Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mvbfzhErxuiAPfxbnDu5xdjtpwY.roa
File: mvbfzhErxuiAPfxbnDu5xdjtpwY.roa (raw, json)
Hash identifier: 7pJbhFcNlowtUrgqHpb0cJv6IgMdstC9IYlsFTyM/8o=
Subject key identifier: 9A:F6:DF:CE:11:2B:C6:E8:80:3D:FC:5B:9C:3B:B9:C5:D8:ED:A7:06
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0183EACE9B78BFC3CFC28B77984E7DFFE588
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mvbfzhErxuiAPfxbnDu5xdjtpwY.roa
Signing time: Tue 18 Oct 2022 11:15:52 +0000
ROA not before: Tue 18 Oct 2022 11:15:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8100
IP address blocks: 87.120.192.0/23 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.44.0/22 maxlen: 24
87.121.56.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.218.0/23 maxlen: 24
87.120.220.0/23 maxlen: 24
93.123.39.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
93.123.68.0/22 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
93.123.86.0/23 maxlen: 24
193.42.34.0/24 maxlen: 24
193.42.35.0/24 maxlen: 24
94.156.168.0/23 maxlen: 24
193.42.33.0/24 maxlen: 24
94.156.176.0/22 maxlen: 24
94.156.180.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.120.64.0/23 maxlen: 24
87.120.68.0/23 maxlen: 24
79.110.48.0/24 maxlen: 24
87.120.88.0/23 maxlen: 24
87.120.96.0/23 maxlen: 24
87.120.100.0/22 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.116.0/23 maxlen: 24
93.123.119.0/24 maxlen: 24
87.120.32.0/22 maxlen: 24
193.25.219.0/24 maxlen: 24
87.120.46.0/23 maxlen: 24
94.156.2.0/24 maxlen: 24
91.92.6.0/24 maxlen: 24
94.156.6.0/24 maxlen: 24
94.156.8.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
91.92.21.0/24 maxlen: 24
91.92.24.0/22 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
193.58.122.0/24 maxlen: 24
193.58.120.0/24 maxlen: 24
94.156.131.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
194.180.37.0/24 maxlen: 24
94.156.152.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
94.156.156.0/23 maxlen: 24
94.156.154.0/23 maxlen: 24
91.92.67.0/24 maxlen: 24
94.156.78.0/23 maxlen: 24
193.35.18.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
178.215.237.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
87.121.162.0/23 maxlen: 24
87.121.69.0/24 maxlen: 24
87.121.100.0/23 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
31.13.252.0/22 maxlen: 24
87.121.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:ea:ce:9b:78:bf:c3:cf:c2:8b:77:98:4e:7d:ff:e5:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 18 11:15:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9af6dfce112bc6e8803dfc5b9c3bb9c5d8eda706
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:96:e7:98:2c:3d:25:3f:23:2f:23:1d:89:c5:
50:26:27:51:d0:31:bd:76:0e:04:f5:c0:cd:0d:3f:
e9:f7:ba:da:af:43:36:e3:e9:10:c3:e4:4c:de:81:
28:fa:9f:8c:86:cc:54:d1:15:18:f4:2f:88:56:e7:
44:cd:f3:29:24:43:85:1e:53:0a:e9:f6:05:a3:fc:
c4:09:bb:62:db:ce:c3:a5:d8:de:78:9d:bc:18:36:
b6:54:a3:5d:0b:65:3c:35:99:e2:1f:7a:37:aa:b0:
b6:cb:7a:c0:9c:5f:7c:bf:5e:d2:7e:9f:16:e4:d9:
7f:2c:2e:d9:d2:c5:2e:e0:8b:47:f7:8e:26:18:cb:
28:d5:e7:ab:92:6b:d5:08:4a:74:fe:5d:86:85:2f:
ce:76:4c:d4:12:5c:b6:3f:6a:9c:39:95:fb:75:c8:
75:69:a7:c4:2e:d8:9a:e6:fe:da:42:ab:e5:eb:89:
d2:cc:72:38:9d:26:8b:43:6c:65:22:31:2c:78:4f:
2c:2f:e1:f5:fd:8a:7a:5a:83:0b:6c:5c:e2:bf:a4:
04:b7:1b:08:cc:be:57:f3:ac:c6:ac:6f:f2:33:0f:
27:d5:a4:c6:75:ee:90:92:76:7c:6f:d4:3e:a6:7a:
1d:ce:20:ee:e3:b9:55:84:ce:49:80:06:f2:9e:79:
51:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:F6:DF:CE:11:2B:C6:E8:80:3D:FC:5B:9C:3B:B9:C5:D8:ED:A7:06
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mvbfzhErxuiAPfxbnDu5xdjtpwY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.252.0/22
