Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PBFkezheWEa4bHIS0_v8PmeOujw.roa
File: PBFkezheWEa4bHIS0_v8PmeOujw.roa (raw, json)
Hash identifier: jJj1i8UyaRJ7Le+k/3L+LsL7rXKwsIw3mf85EZfE8Og=
Subject key identifier: 3C:11:64:7B:38:5E:58:46:B8:6C:72:12:D3:FB:FC:3E:67:8E:BA:3C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188DCF8ACD796743B670AA6CB552B39DB92
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PBFkezheWEa4bHIS0_v8PmeOujw.roa
Signing time: Wed 21 Jun 2023 08:01:04 +0000
ROA not before: Wed 21 Jun 2023 08:01:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
87.120.192.0/23 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
37.139.131.0/24 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
93.123.76.0/22 maxlen: 24
87.121.163.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
94.156.176.0/22 maxlen: 24
193.47.62.0/24 maxlen: 24
94.156.180.0/23 maxlen: 24
87.121.104.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.121.114.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
5.253.58.0/23 maxlen: 24
193.25.219.0/24 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:dc:f8:ac:d7:96:74:3b:67:0a:a6:cb:55:2b:39:db:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 21 08:01:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3c11647b385e5846b86c7212d3fbfc3e678eba3c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:71:ef:7f:36:36:52:0e:5a:d4:78:5b:ae:c5:
d8:40:a2:6c:a4:45:81:18:07:08:7c:ee:20:7a:66:
71:28:fc:43:ea:12:54:6a:16:c5:1e:93:bd:6d:1e:
cd:ea:f4:30:cc:18:42:23:c6:1b:a8:84:20:fa:38:
cb:04:ef:ca:6f:eb:e4:ce:4e:cc:16:f2:8c:de:f3:
71:92:33:fa:85:e6:dc:d7:7e:5e:29:d1:3c:a8:1e:
fd:c0:55:40:b1:ae:d2:4d:80:68:1d:a8:71:bc:7c:
b5:85:35:bc:7b:c5:66:4c:c1:25:69:c2:9f:ba:f8:
ac:b7:94:39:62:12:bb:d9:5b:48:2e:75:c2:42:45:
98:60:df:98:2a:18:c0:9c:aa:de:03:9b:f3:50:23:
24:36:7a:8e:c5:7b:05:f6:a4:aa:c0:9a:e7:29:32:
c5:81:95:d8:dd:e0:87:cf:6f:03:eb:42:c7:ca:73:
12:d5:24:a3:79:21:ca:aa:a3:40:b0:ce:68:e4:ca:
77:eb:57:18:8b:01:3d:77:85:50:55:2e:10:82:36:
fb:33:a9:15:8d:73:ec:98:88:ba:c3:05:2e:6e:bf:
8d:1b:a3:64:0a:2e:b6:ed:3f:27:d3:65:a6:60:39:
b7:3a:7e:0e:b0:b1:3a:88:b0:83:6e:33:33:49:3e:
89:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:11:64:7B:38:5E:58:46:B8:6C:72:12:D3:FB:FC:3E:67:8E:BA:3C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PBFkezheWEa4bHIS0_v8PmeOujw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.139.123.0/24
87.120.192.0/23
87.120.219.0/24
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.76.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
