23
89.37.30.0/23 maxlen: 23
188.158.96.0/21 maxlen: 21
188.158.96.0/20 maxlen: 20
188.158.96.0/19 maxlen: 19
89.37.42.0/23 maxlen: 23
89.165.56.0/21 maxlen: 21
188.158.128.0/18 maxlen: 18
188.158.128.0/19 maxlen: 19
89.44.112.0/23 maxlen: 23
89.44.118.0/23 maxlen: 23
188.159.0.0/18 maxlen: 18
188.159.0.0/19 maxlen: 19
188.159.0.0/16 maxlen: 16
89.37.198.0/23 maxlen: 23
89.37.218.0/23 maxlen: 23
89.44.146.0/23 maxlen: 23
188.159.32.0/19 maxlen: 19
188.158.192.0/19 maxlen: 19
86.104.232.0/21 maxlen: 21
188.158.224.0/19 maxlen: 19
89.43.70.0/23 maxlen: 23
89.43.88.0/21 maxlen: 21
89.43.36.0/23 maxlen: 23
188.158.32.0/19 maxlen: 19
188.158.32.0/20 maxlen: 20
89.36.226.0/23 maxlen: 23
188.158.64.0/19 maxlen: 19
89.36.252.0/23 maxlen: 23
89.43.182.0/23 maxlen: 23
89.165.0.0/18 maxlen: 18
89.43.188.0/23 maxlen: 23
89.165.0.0/17 maxlen: 17
89.165.8.0/21 maxlen: 21
89.43.96.0/21 maxlen: 21
188.158.0.0/19 maxlen: 19
188.158.0.0/18 maxlen: 18
89.36.194.0/23 maxlen: 23
188.158.0.0/16 maxlen: 16
188.158.0.0/15 maxlen: 15
188.158.16.0/20 maxlen: 20
89.35.156.0/23 maxlen: 23
85.204.30.0/23 maxlen: 23
89.35.176.0/23 maxlen: 23
89.35.194.0/23 maxlen: 23
89.42.32.0/23 maxlen: 23
89.42.56.0/23 maxlen: 23
89.35.132.0/23 maxlen: 23
89.42.68.0/23 maxlen: 23
89.36.16.0/23 maxlen: 23
89.42.228.0/23 maxlen: 23
94.177.72.0/21 maxlen: 21
89.42.150.0/23 maxlen: 23
85.204.76.0/23 maxlen: 23
85.204.104.0/23 maxlen: 23
89.34.200.0/23 maxlen: 23
94.176.32.0/21 maxlen: 21
89.34.176.0/23 maxlen: 23
89.41.240.0/21 maxlen: 21
89.35.58.0/23 maxlen: 23
89.33.234.0/23 maxlen: 23
89.33.240.0/23 maxlen: 23
89.34.20.0/23 maxlen: 23
89.40.110.0/23 maxlen: 23
89.40.106.0/23 maxlen: 23
89.40.128.0/23 maxlen: 23
89.33.204.0/23 maxlen: 23
89.41.16.0/21 maxlen: 21
89.34.88.0/23 maxlen: 23
89.34.94.0/23 maxlen: 23
89.41.32.0/23 maxlen: 23
89.41.58.0/23 maxlen: 23
89.41.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:92:b2:04:ba:4b:e8:1f:4f:69:ff:b8:6c:ec:6e:fe:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Validity
Not Before: Feb 27 11:46:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1f5f8b33993ffc8456c15b6a9499b6794b1a4227
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a2:34:a5:da:88:88:bc:1a:6b:4c:46:b9:58:
53:a4:d5:db:fe:65:a7:c9:5e:44:38:bc:36:36:88:
3f:60:bc:b7:ba:e1:ee:87:cf:d8:f7:22:b8:9c:32:
46:50:76:23:bc:7f:69:a9:4c:47:a8:7b:2d:fe:b5:
bf:ea:de:bc:11:d1:b4:1f:45:d9:ac:ca:fc:4f:0e:
