Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Ysy8IbdKzDV3KgLhWePGF3P7cvs.roa
File: Ysy8IbdKzDV3KgLhWePGF3P7cvs.roa (raw, json)
Hash identifier: EPxwz/Us0BV1imLT20NuYe0xMxKT8x11KiJv0YbfgTo=
Subject key identifier: 62:CC:BC:21:B7:4A:CC:35:77:2A:02:E1:59:E3:C6:17:73:FB:72:FB
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 01837F63C4A2EC58F277D719E8F9DE11A8D9
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Ysy8IbdKzDV3KgLhWePGF3P7cvs.roa
Signing time: Tue 27 Sep 2022 14:39:48 +0000
ROA not before: Tue 27 Sep 2022 14:39:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 166.108.216.0/23 maxlen: 23
166.108.218.0/23 maxlen: 23
166.108.224.0/23 maxlen: 23
166.108.226.0/23 maxlen: 23
166.108.220.0/23 maxlen: 23
166.108.222.0/23 maxlen: 23
166.108.230.0/23 maxlen: 23
166.108.232.0/23 maxlen: 23
166.108.228.0/23 maxlen: 23
166.108.244.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 23
166.108.251.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.160.0/22 maxlen: 22
166.108.168.0/22 maxlen: 22
166.108.172.0/22 maxlen: 22
166.108.176.0/22 maxlen: 22
166.108.180.0/22 maxlen: 22
166.108.184.0/22 maxlen: 22
166.108.188.0/22 maxlen: 22
166.108.192.0/22 maxlen: 22
166.108.200.0/22 maxlen: 22
166.108.204.0/22 maxlen: 22
166.108.208.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:7f:63:c4:a2:ec:58:f2:77:d7:19:e8:f9:de:11:a8:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Sep 27 14:39:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=62ccbc21b74acc35772a02e159e3c61773fb72fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:92:47:42:0c:f3:c5:78:1b:0e:65:d5:8d:f6:
3a:97:b3:35:d3:37:2c:4e:5e:59:76:88:e0:92:c8:
ad:41:0b:e4:73:ca:52:6e:da:c5:e2:5e:2b:80:9f:
e8:60:25:16:cb:be:07:f5:42:7c:5f:4e:c8:0e:f2:
cb:d1:f3:9a:a4:90:dc:32:76:0e:d9:96:96:2c:90:
e2:41:63:42:0e:ac:d6:78:41:33:2e:3b:00:bf:d4:
e7:5a:05:86:35:1a:66:79:51:3f:6d:95:78:a9:54:
3d:91:59:6e:75:e2:83:2b:0a:8d:70:03:ab:70:9e:
93:ba:02:c4:d3:b9:f9:16:6d:e1:76:28:72:de:5c:
43:3f:10:07:b9:a0:34:be:7b:89:6c:21:d3:69:97:
e2:ef:dc:5d:e5:be:11:5c:9b:d0:8a:ea:d2:de:30:
d4:2c:1b:08:6a:a3:cf:aa:af:3d:98:3f:2b:fa:b4:
82:94:21:13:99:4b:9c:6c:94:8d:f6:e3:75:d5:2c:
16:f4:b3:55:ee:c1:88:c8:6d:1d:c1:59:49:20:7c:
17:2d:44:db:ad:de:47:40:03:9a:08:c7:56:97:f5:
93:39:2c:56:38:d1:a1:c2:36:9a:58:4e:90:77:97:
fc:50:4b:74:05:c5:06:c9:ee:b7:49:a4:3d:a9:79:
9c:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:CC:BC:21:B7:4A:CC:35:77:2A:02:E1:59:E3:C6:17:73:FB:72:FB
