Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/VIK1twMc4II8DLib89DA1xDV1xg.roa
File: VIK1twMc4II8DLib89DA1xDV1xg.roa (raw, json)
Hash identifier: p9aCevwK3t6GL8PcoB7XZu6Qe04TuMyk8xfK7xZGU58=
Subject key identifier: 54:82:B5:B7:03:1C:E0:82:3C:0C:B8:9B:F3:D0:C0:D7:10:D5:D7:18
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0186F70AD2DD448EED157488D5BB882F13DF
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/VIK1twMc4II8DLib89DA1xDV1xg.roa
Signing time: Sat 18 Mar 2023 23:25:27 +0000
ROA not before: Sat 18 Mar 2023 23:25:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 166.108.242.0/23 maxlen: 24
166.108.176.0/22 maxlen: 24
166.108.212.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:f7:0a:d2:dd:44:8e:ed:15:74:88:d5:bb:88:2f:13:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Mar 18 23:25:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5482b5b7031ce0823c0cb89bf3d0c0d710d5d718
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:14:30:71:8c:53:88:7a:8c:f5:6d:dd:ec:e3:
87:d0:45:f4:72:03:6f:12:eb:6a:93:ca:b9:f1:60:
20:14:f3:1f:14:93:94:29:28:f5:3e:83:6a:ba:80:
cd:83:3b:38:38:6e:47:56:e4:3e:3c:27:a1:7e:d8:
f8:b9:90:91:b2:d3:2e:a6:fd:e9:2d:a6:46:cb:78:
d4:8b:5b:3b:e5:ce:b9:91:a6:49:6e:23:37:78:71:
fb:7c:e5:57:fa:81:56:e7:dc:89:64:73:41:97:3e:
1c:b1:8a:5b:57:56:d6:0b:98:3f:6d:9b:3e:d7:8c:
88:07:4b:42:2f:ea:20:17:54:7e:66:e6:50:3e:b0:
9a:50:5b:9c:e2:45:9e:52:a7:6f:6c:da:91:66:f0:
09:23:34:2c:aa:25:70:0e:e8:3d:63:20:75:1a:7b:
c0:b0:bf:16:e4:28:b4:77:1d:36:3d:e0:bf:54:b8:
17:26:ec:8b:c2:6a:46:52:7f:32:eb:3d:be:55:7f:
19:16:27:42:e6:5a:dc:e2:c6:2e:e9:16:b1:a9:78:
b4:2d:19:34:cc:71:17:2e:ee:c1:6a:17:0f:e5:1a:
56:b0:a8:b0:60:3f:c0:b8:de:81:bc:b6:31:78:5b:
ee:3f:e7:6b:52:58:26:f6:ba:98:a4:b8:2a:fb:bd:
18:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:82:B5:B7:03:1C:E0:82:3C:0C:B8:9B:F3:D0:C0:D7:10:D5:D7:18
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/VIK1twMc4II8DLib89DA1xDV1xg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.176.0/22
166.108.212.0/22
166.108.242.0/23
Signature Algorithm: sha256WithRSAEncryption
06:39:e9:7e:f3:2d:15:ec:78:ce:1d:a4:91:ee:7f:3b:d8:d0:
6a:4d:06:26:10:4f:f9:23:e9:91:a5:58:87:37:87:be:dc:d8:
ab:34:cd:d6:4a:ab:88:0a:bd:a8:38:de:a5:ce:25:74:0d:9d:
d6:c2:25:d8:9c:5f:01:4d:ed:3a:1d:e9:e5:1b:fd:51:9a:0d:
65:27:7f:e0:d3:48:28:c3:d4:90:67:03:61:a9:d6:e8:b1:39:
43:87:4d:9e:dd:77:ed:69:f7:4d:47:a3:77:0c:e3:a5:f6:c7:
bb:e3:9a:4c:d4:d9:bb:2b:0a:47:d3:30:80:ee:4a:08:e4:ae:
27:95:85:92:75:2b:a2:02:04:93:5e:fd:f8:f6:9f:5a:54:81:
77:0c:24:6f:35:bf:0c:02:2d:4b:bf:35:46:be:3a:37:23:08:
77:b5:ba:f2:b1:9b:11:b3:6b:82:4e:8d:af:f2:aa:90:ca:90:
01:ca:18:a1:29:83:a2:d1:d3:31:a9:74:1c:65:6e:a9:32:20:
24:23:3f:aa:1e:41:70:48:47:be:ab:4f:48:2c:d3:54:e8:39:
90:4f:0d:f3:34:5c:5e:9e:b8:b4:26:ca:92:7a:f3:31:a6:c5:
48:0e:23:ab:23:dd:5e:c7:6d:0d:32:ca:13:a8:a4:78:f7:d9:
50:73:e7:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYb3CtLdRI7tFXSI1buILxPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMzE4MjMyNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDgyYjViNzAzMWNlMDgyM2MwY2I4OWJmM2QwYzBkNzEwZDVkNzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxQwcYxTiHqM9W3d7OOH0EX0cgNv
Eutqk8q58WAgFPMfFJOUKSj1PoNquoDNgzs4OG5HVuQ+PCehftj4uZCRstMupv3p
LaZGy3jUi1s75c65kaZJbiM3eHH7fOVX+oFW59yJZHNBlz4csYpbV1bWC5g/bZs+
14yIB0tCL+ogF1R+ZuZQPrCaUFuc4kWeUqdvbNqRZvAJIzQsqiVwDug9YyB1GnvA
sL8W5Ci0dx02PeC/VLgXJuyLwmpGUn8y6z2+VX8ZFidC5lrc4sYu6RaxqXi0LRk0
zHEXLu7BahcP5RpWsKiwYD/AuN6BvLYxeFvuP+drUlgm9rqYpLgq+70YOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFSCtbcDHOCCPAy4m/PQwNcQ1dcYMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvVklLMXR3TWM0SUk4RExpYjg5REExeERWMXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCpmywAwQC
pmzUAwQBpmzyMA0GCSqGSIb3DQEBCwUAA4IBAQAGOel+8y0V7HjOHaSR7n872NBq
TQYmEE/5I+mRpViHN4e+3NirNM3WSquICr2oON6lziV0DZ3WwiXYnF8BTe06Henl
G/1Rmg1lJ3/g00gow9SQZwNhqdbosTlDh02e3XftafdNR6N3DOOl9se745pM1Nm7
KwpH0zCA7koI5K4nlYWSdSuiAgSTXv349p9aVIF3DCRvNb8MAi1LvzVGvjo3Iwh3
tbrysZsRs2uCTo2v8qqQypAByhihKYOi0dMxqXQcZW6pMiAkIz+qHkFwSEe+q09I
LNNU6DmQTw3zNFxenri0JsqSevMxpsVIDiOrI91ex20NMsoTqKR499lQc+co
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:22 2025 by rpki-client