Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6cC7LjM9bUP8HsSiut2b7KIs2Lc.roa
File: 6cC7LjM9bUP8HsSiut2b7KIs2Lc.roa (raw, json)
Hash identifier: wqMYBnaazeqf86QVFvaEi42W3TNrfaxutUDZnMOGYSY=
Subject key identifier: E9:C0:BB:2E:33:3D:6D:43:FC:1E:C4:A2:BA:DD:9B:EC:A2:2C:D8:B7
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188B4CC8A785EE6A73A3ED35584F1D5CA2F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6cC7LjM9bUP8HsSiut2b7KIs2Lc.roa
Signing time: Tue 13 Jun 2023 12:48:03 +0000
ROA not before: Tue 13 Jun 2023 12:48:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 87.120.192.0/23 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.80.0/24 maxlen: 24
94.156.176.0/22 maxlen: 24
94.156.180.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
193.25.219.0/24 maxlen: 24
94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
37.139.131.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
87.121.163.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
87.121.104.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
45.95.2.0/23 maxlen: 24
45.95.0.0/23 maxlen: 24
5.253.58.0/23 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b4:cc:8a:78:5e:e6:a7:3a:3e:d3:55:84:f1:d5:ca:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 13 12:48:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e9c0bb2e333d6d43fc1ec4a2badd9beca22cd8b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:28:a2:b2:bc:0c:94:d1:4e:ab:90:c3:e4:fb:
14:6c:e9:0e:d9:62:a5:70:0c:d8:9d:77:2e:71:94:
bb:11:17:37:8a:fc:c8:e4:57:9f:1a:d2:a7:04:19:
23:53:0e:93:e8:17:39:46:c5:f3:74:61:37:1c:67:
22:0d:ec:32:41:c6:f9:ed:5f:00:ed:65:9f:0b:57:
a3:bc:9f:b5:36:ec:c7:36:f6:05:2e:a9:eb:92:a4:
97:67:2e:b0:c1:dc:ca:7a:dd:fb:01:6b:7f:2c:d3:
8b:d8:af:cf:36:ee:68:2d:30:9c:36:7d:c3:ac:1c:
e0:3f:f1:ed:a9:23:f0:eb:35:22:dd:27:84:9c:32:
c8:cb:44:bb:41:44:39:4d:b8:5d:b7:4d:90:75:06:
33:8f:8f:28:8b:92:08:3c:99:f3:fc:71:c9:08:9f:
92:56:9d:1f:bf:fc:68:83:66:be:16:19:46:96:00:
e6:a8:8c:14:33:2b:68:95:a2:9d:ff:37:27:9d:97:
2b:82:dc:e2:32:13:a1:66:23:76:5f:99:65:67:d8:
45:70:4a:cc:9d:a6:80:c6:4e:4f:5d:96:4c:35:7f:
0a:ac:91:4e:74:1f:9f:1f:a1:94:c2:f2:36:2f:2a:
01:85:72:78:c4:04:de:24:bc:66:04:ec:07:56:ed:
40:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:C0:BB:2E:33:3D:6D:43:FC:1E:C4:A2:BA:DD:9B:EC:A2:2C:D8:B7
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6cC7LjM9bUP8HsSiut2b7KIs2Lc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.95.0.0/22
45.139.123.0/24
87.120.192.0/23
87.120.219.0/24
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.76.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:30:16:bf:4c:39:0e:d3:b1:c3:5e:ea:8a:f7:aa:5f:1b:81:
