Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/14hPY06ML86XQBPpTA-KZYAC3B8.roa
File: 14hPY06ML86XQBPpTA-KZYAC3B8.roa (raw, json)
Hash identifier: fq3Lfzo7Q4rEe+hwNfjY8qbU9IuKiMWYAcE3mVMcMGU=
Subject key identifier: D7:88:4F:63:4E:8C:2F:CE:97:40:13:E9:4C:0F:8A:65:80:02:DC:1F
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0186DEB737048996745520177F9FEF4F5BFF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/14hPY06ML86XQBPpTA-KZYAC3B8.roa
Signing time: Tue 14 Mar 2023 06:03:14 +0000
ROA not before: Tue 14 Mar 2023 06:03:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 87.120.192.0/23 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
45.143.100.0/22 maxlen: 24
94.156.237.0/24 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
93.123.68.0/22 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.80.0/24 maxlen: 24
93.123.86.0/23 maxlen: 24
94.156.168.0/23 maxlen: 24
94.156.176.0/22 maxlen: 24
94.156.180.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
194.48.249.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.120.96.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.116.0/23 maxlen: 24
93.123.119.0/24 maxlen: 24
87.120.32.0/22 maxlen: 24
193.25.219.0/24 maxlen: 24
87.120.46.0/23 maxlen: 24
94.156.2.0/24 maxlen: 24
94.156.8.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
91.92.21.0/24 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
94.156.131.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
91.92.67.0/24 maxlen: 24
94.156.78.0/23 maxlen: 24
37.139.130.0/23 maxlen: 24
212.87.205.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
178.215.238.0/24 maxlen: 24
87.121.163.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
87.121.104.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
31.13.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:de:b7:37:04:89:96:74:55:20:17:7f:9f:ef:4f:5b:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 14 06:03:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d7884f634e8c2fce974013e94c0f8a658002dc1f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:38:9b:c4:cd:5e:00:66:56:bc:c9:af:df:dc:
4b:e0:65:20:2b:f9:65:80:03:94:66:89:58:00:88:
14:62:be:41:88:bd:6a:c8:61:2f:7e:75:7d:c4:00:
81:19:de:2f:62:a8:c8:78:b0:b4:84:57:bc:5e:66:
cf:3e:07:c7:68:89:1a:ea:71:c5:cc:75:be:85:e4:
ed:6c:2d:02:a7:ad:8f:2b:71:63:83:be:d9:dd:d3:
f6:9b:6b:2d:5b:9c:11:b0:8d:78:3a:86:a6:3b:7a:
4b:e6:35:6b:d4:33:5b:50:d1:44:bb:5d:80:1a:88:
3f:bb:82:07:aa:a9:59:02:71:6f:bf:96:b4:b9:20:
6b:a4:e3:b9:f3:cd:34:3a:68:b5:69:05:fa:95:2c:
07:9c:34:b0:09:f9:51:6c:b1:ac:96:e9:90:d1:98:
3c:1e:93:4c:4e:a5:6f:fe:06:5d:0a:52:ec:dc:49:
05:af:1f:26:10:bc:fb:07:fb:ed:ed:30:2e:80:31:
91:ce:0f:05:a2:1e:be:a7:4c:d1:13:39:99:7c:87:
6a:3e:f6:9c:13:8f:12:6d:83:ec:3d:59:83:63:43:
69:4a:5b:7f:c7:ad:b1:77:dc:d7:0c:da:33:a1:17:
b1:23:11:ff:81:91:92:fd:87:8a:f2:4f:1b:29:0b:
a6:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:88:4F:63:4E:8C:2F:CE:97:40:13:E9:4C:0F:8A:65:80:02:DC:1F
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/14hPY06ML86XQBPpTA-KZYAC3B8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.252.0/22
37.139.130.0/23
45.9.208.0/22
45.143.100.0/22
87.120.32.0/22
87.120.46.0/23
