Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TMViOU1ryeRNodbk_ntCDq2KLo8.roa
File: TMViOU1ryeRNodbk_ntCDq2KLo8.roa (raw, json)
Hash identifier: Ya+JvbHlu73EqDj+6cgPfHPQ0g7uNTnXPnB/y7v9jGs=
Subject key identifier: 4C:C5:62:39:4D:6B:C9:E4:4D:A1:D6:E4:FE:7B:42:0E:AD:8A:2E:8F
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018650295F9CA496C5456B3C08BB0BED4E2D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TMViOU1ryeRNodbk_ntCDq2KLo8.roa
Signing time: Tue 14 Feb 2023 13:42:14 +0000
ROA not before: Tue 14 Feb 2023 13:42:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 87.120.192.0/23 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.60.0/22 maxlen: 24
87.120.219.0/24 maxlen: 24
87.120.220.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
93.123.68.0/22 maxlen: 24
93.123.76.0/22 maxlen: 24
93.123.80.0/24 maxlen: 24
93.123.86.0/23 maxlen: 24
94.156.168.0/23 maxlen: 24
94.156.176.0/22 maxlen: 24
94.156.180.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
194.48.249.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.120.64.0/23 maxlen: 24
87.120.96.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.116.0/23 maxlen: 24
93.123.119.0/24 maxlen: 24
87.120.32.0/22 maxlen: 24
193.25.219.0/24 maxlen: 24
87.120.46.0/23 maxlen: 24
94.156.2.0/24 maxlen: 24
94.156.8.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
91.92.21.0/24 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
94.156.131.0/24 maxlen: 24
94.156.152.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
91.92.67.0/24 maxlen: 24
94.156.78.0/23 maxlen: 24
37.139.130.0/23 maxlen: 24
212.87.205.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
178.215.238.0/24 maxlen: 24
87.121.163.0/24 maxlen: 24
87.121.69.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
31.13.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:50:29:5f:9c:a4:96:c5:45:6b:3c:08:bb:0b:ed:4e:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 14 13:42:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4cc562394d6bc9e44da1d6e4fe7b420ead8a2e8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:49:10:3d:54:0b:13:14:7c:3b:d8:f9:d5:25:
d5:a2:4b:d7:fc:be:fe:78:c9:10:ea:42:de:77:da:
e7:67:31:bc:96:02:71:ba:32:1e:90:e8:57:0e:f9:
02:55:7b:c7:ef:42:82:e2:10:60:24:8f:b9:34:27:
2e:3d:18:40:70:d1:c3:86:14:bb:9d:18:63:0d:99:
5b:22:b5:25:35:7b:c4:51:be:b5:c9:dd:68:4a:7a:
da:fe:54:c0:03:ca:4f:45:82:2b:78:09:6f:03:d4:
2a:1d:e8:33:f9:a9:60:ae:97:45:53:a6:0d:67:ca:
26:6f:43:d3:1e:71:13:a7:97:44:5f:db:c0:2f:0a:
b2:49:c3:6d:8a:38:99:53:6a:93:fd:3b:55:25:3c:
1e:8e:5b:a1:52:ae:6a:4d:ab:62:dc:f3:79:55:88:
94:8f:4f:f3:51:c0:b4:4a:57:f0:e6:40:1a:e9:06:
6b:b1:41:2e:83:05:58:13:42:c0:c7:9c:15:14:ee:
25:3b:b9:10:30:37:80:eb:5c:5f:ed:2a:33:c6:3a:
3b:07:90:66:19:95:67:95:b7:6b:9c:f8:02:f7:0f:
3a:ed:87:e4:8f:40:6b:74:84:a2:f8:17:1c:f2:eb:
8b:b1:31:ef:bb:10:61:31:57:07:23:f0:a4:2d:2d:
75:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:C5:62:39:4D:6B:C9:E4:4D:A1:D6:E4:FE:7B:42:0E:AD:8A:2E:8F
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TMViOU1ryeRNodbk_ntCDq2KLo8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.252.0/22
37.139.130.0/23
87.120.32.0/22
87.120.46.0/23
87.120.64.0/23
87.120.96.0/23
87.120.192.0/23
