Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Y4y2yZG_oYwdDebTtbdVViOhhB8.roa
File: Y4y2yZG_oYwdDebTtbdVViOhhB8.roa (raw, json)
Hash identifier: 8PsTJPm6cYeoFTP/6IHIpAsC7yxAr0aJM2Fl4IKVIOY=
Subject key identifier: 63:8C:B6:C9:91:BF:A1:8C:1D:0D:E6:D3:B5:B7:55:56:23:A1:84:1F
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0185719576E000975B5C5053AE8DB4AF2BA5
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Y4y2yZG_oYwdDebTtbdVViOhhB8.roa
Signing time: Mon 02 Jan 2023 08:24:58 +0000
ROA not before: Mon 02 Jan 2023 08:24:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 166.108.246.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.244.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.251.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:76:e0:00:97:5b:5c:50:53:ae:8d:b4:af:2b:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Jan 2 08:24:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=638cb6c991bfa18c1d0de6d3b5b7555623a1841f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:91:78:6d:30:33:cf:7e:9f:5f:d1:1c:98:65:
f0:55:9c:c1:98:8d:bf:3c:8e:59:6d:10:7f:e4:6d:
5d:14:c8:26:b8:76:9a:95:dd:fb:83:00:8b:98:b1:
83:46:cb:c0:ee:03:a0:87:ac:9c:3f:2e:bf:41:22:
c8:4c:d4:44:bb:bd:67:ed:a0:cc:a3:b2:c4:12:5a:
93:b0:9b:ba:2b:3e:cd:42:a9:c6:eb:fc:b5:48:76:
c0:98:f8:dd:4d:7d:f0:43:ef:9b:71:f4:8f:7f:52:
e7:23:31:a1:1d:12:61:da:e6:27:70:08:6c:97:a0:
93:f2:18:84:7a:db:5e:6b:20:bd:fa:30:65:a2:84:
8b:ce:f8:6d:b9:a7:89:0d:6f:5a:1a:92:4d:53:02:
4a:c9:9f:66:1b:fa:c9:34:79:28:58:da:ca:37:d0:
ad:bf:ef:8d:22:b4:0a:55:ae:37:89:61:ac:66:1a:
71:11:98:37:38:62:2b:3e:07:11:c3:ae:a3:2e:12:
2b:4b:c6:7a:88:14:83:6a:a3:95:39:40:89:5e:06:
5f:83:03:7e:57:41:f4:69:e0:2b:d1:7d:a2:1a:7c:
33:b1:2b:21:3d:0f:a9:2a:b8:e6:b2:91:46:9a:c3:
bb:5f:4c:11:54:ff:71:bb:72:ca:6c:05:3c:cd:7a:
cd:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:8C:B6:C9:91:BF:A1:8C:1D:0D:E6:D3:B5:B7:55:56:23:A1:84:1F
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Y4y2yZG_oYwdDebTtbdVViOhhB8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.244.0/22
166.108.249.0-166.108.254.255
Signature Algorithm: sha256WithRSAEncryption
35:31:53:ee:3f:1d:bd:ca:e8:16:ec:51:73:57:8d:9a:d2:fc:
e7:c2:d1:5b:48:6a:26:9e:e2:10:65:85:ae:a2:27:16:f0:d7:
66:d6:3a:89:bc:e4:14:20:6b:45:d8:90:07:36:85:fa:49:75:
ea:5c:a9:6b:62:c6:37:33:e8:66:ed:71:0e:8e:a2:d6:fe:1a:
58:05:0c:6e:05:96:fd:4b:ac:00:8e:57:1b:7d:3c:de:b8:a6:
41:20:0b:ec:02:d2:e9:82:2a:50:8d:49:bd:8b:b6:06:ff:91:
5f:58:64:1c:44:68:8b:a3:a9:7d:d0:4a:20:86:ee:48:bd:1b:
c1:3c:91:ff:6c:e3:cd:97:f7:27:8e:81:3f:cc:a7:75:e0:27:
1e:ef:de:b8:b8:d4:db:6f:14:14:23:bc:d5:2b:6f:3f:4d:80:
69:f2:f6:43:1b:0c:a5:64:b8:e1:14:a1:ea:7c:4b:74:b3:fe:
5d:39:83:a8:d3:ad:c7:60:aa:ef:b9:91:fa:5b:86:40:9b:69:
c3:69:8c:e3:b4:6e:4c:84:42:46:c2:fc:dc:25:39:59:4f:c0:
cb:54:6c:8b:df:61:92:fd:30:21:59:56:fe:67:88:eb:2d:3f:
fd:ef:da:4e:6c:0a:8f:1d:b2:a4:d1:1c:b7:43:0d:85:7c:03:
f4:01:46:89
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVxlXbgAJdbXFBTro20ryulMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMTAyMDgyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzhjYjZjOTkxYmZhMThjMWQwZGU2ZDNiNWI3NTU1NjIzYTE4NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJF4bTAzz36fX9EcmGXwVZzBmI2/
PI5ZbRB/5G1dFMgmuHaald37gwCLmLGDRsvA7gOgh6ycPy6/QSLITNREu71n7aDM
o7LEElqTsJu6Kz7NQqnG6/y1SHbAmPjdTX3wQ++bcfSPf1LnIzGhHRJh2uYncAhs
l6CT8hiEetteayC9+jBlooSLzvhtuaeJDW9aGpJNUwJKyZ9mG/rJNHkoWNrKN9Ct
v++NIrQKVa43iWGsZhpxEZg3OGIrPgcRw66jLhIrS8Z6iBSDaqOVOUCJXgZfgwN+
V0H0aeAr0X2iGnwzsSshPQ+pKrjmspFGmsO7X0wRVP9xu3LKbAU8zXrNzwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGOMtsmRv6GMHQ3m07W3VVYjoYQfMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvWTR5MnlaR19vWXdkRGViVHRiZFZWaU9oaEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCpmz0MAwD
BACmbPkDBACmbP4wDQYJKoZIhvcNAQELBQADggEBADUxU+4/Hb3K6BbsUXNXjZrS
/OfC0VtIaiae4hBlha6iJxbw12bWOom85BQga0XYkAc2hfpJdepcqWtixjcz6Gbt
cQ6Ootb+GlgFDG4Flv1LrACOVxt9PN64pkEgC+wC0umCKlCNSb2Ltgb/kV9YZBxE
aIujqX3QSiCG7ki9G8E8kf9s482X9yeOgT/Mp3XgJx7v3ri41NtvFBQjvNUrbz9N
gGny9kMbDKVkuOEUoep8S3Sz/l05g6jTrcdgqu+5kfpbhkCbacNpjOO0bkyEQkbC
/NwlOVlPwMtUbIvfYZL9MCFZVv5niOstP/3v2k5sCo8dsqTRHLdDDYV8A/QBRok=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:49:50 2025 by rpki-client