75:61:55:03:07:fd:b2:13:f3:8c:5c:18:13:0f:8a:
c6:70:59:8c:18:35:c2:00:63:a7:1d:cf:16:7e:f9:
12:a5:39:f4:1f:5c:2a:87:ed:69:ac:7b:b6:00:35:
af:e7:78:99:69:07:d9:6e:1a:e2:f2:f1:fe:f1:e3:
58:f0:18:f4:90:59:2e:81:ea:93:71:7d:79:97:ad:
be:da:58:57:03:c7:ab:d3:4b:e6:9c:b0:50:0e:1d:
f0:37:07:33:31:b3:d7:e6:d5:8a:bd:00:d9:cf:13:
a2:d5:11:85:be:2a:d4:b1:85:78:dd:da:97:bf:49:
f2:69:94:31:66:4a:6c:dd:a2:fe:0d:5e:63:46:39:
2f:3c:53:5f:41:62:48:93:ef:84:1e:4a:98:7b:8b:
b9:83:a5:dd:07:04:87:18:9f:c9:82:fe:1e:aa:34:
f2:23:30:61:a4:fd:80:4b:31:bc:d5:96:3c:e4:fc:
0e:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:5F:8B:33:99:3F:FC:84:56:C1:5B:6A:94:99:B6:79:4B:1A:42:27
X509v3 Authority Key Identifier:
keyid:E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/H1-LM5k__IRWwVtqlJm2eUsaQic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.140.28.0/22
85.204.30.0/23
85.204.76.0/23
85.204.104.0/23
86.104.232.0/21
89.32.196.0/23
89.33.18.0/23
89.33.128.0/23
89.33.204.0/23
89.33.234.0/23
89.33.240.0/23
89.34.20.0/23
89.34.88.0/23
89.34.94.0/23
89.34.176.0/23
89.34.200.0/23
89.35.58.0/23
89.35.132.0/23
89.35.156.0/23
89.35.176.0/23
89.35.194.0/23
89.36.16.0/23
89.36.194.0/23
89.36.226.0/23
89.36.252.0/23
89.37.30.0/23
89.37.42.0/23
89.37.102.0/23
89.37.198.0/23
89.37.218.0/23
89.38.24.0/23
89.38.102.0/23
89.38.242.0/23
89.39.186.0/23
89.40.38.0/23
89.40.78.0/23
89.40.90.0/23
89.40.106.0/23
89.40.110.0/23
89.40.128.0/23
89.41.8.0-89.41.23.255
89.41.32.0/23
89.41.58.0/23
89.41.240.0/21
89.42.32.0/23
89.42.56.0/23
89.42.68.0/23
89.42.150.0/23
89.42.228.0/23
89.43.36.0/23
89.43.70.0/23
89.43.88.0-89.43.103.255
89.43.182.0/23
89.43.188.0/23
89.43.204.0/23
89.44.112.0/23
89.44.118.0/23
89.44.146.0/23
89.44.190.0/23
89.44.202.0/23
89.45.68.0/23
89.45.80.0/23
89.45.126.0/23
89.46.44.0/23
89.46.60.0/23
89.46.94.0/23
89.165.0.0/17
94.176.32.0/21
94.177.72.0/21
185.46.0.0/22
188.158.0.0/15
Signature Algorithm: sha256WithRSAEncryption
b7:2c:37:44:6d:0c:73:65:cc:8d:d8:76:fe:2a:9e:88:25:33:
3f:72:c5:05:b3:2b:27:47:b1:db:38:fc:55:29:fb:e9:87:31:
bf:7e:21:d0:2c:72:e8:ea:8a:bc:3b:6e:7f:a1:d2:53:44:e7:
24:3e:ac:92:bb:e0:b7:04:a4:95:f5:55:ed:5e:e7:10:60:9b:
8c:1d:ee:ee:2c:a8:6d:86:c6:1f:11:74:76:f6:38:42:ed:fc:
f5:5c:99:3f:84:fe:65:50:a6:c9:81:af:b5:de:4c:4d:08:67:
18:a8:85:a1:db:e2:10:f7:87:e4:e3:18:74:97:07:61:ac:3a:
72:45:4d:59:26:79:56:e2:4c:02:61:8e:fb:25:93:34:c9:f9:
f9:0a:a7:75:bc:d1:55:cc:e1:74:6c:8b:b8:4b:19:87:44:3e:
