Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kFx1r0yAPGVFHhI4WTPfEna8O8w.roa
File: kFx1r0yAPGVFHhI4WTPfEna8O8w.roa (raw, json)
Hash identifier: cXWEyYxVj02mBbCH08MQNyASZ16hC3KNU2h2RpuWB1w=
Subject key identifier: 90:5C:75:AF:4C:80:3C:65:45:1E:12:38:59:33:DF:12:76:BC:3B:CC
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189AAD1DD15E823E3AC2E747FE5179035F0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kFx1r0yAPGVFHhI4WTPfEna8O8w.roa
Signing time: Mon 31 Jul 2023 07:20:27 +0000
ROA not before: Mon 31 Jul 2023 07:20:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
87.120.192.0/23 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
37.139.131.0/24 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
93.123.76.0/22 maxlen: 24
87.121.163.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
94.156.178.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
94.156.180.0/23 maxlen: 24
87.121.104.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.121.114.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
5.253.58.0/23 maxlen: 24
193.25.219.0/24 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:aa:d1:dd:15:e8:23:e3:ac:2e:74:7f:e5:17:90:35:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 31 07:20:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=905c75af4c803c65451e12385933df1276bc3bcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:28:05:bd:b5:91:53:b7:60:b1:1b:b8:b0:00:
78:43:c7:7d:18:66:c5:ed:4d:97:34:de:2b:0e:e5:
eb:cc:c9:cf:4b:d5:9b:b2:0a:bd:a5:a9:02:cb:91:
d6:2d:c9:e6:93:57:cc:c5:92:fe:6e:fc:fb:a5:ae:
2f:cf:15:19:94:60:23:91:2c:cf:07:1b:49:14:0d:
40:93:4c:8f:68:09:8c:8f:58:3a:53:05:65:c4:79:
74:6b:00:8d:f2:44:db:b1:c7:72:a1:c3:9c:f4:35:
77:89:20:7f:b2:39:dd:d8:bf:12:2b:46:aa:78:ec:
12:dc:54:cd:b0:af:62:b4:3d:d6:8b:35:d2:c3:d5:
01:36:95:dd:94:ea:2c:93:cd:cb:1e:16:16:10:cd:
5e:a1:3f:7d:fb:2c:e5:b4:7d:cd:d9:c7:57:35:61:
d5:15:85:05:91:a0:8b:11:a2:f3:b3:19:34:d3:75:
24:14:fe:f8:33:5e:7d:24:6f:d7:5d:20:1a:f5:c1:
d3:02:84:d0:18:5d:70:d9:c6:c3:73:49:c6:21:2e:
b2:55:6b:57:60:b2:a8:fd:1c:cc:9c:e2:7e:ce:39:
c5:75:8a:30:5b:d0:82:f4:bc:42:e8:a0:06:bd:9d:
70:47:45:77:e2:1d:94:60:1b:10:10:a4:05:8b:c7:
57:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:5C:75:AF:4C:80:3C:65:45:1E:12:38:59:33:DF:12:76:BC:3B:CC
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kFx1r0yAPGVFHhI4WTPfEna8O8w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.139.123.0/24
87.120.192.0/23
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.76.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.178.0/24
94.156.180.0/23
