Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/AHbdAa2b2UnN56mV60vaOroWlTw.roa
File: AHbdAa2b2UnN56mV60vaOroWlTw.roa (raw, json)
Hash identifier: 9Im5rsrxwkgRfKeRy0C2bKsYOL1nXpbdxdp9AcBrn3U=
Subject key identifier: 00:76:DD:01:AD:9B:D9:49:CD:E7:A9:95:EB:4B:DA:3A:BA:16:95:3C
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 06C7258F
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/AHbdAa2b2UnN56mV60vaOroWlTw.roa
Signing time: Mon 21 Mar 2022 09:33:55 +0000
ROA not before: Mon 21 Mar 2022 09:33:55 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 166.108.218.0/23 maxlen: 24
166.108.216.0/23 maxlen: 24
166.108.226.0/23 maxlen: 24
166.108.220.0/23 maxlen: 24
166.108.222.0/23 maxlen: 24
166.108.224.0/23 maxlen: 24
166.108.228.0/23 maxlen: 24
166.108.230.0/23 maxlen: 24
166.108.232.0/23 maxlen: 24
166.108.234.0/23 maxlen: 24
166.108.236.0/23 maxlen: 24
166.108.238.0/23 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.244.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.248.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.251.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.255.0/24 maxlen: 24
166.108.164.0/22 maxlen: 24
166.108.160.0/22 maxlen: 24
166.108.172.0/22 maxlen: 24
166.108.168.0/22 maxlen: 24
166.108.176.0/22 maxlen: 24
166.108.184.0/22 maxlen: 24
166.108.180.0/22 maxlen: 24
166.108.192.0/22 maxlen: 24
166.108.188.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
166.108.200.0/22 maxlen: 24
166.108.212.0/22 maxlen: 24
166.108.208.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 113714575 (0x6c7258f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Mar 21 09:33:55 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0076dd01ad9bd949cde7a995eb4bda3aba16953c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:89:04:44:06:59:67:1a:66:24:d8:25:47:cb:
48:b9:14:45:b2:4e:41:84:d6:58:b8:4f:4f:a4:c3:
3a:f5:95:21:91:37:50:4b:d1:a2:61:c2:6a:ae:be:
33:fd:4f:c7:28:b4:1b:8d:2e:7b:9d:41:2b:90:07:
26:d5:26:4d:a8:53:99:66:bd:ac:63:74:21:16:10:
01:cf:e3:6f:a9:83:f7:2c:50:ff:df:db:ad:73:37:
df:0a:be:5a:02:65:74:d7:88:ec:24:c6:63:1e:12:
4c:60:80:b0:c8:bb:c9:a0:d3:95:39:ee:76:59:bf:
23:b5:19:8b:94:0c:d7:1e:8b:13:fc:0d:f2:7e:d3:
66:9c:7d:72:b4:10:ab:a7:6a:d2:b6:1c:a7:b7:89:
34:53:31:e3:f5:ce:db:d0:da:bf:81:ae:92:00:20:
7d:74:fd:b7:1e:f1:d0:5b:73:20:36:0d:18:b2:18:
d2:29:b7:a1:2b:52:35:a9:49:6c:74:af:69:32:8e:
bc:2a:28:2b:f6:31:9e:12:2f:c5:db:12:fa:e7:4b:
a2:49:1c:da:1d:68:c7:85:73:dc:b3:a7:33:25:6a:
7a:1c:bd:1c:c9:24:55:4c:49:4b:51:ef:e9:40:d5:
90:eb:db:6a:fa:08:30:46:5e:84:33:2f:ce:d2:75:
89:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:76:DD:01:AD:9B:D9:49:CD:E7:A9:95:EB:4B:DA:3A:BA:16:95:3C
