Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9BXmdGr4xMEVdGMwWASyurGM3VA.roa
File: 9BXmdGr4xMEVdGMwWASyurGM3VA.roa (raw, json)
Hash identifier: blTm48XH/KQae9ViJikzcYge1VfuC2TvlAJuLW7zPHE=
Subject key identifier: F4:15:E6:74:6A:F8:C4:C1:15:74:63:30:58:04:B2:BA:B1:8C:DD:50
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188710FAB594F55C0FA6A3499BD1E2940D8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9BXmdGr4xMEVdGMwWASyurGM3VA.roa
Signing time: Wed 31 May 2023 09:07:12 +0000
ROA not before: Wed 31 May 2023 09:07:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 87.120.192.0/23 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.44.0/24 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.74.0/24 maxlen: 24
93.123.75.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
94.156.176.0/22 maxlen: 24
94.156.180.0/23 maxlen: 24
194.48.249.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
193.25.219.0/24 maxlen: 24
94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.207.14.0/23 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
37.139.131.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
87.121.163.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
87.121.104.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
45.95.2.0/23 maxlen: 24
45.95.0.0/23 maxlen: 24
5.253.58.0/23 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:71:0f:ab:59:4f:55:c0:fa:6a:34:99:bd:1e:29:40:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 31 09:07:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f415e6746af8c4c1157463305804b2bab18cdd50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:19:b6:72:a8:fd:9c:67:14:fe:fc:5e:7d:5b:
f5:22:77:64:99:b1:93:99:2b:2c:4c:7d:8d:fc:13:
66:98:aa:44:91:4f:8b:6b:ed:ec:22:e9:4b:12:8b:
f5:1b:4b:8c:17:0e:a9:36:fd:09:0a:b3:7c:4c:1f:
ba:89:66:33:48:c1:33:50:7c:b3:71:e3:4f:35:ba:
8f:ef:2d:ff:2b:4f:d7:5a:1b:99:ac:fa:91:9f:ef:
26:fa:8d:39:f7:f9:a1:90:64:7f:03:7b:ed:66:73:
40:79:07:cc:13:53:cc:f3:14:43:b2:5e:9b:a8:8f:
01:2b:b5:05:92:4b:74:d8:6c:71:39:ff:d1:24:37:
03:cc:4a:e9:22:24:57:e8:0b:43:94:57:02:68:22:
02:fb:f3:7d:db:37:cc:3f:32:b2:2f:ea:e4:51:34:
a5:c5:ec:b3:a0:63:73:02:01:63:6f:b1:da:e4:0c:
b9:b0:19:a5:bb:04:a3:25:67:00:ee:4f:46:ac:05:
da:26:5d:d2:80:28:60:08:ac:c2:6e:1f:b2:e5:ff:
d9:48:52:d1:d7:25:e6:57:1d:ea:20:35:fb:e1:7a:
86:15:15:b6:68:8f:26:55:75:94:26:c7:9c:bf:0b:
d9:95:16:89:58:a4:18:5a:cf:ed:d7:b2:5a:2f:d6:
e0:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:15:E6:74:6A:F8:C4:C1:15:74:63:30:58:04:B2:BA:B1:8C:DD:50
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9BXmdGr4xMEVdGMwWASyurGM3VA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
37.139.131.0/24
45.8.92.0/24
45.9.208.0/22
45.95.0.0/22
45.139.123.0/24
87.120.192.0/23
87.120.219.0/24
87.121.36.0-87.121.38.255
87.121.44.0/24
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.74.0-93.123.80.255