24:46:8b:3e:cf:cc:c4:10:71:24:7b:56:34:46:2b:de:93:31:
6c:c2:71:3b:42:f2:d2:32:65:df:54:ca:de:18:28:ae:eb:f9:
9e:5c:42:39:19:18:39:54:e9:f7:a0:50:04:65:ad:d7:b8:f0:
e1:31:9d:12:e7:3d:32:5d:15:6a:6a:6e:a2:c3:9e:1c:06:b4:
bb:be:96:58:86:2f:3e:37:8d:ef:8b:c1:90:08:ea:b9:42:5b:
34:a5:33:0a:d7:e2:05:86:3c:87:58:ab:44:f8:87:69:20:b7:
ac:de:3d:90:2e:2b:ed:34:f5:f7:70:9c:cd:7b:a9:c2:f6:5a:
f3:67:b8:0e:11:9a:29:11:af:e5:ed:ae:d1:50:c2:89:43:9d:
b6:e4:b3:a9:ae:8b:f8:9e:c9:93:d1:a6:c3:22:1f:4f:0b:8b:
a8:81:76:8b:bd:85:6b:d7:4e:b4:69:38:80:a3:e5:1e:de:f3:
e1:65:d5:bb:eb:b1:d4:75:c1:45:b3:88:51:3b:a4:84:62:b5:
9a:44:f1:7a:f0:6c:de:f7:7c:c3:fe:d2:b5:44:b2:22:16:2f:
db:49:ba:db:01:57:f9:9e:09:72:98:69:08:fe:c7:02:32:29:
62:85:98:00
-----BEGIN CERTIFICATE-----
MIIGHzCCBQegAwIBAgISAYi0zIp4XuanOj7TVYTx1covMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjEzMTI0ODAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWMwYmIyZTMzM2Q2ZDQzZmMxZWM0YTJiYWRkOWJlY2EyMmNkOGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCiisrwMlNFOq5DD5PsUbOkO2WKl
cAzYnXcucZS7ERc3ivzI5FefGtKnBBkjUw6T6Bc5RsXzdGE3HGciDewyQcb57V8A
7WWfC1ejvJ+1NuzHNvYFLqnrkqSXZy6wwdzKet37AWt/LNOL2K/PNu5oLTCcNn3D
rBzgP/HtqSPw6zUi3SeEnDLIy0S7QUQ5Tbhdt02QdQYzj48oi5IIPJnz/HHJCJ+S
Vp0fv/xog2a+FhlGlgDmqIwUMytolaKd/zcnnZcrgtziMhOhZiN2X5llZ9hFcErM
naaAxk5PXZZMNX8KrJFOdB+fH6GUwvI2LyoBhXJ4xATeJLxmBOwHVu1AGwIDAQAB
o4IDKzCCAycwHQYDVR0OBBYEFOnAuy4zPW1D/B7Eorrdm+yiLNi3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNmNDN0xqTTliVVA4SHNTaXV0MmI3S0lzMkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPwYIKwYBBQUHAQcBAf8EggEuMIIBKjCCASYEAgABMIIB
HgMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAi1fAAMEAC2LewMEAVd4wAMEAFd4
2zAMAwQCV3kkAwQAV3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZID
BABXeaMDBABbXBADBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4wDAMEAl17
TAMEAF17UAMEAl17cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6cAgMEAF6c
mAMEAV6cmjAMAwQEXpywAwQBXpy0MAwDBABenO0DBABenO4DBAK5k2QDBAG5zw4D
BAC5/LEDBALBCLgDBADBGdsDBADBLz4DBADBOnkDBADBOnsDBADCN+IDBADUV80w
DQYJKoZIhvcNAQELBQADggEBAI8wFr9MOQ7TscNe6or3ql8bgSRGiz7PzMQQcSR7
VjRGK96TMWzCcTtC8tIyZd9Uyt4YKK7r+Z5cQjkZGDlU6fegUARlrde48OExnRLn
PTJdFWpqbqLDnhwGtLu+lliGLz43je+LwZAI6rlCWzSlMwrX4gWGPIdYq0T4h2kg
t6zePZAuK+009fdwnM17qcL2WvNnuA4RmikRr+XtrtFQwolDnbbks6mui/ieyZPR
psMiH08Li6iBdou9hWvXTrRpOICj5R7e8+Fl1bvrsdR1wUWziFE7pIRitZpE8Xrw
bN73fMP+0rVEsiIWL9tJutsBV/meCXKYaQj+xwIyKWKFmAA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:59 2024 by rpki-client on console-fra.rpki-client.org