Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hyHCXHCkdM73kpf9GepUfoK-BUM.roa
File: hyHCXHCkdM73kpf9GepUfoK-BUM.roa (raw, json)
Hash identifier: 75OgWoAnkNeMXCmcnlasbmwT1eUxZuyJp0EL746f1J8=
Subject key identifier: 87:21:C2:5C:70:A4:74:CE:F7:92:97:FD:19:EA:54:7E:82:BE:05:43
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018956E00FB7D36E1B64E6F12C993D25ED64
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hyHCXHCkdM73kpf9GepUfoK-BUM.roa
Signing time: Sat 15 Jul 2023 00:07:51 +0000
ROA not before: Sat 15 Jul 2023 00:07:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
87.120.192.0/23 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
37.139.131.0/24 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
93.123.76.0/22 maxlen: 24
87.121.163.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
94.156.176.0/22 maxlen: 24
193.47.62.0/24 maxlen: 24
94.156.180.0/23 maxlen: 24
87.121.104.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.121.114.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
5.253.58.0/23 maxlen: 24
193.25.219.0/24 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:56:e0:0f:b7:d3:6e:1b:64:e6:f1:2c:99:3d:25:ed:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 15 00:07:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8721c25c70a474cef79297fd19ea547e82be0543
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:e4:fc:1c:cf:1f:d7:91:1d:b3:c3:d6:32:5b:
a7:f6:ff:91:71:5c:71:00:31:c1:6d:cc:c1:bc:6e:
f4:a8:81:26:f9:60:a1:ed:1c:94:7e:9b:bf:b5:b6:
0d:39:dc:6b:f7:a2:ba:47:83:30:05:6f:49:d4:37:
1f:54:cb:9c:75:19:32:72:37:1a:03:35:7b:58:c6:
5e:d9:98:a7:50:9c:9d:5f:44:10:3e:e6:f7:fd:e5:
dd:b1:c8:9d:b9:5e:b0:9f:90:58:56:6a:3a:1f:bb:
09:00:75:df:d3:f0:a1:ea:47:30:8d:a5:79:3c:d0:
f4:45:ef:41:02:d5:ed:0a:7e:22:a5:7b:08:a1:54:
8d:4f:05:97:36:ab:2a:22:cd:2c:ff:58:d7:07:5b:
66:0a:f7:06:40:d0:c6:14:1b:58:e5:07:33:22:55:
db:58:01:71:b9:b1:5e:cf:de:49:1f:29:62:88:18:
b3:37:78:c3:ce:22:32:27:84:a9:cb:a0:17:41:6f:
0b:9b:cd:11:25:22:4b:ff:a3:7b:e1:b2:8d:9c:88:
78:d8:33:78:ec:93:15:68:b3:de:55:e9:c8:c3:46:
14:13:bb:71:05:54:25:74:99:e5:cb:7e:ba:75:e9:
f4:27:77:4a:4c:c8:60:a6:30:8e:60:18:2b:6d:9f:
e6:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:21:C2:5C:70:A4:74:CE:F7:92:97:FD:19:EA:54:7E:82:BE:05:43
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hyHCXHCkdM73kpf9GepUfoK-BUM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.139.123.0/24
87.120.192.0/23
87.120.219.0/24
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.76.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:67:e8:9a:37:20:bd:a3:57:bb:2a:f9:8a:ef:aa:70:eb:67:
