Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QLjwZLx3xFuuZmPtIg4a05tMO2c.roa
File: QLjwZLx3xFuuZmPtIg4a05tMO2c.roa (raw, json)
Hash identifier: GxUjSvGOUcYmQXbEdT/zc117MxytKJAaLkcmToIl58A=
Subject key identifier: 40:B8:F0:64:BC:77:C4:5B:AE:66:63:ED:22:0E:1A:D3:9B:4C:3B:67
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01856D81D349CA15B9C62A733B2D1FE31DC7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QLjwZLx3xFuuZmPtIg4a05tMO2c.roa
Signing time: Sun 01 Jan 2023 13:25:02 +0000
ROA not before: Sun 01 Jan 2023 13:25:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 87.120.192.0/23 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.44.0/22 maxlen: 24
87.121.56.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.218.0/23 maxlen: 24
87.120.220.0/23 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
93.123.68.0/22 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
93.123.86.0/23 maxlen: 24
94.156.168.0/23 maxlen: 24
94.156.176.0/22 maxlen: 24
94.156.180.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
194.48.249.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
194.55.187.0/24 maxlen: 24
93.123.26.0/23 maxlen: 24
87.120.64.0/23 maxlen: 24
87.120.68.0/23 maxlen: 24
87.120.88.0/23 maxlen: 24
87.120.96.0/23 maxlen: 24
87.120.100.0/22 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.116.0/23 maxlen: 24
93.123.119.0/24 maxlen: 24
87.120.32.0/22 maxlen: 24
193.25.219.0/24 maxlen: 24
87.120.46.0/23 maxlen: 24
94.156.2.0/24 maxlen: 24
94.156.6.0/24 maxlen: 24
94.156.8.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
91.92.21.0/24 maxlen: 24
91.92.24.0/22 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
194.169.172.0/24 maxlen: 24
94.156.131.0/24 maxlen: 24
94.156.152.0/24 maxlen: 24
94.156.156.0/23 maxlen: 24
94.156.154.0/23 maxlen: 24
91.92.67.0/24 maxlen: 24
94.156.78.0/23 maxlen: 24
37.139.130.0/23 maxlen: 24
212.87.205.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
178.215.236.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
87.121.162.0/23 maxlen: 24
87.121.69.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
193.222.97.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
193.37.42.0/24 maxlen: 24
87.121.100.0/23 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
31.13.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:81:d3:49:ca:15:b9:c6:2a:73:3b:2d:1f:e3:1d:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 1 13:25:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=40b8f064bc77c45bae6663ed220e1ad39b4c3b67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:99:0d:18:b6:59:64:bb:7e:cf:ea:38:06:a0:
53:56:e1:91:aa:1d:32:c2:42:4b:a3:76:00:08:0e:
a0:c8:93:93:18:28:70:a1:44:dd:5c:aa:b5:d3:83:
64:74:14:fd:25:36:fb:e6:4a:cc:6e:3b:f9:d2:f3:
dd:5c:7d:dd:aa:74:e4:37:7d:a9:d0:ee:79:99:2d:
fd:78:cb:18:01:b0:b3:89:99:b4:d8:df:e0:fd:c1:
a7:87:e0:84:6b:a8:53:43:ec:5f:94:9c:a1:1b:66:
57:c4:d2:a1:53:bd:8e:b2:ed:ef:67:9b:3e:e2:a2:
0f:a7:4f:cb:d0:5f:1a:9c:3c:53:90:cd:57:de:a9:
03:65:16:f9:70:bb:b1:ea:c8:40:4b:1a:02:26:2a:
a9:d0:9c:07:4f:43:71:a6:6a:4d:16:57:e6:e5:84:
54:76:8c:d2:13:03:7a:87:0a:e2:04:74:76:0c:ce:
bc:77:df:46:17:03:2b:46:10:d2:c4:79:ab:30:f6:
e6:bb:a8:3b:12:68:dc:f9:37:b9:1e:c9:d6:c2:a1:
68:6a:32:73:3b:4f:9e:b9:66:41:22:e5:7f:b7:00:
0a:c2:87:b5:de:2a:70:29:13:9c:f7:da:27:1c:c9:
c7:a0:3f:2f:5c:80:a7:8b:87:5d:3f:99:0f:6d:cd:
9c:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:B8:F0:64:BC:77:C4:5B:AE:66:63:ED:22:0E:1A:D3:9B:4C:3B:67
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QLjwZLx3xFuuZmPtIg4a05tMO2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.252.0/22
37.139.130.0/23
87.120.32.0/22
87.120.46.0/23
