Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/3l9QC-H3BYqnGy60u_q1abd4mzQ.roa
File: 3l9QC-H3BYqnGy60u_q1abd4mzQ.roa (raw, json)
Hash identifier: IANm/3B6QBkoffThK8i0uwfPHnkW16O7OX7wj4RLfIc=
Subject key identifier: DE:5F:50:0B:E1:F7:05:8A:A7:1B:2E:B4:BB:FA:B5:69:B7:78:9B:34
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018563913FF17C0189EA7E5D1337BE13BF8B
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/3l9QC-H3BYqnGy60u_q1abd4mzQ.roa
Signing time: Fri 30 Dec 2022 15:05:41 +0000
ROA not before: Fri 30 Dec 2022 15:05:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 166.108.216.0/23 maxlen: 23
166.108.218.0/23 maxlen: 23
166.108.224.0/23 maxlen: 23
166.108.226.0/23 maxlen: 23
166.108.220.0/23 maxlen: 23
166.108.222.0/23 maxlen: 23
166.108.230.0/23 maxlen: 23
166.108.232.0/23 maxlen: 23
166.108.228.0/23 maxlen: 23
166.108.244.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 23
166.108.251.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.255.0/24 maxlen: 24
166.108.160.0/22 maxlen: 22
166.108.164.0/22 maxlen: 22
166.108.168.0/22 maxlen: 22
166.108.172.0/22 maxlen: 22
166.108.176.0/22 maxlen: 22
166.108.180.0/22 maxlen: 22
166.108.184.0/22 maxlen: 22
166.108.188.0/22 maxlen: 22
166.108.192.0/22 maxlen: 22
166.108.200.0/22 maxlen: 22
166.108.204.0/22 maxlen: 22
166.108.208.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:63:91:3f:f1:7c:01:89:ea:7e:5d:13:37:be:13:bf:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Dec 30 15:05:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=de5f500be1f7058aa71b2eb4bbfab569b7789b34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:98:55:39:27:0d:51:02:38:ae:bc:90:c6:ca:
f2:74:5c:f4:b7:10:1c:21:43:5a:7e:6a:85:1c:68:
24:0a:0c:55:c6:6d:49:d6:be:26:0b:d3:d5:5c:0c:
4a:39:81:ba:5d:40:85:71:48:f9:60:26:a2:80:ce:
52:8d:d3:cb:9c:4d:6f:c2:d5:a1:eb:4e:ab:b0:b2:
4e:f6:70:f8:a0:e0:69:68:13:b1:c1:63:33:e7:be:
19:0c:3e:ac:d0:a6:ab:52:ac:8a:d4:fd:7d:07:32:
af:36:b4:65:9a:84:f5:7a:f2:ed:c2:60:e8:86:1f:
4b:ab:cd:c6:29:2b:1b:8b:be:19:5d:15:de:44:78:
f3:0a:6b:36:e1:b5:83:09:44:f6:fd:b8:50:88:ce:
82:0c:02:3a:8f:c2:33:9d:39:40:30:c2:aa:ab:7f:
d5:23:62:37:6c:de:db:d0:de:aa:da:dc:6f:69:92:
f8:66:25:98:b9:81:0a:37:61:06:f4:8c:93:50:a8:
7f:71:f8:8f:7e:57:a5:ca:de:80:67:51:dc:35:1f:
43:10:c8:4a:c5:ce:c7:f2:70:58:2e:58:80:98:76:
f7:92:ef:cb:3e:73:91:0f:8a:35:f5:f1:10:b5:f7:
1b:42:ae:f4:3c:e1:ab:03:06:e4:dd:74:a4:4a:68:
c3:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:5F:50:0B:E1:F7:05:8A:A7:1B:2E:B4:BB:FA:B5:69:B7:78:9B:34
