Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Kw2_XaS_aVHfyaK-7kkKEimX80A.roa
File: Kw2_XaS_aVHfyaK-7kkKEimX80A.roa (raw, json)
Hash identifier: fDhRXG8Zlj4FHgiJQRPIVfhaD6HjG/Hcc7BNpEk30Cs=
Subject key identifier: 2B:0D:BF:5D:A4:BF:69:51:DF:C9:A2:BE:EE:49:0A:12:29:97:F3:40
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018722041932E74E1B3D1BDA0A7E16F288CF
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Kw2_XaS_aVHfyaK-7kkKEimX80A.roa
Signing time: Mon 27 Mar 2023 07:41:46 +0000
ROA not before: Mon 27 Mar 2023 07:41:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 166.108.212.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:22:04:19:32:e7:4e:1b:3d:1b:da:0a:7e:16:f2:88:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Mar 27 07:41:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2b0dbf5da4bf6951dfc9a2beee490a122997f340
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:78:6d:d2:4c:c4:05:22:d1:b3:f2:f9:34:4f:
1b:07:6f:80:89:b0:e4:8e:0e:6d:91:71:36:64:51:
d2:d7:1a:2f:97:0f:71:c7:17:50:56:10:56:07:b1:
38:45:1d:b4:11:73:0e:ed:bc:c7:fb:87:46:b1:9f:
e3:bf:67:8d:00:8b:7f:70:17:94:37:e5:19:df:0a:
19:b5:61:20:60:88:9a:ad:15:75:bd:84:6f:1f:1c:
08:67:4c:fe:5c:7d:a0:39:dd:36:ab:b9:42:64:c2:
27:00:f2:7c:1b:ae:9b:53:a9:2c:29:d3:49:67:72:
1c:2d:24:e7:ac:b1:9a:30:01:2e:0c:75:07:4e:04:
38:db:14:b7:09:8b:e9:d1:5a:1f:e5:62:6c:23:ac:
56:d5:96:74:02:e9:bc:26:2a:8e:3b:30:35:98:fd:
20:c1:86:ac:73:9e:e5:8b:6c:95:08:0d:da:ee:54:
2d:ff:a3:0c:7d:b7:b9:4a:ca:5e:3d:ab:51:56:6a:
ef:86:f2:c1:03:65:b7:98:53:d2:71:63:59:d0:31:
94:d8:48:51:17:6a:e1:c6:c6:0c:f1:3f:92:a5:e0:
89:52:06:8f:95:6b:81:86:0e:36:12:5e:f9:56:69:
5d:f5:4a:86:82:6c:94:08:1f:a2:06:94:88:9a:2c:
e8:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:0D:BF:5D:A4:BF:69:51:DF:C9:A2:BE:EE:49:0A:12:29:97:F3:40
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Kw2_XaS_aVHfyaK-7kkKEimX80A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.212.0/22
Signature Algorithm: sha256WithRSAEncryption
af:da:69:8e:02:35:54:66:18:fa:3f:9b:c3:6d:93:c1:9e:ec:
86:a7:b5:c5:25:1e:dc:e6:91:18:73:cc:92:a1:72:1f:8a:cb:
d7:31:5f:43:47:47:74:4e:28:73:64:1e:82:f1:0a:ff:4a:f8:
b9:e3:89:c1:19:08:e6:de:78:63:0f:cf:76:3f:6d:89:c1:ad:
b0:77:68:aa:2d:f5:a8:06:05:13:9d:e8:7b:c8:04:04:f7:84:
07:58:fb:d8:0c:d5:bb:b0:7e:62:8d:b2:0b:a1:19:38:b8:4b:
13:ce:3c:b3:d6:0c:76:57:fb:4d:c8:fa:85:e0:06:67:19:44:
90:f9:06:55:c1:28:b9:a2:e6:5f:27:2a:a1:a2:2b:4d:05:e1:
8e:bf:dc:58:04:a3:74:63:be:b5:93:01:d8:0b:19:57:b5:55:
fb:9f:ff:f8:65:d3:f7:98:1f:87:95:a3:18:a8:db:3b:5f:ab:
0e:bb:d1:73:ed:42:c5:00:3b:f7:bd:01:fd:4c:8e:af:25:9a:
7d:56:01:9a:f6:fe:34:27:f1:c8:84:4c:1b:f1:87:48:5b:a0:
ac:81:80:2a:00:aa:0c:74:9d:5b:c6:a3:6e:62:06:39:c2:43:
22:b4:2c:c6:3f:3b:ac:56:05:80:d6:e4:f8:34:23:3e:7c:35:
09:8b:3f:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYciBBky504bPRvaCn4W8ojPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMzI3MDc0MTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBkYmY1ZGE0YmY2OTUxZGZjOWEyYmVlZTQ5MGExMjI5OTdmMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonht0kzEBSLRs/L5NE8bB2+AibDk
jg5tkXE2ZFHS1xovlw9xxxdQVhBWB7E4RR20EXMO7bzH+4dGsZ/jv2eNAIt/cBeU
N+UZ3woZtWEgYIiarRV1vYRvHxwIZ0z+XH2gOd02q7lCZMInAPJ8G66bU6ksKdNJ
Z3IcLSTnrLGaMAEuDHUHTgQ42xS3CYvp0Vof5WJsI6xW1ZZ0Aum8JiqOOzA1mP0g
wYasc57li2yVCA3a7lQt/6MMfbe5SspePatRVmrvhvLBA2W3mFPScWNZ0DGU2EhR
F2rhxsYM8T+SpeCJUgaPlWuBhg42El75Vmld9UqGgmyUCB+iBpSImizowwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsNv12kv2lR38mivu5JChIpl/NAMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvS3cyX1hhU19hVkhmeWFLLTdra0tFaW1YODBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCpmzUMA0G
CSqGSIb3DQEBCwUAA4IBAQCv2mmOAjVUZhj6P5vDbZPBnuyGp7XFJR7c5pEYc8yS
oXIfisvXMV9DR0d0TihzZB6C8Qr/Svi544nBGQjm3nhjD892P22Jwa2wd2iqLfWo
BgUTneh7yAQE94QHWPvYDNW7sH5ijbILoRk4uEsTzjyz1gx2V/tNyPqF4AZnGUSQ
+QZVwSi5ouZfJyqhoitNBeGOv9xYBKN0Y761kwHYCxlXtVX7n//4ZdP3mB+HlaMY
qNs7X6sOu9Fz7ULFADv3vQH9TI6vJZp9VgGa9v40J/HIhEwb8YdIW6CsgYAqAKoM
dJ1bxqNuYgY5wkMitCzGPzusVgWA1uT4NCM+fDUJiz/D
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:14:23 2025 by rpki-client