Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/LXiCgS8QeglGxcTzLwihYTiAzCU.roa
File: LXiCgS8QeglGxcTzLwihYTiAzCU.roa (raw, json)
Hash identifier: MXY+8TWNSTALj/rzezg5oeFLu3fxwLpGP2PDgyJVI1o=
Subject key identifier: 2D:78:82:81:2F:10:7A:09:46:C5:C4:F3:2F:08:A1:61:38:80:CC:25
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 01853A08D21344F784EC770ED634EA0BAF33
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/LXiCgS8QeglGxcTzLwihYTiAzCU.roa
Signing time: Thu 22 Dec 2022 13:32:14 +0000
ROA not before: Thu 22 Dec 2022 13:32:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211585
IP address blocks: 166.108.232.0/23 maxlen: 24
166.108.160.0/22 maxlen: 24
166.108.168.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:3a:08:d2:13:44:f7:84:ec:77:0e:d6:34:ea:0b:af:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Dec 22 13:32:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2d7882812f107a0946c5c4f32f08a1613880cc25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:bc:17:31:29:cd:10:02:ba:25:47:5c:84:e5:
06:48:c8:c2:82:6f:61:02:1b:85:3e:03:1d:f8:a6:
25:9a:a1:47:5f:f7:ca:6a:8b:b3:39:b9:9c:7a:46:
1f:55:c5:4c:4f:a5:f0:40:07:51:59:15:32:b9:10:
cf:a1:67:84:24:9b:09:7b:b7:25:bd:85:49:88:72:
05:93:57:cd:ad:2e:74:76:6d:92:fc:05:5e:7a:84:
3b:ca:d3:a9:d2:b0:eb:bd:41:cd:57:30:b6:b9:7e:
9e:32:b8:c5:6f:9c:69:c6:86:3a:40:d4:0a:71:13:
8e:1b:73:99:74:1a:c9:0a:38:e5:4f:e2:3b:dc:67:
47:9a:37:16:be:24:a1:0f:5e:97:4f:b4:36:1f:2d:
9b:e9:7e:fb:ef:42:78:8e:50:01:fd:a2:10:fe:ec:
7e:65:63:90:37:d8:31:98:21:04:ee:ab:a2:80:76:
2f:6b:7e:77:e6:e5:c1:10:de:e8:5e:ad:79:53:eb:
09:49:d9:93:9c:f5:d4:3c:20:d4:e9:0e:0c:a1:05:
82:b8:66:99:e0:bd:eb:03:73:34:cc:13:41:0d:51:
eb:c7:c9:b1:73:e3:a0:fc:6b:10:17:0d:3b:2d:75:
d6:05:04:84:da:47:dd:3a:00:46:95:ad:4e:97:dc:
bd:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:78:82:81:2F:10:7A:09:46:C5:C4:F3:2F:08:A1:61:38:80:CC:25
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/LXiCgS8QeglGxcTzLwihYTiAzCU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0/22
166.108.196.0/22
166.108.232.0/23
Signature Algorithm: sha256WithRSAEncryption
9d:e2:4b:89:b2:6a:e5:d2:bb:2b:70:d4:ff:7f:23:74:e0:58:
46:34:e1:9d:78:73:bb:51:76:fc:3d:49:f9:4d:84:bf:7f:b4:
a2:7e:0f:89:7a:79:2b:5d:76:58:85:37:c1:49:5d:17:e7:f6:
b4:88:9f:62:3b:cb:8f:8b:5d:3c:ba:eb:5d:85:9c:6c:6b:6e:
f1:d4:72:79:bb:7e:e2:4f:de:2d:fc:9b:44:ca:9e:9f:71:8c:
ec:2f:6a:e0:ba:a4:d7:bb:ce:64:7c:9d:72:c3:4e:17:0c:09:
76:75:0c:7a:20:85:ac:2e:6e:74:6b:3f:f9:79:a4:c8:b4:d8:
c9:7d:d7:c8:6e:2d:a9:d8:6c:59:26:c4:e6:48:a4:af:20:02:
e1:2b:5d:a6:3f:69:87:7c:8f:d7:e5:67:a0:cf:77:48:a5:b1:
90:4f:d3:6d:6a:1c:e2:a1:e8:fd:eb:29:7f:5b:0c:dd:2a:e3:
c5:de:b4:c3:07:67:42:c2:5b:ff:a5:8b:07:76:97:04:1d:e9:
e1:3f:36:9a:93:54:ac:5f:ea:4b:31:4a:b3:8f:24:06:96:72:
1f:92:e2:74:17:d3:39:e6:c0:ab:25:a8:6c:6d:cc:f6:80:fd:
4e:2c:e2:55:49:57:9a:01:4f:80:7f:5a:25:a3:8c:4f:12:b7:
5e:3e:92:e5
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYU6CNITRPeE7HcO1jTqC68zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMjIyMTMzMjE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc4ODI4MTJmMTA3YTA5NDZjNWM0ZjMyZjA4YTE2MTM4ODBjYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbwXMSnNEAK6JUdchOUGSMjCgm9h
AhuFPgMd+KYlmqFHX/fKaouzObmcekYfVcVMT6XwQAdRWRUyuRDPoWeEJJsJe7cl
vYVJiHIFk1fNrS50dm2S/AVeeoQ7ytOp0rDrvUHNVzC2uX6eMrjFb5xpxoY6QNQK
cROOG3OZdBrJCjjlT+I73GdHmjcWviShD16XT7Q2Hy2b6X7770J4jlAB/aIQ/ux+
ZWOQN9gxmCEE7quigHYva3535uXBEN7oXq15U+sJSdmTnPXUPCDU6Q4MoQWCuGaZ
4L3rA3M0zBNBDVHrx8mxc+Og/GsQFw07LXXWBQSE2kfdOgBGla1Ol9y9QQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFC14goEvEHoJRsXE8y8IoWE4gMwlMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvTFhpQ2dTOFFlZ2xHeGNUekx3aWhZVGlBekNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCpmygAwQC
pmyoAwQCpmzEAwQBpmzoMA0GCSqGSIb3DQEBCwUAA4IBAQCd4kuJsmrl0rsrcNT/
fyN04FhGNOGdeHO7UXb8PUn5TYS/f7Sifg+JenkrXXZYhTfBSV0X5/a0iJ9iO8uP
i108uutdhZxsa27x1HJ5u37iT94t/JtEyp6fcYzsL2rguqTXu85kfJ1yw04XDAl2
dQx6IIWsLm50az/5eaTItNjJfdfIbi2p2GxZJsTmSKSvIALhK12mP2mHfI/X5Weg
z3dIpbGQT9Ntahzioej96yl/WwzdKuPF3rTDB2dCwlv/pYsHdpcEHenhPzaak1Ss
X+pLMUqzjyQGlnIfkuJ0F9M55sCrJahsbcz2gP1OLOJVSVeaAU+Af1olo4xPErde
PpLl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:46 2024 by rpki-client on console-fra.rpki-client.org