Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0O3WyyOlXhL-fWvOLd4LoPRnC8s.roa
File: 0O3WyyOlXhL-fWvOLd4LoPRnC8s.roa (raw, json)
Hash identifier: w4W8PWF3oqFkFRU/zwBHDrAAECbA51iMTzqCflmlIFw=
Subject key identifier: D0:ED:D6:CB:23:A5:5E:12:FE:7D:6B:CE:2D:DE:0B:A0:F4:67:0B:CB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188F98C8BA7DAE977146502C58DA79F53AB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0O3WyyOlXhL-fWvOLd4LoPRnC8s.roa
Signing time: Mon 26 Jun 2023 21:11:57 +0000
ROA not before: Mon 26 Jun 2023 21:11:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
87.120.192.0/23 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
37.139.131.0/24 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.75.0/24 maxlen: 24
87.121.163.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
94.156.176.0/22 maxlen: 24
193.47.62.0/24 maxlen: 24
94.156.180.0/23 maxlen: 24
87.121.104.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.121.114.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
5.253.58.0/23 maxlen: 24
193.25.219.0/24 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:f9:8c:8b:a7:da:e9:77:14:65:02:c5:8d:a7:9f:53:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 26 21:11:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d0edd6cb23a55e12fe7d6bce2dde0ba0f4670bcb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d3:d7:1b:f3:c9:84:63:50:7f:11:a9:a4:8b:
28:37:84:8e:9d:e5:73:62:65:4e:ae:73:ba:4f:22:
52:41:9e:3a:ad:1b:e0:c0:90:63:1e:3c:01:6f:7c:
c5:54:d8:31:39:1b:ca:81:86:7f:60:1a:de:07:d4:
0d:ee:73:87:24:a3:98:f2:48:f9:6b:e0:8d:2d:fa:
e5:3b:5a:af:a2:97:04:c7:f2:52:c4:6f:f0:fd:c9:
36:ff:51:86:c1:2d:14:17:a1:87:2d:e9:8b:2a:e0:
58:9f:f7:76:44:55:06:8c:5f:4e:24:09:13:12:fa:
2c:d7:3b:33:0b:a2:a5:8c:ad:e7:9d:70:19:e4:2b:
37:ce:40:7d:b5:87:f2:e0:ee:de:73:81:ab:fb:45:
e9:ea:20:1c:d5:6a:fb:2f:3a:73:e0:03:25:4a:ce:
e9:01:94:9b:89:b6:34:36:d0:7c:e8:58:75:90:96:
09:b5:6a:0e:d0:42:75:3d:31:53:40:b5:71:6e:0a:
85:1a:e4:ab:6a:ca:a0:7c:b7:4e:eb:40:35:b7:b3:
6d:db:02:8f:c0:73:e9:27:3c:88:f5:c2:97:cc:04:
1f:04:4e:db:13:a0:79:55:b5:6a:13:dc:57:b7:5e:
58:6f:39:db:be:86:c5:d9:5a:26:9f:35:2a:d6:b6:
cb:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:ED:D6:CB:23:A5:5E:12:FE:7D:6B:CE:2D:DE:0B:A0:F4:67:0B:CB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0O3WyyOlXhL-fWvOLd4LoPRnC8s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.139.123.0/24
87.120.192.0/23
87.120.219.0/24
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.75.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:d6:e1:86:31:9d:de:c5:02:42:5d:bd:16:12:ed:7d:c1:c7:
