Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/AmWgHqijl98pwxyPwJPxvdWcgNE.roa
File: AmWgHqijl98pwxyPwJPxvdWcgNE.roa (raw, json)
Hash identifier: o3R8tAAgdA8xT1aj+6/67W8scGNu41FCwyE4L2f7srk=
Subject key identifier: 02:65:A0:1E:A8:A3:97:DF:29:C3:1C:8F:C0:93:F1:BD:D5:9C:80:D1
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 01857195764C228D1E1E677A0AE7FCF46241
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/AmWgHqijl98pwxyPwJPxvdWcgNE.roa
Signing time: Mon 02 Jan 2023 08:24:58 +0000
ROA not before: Mon 02 Jan 2023 08:24:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 166.108.216.0/23 maxlen: 23
166.108.218.0/23 maxlen: 23
166.108.224.0/23 maxlen: 23
166.108.226.0/23 maxlen: 23
166.108.220.0/23 maxlen: 23
166.108.222.0/23 maxlen: 23
166.108.230.0/23 maxlen: 23
166.108.232.0/23 maxlen: 23
166.108.228.0/23 maxlen: 23
166.108.244.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 23
166.108.251.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.255.0/24 maxlen: 24
166.108.160.0/22 maxlen: 22
166.108.164.0/22 maxlen: 22
166.108.168.0/22 maxlen: 22
166.108.172.0/22 maxlen: 22
166.108.176.0/22 maxlen: 22
166.108.180.0/22 maxlen: 22
166.108.184.0/22 maxlen: 22
166.108.188.0/22 maxlen: 22
166.108.192.0/22 maxlen: 22
166.108.200.0/22 maxlen: 22
166.108.204.0/22 maxlen: 22
166.108.208.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:76:4c:22:8d:1e:1e:67:7a:0a:e7:fc:f4:62:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Jan 2 08:24:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0265a01ea8a397df29c31c8fc093f1bdd59c80d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:3a:e7:23:5d:62:26:69:39:e6:82:ed:2b:86:
d5:8e:8e:2a:9e:c9:a0:fa:30:a8:ac:f0:c7:0e:82:
a3:b1:aa:1c:7d:e4:f8:37:ec:97:36:da:f1:ad:31:
77:ad:d3:22:03:13:fd:d8:bf:31:57:47:37:b9:d5:
ef:41:9c:66:8c:4b:02:f3:60:bb:de:f7:5f:97:e0:
4e:01:d3:44:30:3a:be:de:1b:7b:82:8d:6e:1f:8b:
13:78:4f:50:f0:13:1e:18:69:b1:ae:2b:f4:da:7e:
9b:70:e8:2d:10:e3:d3:7c:0a:a1:2a:0b:4c:12:ea:
1c:83:ed:4b:d7:7e:be:8f:94:b9:bb:b3:8d:ec:10:
f1:cb:19:b7:68:bd:44:88:fb:20:4a:12:42:3a:a7:
33:be:66:5b:2a:cd:ad:10:2c:61:6e:6a:28:53:af:
86:29:38:78:89:5a:95:8a:c8:f1:79:31:23:66:9a:
99:2d:21:4b:64:d2:36:56:c2:a5:ea:8e:0e:d6:b9:
44:9b:f5:6c:54:52:70:0b:16:bc:54:34:6d:4b:d8:
ed:91:ba:51:6a:17:7d:b8:32:bd:44:e0:50:93:64:
1b:6e:65:65:ef:fb:1a:da:50:6e:c2:93:82:32:f8:
68:31:fe:38:d6:6d:10:01:5f:a3:eb:b2:1f:1f:23:
7c:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:65:A0:1E:A8:A3:97:DF:29:C3:1C:8F:C0:93:F1:BD:D5:9C:80:D1
