Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/bZueRLFgEuIv0nSb0Y5eKWJ7vEQ.roa
File: bZueRLFgEuIv0nSb0Y5eKWJ7vEQ.roa (raw, json)
Hash identifier: fOoe7AQZ0g684u6o4amQ6TjGNjqaZGvGORLSH++PIf4=
Subject key identifier: 6D:9B:9E:44:B1:60:12:E2:2F:D2:74:9B:D1:8E:5E:29:62:7B:BC:44
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018505A7CA3BD69B57F7B108D6EF9DBF107C
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/bZueRLFgEuIv0nSb0Y5eKWJ7vEQ.roa
Signing time: Mon 12 Dec 2022 09:26:00 +0000
ROA not before: Mon 12 Dec 2022 09:26:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209737
IP address blocks: 166.108.164.0/22 maxlen: 24
166.108.192.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:05:a7:ca:3b:d6:9b:57:f7:b1:08:d6:ef:9d:bf:10:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Dec 12 09:26:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6d9b9e44b16012e22fd2749bd18e5e29627bbc44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:7a:fb:2f:8b:bd:90:91:a6:c6:b5:32:73:33:
91:9f:37:5e:18:a8:18:11:d0:19:3d:18:0f:8f:53:
11:6b:5d:59:2e:e9:84:26:39:22:7b:8d:df:f9:d3:
b2:27:94:cd:0c:5e:0a:7c:80:e7:40:b9:a4:5a:53:
dc:07:6d:83:e5:b6:01:f2:91:c7:5c:6e:c3:7a:6f:
89:db:18:44:9f:c5:37:22:f3:64:9f:09:cb:69:40:
f4:49:4f:eb:35:97:af:95:9f:c2:db:6e:bf:4c:d2:
25:c6:7a:33:98:0d:bb:4c:f5:b4:c6:27:84:ad:62:
b3:67:7a:b1:95:c4:85:9a:51:de:1e:ed:e9:d8:9c:
f2:77:e4:48:dd:a0:e2:6d:30:0d:a5:a1:50:55:5e:
54:cf:3b:6f:94:b3:f3:a1:3d:fc:b7:e6:26:f5:df:
81:02:c0:e6:3b:08:31:2b:c7:af:02:40:20:8e:7d:
b8:2e:e3:90:49:46:d1:a1:cf:d3:0c:f5:fc:73:32:
fc:aa:e3:e1:dd:1f:4a:6d:fe:76:1d:ff:b4:24:57:
61:a5:08:b0:6b:fb:3c:32:40:7c:03:18:29:94:59:
d7:41:3c:f7:aa:26:10:e9:78:8b:72:1f:74:40:dc:
6b:78:3a:6d:3e:0a:b6:f9:e0:fa:d3:71:51:b2:18:
76:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:9B:9E:44:B1:60:12:E2:2F:D2:74:9B:D1:8E:5E:29:62:7B:BC:44
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/bZueRLFgEuIv0nSb0Y5eKWJ7vEQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.164.0/22
166.108.192.0/22
Signature Algorithm: sha256WithRSAEncryption
54:81:1f:43:fc:c7:a3:23:66:90:e0:47:1a:55:db:4c:6e:ee:
47:00:c2:c1:64:53:d0:23:a6:38:83:24:ce:49:36:98:7c:ed:
e6:99:0b:e6:5a:bb:96:d2:5d:0b:0e:09:ad:e1:97:5b:36:e1:
2a:35:d5:78:46:e3:f1:b9:43:4a:d1:bd:8a:ff:82:45:00:32:
39:f3:50:c0:31:eb:b8:9c:5a:90:88:c3:04:9e:9d:2c:6c:6b:
8f:46:17:3e:2f:a5:f7:ad:88:14:8f:30:b2:92:ca:3b:12:d1:
fb:0c:cc:bd:37:06:44:fb:cd:33:15:de:76:1d:62:8f:3a:c4:
ab:f7:e4:48:6f:e8:fb:53:40:7d:f9:8c:a1:f2:7c:f3:09:1d:
07:b9:44:70:48:e5:39:62:8b:1a:ee:55:ba:0e:c6:70:4a:fa:
53:79:75:cf:a4:b6:70:1b:56:f5:23:d3:24:00:ff:24:f5:a3:
9c:f9:0c:76:01:76:3e:ec:bb:71:17:7d:22:18:64:e5:25:a7:
68:8a:01:00:61:45:b6:90:15:5a:fa:76:af:ee:4e:65:55:c5:
10:3d:a7:aa:08:52:c1:7e:ad:9b:ad:41:ac:c3:ef:13:47:47:
be:17:4f:72:25:91:aa:65:1c:d5:42:49:71:21:8d:3b:ba:2f:
0d:a1:58:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYUFp8o71ptX97EI1u+dvxB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMjEyMDkyNjAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDliOWU0NGIxNjAxMmUyMmZkMjc0OWJkMThlNWUyOTYyN2JiYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3r7L4u9kJGmxrUyczORnzdeGKgY
EdAZPRgPj1MRa11ZLumEJjkie43f+dOyJ5TNDF4KfIDnQLmkWlPcB22D5bYB8pHH
XG7Dem+J2xhEn8U3IvNknwnLaUD0SU/rNZevlZ/C226/TNIlxnozmA27TPW0xieE
rWKzZ3qxlcSFmlHeHu3p2Jzyd+RI3aDibTANpaFQVV5UzztvlLPzoT38t+Ym9d+B
AsDmOwgxK8evAkAgjn24LuOQSUbRoc/TDPX8czL8quPh3R9Kbf52Hf+0JFdhpQiw
a/s8MkB8AxgplFnXQTz3qiYQ6XiLch90QNxreDptPgq2+eD603FRshh2cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG2bnkSxYBLiL9J0m9GOXilie7xEMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvYlp1ZVJMRmdFdUl2MG5TYjBZNWVLV0o3dkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCpmykAwQC
pmzAMA0GCSqGSIb3DQEBCwUAA4IBAQBUgR9D/MejI2aQ4EcaVdtMbu5HAMLBZFPQ
I6Y4gyTOSTaYfO3mmQvmWruW0l0LDgmt4ZdbNuEqNdV4RuPxuUNK0b2K/4JFADI5
81DAMeu4nFqQiMMEnp0sbGuPRhc+L6X3rYgUjzCykso7EtH7DMy9NwZE+80zFd52
HWKPOsSr9+RIb+j7U0B9+Yyh8nzzCR0HuURwSOU5Yosa7lW6DsZwSvpTeXXPpLZw
G1b1I9MkAP8k9aOc+Qx2AXY+7LtxF30iGGTlJadoigEAYUW2kBVa+nav7k5lVcUQ
PaeqCFLBfq2brUGsw+8TR0e+F09yJZGqZRzVQklxIY07ui8NoViu
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:24:56 2025 by rpki-client