ca:3f:16:94:69:66:b6:51:e9:87:3e:dd:a9:64:86:e1:b0:05:
2e:c1:f5:dd:87:05:0f:d6:95:fc:20:29:b4:1e:0a:d3:d8:15:
17:bb:fc:3b:ba:24:3c:6a:b2:55:21:b8:f3:8b:7b:c4:31:4a:
1c:0f:b0:4c:1d:ec:f0:ba:a6:1d:c3:1b:ba:a2:42:8a:54:13:
cf:94:9c:12:e4:fe:7f:d7:4e:3a:b6:e4:2c:55:45:3c:f6:7b:
dc:d2:d7:8a:9f:ff:f8:d5:49:c6:bd:c8:5e:ef:c4:05:5e:21:
ac:37:c8:93:dc:48:9b:7c:71:8a:ea:e7:e3:e4:cf:3d:82:d9:
a2:9b:15:4e:67:5f:cd:09:c2:fa:26:7c:eb:67:2f:6b:7a:64:
d8:ed:ff:11:0c:db:48:a5:51:e3:7c:c8:5c:69:2b:9e:e7:5c:
e8:3b:35:bd:8a:6a:06:da:d1:d7:bc:33:26:5e:cd:d6:0b:f4:
2a:65:ff:61:81:c6:4e:5b:e2:52:b1:63:be:7e:4a:a7:b8:06:
f1:20:92:16:7d:a1:da:fd:f7:ed:e8:39:8f:8a:57:bc:97:98:
3c:4d:be:e5:c0:c8:51:a6:97:b7:7b:94:5e:9c:a8:de:92:9b:
f1:f2:39:24
-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgISAYj5jIun2ul3FGUCxY2nn1OrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjI2MjExMTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGVkZDZjYjIzYTU1ZTEyZmU3ZDZiY2UyZGRlMGJhMGY0NjcwYmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9PXG/PJhGNQfxGppIsoN4SOneVz
YmVOrnO6TyJSQZ46rRvgwJBjHjwBb3zFVNgxORvKgYZ/YBreB9QN7nOHJKOY8kj5
a+CNLfrlO1qvopcEx/JSxG/w/ck2/1GGwS0UF6GHLemLKuBYn/d2RFUGjF9OJAkT
Evos1zszC6KljK3nnXAZ5Cs3zkB9tYfy4O7ec4Gr+0Xp6iAc1Wr7Lzpz4AMlSs7p
AZSbibY0NtB86Fh1kJYJtWoO0EJ1PTFTQLVxbgqFGuSrasqgfLdO60A1t7Nt2wKP
wHPpJzyI9cKXzAQfBE7bE6B5VbVqE9xXt15YbznbvobF2VomnzUq1rbLMwIDAQAB
o4IDJTCCAyEwHQYDVR0OBBYEFNDt1ssjpV4S/n1rzi3eC6D0ZwvLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvME8zV3l5T2xYaEwtZld2T0xkNExvUFJuQzhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOQYIKwYBBQUHAQcBAf8EggEoMIIBJDCCASAEAgABMIIB
GAMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAC2LewMEAVd4wAMEAFd42zAMAwQC
V3kkAwQAV3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZIDBABXeaMD
BABbXBADBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4wDAMEAF17SwMEAF17
UAMEAl17cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6cAgMEAF6cmAMEAV6c
mjAMAwQEXpywAwQBXpy0MAwDBABenO0DBABenO4DBAK5k2QDBAG5zw4DBAC5/LED
BALBCLgDBADBGdsDBADBLz4DBADBOnkDBADBOnsDBADCN+IDBADUV80wDQYJKoZI
hvcNAQELBQADggEBAD/W4YYxnd7FAkJdvRYS7X3Bx8o/FpRpZrZR6Yc+3alkhuGw
BS7B9d2HBQ/WlfwgKbQeCtPYFRe7/Du6JDxqslUhuPOLe8QxShwPsEwd7PC6ph3D
G7qiQopUE8+UnBLk/n/XTjq25CxVRTz2e9zS14qf//jVSca9yF7vxAVeIaw3yJPc
SJt8cYrq5+Pkzz2C2aKbFU5nX80JwvomfOtnL2t6ZNjt/xEM20ilUeN8yFxpK57n
XOg7Nb2Kagba0de8MyZezdYL9Cpl/2GBxk5b4lKxY75+Sqe4BvEgkhZ9odr99+3o
OY+KV7yXmDxNvuXAyFGml7d7lF6cqN6Sm/HyOSQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:55 2024 by rpki-client on console-fra.rpki-client.org