87.120.219.0-87.120.221.255
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.69.0/24
87.121.103.0/24
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.21.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.39.0/24
93.123.68.0/22
93.123.76.0-93.123.80.255
93.123.86.0/23
93.123.112.0-93.123.117.255
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.8.0/24
94.156.78.0/23
94.156.131.0/24
94.156.152.0/24
94.156.154.0/23
94.156.168.0/23
94.156.176.0-94.156.181.255
94.156.237.0-94.156.238.255
178.215.238.0/24
185.252.177.0/24
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.48.249.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:d1:43:f0:c0:87:6f:9a:ce:2c:42:e8:22:7c:9e:72:25:6b:
a1:df:8b:15:62:5e:a7:93:2a:30:bc:35:27:77:ca:7a:89:79:
fa:96:1f:47:c7:4b:bb:be:bf:48:c8:40:46:55:70:6f:ad:81:
01:e5:1d:1e:06:a8:6b:7b:7d:2e:f5:b8:70:d2:a2:9a:ef:84:
f9:37:0a:98:75:c8:55:46:b2:5e:dc:17:c8:c1:bc:2b:dc:a4:
c1:99:13:7e:0a:94:f9:37:a9:2a:6e:d7:09:80:60:0a:54:63:
d8:42:a0:5c:13:55:35:bb:6b:ae:10:51:80:c3:8b:5c:50:f3:
0f:a3:a2:88:b0:27:ac:c2:81:65:1a:9e:12:00:08:d6:b4:fd:
7d:dd:08:90:6d:9e:09:64:af:30:26:92:e3:26:d8:18:95:f9:
10:09:cb:47:4c:af:5c:76:f5:0c:cb:a9:a3:e4:d5:14:59:6b:
41:11:fe:76:50:fa:99:72:a9:23:ae:ff:b5:e0:2a:29:68:5e:
ff:03:e4:0d:69:af:22:4d:ef:f4:c6:7e:f1:13:ed:d3:a8:24:
d1:53:50:0f:1d:42:e8:23:06:0e:8c:12:ca:73:48:a1:14:77:
32:51:86:51:b2:63:2b:71:ed:ba:03:da:4f:7d:9f:e2:a6:86:
8f:01:f6:ba
-----BEGIN CERTIFICATE-----
MIIGUTCCBTmgAwIBAgISAYZQKV+cpJbFRWs8CLsL7U4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjE0MTM0MjE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M1NjIzOTRkNmJjOWU0NGRhMWQ2ZTRmZTdiNDIwZWFkOGEyZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUkQPVQLExR8O9j51SXVokvX/L7+
eMkQ6kLed9rnZzG8lgJxujIekOhXDvkCVXvH70KC4hBgJI+5NCcuPRhAcNHDhhS7
nRhjDZlbIrUlNXvEUb61yd1oSnra/lTAA8pPRYIreAlvA9QqHegz+algrpdFU6YN
Z8omb0PTHnETp5dEX9vALwqyScNtijiZU2qT/TtVJTwejluhUq5qTati3PN5VYiU
j0/zUcC0Slfw5kAa6QZrsUEugwVYE0LAx5wVFO4lO7kQMDeA61xf7Sozxjo7B5Bm
GZVnlbdrnPgC9w867Yfkj0BrdISi+Bcc8uuLsTHvuxBhMVcHI/CkLS11qQIDAQAB
o4IDXTCCA1kwHQYDVR0OBBYEFEzFYjlNa8nkTaHW5P57Qg6tii6PMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVE1WaU9VMXJ5ZVJOb2Ria19udENEcTJLTG84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBcQYIKwYBBQUHAQcBAf8EggFgMIIBXDCCAVgEAgABMIIB
UAMEAh8N/AMEASWLggMEAld4IAMEAVd4LgMEAVd4QAMEAVd4YAMEAVd4wDAMAwQA
V3jbAwQBV3jcMAwDBAJXeSQDBABXeSYDBAJXeTwDBABXeUUDBABXeWcDBAFXeXID
BAFXeZIDBABXeaMDBABbXBADBABbXBUDBAFbXBoDBABbXEMDBABdexgDBAFdexoD
BAFdex4DBABdeycDBAJde0QwDAMEAl17TAMEAF17UAMEAV17VjAMAwQEXXtwAwQB
XXt0AwQAXXt3AwQBXpqgAwQAXpqtAwQAXpwCAwQAXpwIAwQBXpxOAwQAXpyDAwQA
XpyYAwQBXpyaAwQBXpyoMAwDBARenLADBAFenLQwDAMEAF6c7QMEAF6c7gMEALLX
7gMEALn8sQMEAMEZ2wMEAMEvPgMEAME6eQMEAME6ewMEAMIw+QMEAMI34gMEANRX
zTANBgkqhkiG9w0BAQsFAAOCAQEAj9FD8MCHb5rOLELoInyeciVrod+LFWJep5Mq
MLw1J3fKeol5+pYfR8dLu76/SMhARlVwb62BAeUdHgaoa3t9LvW4cNKimu+E+TcK
mHXIVUayXtwXyMG8K9ykwZkTfgqU+TepKm7XCYBgClRj2EKgXBNVNbtrrhBRgMOL
XFDzD6OiiLAnrMKBZRqeEgAI1rT9fd0IkG2eCWSvMCaS4ybYGJX5EAnLR0yvXHb1
DMupo+TVFFlrQRH+dlD6mXKpI67/teAqKWhe/wPkDWmvIk3v9MZ+8RPt06gk0VNQ
Dx1C6CMGDowSynNIoRR3MlGGUbJjK3HtugPaT32f4qaGjwH2ug==
-----END CERTIFICATE-----
Generated at Tue May 13 16:23:57 2025 by rpki-client