Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PY-mkjmq-ZI4VZuoBZiQblKdNE4.roa
File: PY-mkjmq-ZI4VZuoBZiQblKdNE4.roa (raw, json)
Hash identifier: ByLdicYS5xonDNYQO9V/tKcRdQlA+aodojqb25h84NI=
Subject key identifier: 3D:8F:A6:92:39:AA:F9:92:38:55:9B:A8:05:98:90:6E:52:9D:34:4E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189BB5AD30F3870DDA5979E0ED90399A595
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PY-mkjmq-ZI4VZuoBZiQblKdNE4.roa
Signing time: Thu 03 Aug 2023 12:23:58 +0000
ROA not before: Thu 03 Aug 2023 12:23:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 94.156.2.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
87.120.192.0/23 maxlen: 24
91.92.26.0/23 maxlen: 24
193.58.121.0/24 maxlen: 24
193.58.123.0/24 maxlen: 24
185.147.100.0/22 maxlen: 24
87.121.36.0/23 maxlen: 24
87.121.38.0/24 maxlen: 24
94.156.152.0/24 maxlen: 24
45.8.92.0/24 maxlen: 24
94.156.154.0/23 maxlen: 24
87.121.60.0/22 maxlen: 24
91.92.67.0/24 maxlen: 24
45.139.123.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
45.9.208.0/22 maxlen: 24
94.154.173.0/24 maxlen: 24
212.87.205.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
193.8.184.0/23 maxlen: 24
193.8.186.0/23 maxlen: 24
194.55.226.0/24 maxlen: 24
94.156.238.0/24 maxlen: 24
87.121.146.0/23 maxlen: 24
93.123.76.0/22 maxlen: 24
87.121.163.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
94.156.178.0/24 maxlen: 24
193.47.62.0/24 maxlen: 24
94.156.180.0/23 maxlen: 24
87.121.104.0/24 maxlen: 24
93.123.24.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
93.123.30.0/23 maxlen: 24
93.123.26.0/23 maxlen: 24
87.121.114.0/23 maxlen: 24
93.123.112.0/22 maxlen: 24
93.123.119.0/24 maxlen: 24
5.253.58.0/23 maxlen: 24
193.25.219.0/24 maxlen: 24
5.253.56.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:bb:5a:d3:0f:38:70:dd:a5:97:9e:0e:d9:03:99:a5:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 3 12:23:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3d8fa69239aaf99238559ba80598906e529d344e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:cc:21:69:1f:bd:c8:1e:16:fc:5d:d3:81:3d:
e7:5e:5f:80:d0:71:e2:30:79:fd:1f:f5:dc:fd:62:
44:c0:8e:21:40:21:9d:fd:f7:93:3e:92:2a:1b:01:
70:29:e9:ee:ef:4f:b9:b3:a9:59:77:b5:8a:16:d6:
b5:b8:1e:ee:4d:0d:b4:db:6f:43:98:e4:ad:68:53:
30:fd:44:74:ac:b0:e2:e0:e6:9a:05:ae:e8:35:45:
b1:02:2a:06:cf:13:61:7c:56:75:30:e1:d7:c2:be:
a2:86:b8:73:f7:23:dd:1d:74:ff:54:0f:1f:7e:1c:
0f:f2:a6:26:a8:e4:05:fc:96:ea:c7:0a:2c:30:63:
24:26:1c:ea:80:b0:ca:b7:33:15:c7:52:27:4e:b5:
6a:3b:c5:e7:fb:47:9f:4c:a1:fa:b8:ac:5e:cd:ed:
12:25:ef:83:16:e5:60:5c:3b:1c:20:74:5b:3a:af:
8e:7f:bd:63:64:e5:d3:8d:42:b5:a4:3f:ac:2d:60:
de:2b:75:a4:21:9b:b7:62:55:af:78:2c:66:b4:bd:
b1:a0:76:f8:f9:c5:cb:3f:4a:35:0d:bb:1f:16:d8:
4a:39:bf:d9:0b:97:de:d6:cb:fe:09:ed:61:c4:ba:
a1:1a:3c:76:84:c8:67:08:8d:5b:97:58:7f:aa:a8:
fe:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:8F:A6:92:39:AA:F9:92:38:55:9B:A8:05:98:90:6E:52:9D:34:4E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PY-mkjmq-ZI4VZuoBZiQblKdNE4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/22
45.8.92.0/24