79.110.48.0/24
87.120.32.0/22
87.120.46.0/23
87.120.64.0/23
87.120.68.0/23
87.120.88.0/23
87.120.96.0/23
87.120.100.0/22
87.120.192.0/23
87.120.218.0-87.120.221.255
87.121.36.0-87.121.38.255
87.121.44.0/22
87.121.56.0/23
87.121.60.0/22
87.121.69.0/24
87.121.100.0/23
87.121.103.0/24
87.121.114.0/23
87.121.146.0/23
87.121.162.0/23
87.121.220.0/24
91.92.6.0/24
91.92.16.0/24
91.92.21.0/24
91.92.24.0/22
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.39.0/24
93.123.68.0/22
93.123.76.0-93.123.80.255
93.123.85.0-93.123.87.255
93.123.112.0-93.123.117.255
93.123.119.0/24
94.156.2.0/24
94.156.6.0/24
94.156.8.0/24
94.156.78.0/23
94.156.131.0/24
94.156.152.0/24
94.156.154.0-94.156.157.255
94.156.168.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
178.215.237.0-178.215.238.255
193.25.219.0/24
193.35.18.0/24
193.42.33.0-193.42.35.255
193.58.120.0/22
194.180.37.0-194.180.39.255
Signature Algorithm: sha256WithRSAEncryption
06:76:0a:62:e3:7e:98:2a:06:73:37:93:02:17:c6:80:53:ff:
9b:32:41:4e:6e:c1:25:7e:02:c3:b9:36:07:20:c3:c1:44:89:
08:49:1a:06:15:ab:26:67:05:1f:a6:72:d0:47:11:10:45:ff:
6b:aa:73:a2:f7:24:62:9e:b2:6d:cf:f8:2d:61:57:01:9a:8c:
b2:87:a1:27:b8:15:1c:c9:b8:c4:47:5e:42:e8:84:37:c6:e8:
fd:76:a6:5d:17:d7:e9:fd:f3:89:c1:7b:79:0e:26:a1:22:b5:
98:03:42:c0:cb:1a:3e:38:b8:43:0e:7c:a9:7b:25:8e:36:8a:
59:ba:6b:dc:2b:92:b3:ff:39:fe:0f:c9:49:cd:c5:d1:22:bf:
3f:cd:b7:af:24:d7:05:27:36:3b:25:52:55:55:42:15:70:2b:
27:4d:16:b9:34:19:e3:63:8c:9c:1d:f0:92:88:af:45:65:5d:
4e:13:02:b5:54:42:6b:1f:d4:ee:63:70:d0:e3:61:70:5f:21:
07:fa:5a:93:b4:0f:2f:9b:39:f2:79:83:54:0f:8e:41:e5:c2:
d5:e7:b4:36:fb:23:92:c5:e7:b9:b9:8b:4a:63:cc:f8:42:1b:
34:77:bc:2e:66:5d:9e:48:63:43:16:f9:24:dc:f5:d8:cc:d7:
35:47:37:29
-----BEGIN CERTIFICATE-----
MIIGkTCCBXmgAwIBAgISAYPqzpt4v8PPwot3mE59/+WIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDE4MTExNTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY2ZGZjZTExMmJjNmU4ODAzZGZjNWI5YzNiYjljNWQ4ZWRhNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJbnmCw9JT8jLyMdicVQJidR0DG9
dg4E9cDNDT/p97rar0M24+kQw+RM3oEo+p+MhsxU0RUY9C+IVudEzfMpJEOFHlMK
6fYFo/zECbti287DpdjeeJ28GDa2VKNdC2U8NZniH3o3qrC2y3rAnF98v17Sfp8W
5Nl/LC7Z0sUu4ItH944mGMso1eerkmvVCEp0/l2GhS/OdkzUEly2P2qcOZX7dch1
aafELtia5v7aQqvl64nSzHI4nSaLQ2xlIjEseE8sL+H1/Yp6WoMLbFziv6QEtxsI
zL5X86zGrG/yMw8n1aTGde6QknZ8b9Q+pnodziDu47lVhM5JgAbynnlR8QIDAQAB
o4IDnTCCA5kwHQYDVR0OBBYEFJr2384RK8bogD38W5w7ucXY7acGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbXZiZnpoRXJ4dWlBUGZ4Ym5EdTV4ZGp0cHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBsQYIKwYBBQUHAQcBAf8EggGgMIIBnDCCAZgEAgABMIIB
kAMEAh8N/AMEAE9uMAMEAld4IAMEAVd4LgMEAVd4QAMEAVd4RAMEAVd4WAMEAVd4
YAMEAld4ZAMEAVd4wDAMAwQBV3jaAwQBV3jcMAwDBAJXeSQDBABXeSYDBAJXeSwD
BAFXeTgDBAJXeTwDBABXeUUDBAFXeWQDBABXeWcDBAFXeXIDBAFXeZIDBAFXeaID
BABXedwDBABbXAYDBABbXBADBABbXBUDBAJbXBgDBABbXEMDBABdexgDBAFdexoD
BAFdex4DBABdeycDBAJde0QwDAMEAl17TAMEAF17UDAMAwQAXXtVAwQDXXtQMAwD
BARde3ADBAFde3QDBABde3cDBABenAIDBABenAYDBABenAgDBAFenE4DBABenIMD
BABenJgwDAMEAV6cmgMEAV6cnAMEAV6cqDAMAwQEXpywAwQBXpy0MAwDBABenO0D
BABenO4wDAMEALLX7QMEALLX7gMEAMEZ2wMEAMEjEjAMAwQAwSohAwQCwSogAwQC
wTp4MAwDBADCtCUDBAPCtCAwDQYJKoZIhvcNAQELBQADggEBAAZ2CmLjfpgqBnM3
kwIXxoBT/5syQU5uwSV+AsO5Ngcgw8FEiQhJGgYVqyZnBR+mctBHERBF/2uqc6L3
JGKesm3P+C1hVwGajLKHoSe4FRzJuMRHXkLohDfG6P12pl0X1+n984nBe3kOJqEi
tZgDQsDLGj44uEMOfKl7JY42ilm6a9wrkrP/Of4PyUnNxdEivz/Nt68k1wUnNjsl
UlVVQhVwKydNFrk0GeNjjJwd8JKIr0VlXU4TArVUQmsf1O5jcNDjYXBfIQf6WpO0
Dy+bOfJ5g1QPjkHlwtXntDb7I5LF57m5i0pjzPhCGzR3vC5mXZ5IY0MW+STc9djM
1zVHNyk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org