8b:5e:fb:c4:e1:3a:9d:a9:bd:0d:61:55:f4:bf:73:5b:6c:8d:
d5:c9:eb:6e:d6:7f:f8:bc:cd:2a:81:25:5a:24:55:9a:56:f7:
65:1a:f4:f3:72:02:bd:0c:56:e5:ae:bd:cc:21:dd:1d:a9:6a:
42:b5:d7:f4:c8:d4:9f:80:f7:54:11:70:05:a0:ed:b6:77:ba:
6c:0d:1e:76:e3:77:25:0c:2a:72:1c:5f:87:da:7b:c3:19:de:
c0:cf:df:48
-----BEGIN CERTIFICATE-----
MIIGujCCBaKgAwIBAgISAYaSsgS6S+gfT2n/uGzsbv7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmVkNGU3NzgyMDljM2NhZTkzZDRiNzZkMzUwNzA0NDYy
YzNhYWIwHhcNMjMwMjI3MTE0NjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjVmOGIzMzk5M2ZmYzg0NTZjMTViNmE5NDk5YjY3OTRiMWE0MjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKI0pdqIiLwaa0xGuVhTpNXb/mWn
yV5EOLw2Nog/YLy3uuHuh8/Y9yK4nDJGUHYjvH9pqUxHqHst/rW/6t68EdG0H0XZ
rMr8Tw51YVUDB/2yE/OMXBgTD4rGcFmMGDXCAGOnHc8WfvkSpTn0H1wqh+1prHu2
ADWv53iZaQfZbhri8vH+8eNY8Bj0kFkugeqTcX15l62+2lhXA8er00vmnLBQDh3w
NwczMbPX5tWKvQDZzxOi1RGFvirUsYV43dqXv0nyaZQxZkps3aL+DV5jRjkvPFNf
QWJIk++EHkqYe4u5g6XdBwSHGJ/Jgv4eqjTyIzBhpP2ASzG81ZY85PwOQQIDAQAB
o4IDxjCCA8IwHQYDVR0OBBYEFB9fizOZP/yEVsFbapSZtnlLGkInMB8GA1UdIwQY
MBaAFOf+1Od4IJw8rpPUt201BwRGLDqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQt
OGJiODAxNTJhYjM0LzEvSDEtTE01a19fSVJXd1Z0cWxKbTJlVXNhUWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQtOGJiODAxNTJhYjM0
LzEvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB2gYIKwYBBQUHAQcBAf8EggHJMIIBxTCCAcEEAgABMIIB
uQMEAi2MHAMEAVXMHgMEAVXMTAMEAVXMaAMEA1Zo6AMEAVkgxAMEAVkhEgMEAVkh
gAMEAVkhzAMEAVkh6gMEAVkh8AMEAVkiFAMEAVkiWAMEAVkiXgMEAVkisAMEAVki
yAMEAVkjOgMEAVkjhAMEAVkjnAMEAVkjsAMEAVkjwgMEAVkkEAMEAVkkwgMEAVkk
4gMEAVkk/AMEAVklHgMEAVklKgMEAVklZgMEAVklxgMEAVkl2gMEAVkmGAMEAVkm
ZgMEAVkm8gMEAVknugMEAVkoJgMEAVkoTgMEAVkoWgMEAVkoagMEAVkobgMEAVko
gDAMAwQDWSkIAwQDWSkQAwQBWSkgAwQBWSk6AwQDWSnwAwQBWSogAwQBWSo4AwQB
WSpEAwQBWSqWAwQBWSrkAwQBWSskAwQBWStGMAwDBANZK1gDBANZK2ADBAFZK7YD
BAFZK7wDBAFZK8wDBAFZLHADBAFZLHYDBAFZLJIDBAFZLL4DBAFZLMoDBAFZLUQD
BAFZLVADBAFZLX4DBAFZLiwDBAFZLjwDBAFZLl4DBAdZpQADBANesCADBANesUgD
BAK5LgADAwG8njANBgkqhkiG9w0BAQsFAAOCAQEAtyw3RG0Mc2XMjdh2/iqeiCUz
P3LFBbMrJ0ex2zj8VSn76Ycxv34h0Cxy6OqKvDtuf6HSU0TnJD6skrvgtwSklfVV
7V7nEGCbjB3u7iyobYbGHxF0dvY4Qu389VyZP4T+ZVCmyYGvtd5MTQhnGKiFodvi
EPeH5OMYdJcHYaw6ckVNWSZ5VuJMAmGO+yWTNMn5+QqndbzRVczhdGyLuEsZh0Q+
i177xOE6nam9DWFV9L9zW2yN1cnrbtZ/+LzNKoElWiRVmlb3ZRr083ICvQxW5a69
zCHdHalqQrXX9MjUn4D3VBFwBaDttne6bA0eduN3JQwqchxfh9p7wxnewM/fSA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:46 2024 by rpki-client on console-fra.rpki-client.org