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Ysy8IbdKzDV3KgLhWePGF3P7cvs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0-166.108.195.255
166.108.200.0-166.108.211.255
166.108.216.0-166.108.233.255
166.108.242.0-166.108.247.255
166.108.249.0-166.108.254.255
Signature Algorithm: sha256WithRSAEncryption
7e:85:39:49:50:6a:07:78:5d:a2:06:f2:67:ab:8a:52:ae:94:
37:8f:d3:80:3a:45:ff:73:23:43:80:84:c6:e9:f1:7f:32:f6:
a7:a2:7a:5c:d2:b7:f4:09:c0:39:66:f2:d6:c2:ed:88:ac:18:
8d:82:70:2d:88:b3:e0:5d:9b:87:e5:eb:55:58:3e:69:fe:92:
c2:9f:62:3d:3c:93:d2:d5:4b:45:44:ef:0f:20:08:be:99:03:
33:07:eb:9f:9b:22:85:b6:5a:97:90:02:e0:66:4c:b8:f5:ee:
09:53:6a:95:70:12:04:22:fe:dc:93:9b:d5:da:6a:e3:62:ad:
87:5b:99:f1:66:e1:f7:94:a7:e2:35:51:f6:73:91:80:8e:9c:
e9:0e:9d:16:b1:6d:d9:71:cc:7d:b6:16:9a:63:e0:2d:25:13:
15:4a:9f:d0:d6:e1:7c:0d:8c:37:49:9a:a1:26:32:c4:95:ed:
a9:bc:ed:f3:45:6f:a0:21:a6:36:e0:3f:03:07:51:d4:13:15:
32:df:0b:33:26:5b:f4:52:52:4a:25:c7:2d:76:dd:02:be:89:
3f:cb:03:13:78:28:55:cb:f8:63:d8:90:8b:f8:ce:20:a7:28:
ee:99:16:0c:a4:48:34:a8:fd:29:7b:ae:d6:3c:ca:19:f6:29:
13:0a:b7:c4
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYN/Y8Si7Fjyd9cZ6PneEajZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIwOTI3MTQzOTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmNjYmMyMWI3NGFjYzM1NzcyYTAyZTE1OWUzYzYxNzczZmI3MmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZJHQgzzxXgbDmXVjfY6l7M10zcs
Tl5ZdojgksitQQvkc8pSbtrF4l4rgJ/oYCUWy74H9UJ8X07IDvLL0fOapJDcMnYO
2ZaWLJDiQWNCDqzWeEEzLjsAv9TnWgWGNRpmeVE/bZV4qVQ9kVludeKDKwqNcAOr
cJ6TugLE07n5Fm3hdihy3lxDPxAHuaA0vnuJbCHTaZfi79xd5b4RXJvQiurS3jDU
LBsIaqPPqq89mD8r+rSClCETmUucbJSN9uN11SwW9LNV7sGIyG0dwVlJIHwXLUTb
rd5HQAOaCMdWl/WTOSxWONGhwjaaWE6Qd5f8UEt0BcUGye63SaQ9qXmcUwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGLMvCG3Ssw1dyoC4Vnjxhdz+3L7MB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvWXN5OEliZEt6RFYzS2dMaFdlUEdGM1A3Y3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCpmygMAwD
BAOmbKgDBAKmbMAwDAMEA6ZsyAMEAqZs0DAMAwQDpmzYAwQBpmzoMAwDBAGmbPID
BAOmbPAwDAMEAKZs+QMEAKZs/jANBgkqhkiG9w0BAQsFAAOCAQEAfoU5SVBqB3hd
ogbyZ6uKUq6UN4/TgDpF/3MjQ4CExunxfzL2p6J6XNK39AnAOWby1sLtiKwYjYJw
LYiz4F2bh+XrVVg+af6Swp9iPTyT0tVLRUTvDyAIvpkDMwfrn5sihbZal5AC4GZM
uPXuCVNqlXASBCL+3JOb1dpq42Kth1uZ8Wbh95Sn4jVR9nORgI6c6Q6dFrFt2XHM
fbYWmmPgLSUTFUqf0NbhfA2MN0maoSYyxJXtqbzt80VvoCGmNuA/AwdR1BMVMt8L
MyZb9FJSSiXHLXbdAr6JP8sDE3goVcv4Y9iQi/jOIKco7pkWDKRINKj9KXuu1jzK
GfYpEwq3xA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:44:15 2025 by rpki-client