87.120.64.0/23
87.120.68.0/23
87.120.88.0/23
87.120.96.0/23
87.120.100.0/22
87.120.192.0/23
87.120.218.0-87.120.221.255
87.121.36.0-87.121.38.255
87.121.44.0/22
87.121.56.0/23
87.121.60.0/22
87.121.69.0/24
87.121.100.0/23
87.121.103.0/24
87.121.114.0/23
87.121.146.0/23
87.121.162.0/23
91.92.16.0/24
91.92.21.0/24
91.92.24.0/22
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.39.0/24
93.123.68.0/22
93.123.76.0-93.123.80.255
93.123.85.0-93.123.87.255
93.123.112.0-93.123.117.255
93.123.119.0/24
94.154.160.0/23
94.154.163.0/24
94.154.173.0/24
94.156.2.0/24
94.156.6.0/24
94.156.8.0/24
94.156.78.0/23
94.156.131.0/24
94.156.152.0/24
94.156.154.0-94.156.157.255
94.156.168.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
178.215.236.0/24
178.215.238.0/24
185.252.177.0/24
193.25.219.0/24
193.37.42.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
193.222.97.0/24
194.48.249.0/24
194.55.187.0/24
194.55.226.0/24
194.169.172.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
07:09:ca:24:96:3b:1f:85:b0:7e:84:fd:71:35:60:45:2b:07:
86:d2:06:3b:ee:e8:60:86:9e:27:73:3f:3d:8e:84:77:45:10:
ec:06:7c:20:84:16:c2:9c:40:db:a3:68:76:ed:ce:ef:32:71:
75:4f:b4:5f:01:36:81:a3:eb:2a:f4:a7:d9:53:06:94:0a:49:
a8:63:84:7c:a4:1a:c8:3c:97:38:02:f5:51:8b:48:63:80:54:
1f:af:c4:7b:ac:44:f4:e1:39:80:21:7f:d9:c3:ac:05:43:c7:
f2:4c:3c:93:26:a6:60:9e:7d:02:85:b5:40:d4:1d:78:42:b6:
f3:93:98:21:be:9c:93:6d:95:7a:f9:9a:b9:3c:1e:8f:67:61:
35:d3:a3:1d:58:2b:44:46:9f:0f:0f:94:76:69:75:0a:fb:e4:
1c:30:29:c7:aa:28:1f:c6:c2:89:c3:e8:fe:8a:18:c3:26:c2:
7b:44:aa:c8:eb:df:41:a4:08:ca:bb:4c:87:26:75:4a:08:d8:
e2:27:2d:8a:28:55:71:27:3f:0c:92:e4:ba:f5:07:42:3d:9f:
31:8b:ff:ae:5c:fc:81:2d:98:cf:9b:9c:4f:e5:93:0d:11:85:
5e:da:6b:79:6a:c6:09:25:52:d1:94:cb:94:31:c2:73:62:b6:
cb:34:3c:1c
-----BEGIN CERTIFICATE-----
MIIGrzCCBZegAwIBAgISAYVtgdNJyhW5xipzOy0f4x3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGI4ZjA2NGJjNzdjNDViYWU2NjYzZWQyMjBlMWFkMzliNGMzYjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JkNGLZZZLt+z+o4BqBTVuGRqh0y
wkJLo3YACA6gyJOTGChwoUTdXKq104NkdBT9JTb75krMbjv50vPdXH3dqnTkN32p
0O55mS39eMsYAbCziZm02N/g/cGnh+CEa6hTQ+xflJyhG2ZXxNKhU72Osu3vZ5s+
4qIPp0/L0F8anDxTkM1X3qkDZRb5cLux6shASxoCJiqp0JwHT0NxpmpNFlfm5YRU
dozSEwN6hwriBHR2DM68d99GFwMrRhDSxHmrMPbmu6g7Emjc+Te5HsnWwqFoajJz
O0+euWZBIuV/twAKwoe13ipwKROc99onHMnHoD8vXICni4ddP5kPbc2cgQIDAQAB
o4IDuzCCA7cwHQYDVR0OBBYEFEC48GS8d8RbrmZj7SIOGtObTDtnMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUUxqd1pMeDN4RnV1Wm1QdElnNGEwNXRNTzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzwYIKwYBBQUHAQcBAf8EggG+MIIBujCCAbYEAgABMIIB
rgMEAh8N/AMEASWLggMEAld4IAMEAVd4LgMEAVd4QAMEAVd4RAMEAVd4WAMEAVd4
YAMEAld4ZAMEAVd4wDAMAwQBV3jaAwQBV3jcMAwDBAJXeSQDBABXeSYDBAJXeSwD
BAFXeTgDBAJXeTwDBABXeUUDBAFXeWQDBABXeWcDBAFXeXIDBAFXeZIDBAFXeaID
BABbXBADBABbXBUDBAJbXBgDBABbXEMDBABdexgDBAFdexoDBAFdex4DBABdeycD
BAJde0QwDAMEAl17TAMEAF17UDAMAwQAXXtVAwQDXXtQMAwDBARde3ADBAFde3QD
BABde3cDBAFemqADBABemqMDBABemq0DBABenAIDBABenAYDBABenAgDBAFenE4D
BABenIMDBABenJgwDAMEAV6cmgMEAV6cnAMEAV6cqDAMAwQEXpywAwQBXpy0MAwD
BABenO0DBABenO4DBACy1+wDBACy1+4DBAC5/LEDBADBGdsDBADBJSoDBADBLz4D
BADBOnkDBADBOnsDBADB3mEDBADCMPkDBADCN7sDBADCN+IDBADCqawDBADUV80w
DQYJKoZIhvcNAQELBQADggEBAAcJyiSWOx+FsH6E/XE1YEUrB4bSBjvu6GCGnidz
Pz2OhHdFEOwGfCCEFsKcQNujaHbtzu8ycXVPtF8BNoGj6yr0p9lTBpQKSahjhHyk
Gsg8lzgC9VGLSGOAVB+vxHusRPThOYAhf9nDrAVDx/JMPJMmpmCefQKFtUDUHXhC
tvOTmCG+nJNtlXr5mrk8Ho9nYTXTox1YK0RGnw8PlHZpdQr75BwwKceqKB/GwonD
6P6KGMMmwntEqsjr30GkCMq7TIcmdUoI2OInLYooVXEnPwyS5Lr1B0I9nzGL/65c
/IEtmM+bnE/lkw0RhV7aa3lqxgklUtGUy5QxwnNitss0PBw=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:36 2023 by rpki-client on console-ams.rpki-client.org