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:14:dd:f9:4f:ae:a3:6f:d5:46:10:0a:aa:bc:33:54:e0:9a:
48:fd:99:12:d9:f5:c6:76:b6:56:a9:3c:04:31:ec:8a:50:84:
8d:46:f4:0a:89:45:40:5f:5f:0c:6e:ac:62:7c:44:3a:f6:de:
d8:ca:2e:c8:5f:c7:6d:25:de:b3:37:d6:f0:e5:2a:93:62:ad:
f8:3f:6c:28:c0:c5:d9:9b:c1:1e:7f:ac:bc:75:c6:29:65:9f:
12:88:14:f5:fa:94:f2:80:04:06:56:95:e8:a9:87:d3:c5:4e:
70:a8:5b:a7:73:ab:c1:71:bb:84:0d:bd:ce:94:74:a0:b6:59:
0b:75:94:fc:6a:07:80:e4:4a:8f:e5:19:a1:1e:11:fd:d4:ad:
1a:8f:66:e7:59:63:87:a2:97:91:ab:cb:cf:18:e6:43:5f:b8:
28:d4:61:13:8d:35:7f:06:b7:24:85:6d:87:e2:ed:d8:87:d9:
b3:83:1c:cf:31:69:4f:61:49:c8:ed:56:db:aa:ae:73:33:7b:
15:29:b6:a7:48:8d:5a:56:2e:79:97:6f:2d:7e:ed:44:1c:1b:
a1:c9:aa:9d:34:1e:bd:1a:7a:14:3f:25:85:64:48:71:29:c4:
27:a6:42:99:88:af:02:dc:99:6f:1f:9c:31:2c:a9:65:9c:f1:
64:07:ac:ac
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgISAYmq0d0V6CPjrC50f+UXkDXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzMxMDcyMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDVjNzVhZjRjODAzYzY1NDUxZTEyMzg1OTMzZGYxMjc2YmMzYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoigFvbWRU7dgsRu4sAB4Q8d9GGbF
7U2XNN4rDuXrzMnPS9Wbsgq9pakCy5HWLcnmk1fMxZL+bvz7pa4vzxUZlGAjkSzP
BxtJFA1Ak0yPaAmMj1g6UwVlxHl0awCN8kTbscdyocOc9DV3iSB/sjnd2L8SK0aq
eOwS3FTNsK9itD3WizXSw9UBNpXdlOosk83LHhYWEM1eoT99+yzltH3N2cdXNWHV
FYUFkaCLEaLzsxk003UkFP74M159JG/XXSAa9cHTAoTQGF1w2cbDc0nGIS6yVWtX
YLKo/RzMnOJ+zjnFdYowW9CC9LxC6KAGvZ1wR0V34h2UYBsQEKQFi8dXxwIDAQAB
o4IDHTCCAxkwHQYDVR0OBBYEFJBcda9MgDxlRR4SOFkz3xJ2vDvMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva0Z4MXIweUFQR1ZGSGhJNFdUUGZFbmE4Tzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMQYIKwYBBQUHAQcBAf8EggEgMIIBHDCCARgEAgABMIIB
EAMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAC2LewMEAVd4wDAMAwQCV3kkAwQA
V3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZIDBABXeaMDBABbXBAD
BAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4wDAMEAl17TAMEAF17UAMEAl17
cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6cAgMEAF6cmAMEAV6cmgMEAF6c
sgMEAV6ctDAMAwQAXpztAwQAXpzuAwQCuZNkAwQBuc8OAwQAufyxAwQCwQi4AwQA
wRnbAwQAwS8+AwQAwTp5AwQAwTp7AwQAwjfiAwQA1FfNMA0GCSqGSIb3DQEBCwUA
A4IBAQA7FN35T66jb9VGEAqqvDNU4JpI/ZkS2fXGdrZWqTwEMeyKUISNRvQKiUVA
X18MbqxifEQ69t7Yyi7IX8dtJd6zN9bw5SqTYq34P2wowMXZm8Eef6y8dcYpZZ8S
iBT1+pTygAQGVpXoqYfTxU5wqFunc6vBcbuEDb3OlHSgtlkLdZT8ageA5EqP5Rmh
HhH91K0aj2bnWWOHopeRq8vPGOZDX7go1GETjTV/BrckhW2H4u3Yh9mzgxzPMWlP
YUnI7Vbbqq5zM3sVKbanSI1aVi55l28tfu1EHBuhyaqdNB69GnoUPyWFZEhxKcQn
pkKZiK8C3JlvH5wxLKllnPFkB6ys
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:41 2024 by rpki-client on console-ams.rpki-client.org