Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/ia0fzpDtvz03MKrfxxqdgjqf-Og.roa
File: ia0fzpDtvz03MKrfxxqdgjqf-Og.roa (raw, json)
Hash identifier: A33nYEGYaVxVCTnU3R6+MIUrnSCaf0bDN2gT2mRYeI4=
Subject key identifier: 89:AD:1F:CE:90:ED:BF:3D:37:30:AA:DF:C7:1A:9D:82:3A:9F:F8:E8
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 01847C11AE8C2F73ABC9F7B2B51EAEC60328
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/ia0fzpDtvz03MKrfxxqdgjqf-Og.roa
Signing time: Tue 15 Nov 2022 16:14:04 +0000
ROA not before: Tue 15 Nov 2022 16:14:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 166.108.216.0/23 maxlen: 23
166.108.226.0/23 maxlen: 23
166.108.220.0/23 maxlen: 23
166.108.222.0/23 maxlen: 23
166.108.230.0/23 maxlen: 23
166.108.232.0/23 maxlen: 23
166.108.228.0/23 maxlen: 23
166.108.244.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 23
166.108.251.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.160.0/22 maxlen: 22
166.108.168.0/22 maxlen: 22
166.108.172.0/22 maxlen: 22
166.108.176.0/22 maxlen: 22
166.108.180.0/22 maxlen: 22
166.108.184.0/22 maxlen: 22
166.108.188.0/22 maxlen: 22
166.108.200.0/22 maxlen: 22
166.108.204.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:7c:11:ae:8c:2f:73:ab:c9:f7:b2:b5:1e:ae:c6:03:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Nov 15 16:14:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=89ad1fce90edbf3d3730aadfc71a9d823a9ff8e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:61:e6:99:f2:49:88:26:11:1b:74:b1:6d:ba:
d7:6d:9b:e4:ac:f2:5c:a8:d1:7d:68:34:8d:b5:d4:
7c:2a:5f:10:e2:61:be:95:b3:97:3e:a8:5e:ee:81:
96:4d:27:63:f0:4a:19:73:30:90:3c:06:c9:d7:ea:
cc:88:c0:0e:71:33:ac:b4:3d:b5:c3:43:4f:18:15:
5b:80:77:9f:ff:1e:ef:c1:50:c1:f2:2d:bd:79:c0:
38:9a:5e:29:ac:9a:42:e9:86:7d:70:c3:2a:aa:44:
90:5e:3a:ac:8c:5d:f6:d4:34:1a:5b:1a:0b:9a:e2:
4d:df:21:37:e8:53:cf:c5:17:ed:db:f0:00:c1:2c:
12:b3:dd:0b:c5:36:ac:db:70:d3:ca:7f:cb:65:1d:
80:30:9d:15:92:7c:9c:24:e2:d4:6e:51:fb:07:1b:
9f:80:9f:fa:cb:f7:30:fe:e8:5a:bc:9d:ee:33:be:
68:4f:a0:f4:57:74:ca:f1:3b:c9:eb:7e:2e:6d:bc:
35:0c:8a:a1:47:ed:bc:e7:8d:82:ea:bc:dc:dd:a4:
7e:a3:63:a2:24:8b:4d:f6:99:4f:de:d0:06:bc:e0:
c0:c1:c5:0c:19:a8:01:fd:ed:04:2d:d6:5d:a2:ed:
b9:b5:7b:6a:4b:ba:9f:02:b2:3a:b5:5b:f4:3c:d8:
3b:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:AD:1F:CE:90:ED:BF:3D:37:30:AA:DF:C7:1A:9D:82:3A:9F:F8:E8
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/ia0fzpDtvz03MKrfxxqdgjqf-Og.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0-166.108.191.255