02:11:18:e3:fd:42:34:3f:d2:c8:20:82:c6:11:17:dd:bf:2e:
74:b8:70:24:0f:ad:d8:cf:46:e0:57:bc:cc:dd:85:60:8b:ca:
39:81:d5:10:7f:22:9b:1f:e1:89:b0:54:c6:36:83:c2:c6:f5:
11:a4:5d:4d:bb:d7:97:e5:e4:a4:e9:ba:71:78:f2:7f:9e:30:
b3:02:4a:60:ab:3c:da:39:7c:52:56:4d:01:5a:ea:aa:23:aa:
bd:a8:18:ee:48:3a:2f:e2:79:9b:cb:da:a4:a1:83:21:a9:08:
ff:d1:ee:7a:92:43:b8:cb:9c:6b:7d:dd:4d:54:e8:cf:12:66:
53:e1:b1:2d:e9:0c:25:5a:04:86:18:f2:f5:ba:fe:16:26:b1:
41:4e:6a:84:56:4d:52:3a:eb:9a:f7:1b:ee:99:2f:49:9d:83:
c0:93:e9:6c:11:a8:e1:8c:26:69:a4:45:d6:b1:e4:c6:b2:10:
e3:9b:8c:5c:9a:b7:e6:a6:35:5c:89:66:b3:d7:9c:03:b4:20:
2d:d0:0d:a4:a8:bb:d0:52:b3:b2:4d:ef:0c:17:95:a3:ed:87:
db:c9:71:96:63:83:26:1f:38:ad:97:72:e7:7c:e3:db:f8:1c:
75:4a:59:81:2e:4f:d3:36:56:dc:77:4a:45:50:16:ed:25:fb:
cd:ec:3c:4f
-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgISAYjc+KzXlnQ7Zwqmy1UrOduSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjIxMDgwMTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzExNjQ3YjM4NWU1ODQ2Yjg2YzcyMTJkM2ZiZmMzZTY3OGViYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHHvfzY2Ug5a1HhbrsXYQKJspEWB
GAcIfO4gemZxKPxD6hJUahbFHpO9bR7N6vQwzBhCI8YbqIQg+jjLBO/Kb+vkzk7M
FvKM3vNxkjP6hebc135eKdE8qB79wFVAsa7STYBoHahxvHy1hTW8e8VmTMElacKf
uvist5Q5YhK72VtILnXCQkWYYN+YKhjAnKreA5vzUCMkNnqOxXsF9qSqwJrnKTLF
gZXY3eCHz28D60LHynMS1SSjeSHKqqNAsM5o5Mp361cYiwE9d4VQVS4Qgjb7M6kV
jXPsmIi6wwUubr+NG6NkCi627T8n02WmYDm3On4OsLE6iLCDbjMzST6JpQIDAQAB
o4IDJTCCAyEwHQYDVR0OBBYEFDwRZHs4XlhGuGxyEtP7/D5njro8MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUEJGa2V6aGVXRWE0YkhJUzBfdjhQbWVPdWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOQYIKwYBBQUHAQcBAf8EggEoMIIBJDCCASAEAgABMIIB
GAMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAC2LewMEAVd4wAMEAFd42zAMAwQC
V3kkAwQAV3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZIDBABXeaMD
BABbXBADBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4wDAMEAl17TAMEAF17
UAMEAl17cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6cAgMEAF6cmAMEAV6c
mjAMAwQEXpywAwQBXpy0MAwDBABenO0DBABenO4DBAK5k2QDBAG5zw4DBAC5/LED
BALBCLgDBADBGdsDBADBLz4DBADBOnkDBADBOnsDBADCN+IDBADUV80wDQYJKoZI
hvcNAQELBQADggEBAAIRGOP9QjQ/0sgggsYRF92/LnS4cCQPrdjPRuBXvMzdhWCL
yjmB1RB/Ipsf4YmwVMY2g8LG9RGkXU2715fl5KTpunF48n+eMLMCSmCrPNo5fFJW
TQFa6qojqr2oGO5IOi/ieZvL2qShgyGpCP/R7nqSQ7jLnGt93U1U6M8SZlPhsS3p
DCVaBIYY8vW6/hYmsUFOaoRWTVI665r3G+6ZL0mdg8CT6WwRqOGMJmmkRdax5May
EOObjFyat+amNVyJZrPXnAO0IC3QDaSou9BSs7JN7wwXlaPth9vJcZZjgyYfOK2X
cud849v4HHVKWYEuT9M2Vtx3SkVQFu0l+83sPE8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:06 2024 by rpki-client on console-fra.rpki-client.org