45.9.208.0/22
45.139.123.0/24
87.120.192.0/23
87.121.36.0-87.121.38.255
87.121.60.0/22
87.121.103.0-87.121.104.255
87.121.114.0/23
87.121.146.0/23
87.121.163.0/24
91.92.16.0/24
91.92.26.0/23
91.92.67.0/24
93.123.24.0/24
93.123.26.0/23
93.123.30.0/23
93.123.76.0-93.123.80.255
93.123.112.0/22
93.123.119.0/24
94.154.160.0/23
94.154.173.0/24
94.156.2.0/24
94.156.152.0/24
94.156.154.0/23
94.156.178.0/24
94.156.180.0/23
94.156.237.0-94.156.238.255
185.147.100.0/22
185.252.177.0/24
193.8.184.0/22
193.25.219.0/24
193.47.62.0/24
193.58.121.0/24
193.58.123.0/24
194.55.226.0/24
212.87.205.0/24
Signature Algorithm: sha256WithRSAEncryption
62:dc:bf:48:22:1f:b1:c5:59:2d:a8:cb:b2:30:39:e4:bc:9e:
75:60:84:1f:14:fe:1c:8e:28:ac:de:4e:8d:3b:6f:13:c7:34:
e1:03:32:2d:c9:7b:af:e0:08:29:bd:32:79:b7:59:df:9a:e7:
e5:7a:a9:9f:36:12:10:24:17:70:86:d1:7f:86:9b:90:a3:fc:
c5:f5:2b:d0:b5:9f:bd:7a:be:98:f6:a6:68:d9:cf:ed:17:3e:
21:d4:2b:92:00:f7:fb:2f:bd:a3:c1:2e:ff:7b:2e:8a:45:0f:
f2:e4:17:e8:6f:a3:84:9c:c7:35:dd:0b:09:23:14:70:45:75:
c5:ec:a2:4d:1d:48:b0:63:50:05:5c:c3:c9:2e:2f:7f:93:cf:
b9:44:5b:24:0e:cc:dd:29:f4:10:b4:72:c3:6d:d4:0e:c4:18:
07:2a:7b:31:e4:b3:83:3b:59:04:4f:e8:40:a5:d3:e2:0d:28:
ac:c2:5b:da:8e:d3:53:22:e5:81:ac:bf:29:b2:12:44:30:fc:
7b:8c:ba:9e:bb:f8:49:96:e1:93:96:c4:7a:4a:d2:07:cd:fb:
69:1f:ff:b2:a0:b3:28:d8:9b:c9:6f:43:a5:ea:94:2b:dd:bf:
03:92:b5:d4:41:af:ad:12:3e:9e:f0:f8:51:15:b0:c5:76:1a:
7b:60:04:21
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgISAYm7WtMPOHDdpZeeDtkDmaWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODAzMTIyMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhmYTY5MjM5YWFmOTkyMzg1NTliYTgwNTk4OTA2ZTUyOWQzNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcwhaR+9yB4W/F3TgT3nXl+A0HHi
MHn9H/Xc/WJEwI4hQCGd/feTPpIqGwFwKenu70+5s6lZd7WKFta1uB7uTQ20229D
mOStaFMw/UR0rLDi4OaaBa7oNUWxAioGzxNhfFZ1MOHXwr6ihrhz9yPdHXT/VA8f
fhwP8qYmqOQF/JbqxwosMGMkJhzqgLDKtzMVx1InTrVqO8Xn+0efTKH6uKxeze0S
Je+DFuVgXDscIHRbOq+Of71jZOXTjUK1pD+sLWDeK3WkIZu3YlWveCxmtL2xoHb4
+cXLP0o1DbsfFthKOb/ZC5fe1sv+Ce1hxLqhGjx2hMhnCI1bl1h/qqj+VwIDAQAB
o4IDCjCCAwYwHQYDVR0OBBYEFD2PppI5qvmSOFWbqAWYkG5SnTROMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUFktbWtqbXEtWkk0Vlp1b0JaaVFibEtkTkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHgYIKwYBBQUHAQcBAf8EggENMIIBCTCCAQUEAgABMIH+
AwQCBf04AwQALQhcAwQCLQnQAwQALYt7AwQBV3jAMAwDBAJXeSQDBABXeSYDBAJX
eTwwDAMEAFd5ZwMEAFd5aAMEAVd5cgMEAVd5kgMEAFd5owMEAFtcEAMEAVtcGgME
AFtcQwMEAF17GAMEAV17GgMEAV17HjAMAwQCXXtMAwQAXXtQAwQCXXtwAwQAXXt3
AwQBXpqgAwQAXpqtAwQAXpwCAwQAXpyYAwQBXpyaAwQAXpyyAwQBXpy0MAwDBABe
nO0DBABenO4DBAK5k2QDBAC5/LEDBALBCLgDBADBGdsDBADBLz4DBADBOnkDBADB
OnsDBADCN+IDBADUV80wDQYJKoZIhvcNAQELBQADggEBAGLcv0giH7HFWS2oy7Iw
OeS8nnVghB8U/hyOKKzeTo07bxPHNOEDMi3Je6/gCCm9Mnm3Wd+a5+V6qZ82EhAk
F3CG0X+Gm5Cj/MX1K9C1n716vpj2pmjZz+0XPiHUK5IA9/svvaPBLv97LopFD/Lk
F+hvo4ScxzXdCwkjFHBFdcXsok0dSLBjUAVcw8kuL3+Tz7lEWyQOzN0p9BC0csNt
1A7EGAcqezHks4M7WQRP6ECl0+INKKzCW9qO01Mi5YGsvymyEkQw/HuMup67+EmW
4ZOWxHpK0gfN+2kf/7KgsyjYm8lvQ6XqlCvdvwOStdRBr60SPp7w+FEVsMV2Gntg
BCE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org