Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GuiPCr_3crZYxplBophVxcXe4Ck.roa
File: GuiPCr_3crZYxplBophVxcXe4Ck.roa (raw, json)
Hash identifier: A3+iHyh7b2MITGlH54Ekr6qu86FJWgjY1CiBp/g6tfM=
Subject key identifier: 1A:E8:8F:0A:BF:F7:72:B6:58:C6:99:41:A2:98:55:C5:C5:DE:E0:29
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01881F6592B9584260328DC64770F7E1E5B3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GuiPCr_3crZYxplBophVxcXe4Ck.roa
Signing time: Mon 15 May 2023 12:32:10 +0000
ROA not before: Mon 15 May 2023 12:32:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 87.120.192.0/23 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
45.143.100.0/22 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
93.123.68.0/22 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.80.0/24 maxlen: 24
94.156.176.0/22 maxlen: 24
94.156.180.0/23 maxlen: 24
194.48.249.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
193.25.219.0/24 maxlen: 24
94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
37.139.131.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
87.121.163.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
87.121.104.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
45.95.2.0/23 maxlen: 24
45.95.0.0/23 maxlen: 24
5.253.58.0/23 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1f:65:92:b9:58:42:60:32:8d:c6:47:70:f7:e1:e5:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 15 12:32:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1ae88f0abff772b658c69941a29855c5c5dee029
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:20:e7:98:2e:6a:26:fd:a1:fc:63:ea:c6:b9:
e5:51:0d:72:1e:c5:2e:12:56:d6:e0:cd:6f:36:bb:
5a:da:be:d1:91:d1:ab:56:d3:db:59:1b:1c:15:1e:
e8:37:db:26:0e:ce:9c:42:23:65:6c:ae:ca:23:fe:
d6:21:e7:19:3a:d6:8b:95:fa:20:75:7f:9d:a2:9e:
a5:4e:66:7d:b7:0c:70:a5:b5:40:e6:bc:f0:54:0f:
f0:43:13:1a:48:23:4e:2e:af:7a:7f:f7:aa:d3:c2:
b6:ea:bf:27:c8:1d:a9:1f:be:63:b6:08:8e:85:e8:
23:b6:0d:c6:1c:8a:8c:e7:c4:fd:e0:15:09:28:82:
88:c3:cb:df:c4:61:09:f8:dc:63:09:98:75:1a:14:
f1:f1:1a:25:0e:8c:75:07:fb:71:21:d5:05:b8:d4:
1a:51:a4:74:c3:45:f1:5e:bd:93:32:02:99:c6:8b:
0a:1b:ee:48:e3:2a:30:0c:b8:d8:ba:09:bd:db:4f:
48:c6:6f:33:de:da:43:ed:1d:14:e0:66:d3:f3:06:
79:34:d2:06:b2:bc:3c:df:f5:a6:4b:16:f5:b0:5a:
57:30:9f:91:8b:9c:f4:72:b8:9b:f0:c1:56:45:c4:
28:10:34:ae:4a:a4:87:75:d8:0b:3d:0d:88:31:77:
76:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:E8:8F:0A:BF:F7:72:B6:58:C6:99:41:A2:98:55:C5:C5:DE:E0:29
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GuiPCr_3crZYxplBophVxcXe4Ck.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.95.0.0/22
45.139.123.0/24
45.143.100.0/22
87.120.192.0/23
87.120.219.0/24
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.68.0/22