93.123.112.0/22
93.123.117.0/24
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
185.147.100.0/22
185.207.14.0/23
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.48.249.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:53:69:9b:19:08:a1:87:a0:0e:de:36:dd:41:98:4f:44:71:
8a:87:d5:75:ce:78:97:88:ba:9f:f0:88:6c:7a:ec:41:57:91:
7f:e0:98:6d:ca:1c:6c:44:5e:cb:c1:ba:db:b9:8a:1d:20:e3:
6e:5f:36:59:72:1d:a1:9d:d5:2e:b6:39:26:46:e6:b3:ee:6c:
c7:cf:db:16:df:04:18:31:5c:6a:02:56:af:7c:ff:bb:6a:6a:
d7:e9:ef:07:c9:68:e6:c9:1e:3c:24:d4:68:98:f4:ec:0a:f7:
99:3b:b0:2b:c2:ac:86:79:66:b5:54:f8:92:4e:82:a4:9b:a1:
99:3f:e5:4d:c0:a5:e8:b7:54:16:3e:33:d3:72:66:a4:f8:ad:
f6:f0:f2:30:db:0a:fd:79:60:96:0c:59:a5:c1:16:c9:cb:38:
4f:ef:05:a1:e1:1b:36:8d:2e:ed:3c:cc:ab:17:d6:0b:72:ca:
e5:66:ef:f8:8f:70:44:9c:1b:72:3c:86:09:06:a4:79:0c:7d:
58:47:4a:dc:29:35:52:9b:f4:29:b3:6a:2e:4a:d2:af:f0:ac:
ef:cf:7e:56:80:0e:a8:4a:99:aa:6d:15:69:fe:1f:ed:ab:9e:
80:ec:18:a9:1d:92:7b:f1:e4:8a:91:2a:d0:3d:3f:f5:e7:70:
f0:c3:9b:6b
-----BEGIN CERTIFICATE-----
MIIGKzCCBROgAwIBAgISAYhxD6tZT1XA+mo0mb0eKUDYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTMxMDkwNzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE1ZTY3NDZhZjhjNGMxMTU3NDYzMzA1ODA0YjJiYWIxOGNkZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihm2cqj9nGcU/vxefVv1IndkmbGT
mSssTH2N/BNmmKpEkU+La+3sIulLEov1G0uMFw6pNv0JCrN8TB+6iWYzSMEzUHyz
ceNPNbqP7y3/K0/XWhuZrPqRn+8m+o059/mhkGR/A3vtZnNAeQfME1PM8xRDsl6b
qI8BK7UFkkt02GxxOf/RJDcDzErpIiRX6AtDlFcCaCIC+/N92zfMPzKyL+rkUTSl
xeyzoGNzAgFjb7Ha5Ay5sBmluwSjJWcA7k9GrAXaJl3SgChgCKzCbh+y5f/ZSFLR
1yXmVx3qIDX74XqGFRW2aI8mVXWUJsecvwvZlRaJWKQYWs/t17JaL9bg7QIDAQAB
o4IDNzCCAzMwHQYDVR0OBBYEFPQV5nRq+MTBFXRjMFgEsrqxjN1QMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOUJYbWRHcjR4TUVWZEdNd1dBU3l1ckdNM1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSwYIKwYBBQUHAQcBAf8EggE6MIIBNjCCATIEAgABMIIB
KgMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAi1fAAMEAC2LewMEAVd4wAMEAFd4
2zAMAwQCV3kkAwQAV3kmAwQAV3ksAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXID
BAFXeZIDBABXeaMDBABbXBADBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4w
DAMEAV17SgMEAF17UAMEAl17cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6c
AgMEAF6cmAMEAV6cmjAMAwQEXpywAwQBXpy0MAwDBABenO0DBABenO4DBAK5k2QD
BAG5zw4DBAC5/LEDBALBCLgDBADBGdsDBADBLz4DBADBOnkDBADBOnsDBADCMPkD
BADCN+IDBADUV80wDQYJKoZIhvcNAQELBQADggEBACpTaZsZCKGHoA7eNt1BmE9E
cYqH1XXOeJeIup/wiGx67EFXkX/gmG3KHGxEXsvButu5ih0g425fNllyHaGd1S62
OSZG5rPubMfP2xbfBBgxXGoCVq98/7tqatfp7wfJaObJHjwk1GiY9OwK95k7sCvC
rIZ5ZrVU+JJOgqSboZk/5U3Apei3VBY+M9NyZqT4rfbw8jDbCv15YJYMWaXBFsnL
OE/vBaHhGzaNLu08zKsX1gtyyuVm7/iPcEScG3I8hgkGpHkMfVhHStwpNVKb9Cmz
ai5K0q/wrO/PflaADqhKmaptFWn+H+2rnoDsGKkdknvx5IqRKtA9P/XncPDDm2s=
-----END CERTIFICATE-----
Generated at Wed May 14 00:00:09 2025 by rpki-client