87.120.96.0/23
87.120.192.0/23
87.120.219.0/24
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.21.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.39.0/24
93.123.68.0/22
93.123.76.0-93.123.80.255
93.123.86.0/23
93.123.112.0-93.123.117.255
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.8.0/24
94.156.78.0/23
94.156.131.0/24
94.156.152.0/24
94.156.154.0/23
94.156.168.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
178.215.238.0/24
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.48.249.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:57:39:a0:07:0d:82:01:5b:0d:71:5d:c1:15:dc:a0:2e:1b:
32:4e:aa:91:04:dd:83:52:64:13:c7:25:14:ab:56:c5:f0:27:
78:c0:60:35:be:86:a6:c7:29:b2:23:f0:a6:8a:e1:83:43:38:
da:7a:4e:fd:eb:36:27:2f:48:86:8d:e2:49:cd:df:2b:fa:c8:
d5:a1:35:ad:ed:65:14:36:7e:bc:b9:ce:b2:5e:fa:d4:01:e0:
c8:7a:a2:68:3d:9c:6a:5c:bc:0e:ac:8f:67:3d:0f:f2:49:12:
e6:f1:ce:6a:29:28:14:a9:95:c6:89:36:60:75:e5:dc:ed:a4:
06:40:03:80:c7:66:dd:29:aa:84:a1:f2:d5:70:00:58:57:be:
b6:37:ec:ba:2f:73:b4:1c:08:f3:87:13:2c:57:6d:13:8b:4b:
92:79:6e:c8:7a:95:9f:23:ea:79:a1:5e:98:2b:61:60:e6:dd:
6c:53:ff:e3:06:56:40:82:68:ca:bb:cd:74:22:2c:a2:4d:87:
1a:00:21:21:a3:e2:d9:a2:4e:1e:e7:15:be:01:ec:99:b5:ec:
bc:c4:b3:07:6a:2b:96:6b:d2:57:8c:d6:db:a2:20:e0:fa:ba:
e5:11:50:8a:a0:e3:66:d0:b9:3b:6c:06:e5:74:b7:d5:04:d6:
60:00:57:98
-----BEGIN CERTIFICATE-----
MIIGXTCCBUWgAwIBAgISAYbetzcEiZZ0VSAXf5/vT1v/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzE0MDYwMzE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzg4NGY2MzRlOGMyZmNlOTc0MDEzZTk0YzBmOGE2NTgwMDJkYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzibxM1eAGZWvMmv39xL4GUgK/ll
gAOUZolYAIgUYr5BiL1qyGEvfnV9xACBGd4vYqjIeLC0hFe8XmbPPgfHaIka6nHF
zHW+heTtbC0Cp62PK3Fjg77Z3dP2m2stW5wRsI14OoamO3pL5jVr1DNbUNFEu12A
Gog/u4IHqqlZAnFvv5a0uSBrpOO58800Omi1aQX6lSwHnDSwCflRbLGslumQ0Zg8
HpNMTqVv/gZdClLs3EkFrx8mELz7B/vt7TAugDGRzg8Foh6+p0zREzmZfIdqPvac
E48SbYPsPVmDY0NpSlt/x62xd9zXDNozoRexIxH/gZGS/YeK8k8bKQumLwIDAQAB
o4IDaTCCA2UwHQYDVR0OBBYEFNeIT2NOjC/Ol0AT6UwPimWAAtwfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMTRoUFkwNk1MODZYUUJQcFRBLUtaWUFDM0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBfQYIKwYBBQUHAQcBAf8EggFsMIIBaDCCAWQEAgABMIIB
XAMEAh8N/AMEASWLggMEAi0J0AMEAi2PZAMEAld4IAMEAVd4LgMEAVd4YAMEAVd4
wAMEAFd42zAMAwQCV3kkAwQAV3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXID
BAFXeZIDBABXeaMDBABbXBADBABbXBUDBAFbXBoDBABbXEMDBABdexgDBAFdexoD
BAFdex4DBABdeycDBAJde0QwDAMEAl17TAMEAF17UAMEAV17VjAMAwQEXXtwAwQB
XXt0AwQAXXt3AwQBXpqgAwQAXpqtAwQAXpwCAwQAXpwIAwQBXpxOAwQAXpyDAwQA
XpyYAwQBXpyaAwQBXpyoMAwDBARenLADBAFenLQwDAMEAF6c7QMEAF6c7gMEALLX
7gMEArmTZAMEAbnPDgMEALn8sQMEAMEZ2wMEAMEvPgMEAME6eQMEAME6ewMEAMIw
+QMEAMI34gMEANRXzTANBgkqhkiG9w0BAQsFAAOCAQEAoVc5oAcNggFbDXFdwRXc
oC4bMk6qkQTdg1JkE8clFKtWxfAneMBgNb6GpscpsiPwporhg0M42npO/es2Jy9I
ho3iSc3fK/rI1aE1re1lFDZ+vLnOsl761AHgyHqiaD2caly8DqyPZz0P8kkS5vHO
aikoFKmVxok2YHXl3O2kBkADgMdm3SmqhKHy1XAAWFe+tjfsui9ztBwI84cTLFdt
E4tLknluyHqVnyPqeaFemCthYObdbFP/4wZWQIJoyrvNdCIsok2HGgAhIaPi2aJO
HucVvgHsmbXsvMSzB2orlmvSV4zW26Ig4Pq65RFQiqDjZtC5O2wG5XS31QTWYABX
mA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:31 2023 by rpki-client on console-ams.rpki-client.org