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/3l9QC-H3BYqnGy60u_q1abd4mzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0-166.108.195.255
166.108.200.0-166.108.211.255
166.108.216.0-166.108.233.255
166.108.242.0-166.108.247.255
166.108.249.0-166.108.255.255
Signature Algorithm: sha256WithRSAEncryption
1d:b0:f1:8c:75:4d:3b:3f:12:52:9d:1c:15:47:54:24:7d:ad:
c8:04:cb:f5:da:2c:50:81:9a:36:85:5b:90:dd:99:fa:2c:6e:
b7:42:88:cc:93:2f:15:a9:39:e2:6a:7a:aa:30:73:87:49:f7:
60:b3:10:23:24:fe:91:ff:0b:bb:62:0b:d0:c5:1c:e8:1b:46:
62:26:91:fb:01:83:ac:e4:3e:65:45:71:ff:55:6d:5b:a5:c7:
bf:c2:2a:ad:78:67:69:32:15:32:30:a2:fa:85:e0:e1:40:b0:
c8:fc:62:69:94:ca:ec:7c:c5:7c:9a:e5:ed:09:64:8a:54:59:
71:0c:b3:f5:e8:80:7d:d3:5c:e5:67:a4:04:c3:5d:cf:83:5d:
90:5a:31:99:58:87:44:f4:da:f4:65:57:9a:13:5a:4b:bc:69:
96:cf:de:fd:a2:62:b4:6c:ca:58:ed:92:30:c5:e9:06:3b:79:
6f:8e:ba:64:40:32:5d:5c:93:7e:61:b8:61:fa:67:45:5e:63:
86:f8:85:a1:3f:87:3a:6d:53:ad:12:8a:2a:1e:1b:8c:d2:2b:
ef:8c:d1:73:c1:ff:e3:09:28:9d:7a:f9:85:dc:ac:a5:9f:c5:
96:44:b7:9c:26:23:b3:ee:ee:ae:48:04:b0:a7:6f:72:5d:29:
1c:eb:f7:05
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVjkT/xfAGJ6n5dEze+E7+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMjMwMTUwNTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTVmNTAwYmUxZjcwNThhYTcxYjJlYjRiYmZhYjU2OWI3Nzg5YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZhVOScNUQI4rryQxsrydFz0txAc
IUNafmqFHGgkCgxVxm1J1r4mC9PVXAxKOYG6XUCFcUj5YCaigM5SjdPLnE1vwtWh
606rsLJO9nD4oOBpaBOxwWMz574ZDD6s0KarUqyK1P19BzKvNrRlmoT1evLtwmDo
hh9Lq83GKSsbi74ZXRXeRHjzCms24bWDCUT2/bhQiM6CDAI6j8IznTlAMMKqq3/V
I2I3bN7b0N6q2txvaZL4ZiWYuYEKN2EG9IyTUKh/cfiPflelyt6AZ1HcNR9DEMhK
xc7H8nBYLliAmHb3ku/LPnORD4o19fEQtfcbQq70POGrAwbk3XSkSmjDFwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFN5fUAvh9wWKpxsutLv6tWm3eJs0MB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvM2w5UUMtSDNCWXFuR3k2MHVfcTFhYmQ0bXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTBLBAIAATBFMAwDBAWmbKAD
BAKmbMAwDAMEA6ZsyAMEAqZs0DAMAwQDpmzYAwQBpmzoMAwDBAGmbPIDBAOmbPAw
CwMEAKZs+QMDAKZsMA0GCSqGSIb3DQEBCwUAA4IBAQAdsPGMdU07PxJSnRwVR1Qk
fa3IBMv12ixQgZo2hVuQ3Zn6LG63QojMky8VqTnianqqMHOHSfdgsxAjJP6R/wu7
YgvQxRzoG0ZiJpH7AYOs5D5lRXH/VW1bpce/wiqteGdpMhUyMKL6heDhQLDI/GJp
lMrsfMV8muXtCWSKVFlxDLP16IB901zlZ6QEw13Pg12QWjGZWIdE9Nr0ZVeaE1pL
vGmWz979omK0bMpY7ZIwxekGO3lvjrpkQDJdXJN+Ybhh+mdFXmOG+IWhP4c6bVOt
EooqHhuM0ivvjNFzwf/jCSidevmF3Kyln8WWRLecJiOz7u6uSASwp29yXSkc6/cF
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:19:51 2025 by rpki-client