93.123.76.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.48.249.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
46:8e:2b:9d:7f:28:83:7f:5f:fb:67:3a:c9:49:d7:76:f6:13:
be:75:6f:ce:ed:d0:44:b7:0d:73:a4:a9:5d:38:ee:47:3f:ac:
24:9d:38:f4:dd:30:77:cf:ba:a2:37:6b:5a:c4:0e:10:b2:fa:
36:c3:d0:7f:42:f2:c8:17:db:1a:8b:e3:22:e1:d5:79:95:0d:
7d:82:36:a1:36:f5:21:0b:23:fe:3c:2d:b8:52:2d:dd:88:89:
8b:31:ef:07:72:81:fd:a3:80:d6:9f:2b:99:cf:16:b5:06:26:
c4:60:1f:1f:ca:56:01:31:1d:af:ba:e4:f1:ae:03:d4:91:c7:
a3:67:29:c2:df:89:ee:31:99:f9:d0:a4:4a:ec:78:55:29:67:
95:71:7b:7f:f1:84:3c:35:d2:50:c4:6b:6f:6d:3a:f7:a6:29:
c5:a0:92:83:2f:57:68:e8:87:44:d2:54:45:ba:20:02:f4:68:
02:65:1d:dc:24:52:b2:65:93:83:8f:b8:bb:8e:46:3d:42:d8:
7c:10:c0:e7:65:58:b4:6c:0e:15:bf:68:bb:92:00:5c:0e:8b:
c6:30:e8:d7:ec:54:5a:cb:b6:e2:79:71:0e:49:d2:3f:3b:f1:
21:25:8c:ba:62:51:02:c1:ad:d4:74:7a:d4:0b:3a:8f:96:f3:
b1:32:ef:8b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgISAYgfZZK5WEJgMo3GR3D34eWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE1MTIzMjEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWU4OGYwYWJmZjc3MmI2NThjNjk5NDFhMjk4NTVjNWM1ZGVlMDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyDnmC5qJv2h/GPqxrnlUQ1yHsUu
ElbW4M1vNrta2r7RkdGrVtPbWRscFR7oN9smDs6cQiNlbK7KI/7WIecZOtaLlfog
dX+dop6lTmZ9twxwpbVA5rzwVA/wQxMaSCNOLq96f/eq08K26r8nyB2pH75jtgiO
hegjtg3GHIqM58T94BUJKIKIw8vfxGEJ+NxjCZh1GhTx8RolDox1B/txIdUFuNQa
UaR0w0XxXr2TMgKZxosKG+5I4yowDLjYugm9209Ixm8z3tpD7R0U4GbT8wZ5NNIG
srw83/WmSxb1sFpXMJ+Ri5z0crib8MFWRcQoEDSuSqSHddgLPQ2IMXd2twIDAQAB
o4IDPTCCAzkwHQYDVR0OBBYEFBrojwq/93K2WMaZQaKYVcXF3uApMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR3VpUENyXzNjclpZeHBsQm9waFZ4Y1hlNENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUQYIKwYBBQUHAQcBAf8EggFAMIIBPDCCATgEAgABMIIB
MAMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAi1fAAMEAC2LewMEAi2PZAMEAVd4
wAMEAFd42zAMAwQCV3kkAwQAV3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXID
BAFXeZIDBABXeaMDBABbXBADBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4D
BAJde0QwDAMEAl17TAMEAF17UAMEAl17cAMEAF17dQMEAF17dwMEAV6aoAMEAF6a
rQMEAF6cAgMEAF6cmAMEAV6cmjAMAwQEXpywAwQBXpy0MAwDBABenO0DBABenO4D
BAK5k2QDBAG5zw4DBAC5/LEDBALBCLgDBADBGdsDBADBLz4DBADBOnkDBADBOnsD
BADCMPkDBADCN+IDBADUV80wDQYJKoZIhvcNAQELBQADggEBAEaOK51/KIN/X/tn
OslJ13b2E751b87t0ES3DXOkqV047kc/rCSdOPTdMHfPuqI3a1rEDhCy+jbD0H9C
8sgX2xqL4yLh1XmVDX2CNqE29SELI/48LbhSLd2IiYsx7wdygf2jgNafK5nPFrUG
JsRgHx/KVgExHa+65PGuA9SRx6NnKcLfie4xmfnQpErseFUpZ5Vxe3/xhDw10lDE
a29tOvemKcWgkoMvV2joh0TSVEW6IAL0aAJlHdwkUrJlk4OPuLuORj1C2HwQwOdl
WLRsDhW/aLuSAFwOi8Yw6NfsVFrLtuJ5cQ5J0j878SEljLpiUQLBrdR0etQLOo+W
87Ey74s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org