Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/NJJnnW-EXNlBCsSaQeR2kEXm4FA.roa
File: NJJnnW-EXNlBCsSaQeR2kEXm4FA.roa (raw, json)
Hash identifier: s+YzcuXzXIXNHj199nh5tZk7V2Q6+DBrbAh7LbkoSMc=
Subject key identifier: 34:92:67:9D:6F:84:5C:D9:41:0A:C4:9A:41:E4:76:90:45:E6:E0:50
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0185719578F663CD868A59E0455809BC97FE
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/NJJnnW-EXNlBCsSaQeR2kEXm4FA.roa
Signing time: Mon 02 Jan 2023 08:24:59 +0000
ROA not before: Mon 02 Jan 2023 08:24:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49999
IP address blocks: 166.108.204.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:78:f6:63:cd:86:8a:59:e0:45:58:09:bc:97:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Jan 2 08:24:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3492679d6f845cd9410ac49a41e4769045e6e050
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:c7:50:c4:52:83:af:a7:d4:ad:8f:1f:fd:d5:
49:9a:b1:91:b4:e3:e8:41:c7:80:50:81:a3:7b:ff:
1c:38:90:8f:33:da:05:18:ee:7a:26:a1:e2:60:6e:
55:b0:7f:e2:cb:37:01:d4:b0:f4:2d:33:ba:3f:95:
eb:b1:8e:3a:e5:e7:27:e6:a1:ed:07:d0:eb:75:d3:
c5:e6:2b:c3:89:cf:a7:6f:04:4d:64:70:f6:8f:a2:
13:bc:80:e7:cc:82:af:46:bc:e5:4d:10:8d:f2:0a:
ef:d1:00:93:26:48:d3:81:f1:bd:f9:4f:82:61:3d:
5a:ae:b6:ee:71:a2:4b:9c:5c:1b:f2:e5:d6:48:c3:
2c:4d:03:3e:d8:98:da:00:e2:98:50:f4:d7:a3:4c:
e1:8b:ee:ab:d2:1b:b5:bc:88:1d:ba:a4:ab:b8:70:
92:74:91:0a:22:fb:a3:50:64:8a:9e:5e:c9:c6:b5:
51:e4:78:65:b3:a0:78:c0:5f:2a:75:69:ce:ca:0a:
8d:e7:a7:07:6f:45:f7:27:47:6b:6f:03:b4:8e:76:
f9:11:63:de:3d:22:ad:1e:8e:57:6c:ee:c7:0b:03:
80:f4:18:dd:3d:67:d0:57:ee:b4:c2:44:96:9d:6a:
00:73:36:64:83:43:90:72:6e:b3:ba:72:9e:f0:f1:
b4:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:92:67:9D:6F:84:5C:D9:41:0A:C4:9A:41:E4:76:90:45:E6:E0:50
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/NJJnnW-EXNlBCsSaQeR2kEXm4FA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.204.0/22
Signature Algorithm: sha256WithRSAEncryption
b1:45:e7:03:72:e7:4d:c2:9f:98:6d:3a:68:75:5f:1a:19:91:
a7:fc:c8:64:ea:9a:1a:1e:a6:16:60:da:0d:83:7c:e5:d9:8c:
27:92:93:1e:7b:f8:57:b4:4e:68:ba:94:87:18:72:e7:61:5d:
88:25:13:8b:8f:11:a9:ba:6f:e9:0d:7f:8e:af:df:60:3a:ba:
74:37:6f:00:db:39:5a:19:d6:5b:e5:00:ed:e6:79:d6:83:7f:
8c:6d:d8:06:60:57:f3:a1:e4:56:82:48:d7:bc:48:8f:13:3b:
8f:12:7a:a9:f7:c4:3f:f6:04:5a:32:dd:c4:e3:16:5a:72:13:
57:a2:ee:44:c2:5d:c4:a7:e0:b3:c2:4b:eb:f7:23:2f:23:be:
94:0d:1a:11:13:3b:2f:5a:15:c8:52:d8:22:27:50:4d:98:6e:
85:b9:e8:83:ff:e4:bd:d2:be:0f:1a:db:62:c6:37:fc:b3:1b:
c1:6f:e7:84:0a:b4:76:77:12:2e:22:f1:c9:b5:4a:94:05:67:
db:5c:67:b6:23:8e:d0:ae:60:cd:cc:f0:7b:6c:e9:b8:11:1c:
d5:b2:14:ec:1b:15:38:56:eb:98:a4:3e:eb:47:d4:13:dc:8f:
ae:3e:25:c4:cf:c3:6e:68:1a:79:4b:8f:f7:3e:8c:0a:43:59:
3a:84:2d:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxlXj2Y82GilngRVgJvJf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMTAyMDgyNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDkyNjc5ZDZmODQ1Y2Q5NDEwYWM0OWE0MWU0NzY5MDQ1ZTZlMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8dQxFKDr6fUrY8f/dVJmrGRtOPo
QceAUIGje/8cOJCPM9oFGO56JqHiYG5VsH/iyzcB1LD0LTO6P5XrsY465ecn5qHt
B9DrddPF5ivDic+nbwRNZHD2j6ITvIDnzIKvRrzlTRCN8grv0QCTJkjTgfG9+U+C
YT1arrbucaJLnFwb8uXWSMMsTQM+2JjaAOKYUPTXo0zhi+6r0hu1vIgduqSruHCS
dJEKIvujUGSKnl7JxrVR5Hhls6B4wF8qdWnOygqN56cHb0X3J0drbwO0jnb5EWPe
PSKtHo5XbO7HCwOA9BjdPWfQV+60wkSWnWoAczZkg0OQcm6zunKe8PG0AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSSZ51vhFzZQQrEmkHkdpBF5uBQMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvTkpKbm5XLUVYTmxCQ3NTYVFlUjJrRVhtNEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCpmzMMA0G
CSqGSIb3DQEBCwUAA4IBAQCxRecDcudNwp+YbTpodV8aGZGn/Mhk6poaHqYWYNoN
g3zl2YwnkpMee/hXtE5oupSHGHLnYV2IJROLjxGpum/pDX+Or99gOrp0N28A2zla
GdZb5QDt5nnWg3+MbdgGYFfzoeRWgkjXvEiPEzuPEnqp98Q/9gRaMt3E4xZachNX
ou5Ewl3Ep+Czwkvr9yMvI76UDRoREzsvWhXIUtgiJ1BNmG6FueiD/+S90r4PGtti
xjf8sxvBb+eECrR2dxIuIvHJtUqUBWfbXGe2I47QrmDNzPB7bOm4ERzVshTsGxU4
VuuYpD7rR9QT3I+uPiXEz8NuaBp5S4/3PowKQ1k6hC2t
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:41:21 2025 by rpki-client