Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/5e7Nc6ihz1pgXDG-mXwvUSNH50A.roa
File: 5e7Nc6ihz1pgXDG-mXwvUSNH50A.roa (raw, json)
Hash identifier: gXvWLx+CgCK5+6H47YN7Oa1nqFpohzJuWAOy2WXMyFk=
Subject key identifier: E5:EE:CD:73:A8:A1:CF:5A:60:5C:31:BE:99:7C:2F:51:23:47:E7:40
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 01840F31CA42293C5133BF5144E3DFC87769
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/5e7Nc6ihz1pgXDG-mXwvUSNH50A.roa
Signing time: Tue 25 Oct 2022 12:50:32 +0000
ROA not before: Tue 25 Oct 2022 12:50:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 166.108.246.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.244.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.251.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:0f:31:ca:42:29:3c:51:33:bf:51:44:e3:df:c8:77:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Oct 25 12:50:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e5eecd73a8a1cf5a605c31be997c2f512347e740
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:d9:73:1e:2c:75:88:58:4d:1d:74:da:c8:d1:
29:54:25:55:d5:43:3d:d7:b7:b7:18:09:b9:b5:ec:
7b:bc:d4:be:f0:bc:a9:4b:5a:86:43:59:39:da:97:
4b:28:0e:5c:73:ef:6d:b7:a1:e3:83:15:33:a4:2e:
35:02:3c:cc:9f:ee:e7:11:34:b0:78:88:29:ca:05:
96:43:a5:41:f3:68:99:a7:d8:f4:a8:c6:29:ec:43:
97:a8:77:25:4e:bd:c2:93:ab:6c:ae:26:ca:34:a4:
e4:d2:d3:0e:12:09:b3:46:c8:e5:c0:68:7a:e5:56:
6c:27:94:e5:f5:99:e4:3c:98:92:91:96:45:0b:7b:
04:92:84:0b:30:68:e3:17:01:53:04:f2:e9:0a:c0:
ae:12:be:ba:b7:63:9a:4c:2a:ae:6e:79:ae:0d:84:
f0:b9:a4:d5:f2:c0:3a:72:72:8a:07:d4:a4:99:8c:
eb:e0:2a:ec:26:d7:5b:c6:3a:59:b0:5a:ce:80:37:
79:c8:ef:1e:5d:83:e8:78:06:91:f5:a1:49:1a:8c:
8f:b9:a1:40:a7:88:8a:da:69:e7:97:c9:ca:95:e3:
3a:ae:a9:e0:58:2d:a3:39:f5:bc:28:ef:04:e7:d7:
15:fb:ca:fd:96:4a:6e:9a:6f:dd:1b:3d:99:07:f2:
3a:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:EE:CD:73:A8:A1:CF:5A:60:5C:31:BE:99:7C:2F:51:23:47:E7:40
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/5e7Nc6ihz1pgXDG-mXwvUSNH50A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.244.0/22
166.108.249.0-166.108.254.255
Signature Algorithm: sha256WithRSAEncryption
66:9d:75:5c:1b:e7:42:0e:01:72:5b:c4:b3:34:b4:ca:7d:a2:
63:93:08:ba:2d:cb:c2:d0:73:02:0c:df:12:56:a9:b9:fc:6e:
be:b6:b9:45:25:4e:f2:f4:0b:8f:3d:2a:a2:b4:3a:e3:56:98:
67:2e:49:44:34:35:8d:ab:1f:2d:75:53:6b:e9:88:c3:3a:80:
c9:a6:b3:2e:c9:a2:7d:2c:8c:6b:ab:c1:10:0f:c3:db:3f:cb:
00:35:2e:a9:83:19:d4:1a:5c:b6:a2:c2:f4:59:ec:c8:07:8c:
64:cd:a1:0a:72:e7:c1:ba:08:16:c0:23:26:16:a3:42:bf:3f:
a7:96:d8:e3:05:9e:06:6b:95:1f:be:50:aa:8a:e2:b4:a2:14:
af:41:b3:f9:6b:b1:e6:ca:d4:79:b7:a7:e4:da:8c:fd:96:bf:
b1:12:c2:58:4b:90:d0:1f:e5:5a:2c:4f:b6:e6:1b:ab:2e:81:
ae:0e:06:77:a5:56:b8:5b:52:3b:76:ce:31:f8:2a:84:d1:a0:
bb:b1:e7:61:37:37:e5:7c:a3:af:9f:ee:3b:a4:43:ea:7b:01:
d9:e2:51:8b:f2:97:81:9d:ee:64:68:cf:65:d1:cc:64:d8:19:
b5:a3:0a:f5:99:b8:f0:ae:32:9f:2a:3a:dd:5b:9f:22:41:01:
f8:c4:ee:de
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYQPMcpCKTxRM79RROPfyHdpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMDI1MTI1MDMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWVlY2Q3M2E4YTFjZjVhNjA1YzMxYmU5OTdjMmY1MTIzNDdlNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9lzHix1iFhNHXTayNEpVCVV1UM9
17e3GAm5tex7vNS+8LypS1qGQ1k52pdLKA5cc+9tt6HjgxUzpC41AjzMn+7nETSw
eIgpygWWQ6VB82iZp9j0qMYp7EOXqHclTr3Ck6tsribKNKTk0tMOEgmzRsjlwGh6
5VZsJ5Tl9ZnkPJiSkZZFC3sEkoQLMGjjFwFTBPLpCsCuEr66t2OaTCqubnmuDYTw
uaTV8sA6cnKKB9SkmYzr4CrsJtdbxjpZsFrOgDd5yO8eXYPoeAaR9aFJGoyPuaFA
p4iK2mnnl8nKleM6rqngWC2jOfW8KO8E59cV+8r9lkpumm/dGz2ZB/I6iQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOXuzXOooc9aYFwxvpl8L1EjR+dAMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvNWU3TmM2aWh6MXBnWERHLW1Yd3ZVU05INTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCpmz0MAwD
BACmbPkDBACmbP4wDQYJKoZIhvcNAQELBQADggEBAGaddVwb50IOAXJbxLM0tMp9
omOTCLoty8LQcwIM3xJWqbn8br62uUUlTvL0C489KqK0OuNWmGcuSUQ0NY2rHy11
U2vpiMM6gMmmsy7Jon0sjGurwRAPw9s/ywA1LqmDGdQaXLaiwvRZ7MgHjGTNoQpy
58G6CBbAIyYWo0K/P6eW2OMFngZrlR++UKqK4rSiFK9Bs/lrsebK1Hm3p+TajP2W
v7ESwlhLkNAf5VosT7bmG6suga4OBnelVrhbUjt2zjH4KoTRoLux52E3N+V8o6+f
7jukQ+p7AdniUYvyl4Gd7mRoz2XRzGTYGbWjCvWZuPCuMp8qOt1bnyJBAfjE7t4=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:33:38 2025 by rpki-client