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/AHbdAa2b2UnN56mV60vaOroWlTw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0-166.108.203.255
166.108.208.0-166.108.239.255
166.108.242.0-166.108.255.255
Signature Algorithm: sha256WithRSAEncryption
a5:34:7a:81:d8:24:72:38:d0:27:76:ce:10:06:2e:dd:1a:49:
16:55:75:13:e1:4a:09:d8:df:f5:9d:bf:ad:f8:0c:50:37:e9:
c9:52:7f:f6:cb:95:09:05:3f:b5:56:fb:13:d2:c4:c9:14:38:
b4:66:e1:52:38:15:1c:3b:f9:09:c9:89:29:b9:c2:e0:45:95:
42:60:da:8e:d8:47:e6:b8:34:98:c7:bc:ce:a3:8b:fa:bc:e6:
48:75:c4:af:da:94:fb:95:0a:8f:97:9d:c2:05:18:82:ca:f4:
53:62:8d:63:18:27:92:92:88:f9:1c:43:a0:3a:f5:ff:02:f3:
7a:a3:5f:d4:9a:33:e2:d3:5f:99:89:b6:3b:67:68:90:1a:48:
8f:e6:3f:b0:21:d4:a7:fd:22:8f:f3:41:0b:67:21:81:a5:a5:
d1:f5:b8:17:bf:0b:a0:03:cc:5d:45:9b:d8:a5:10:b5:43:29:
11:42:e4:c9:33:13:bc:2e:c4:8a:06:8c:73:f3:97:2a:6d:67:
5e:f5:9c:37:53:09:e1:b3:a5:66:fd:fc:56:6f:32:6e:10:62:
0e:46:90:df:d3:ce:8e:a8:16:99:37:b7:44:f5:7d:40:8a:bc:
ac:02:a4:86:43:40:c6:2b:ef:c8:15:c8:4f:90:f9:e7:3a:ed:
80:c3:ab:2e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIEBscljzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
OTJiODYwOTVjZTU1OGQyZTk2MTg3MjhhNDQyMjhhMjdiZTkwOThmMB4XDTIyMDMy
MTA5MzM1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDA3NmRkMDFhZDli
ZDk0OWNkZTdhOTk1ZWI0YmRhM2FiYTE2OTUzYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK6JBEQGWWcaZiTYJUfLSLkURbJOQYTWWLhPT6TDOvWVIZE3
UEvRomHCaq6+M/1Pxyi0G40ue51BK5AHJtUmTahTmWa9rGN0IRYQAc/jb6mD9yxQ
/9/brXM33wq+WgJldNeI7CTGYx4STGCAsMi7yaDTlTnudlm/I7UZi5QM1x6LE/wN
8n7TZpx9crQQq6dq0rYcp7eJNFMx4/XO29Dav4GukgAgfXT9tx7x0FtzIDYNGLIY
0im3oStSNalJbHSvaTKOvCooK/YxnhIvxdsS+udLokkc2h1ox4Vz3LOnMyVqehy9
HMkkVUxJS1Hv6UDVkOvbavoIMEZehDMvztJ1iUECAwEAAaOCAiwwggIoMB0GA1Ud
DgQWBBQAdt0BrZvZSc3nqZXrS9o6uhaVPDAfBgNVHSMEGDAWgBSZK4YJXOVY0ulh
hyikQiiie+kJjzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21TdUdDVnpsV05McFlZY29wRUlvb252cENZOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzkvOGVhOWI5LTNiNmUtNGZkZi1iNWQxLWYwNGZkY2MwOWU1MS8x
L0FIYmRBYTJiMlVuTjU2bVY2MHZhT3JvV2xUdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkv
OGVhOWI5LTNiNmUtNGZkZi1iNWQxLWYwNGZkY2MwOWU1MS8xL21TdUdDVnpsV05M
cFlZY29wRUlvb252cENZOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBC
BggrBgEFBQcBBwEB/wQzMDEwLwQCAAEwKTAMAwQFpmygAwQCpmzIMAwDBASmbNAD
BASmbOAwCwMEAaZs8gMDAKZsMA0GCSqGSIb3DQEBCwUAA4IBAQClNHqB2CRyONAn
ds4QBi7dGkkWVXUT4UoJ2N/1nb+t+AxQN+nJUn/2y5UJBT+1VvsT0sTJFDi0ZuFS
OBUcO/kJyYkpucLgRZVCYNqO2EfmuDSYx7zOo4v6vOZIdcSv2pT7lQqPl53CBRiC
yvRTYo1jGCeSkoj5HEOgOvX/AvN6o1/UmjPi01+ZibY7Z2iQGkiP5j+wIdSn/SKP
80ELZyGBpaXR9bgXvwugA8xdRZvYpRC1QykRQuTJMxO8LsSKBoxz85cqbWde9Zw3
Uwnhs6Vm/fxWbzJuEGIORpDf086OqBaZN7dE9X1AirysAqSGQ0DGK+/IFchPkPnn
Ou2Aw6su
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:35:22 2025 by rpki-client