Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/GXV_7JzcyqGBT1uldHXkqDB116I.roa
File: GXV_7JzcyqGBT1uldHXkqDB116I.roa (raw, json)
Hash identifier: 3zzKpzpL5qbFybBahAA9V2brrIy1ZggzTepQC+67W9g=
Subject key identifier: 19:75:7F:EC:9C:DC:CA:A1:81:4F:5B:A5:74:75:E4:A8:30:75:D7:A2
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018571957DF0D28BC356D86B83852AE0592D
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/GXV_7JzcyqGBT1uldHXkqDB116I.roa
Signing time: Mon 02 Jan 2023 08:25:00 +0000
ROA not before: Mon 02 Jan 2023 08:25:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211585
IP address blocks: 166.108.232.0/23 maxlen: 24
166.108.160.0/22 maxlen: 24
166.108.168.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:7d:f0:d2:8b:c3:56:d8:6b:83:85:2a:e0:59:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Jan 2 08:25:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=19757fec9cdccaa1814f5ba57475e4a83075d7a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:98:ae:95:7d:70:53:0c:0c:06:ad:d9:38:89:
ff:1b:a4:e0:7a:5f:44:9c:ea:f4:17:51:59:65:5c:
6f:a7:8b:1d:48:f0:08:fa:0b:26:f3:52:e1:a9:4d:
d2:46:0f:2e:84:4a:6a:8e:21:00:76:db:0c:64:34:
86:d8:b0:15:66:50:09:8c:84:dc:e1:44:d2:43:f9:
c6:d0:37:4e:80:37:ae:b8:6d:a5:a7:ec:5b:8e:e4:
b0:47:67:5e:37:72:a5:e0:2b:53:c7:7a:02:19:ca:
14:ff:28:d9:28:8f:a2:20:44:9f:3c:43:34:af:b3:
f4:14:a2:03:9b:1e:5a:e7:56:20:18:6d:3b:a2:b2:
a4:13:7a:9b:88:a0:90:66:3a:87:37:98:a5:40:75:
a2:44:38:4f:70:90:10:89:bf:89:d9:d4:95:67:4b:
4a:73:97:fb:61:c0:b7:d1:db:53:64:71:aa:77:79:
f1:5b:8c:18:30:7d:24:7e:32:39:75:28:43:4f:29:
72:f7:6a:cc:87:7c:76:b1:bd:60:b6:bc:d6:fa:1d:
7d:d6:74:16:13:a6:0b:76:2a:b0:1b:5c:e2:bd:e6:
22:2e:72:19:9d:db:78:18:28:40:63:72:20:5a:fb:
6a:88:67:7e:51:d3:a0:56:b5:f9:bb:bf:c6:59:78:
5f:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:75:7F:EC:9C:DC:CA:A1:81:4F:5B:A5:74:75:E4:A8:30:75:D7:A2
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/GXV_7JzcyqGBT1uldHXkqDB116I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0/22
166.108.196.0/22
166.108.232.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:e0:e9:e0:ff:5b:96:9f:00:a3:41:88:16:2a:4b:97:f9:2f:
d5:32:b6:58:dc:7a:e0:2f:f9:17:16:aa:4f:16:88:55:54:d8:
f6:eb:39:c9:bd:c3:d0:fa:e0:30:a1:75:65:ed:61:b2:b4:72:
ec:0b:37:00:fa:ad:ec:f3:ad:93:3e:38:7a:df:26:70:9c:94:
6a:96:d8:68:a0:12:82:14:9b:dd:81:4b:0b:da:3e:2d:1a:e8:
2a:90:b8:27:49:8c:3e:5e:c4:84:67:31:84:a5:34:ec:dd:67:
54:7d:25:b4:26:1d:71:1b:3d:3d:b2:01:58:37:d5:71:b2:61:
0b:3c:7f:b4:7e:ae:c4:03:ad:9c:64:f1:48:aa:bc:43:fc:2d:
ad:44:fd:0c:1e:eb:d5:09:17:c5:8c:ce:3e:ba:87:64:34:2d:
59:c7:27:7e:d9:eb:83:0a:45:c9:c5:96:85:54:0d:df:62:27:
1d:ce:61:dd:f6:1b:92:1b:1d:78:7e:4f:f1:49:94:5b:3f:02:
c7:fd:60:6e:77:50:1c:f4:ee:2a:bb:bd:ca:42:31:7d:28:c6:
1a:06:62:71:e7:e7:2a:49:3a:c5:bb:c8:23:f8:9f:c3:2f:5d:
cc:ee:05:77:00:17:01:64:11:99:96:63:39:e5:19:e7:30:c7:
d5:07:e3:a5
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVxlX3w0ovDVthrg4Uq4FktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMTAyMDgyNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTc1N2ZlYzljZGNjYWExODE0ZjViYTU3NDc1ZTRhODMwNzVkN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZiulX1wUwwMBq3ZOIn/G6Tgel9E
nOr0F1FZZVxvp4sdSPAI+gsm81LhqU3SRg8uhEpqjiEAdtsMZDSG2LAVZlAJjITc
4UTSQ/nG0DdOgDeuuG2lp+xbjuSwR2deN3Kl4CtTx3oCGcoU/yjZKI+iIESfPEM0
r7P0FKIDmx5a51YgGG07orKkE3qbiKCQZjqHN5ilQHWiRDhPcJAQib+J2dSVZ0tK
c5f7YcC30dtTZHGqd3nxW4wYMH0kfjI5dShDTyly92rMh3x2sb1gtrzW+h191nQW
E6YLdiqwG1ziveYiLnIZndt4GChAY3IgWvtqiGd+UdOgVrX5u7/GWXhffQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBl1f+yc3MqhgU9bpXR15KgwddeiMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvR1hWXzdKemN5cUdCVDF1bGRIWGtxREIxMTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCpmygAwQC
pmyoAwQCpmzEAwQBpmzoMA0GCSqGSIb3DQEBCwUAA4IBAQCP4Ong/1uWnwCjQYgW
KkuX+S/VMrZY3HrgL/kXFqpPFohVVNj26znJvcPQ+uAwoXVl7WGytHLsCzcA+q3s
862TPjh63yZwnJRqlthooBKCFJvdgUsL2j4tGugqkLgnSYw+XsSEZzGEpTTs3WdU
fSW0Jh1xGz09sgFYN9VxsmELPH+0fq7EA62cZPFIqrxD/C2tRP0MHuvVCRfFjM4+
uodkNC1Zxyd+2euDCkXJxZaFVA3fYicdzmHd9huSGx14fk/xSZRbPwLH/WBud1Ac
9O4qu73KQjF9KMYaBmJx5+cqSTrFu8gj+J/DL13M7gV3ABcBZBGZlmM55RnnMMfV
B+Ol
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:40:24 2025 by rpki-client