166.108.200.0/21
166.108.216.0/23
166.108.220.0/22
166.108.226.0-166.108.233.255
166.108.242.0-166.108.247.255
166.108.249.0-166.108.254.255
Signature Algorithm: sha256WithRSAEncryption
87:00:db:a6:da:e4:6e:f0:9a:03:bc:2d:71:0a:c6:09:0f:f0:
53:60:4b:77:0e:87:69:97:f5:ad:4f:17:13:19:4b:7e:b7:57:
97:68:fb:ca:83:ec:14:7f:b9:de:ca:d5:18:51:44:cf:64:30:
a6:27:27:ca:1e:4c:c7:bc:26:f7:25:7f:fa:94:12:69:8d:f4:
49:e9:bf:02:65:25:4f:da:89:19:96:9f:50:a2:6f:b8:98:c5:
b6:04:78:28:06:90:e5:94:e2:a2:ec:f7:53:6f:80:42:46:fc:
ec:33:18:62:8d:fc:fb:d9:a7:12:a6:57:6b:94:55:8e:c8:9a:
e7:7e:6f:18:9e:d5:96:5d:48:80:9f:8f:0c:3a:57:f0:bb:a1:
ee:a3:e8:af:6b:4b:ed:9b:c0:87:7b:01:d1:5c:15:3f:a2:6e:
3a:26:61:0c:67:a4:e4:37:5f:62:e8:6a:b4:f3:6a:3f:dc:09:
f0:f3:91:fc:fe:b5:31:f9:67:3e:54:d4:63:7a:2c:4c:fb:0d:
e5:7d:57:f2:be:d6:ce:00:85:ac:ee:24:a8:66:ea:f2:c2:a9:
d9:ce:97:4c:1f:f3:2f:72:0a:78:fe:dd:d1:dd:a5:76:8d:69:
0e:a0:fe:82:ea:8b:e3:78:e7:2e:44:60:44:78:25:97:d3:aa:
c1:d6:5f:17
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYR8Ea6ML3OryfeytR6uxgMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMTE1MTYxNDA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWFkMWZjZTkwZWRiZjNkMzczMGFhZGZjNzFhOWQ4MjNhOWZmOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWHmmfJJiCYRG3SxbbrXbZvkrPJc
qNF9aDSNtdR8Kl8Q4mG+lbOXPqhe7oGWTSdj8EoZczCQPAbJ1+rMiMAOcTOstD21
w0NPGBVbgHef/x7vwVDB8i29ecA4ml4prJpC6YZ9cMMqqkSQXjqsjF321DQaWxoL
muJN3yE36FPPxRft2/AAwSwSs90LxTas23DTyn/LZR2AMJ0VknycJOLUblH7Bxuf
gJ/6y/cw/uhavJ3uM75oT6D0V3TK8TvJ634ubbw1DIqhR+28542C6rzc3aR+o2Oi
JItN9plP3tAGvODAwcUMGagB/e0ELdZdou25tXtqS7qfArI6tVv0PNg7dQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFImtH86Q7b89NzCq38canYI6n/joMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvaWEwZnpwRHR2ejAzTUtyZnh4cWRnanFmLU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQCpmygMAwD
BAOmbKgDBAambIADBAOmbMgDBAGmbNgDBAKmbNwwDAMEAaZs4gMEAaZs6DAMAwQB
pmzyAwQDpmzwMAwDBACmbPkDBACmbP4wDQYJKoZIhvcNAQELBQADggEBAIcA26ba
5G7wmgO8LXEKxgkP8FNgS3cOh2mX9a1PFxMZS363V5do+8qD7BR/ud7K1RhRRM9k
MKYnJ8oeTMe8Jvclf/qUEmmN9EnpvwJlJU/aiRmWn1Cib7iYxbYEeCgGkOWU4qLs
91NvgEJG/OwzGGKN/PvZpxKmV2uUVY7Imud+bxie1ZZdSICfjww6V/C7oe6j6K9r
S+2bwId7AdFcFT+ibjomYQxnpOQ3X2LoarTzaj/cCfDzkfz+tTH5Zz5U1GN6LEz7
DeV9V/K+1s4AhazuJKhm6vLCqdnOl0wf8y9yCnj+3dHdpXaNaQ6g/oLqi+N45y5E
YER4JZfTqsHWXxc=
-----END CERTIFICATE-----
Generated at Fri Apr 18 04:50:23 2025 by rpki-client