b7:e8:ee:67:94:6c:01:ac:b7:c7:42:b5:35:8b:52:22:fe:d7:
3c:04:cc:39:10:8c:62:cb:4a:64:15:d7:42:e3:cc:cf:bd:39:
8d:13:cc:fc:4d:8a:14:47:85:c0:3d:61:e2:22:9e:5c:10:9e:
09:fb:9b:35:be:ee:35:6b:e5:86:3d:64:99:80:7a:f2:71:48:
1d:f1:8b:77:ff:1c:7a:4a:23:b2:4a:85:98:7a:68:e2:88:9e:
09:27:73:ea:f1:8e:49:e2:fb:f8:87:97:67:fc:24:cd:91:2e:
a0:f4:eb:e1:5a:3a:fb:4c:37:c0:73:bd:8c:7c:cf:93:06:c1:
14:a9:26:60:d2:48:c3:e5:f9:46:ab:2a:3a:29:f7:2a:9c:a6:
c9:80:6e:7b:af:27:79:c6:cf:49:0c:36:23:ce:f6:4b:34:3a:
a3:e4:ed:9a:81:f5:de:27:73:76:f2:80:ec:ef:e4:84:ca:c9:
8b:74:da:ad:67:5d:fb:4a:5c:ef:cd:24:df:6d:d5:36:fb:9d:
a1:2d:82:a3:22:e6:cb:52:41:32:1e:46:27:f8:b8:1e:89:59:
4e:66:72:95:70:0b:de:3c:2d:b9:33:c7:87:a1:ad:05:15:d4:
3b:0e:6b:5a
-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgISAYlW4A+3024bZObxLJk9Je1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzE1MDAwNzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzIxYzI1YzcwYTQ3NGNlZjc5Mjk3ZmQxOWVhNTQ3ZTgyYmUwNTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuT8HM8f15Eds8PWMlun9v+RcVxx
ADHBbczBvG70qIEm+WCh7RyUfpu/tbYNOdxr96K6R4MwBW9J1DcfVMucdRkycjca
AzV7WMZe2ZinUJydX0QQPub3/eXdsciduV6wn5BYVmo6H7sJAHXf0/Ch6kcwjaV5
PND0Re9BAtXtCn4ipXsIoVSNTwWXNqsqIs0s/1jXB1tmCvcGQNDGFBtY5QczIlXb
WAFxubFez95JHyliiBizN3jDziIyJ4Spy6AXQW8Lm80RJSJL/6N74bKNnIh42DN4
7JMVaLPeVenIw0YUE7txBVQldJnly366den0J3dKTMhgpjCOYBgrbZ/m8wIDAQAB
o4IDJTCCAyEwHQYDVR0OBBYEFIchwlxwpHTO95KX/RnqVH6CvgVDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaHlIQ1hIQ2tkTTcza3BmOUdlcFVmb0stQlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOQYIKwYBBQUHAQcBAf8EggEoMIIBJDCCASAEAgABMIIB
GAMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAC2LewMEAVd4wAMEAFd42zAMAwQC
V3kkAwQAV3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZIDBABXeaMD
BABbXBADBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4wDAMEAl17TAMEAF17
UAMEAl17cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6cAgMEAF6cmAMEAV6c
mjAMAwQEXpywAwQBXpy0MAwDBABenO0DBABenO4DBAK5k2QDBAG5zw4DBAC5/LED
BALBCLgDBADBGdsDBADBLz4DBADBOnkDBADBOnsDBADCN+IDBADUV80wDQYJKoZI
hvcNAQELBQADggEBAA9n6Jo3IL2jV7sq+YrvqnDrZ7fo7meUbAGst8dCtTWLUiL+
1zwEzDkQjGLLSmQV10LjzM+9OY0TzPxNihRHhcA9YeIinlwQngn7mzW+7jVr5YY9
ZJmAevJxSB3xi3f/HHpKI7JKhZh6aOKIngknc+rxjkni+/iHl2f8JM2RLqD06+Fa
OvtMN8BzvYx8z5MGwRSpJmDSSMPl+UarKjop9yqcpsmAbnuvJ3nGz0kMNiPO9ks0
OqPk7ZqB9d4nc3bygOzv5ITKyYt02q1nXftKXO/NJN9t1Tb7naEtgqMi5stSQTIe
Rif4uB6JWU5mcpVwC948Lbkzx4ehrQUV1DsOa1o=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:17 2024 by rpki-client on console-fra.rpki-client.org