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/AmWgHqijl98pwxyPwJPxvdWcgNE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0-166.108.195.255
166.108.200.0-166.108.211.255
166.108.216.0-166.108.233.255
166.108.242.0-166.108.247.255
166.108.249.0-166.108.255.255
Signature Algorithm: sha256WithRSAEncryption
21:33:e2:3d:85:1f:fe:64:65:91:09:9a:28:f5:73:6c:06:1a:
05:89:94:6e:b9:da:36:e0:d6:48:9d:73:83:31:19:f7:ea:b5:
45:73:0f:6b:5a:62:6a:07:54:5f:30:07:9f:db:ce:5a:37:a9:
45:61:c6:a9:65:48:3c:a7:de:c2:f9:8a:2e:32:f0:19:42:11:
d3:8e:6c:87:3d:05:7e:2a:4f:ed:1f:7a:7e:82:22:47:b8:46:
06:59:b2:8b:ac:1a:58:87:0e:72:9a:4e:2f:20:b3:43:ae:61:
f0:d5:f0:f7:ae:a0:c5:99:4a:51:21:6a:b4:e4:6f:53:c5:1e:
20:b0:9b:05:57:0d:a8:80:88:0b:69:c1:53:45:01:60:02:97:
d2:94:87:e9:f4:a9:c9:eb:04:11:3b:32:11:6e:9d:a2:58:9c:
22:63:c5:09:84:6f:49:12:d3:bd:16:a3:69:13:6d:24:4c:a1:
5b:45:ee:bb:eb:27:15:5b:32:7b:9c:b8:b9:b3:78:1e:cc:cd:
0c:a6:6e:35:58:17:83:f5:8a:41:40:26:59:12:c4:11:d4:d6:
8e:c2:c7:88:9e:c2:7d:97:0e:a0:b2:3f:f8:e1:58:11:cf:19:
11:bf:34:7e:d7:08:4a:ee:92:10:20:c3:9b:53:6a:f9:e3:68:
98:6c:8e:de
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVxlXZMIo0eHmd6Cuf89GJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMTAyMDgyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjY1YTAxZWE4YTM5N2RmMjljMzFjOGZjMDkzZjFiZGQ1OWM4MGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzrnI11iJmk55oLtK4bVjo4qnsmg
+jCorPDHDoKjsaocfeT4N+yXNtrxrTF3rdMiAxP92L8xV0c3udXvQZxmjEsC82C7
3vdfl+BOAdNEMDq+3ht7go1uH4sTeE9Q8BMeGGmxriv02n6bcOgtEOPTfAqhKgtM
Euocg+1L136+j5S5u7ON7BDxyxm3aL1EiPsgShJCOqczvmZbKs2tECxhbmooU6+G
KTh4iVqVisjxeTEjZpqZLSFLZNI2VsKl6o4O1rlEm/VsVFJwCxa8VDRtS9jtkbpR
ahd9uDK9ROBQk2QbbmVl7/sa2lBuwpOCMvhoMf441m0QAV+j67IfHyN8VwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFAJloB6oo5ffKcMcj8CT8b3VnIDRMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvQW1XZ0hxaWpsOThwd3h5UHdKUHh2ZFdjZ05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTBLBAIAATBFMAwDBAWmbKAD
BAKmbMAwDAMEA6ZsyAMEAqZs0DAMAwQDpmzYAwQBpmzoMAwDBAGmbPIDBAOmbPAw
CwMEAKZs+QMDAKZsMA0GCSqGSIb3DQEBCwUAA4IBAQAhM+I9hR/+ZGWRCZoo9XNs
BhoFiZRuudo24NZInXODMRn36rVFcw9rWmJqB1RfMAef285aN6lFYcapZUg8p97C
+YouMvAZQhHTjmyHPQV+Kk/tH3p+giJHuEYGWbKLrBpYhw5ymk4vILNDrmHw1fD3
rqDFmUpRIWq05G9TxR4gsJsFVw2ogIgLacFTRQFgApfSlIfp9KnJ6wQROzIRbp2i
WJwiY8UJhG9JEtO9FqNpE20kTKFbRe676ycVWzJ7nLi5s3gezM0Mpm41WBeD9YpB
QCZZEsQR1NaOwseInsJ9lw6gsj/44VgRzxkRvzR+1whK7pIQIMObU2r542iYbI7e
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:32 2024 by rpki-client on console-ams.rpki-client.org