Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/ioxMyHl_aKqE5i9bY1KqGdIctp4.roa
File: ioxMyHl_aKqE5i9bY1KqGdIctp4.roa (raw, json)
Hash identifier: hlYLQhjReSK71o4K/1iriy3rnXsA+bEVzmxWFolxpME=
Subject key identifier: 8A:8C:4C:C8:79:7F:68:AA:84:E6:2F:5B:63:52:AA:19:D2:1C:B6:9E
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018475645FABAB2A5C5A03EB8F6188CE4283
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/ioxMyHl_aKqE5i9bY1KqGdIctp4.roa
Signing time: Mon 14 Nov 2022 09:07:03 +0000
ROA not before: Mon 14 Nov 2022 09:07:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211585
IP address blocks: 166.108.218.0/23 maxlen: 24
166.108.224.0/23 maxlen: 24
166.108.232.0/23 maxlen: 24
166.108.160.0/22 maxlen: 24
166.108.172.0/22 maxlen: 24
166.108.168.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:75:64:5f:ab:ab:2a:5c:5a:03:eb:8f:61:88:ce:42:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Nov 14 09:07:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8a8c4cc8797f68aa84e62f5b6352aa19d21cb69e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:13:b7:68:e8:63:1d:75:df:2b:33:db:f1:b2:
ae:03:fa:af:d5:a4:e2:ea:ed:80:7e:98:b9:af:38:
4b:e3:87:7b:96:d8:e0:0e:42:ec:70:02:f3:ea:10:
e8:83:9c:33:79:f7:ec:4b:37:c5:6f:11:e0:2a:e3:
b2:15:84:65:95:cd:30:2c:ce:27:c5:39:85:e8:75:
21:6d:ff:2f:17:5d:86:e8:bb:e7:94:85:84:76:17:
e3:b1:b2:ca:09:a9:34:e3:c3:8e:23:8b:93:7b:b0:
74:6d:d5:7b:05:a7:b5:25:6a:dc:7d:35:7f:cf:1b:
6d:bf:08:16:00:e6:95:2e:b4:dd:54:f9:c6:64:e9:
51:a7:76:7a:23:d3:2f:f1:28:5e:ad:01:01:51:b3:
16:bc:82:6a:39:49:41:b1:55:fc:32:50:8c:aa:1f:
db:23:0b:1d:13:a8:40:25:6d:b8:b3:86:06:aa:6e:
a7:46:90:eb:dd:e4:5e:61:90:61:74:c9:7a:92:18:
d2:96:6d:0b:d1:11:f7:cb:a3:ad:53:73:0a:70:b5:
b6:9b:a6:7f:34:80:dd:ab:c1:e7:74:47:67:df:50:
bb:c3:8a:1e:61:68:b0:11:93:ad:5e:9a:c7:3f:3c:
c0:a0:48:16:df:2d:53:ed:ac:2c:09:3e:b3:43:52:
70:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:8C:4C:C8:79:7F:68:AA:84:E6:2F:5B:63:52:AA:19:D2:1C:B6:9E
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/ioxMyHl_aKqE5i9bY1KqGdIctp4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0/21
166.108.196.0/22
166.108.218.0/23
166.108.224.0/23
166.108.232.0/23
Signature Algorithm: sha256WithRSAEncryption
60:85:b7:af:93:17:53:75:1f:d1:41:87:e4:76:7b:23:5c:2a:
4d:52:e4:40:9e:78:97:d6:39:3d:a6:08:c7:38:fd:85:12:2c:
fb:07:fd:c5:01:1a:6e:22:79:0c:a1:1a:82:63:8d:3d:45:71:
66:a0:c8:b2:52:37:ee:35:52:8e:97:8e:a6:5e:d2:57:a9:a9:
97:a3:fe:e6:d4:20:dd:a1:47:bf:81:9d:87:ee:71:5b:27:23:
ad:ee:5b:cd:e7:b8:c9:b4:be:d9:79:fa:d4:21:78:47:9c:4b:
d6:bf:9f:00:b0:a9:50:73:b5:95:89:1e:c7:e6:9c:be:31:23:
41:fd:ae:95:55:b9:24:39:a3:ac:cb:81:10:a0:a8:7a:fe:4a:
26:8b:bc:b1:8e:25:64:b4:3f:df:9f:9e:79:68:e0:a1:6d:53:
d3:21:b6:bd:24:5e:0e:96:1f:15:6a:c1:35:be:f8:27:a3:86:
50:13:90:ab:6b:4f:20:b4:e5:78:81:c5:14:d4:43:2f:4a:d0:
8c:f1:6d:ac:0e:c5:8e:3b:a6:64:4e:9f:9e:eb:df:f1:7b:58:
bd:db:69:c7:d3:54:08:f8:e0:0a:80:76:95:d7:ad:aa:7a:4a:
8a:90:33:0c:1b:34:83:b4:0c:f7:8e:73:f4:98:f8:86:0b:e0:
28:ec:0d:15
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYR1ZF+rqypcWgPrj2GIzkKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMTE0MDkwNzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YThjNGNjODc5N2Y2OGFhODRlNjJmNWI2MzUyYWExOWQyMWNiNjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBO3aOhjHXXfKzPb8bKuA/qv1aTi
6u2Afpi5rzhL44d7ltjgDkLscALz6hDog5wzeffsSzfFbxHgKuOyFYRllc0wLM4n
xTmF6HUhbf8vF12G6LvnlIWEdhfjsbLKCak048OOI4uTe7B0bdV7Bae1JWrcfTV/
zxttvwgWAOaVLrTdVPnGZOlRp3Z6I9Mv8SherQEBUbMWvIJqOUlBsVX8MlCMqh/b
IwsdE6hAJW24s4YGqm6nRpDr3eReYZBhdMl6khjSlm0L0RH3y6OtU3MKcLW2m6Z/
NIDdq8HndEdn31C7w4oeYWiwEZOtXprHPzzAoEgW3y1T7awsCT6zQ1Jw0wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIqMTMh5f2iqhOYvW2NSqhnSHLaeMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvaW94TXlIbF9hS3FFNWk5YlkxS3FHZEljdHA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCpmygAwQD
pmyoAwQCpmzEAwQBpmzaAwQBpmzgAwQBpmzoMA0GCSqGSIb3DQEBCwUAA4IBAQBg
hbevkxdTdR/RQYfkdnsjXCpNUuRAnniX1jk9pgjHOP2FEiz7B/3FARpuInkMoRqC
Y409RXFmoMiyUjfuNVKOl46mXtJXqamXo/7m1CDdoUe/gZ2H7nFbJyOt7lvN57jJ
tL7ZefrUIXhHnEvWv58AsKlQc7WViR7H5py+MSNB/a6VVbkkOaOsy4EQoKh6/kom
i7yxjiVktD/fn555aOChbVPTIba9JF4Olh8VasE1vvgno4ZQE5Cra08gtOV4gcUU
1EMvStCM8W2sDsWOO6ZkTp+e69/xe1i922nH01QI+OAKgHaV162qekqKkDMMGzSD
tAz3jnP0mPiGC+Ao7A0V
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:40:26 2025 by rpki-client