Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9Zw_yM00aaFR_OlfFOmcQ0pUA4M.roa
File: 9Zw_yM00aaFR_OlfFOmcQ0pUA4M.roa (raw, json)
Hash identifier: q06n8EFncpsvtQywhYAvWkHC0z9S5JL8Iv1COFMymU8=
Subject key identifier: F5:9C:3F:C8:CD:34:69:A1:51:FC:E9:5F:14:E9:9C:43:4A:54:03:83
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01899C95259433302E700AAAE5A79947F53A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9Zw_yM00aaFR_OlfFOmcQ0pUA4M.roa
Signing time: Fri 28 Jul 2023 12:59:27 +0000
ROA not before: Fri 28 Jul 2023 12:59:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
87.120.192.0/23 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
37.139.131.0/24 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
93.123.76.0/22 maxlen: 24
87.121.163.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
94.156.180.0/23 maxlen: 24
87.121.104.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.121.114.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
5.253.58.0/23 maxlen: 24
193.25.219.0/24 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:9c:95:25:94:33:30:2e:70:0a:aa:e5:a7:99:47:f5:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 28 12:59:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f59c3fc8cd3469a151fce95f14e99c434a540383
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:e2:e0:b3:85:65:d7:c8:db:af:20:2e:65:9b:
b7:e2:b0:16:9d:9e:49:67:22:4c:32:aa:d9:41:f4:
c5:01:c1:b5:f7:69:db:5e:35:4d:51:1b:01:9d:f0:
8a:be:cd:e7:d5:ac:08:86:0b:d5:99:51:ad:a3:f8:
2f:77:66:0d:ba:29:25:ca:fc:fc:d5:3a:f0:b4:4d:
24:35:da:6c:24:00:12:29:7a:ff:8c:4a:42:81:4a:
21:06:cd:f2:66:46:7a:ae:23:0a:b8:9c:9a:61:a1:
1a:e1:b6:03:9c:42:95:13:f8:ad:2f:e0:20:1a:95:
39:98:89:c4:eb:2b:bb:dc:02:2e:6b:e7:e3:3c:72:
59:8c:fc:cc:0e:9f:4c:98:55:86:94:1f:9f:52:59:
72:4c:16:fd:9a:f6:77:0f:33:9e:06:dd:38:e4:88:
e7:f4:aa:2f:e3:d7:1c:a8:4f:45:44:ce:0e:38:a9:
e8:3e:af:e4:cf:32:1f:ed:0c:50:d6:65:f7:a0:fe:
bc:5f:52:96:1c:83:ac:29:4d:a4:87:ed:b3:df:25:
7e:28:8d:8f:2d:60:e2:48:66:62:37:16:41:ea:66:
f9:e8:17:f6:4e:58:31:b4:af:fa:2a:5e:73:61:e1:
78:02:0c:b5:d2:ea:3d:05:ff:86:e3:53:5b:04:e1:
ee:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:9C:3F:C8:CD:34:69:A1:51:FC:E9:5F:14:E9:9C:43:4A:54:03:83
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9Zw_yM00aaFR_OlfFOmcQ0pUA4M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.139.123.0/24
87.120.192.0/23
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.76.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.180.0/23
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
a5:39:60:ea:a2:f0:7b:c1:b2:f1:93:1b:d2:ae:f4:1b:6a:4c:
e5:81:45:bc:93:2a:d9:20:24:d5:1c:40:3a:84:b8:60:01:e5:
d8:3b:03:1a:68:cb:f0:d1:a9:aa:87:c1:4d:a1:33:00:26:28:
1b:ce:64:5b:27:ad:1d:fa:05:6f:fe:83:29:3d:7d:ac:6d:6c:
40:33:ab:d4:8a:6e:8d:30:60:13:6d:e6:dc:9d:85:56:0a:6a:
ea:ef:bf:62:ba:8f:40:a2:02:25:b9:fc:d6:65:a1:38:a5:1f:
db:0b:7d:bb:45:a4:5e:65:16:ce:37:eb:10:eb:d7:a9:04:16:
9b:3f:f2:5f:c0:2c:32:7e:7c:8f:f8:84:2d:c2:41:ed:9e:82:
99:0f:b8:74:98:33:4a:2e:d0:55:74:88:5e:40:5c:31:89:af:
2e:12:ef:35:2e:d9:b2:9d:e6:12:e4:13:86:02:2c:62:9b:1b:
1a:54:db:b4:47:5f:34:79:72:10:ef:94:e4:22:11:1f:d8:f7:
d7:83:a4:50:9e:48:fd:79:d0:d9:91:23:65:49:0a:9b:df:14:
30:94:89:05:97:8b:be:a4:96:e2:01:69:a7:c6:77:02:f5:3a:
a1:f0:8c:1a:25:7a:95:68:a0:bc:01:89:96:8f:93:ef:1a:12:
59:2e:69:3a
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAYmclSWUMzAucAqq5aeZR/U6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzI4MTI1OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTljM2ZjOGNkMzQ2OWExNTFmY2U5NWYxNGU5OWM0MzRhNTQwMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+Lgs4Vl18jbryAuZZu34rAWnZ5J
ZyJMMqrZQfTFAcG192nbXjVNURsBnfCKvs3n1awIhgvVmVGto/gvd2YNuiklyvz8
1TrwtE0kNdpsJAASKXr/jEpCgUohBs3yZkZ6riMKuJyaYaEa4bYDnEKVE/itL+Ag
GpU5mInE6yu73AIua+fjPHJZjPzMDp9MmFWGlB+fUllyTBb9mvZ3DzOeBt045Ijn
9Kov49ccqE9FRM4OOKnoPq/kzzIf7QxQ1mX3oP68X1KWHIOsKU2kh+2z3yV+KI2P
LWDiSGZiNxZB6mb56Bf2TlgxtK/6Kl5zYeF4Agy10uo9Bf+G41NbBOHumQIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFPWcP8jNNGmhUfzpXxTpnENKVAODMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOVp3X3lNMDBhYUZSX09sZkZPbWNRMHBVQTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CgMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAC2LewMEAVd4wDAMAwQCV3kkAwQA
V3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZIDBABXeaMDBABbXBAD
BAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4wDAMEAl17TAMEAF17UAMEAl17
cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6cAgMEAF6cmAMEAV6cmgMEAV6c
tDAMAwQAXpztAwQAXpzuAwQCuZNkAwQBuc8OAwQAufyxAwQCwQi4AwQAwRnbAwQA
wS8+AwQAwTp5AwQAwTp7AwQAwjfiAwQA1FfNMA0GCSqGSIb3DQEBCwUAA4IBAQCl
OWDqovB7wbLxkxvSrvQbakzlgUW8kyrZICTVHEA6hLhgAeXYOwMaaMvw0amqh8FN
oTMAJigbzmRbJ60d+gVv/oMpPX2sbWxAM6vUim6NMGATbebcnYVWCmrq779iuo9A
ogIlufzWZaE4pR/bC327RaReZRbON+sQ69epBBabP/JfwCwyfnyP+IQtwkHtnoKZ
D7h0mDNKLtBVdIheQFwxia8uEu81LtmyneYS5BOGAiximxsaVNu0R180eXIQ75Tk
IhEf2PfXg6RQnkj9edDZkSNlSQqb3xQwlIkFl4u+pJbiAWmnxncC9Tqh8IwaJXqV
aKC8AYmWj5PvGhJZLmk6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:00 2024 by rpki-client on console-fra.rpki-client.org