Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/miSPzONzXGFjPJDd72C-DOfmg7E.roa
File: miSPzONzXGFjPJDd72C-DOfmg7E.roa (raw, json)
Hash identifier: qhZsWlPN6CKD1zFdJQq5QTzKdc8v+HuIyhh99MenshE=
Subject key identifier: 9A:24:8F:CC:E3:73:5C:61:63:3C:90:DD:EF:60:BE:0C:E7:E6:83:B1
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018505A8B49689DECC65CBDDA46D002A88C0
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/miSPzONzXGFjPJDd72C-DOfmg7E.roa
Signing time: Mon 12 Dec 2022 09:27:00 +0000
ROA not before: Mon 12 Dec 2022 09:27:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 166.108.216.0/23 maxlen: 23
166.108.226.0/23 maxlen: 23
166.108.220.0/23 maxlen: 23
166.108.222.0/23 maxlen: 23
166.108.230.0/23 maxlen: 23
166.108.232.0/23 maxlen: 23
166.108.228.0/23 maxlen: 23
166.108.244.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 23
166.108.251.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.160.0/22 maxlen: 22
166.108.168.0/22 maxlen: 22
166.108.172.0/22 maxlen: 22
166.108.176.0/22 maxlen: 22
166.108.184.0/22 maxlen: 22
166.108.188.0/22 maxlen: 22
166.108.204.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:05:a8:b4:96:89:de:cc:65:cb:dd:a4:6d:00:2a:88:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Dec 12 09:27:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9a248fcce3735c61633c90ddef60be0ce7e683b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a2:41:c9:8d:d9:24:1e:de:4b:26:e2:14:5f:
fd:f2:0c:eb:c3:4f:27:a9:d9:c9:b9:50:83:f2:21:
e3:f4:16:ab:27:08:5b:9c:30:75:f8:b2:d4:ef:21:
77:9f:ae:cd:02:f8:0e:e6:85:77:ee:00:65:a5:c6:
b9:f8:ca:f7:de:c7:e0:6e:57:8f:c7:b5:47:ef:00:
be:e8:0a:5f:ab:be:0c:96:bd:70:86:48:c9:fc:c0:
61:21:99:13:f9:c8:06:d5:f2:89:1c:64:1a:ca:14:
2d:d0:b9:85:0a:7d:a5:d7:66:7a:5f:bc:73:d7:a1:
da:c3:50:2c:d2:81:31:5b:c6:37:81:e4:d3:19:24:
8b:cd:c7:aa:bf:5a:4b:06:4f:81:b0:26:8c:bf:f3:
ec:23:b7:3d:93:7e:37:3a:05:79:52:3f:fc:15:71:
22:bb:0b:75:77:f0:38:8c:cf:d2:8e:f1:02:bb:f0:
81:59:ac:60:ae:82:2b:a4:da:ac:e5:fc:79:e5:55:
ab:85:0c:7f:e8:d6:71:75:fb:f3:02:f7:82:e6:24:
55:51:59:8f:5a:25:e6:70:ce:22:9b:c8:a2:b9:cd:
76:ab:f9:f8:dd:ab:e7:1c:52:b4:30:74:fe:b8:af:
a3:75:bb:f2:4e:94:bc:58:ea:b1:69:28:a3:2c:de:
a0:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:24:8F:CC:E3:73:5C:61:63:3C:90:DD:EF:60:BE:0C:E7:E6:83:B1
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/miSPzONzXGFjPJDd72C-DOfmg7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0-166.108.179.255
166.108.184.0/21
166.108.204.0/22
166.108.216.0/23
166.108.220.0/22
166.108.226.0-166.108.233.255
166.108.242.0-166.108.247.255
166.108.249.0-166.108.254.255
Signature Algorithm: sha256WithRSAEncryption
bd:c3:bc:d5:4d:cc:78:f5:69:af:a6:a2:58:2a:d3:14:30:23:
cb:1f:e7:17:4e:9c:0e:02:e7:27:fb:18:93:cf:24:e8:ab:89:
7a:eb:5a:58:79:54:5a:b3:a5:0e:32:d1:a1:62:50:0e:64:dd:
f1:aa:53:e2:74:37:12:4d:3a:1b:61:c5:f0:85:f2:ae:e5:da:
81:bf:56:21:5c:a4:e3:8c:7e:de:54:1e:1e:ab:f7:39:3d:61:
19:89:7c:ee:30:b4:37:66:d2:1b:eb:22:d1:3d:4f:c3:33:8f:
cb:7c:56:ac:72:bb:1a:9d:35:2f:c0:83:c3:41:62:3f:c4:54:
bb:b2:fa:99:c3:0d:c1:4d:64:e9:c6:4e:d7:17:93:9f:2e:d6:
c6:24:96:d4:b1:04:bf:bc:15:93:2c:f9:10:d6:92:d6:8c:36:
db:37:15:45:b7:1c:2e:fb:bb:dc:83:a8:d4:07:c4:d8:7d:8d:
23:c5:28:c9:f6:28:0a:5b:1c:69:4d:6b:9e:c1:d2:d3:ee:ab:
f8:0e:30:a9:76:05:99:b7:ea:d6:47:84:b9:6e:0a:e7:f5:77:
69:b8:1a:93:88:49:f9:3d:0b:20:24:34:ef:41:4b:07:26:fa:
09:fb:d2:ac:7c:d2:1c:be:b2:d6:17:05:6e:d2:7c:79:7b:d9:
bc:d1:03:05
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYUFqLSWid7MZcvdpG0AKojAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMjEyMDkyNzAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTI0OGZjY2UzNzM1YzYxNjMzYzkwZGRlZjYwYmUwY2U3ZTY4M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqJByY3ZJB7eSybiFF/98gzrw08n
qdnJuVCD8iHj9BarJwhbnDB1+LLU7yF3n67NAvgO5oV37gBlpca5+Mr33sfgbleP
x7VH7wC+6Apfq74Mlr1whkjJ/MBhIZkT+cgG1fKJHGQayhQt0LmFCn2l12Z6X7xz
16Haw1As0oExW8Y3geTTGSSLzceqv1pLBk+BsCaMv/PsI7c9k343OgV5Uj/8FXEi
uwt1d/A4jM/SjvECu/CBWaxgroIrpNqs5fx55VWrhQx/6NZxdfvzAveC5iRVUVmP
WiXmcM4im8iiuc12q/n43avnHFK0MHT+uK+jdbvyTpS8WOqxaSijLN6gzwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFJokj8zjc1xhYzyQ3e9gvgzn5oOxMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvbWlTUHpPTnpYR0ZqUEpEZDcyQy1ET2ZtZzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQCpmygMAwD
BAOmbKgDBAKmbLADBAOmbLgDBAKmbMwDBAGmbNgDBAKmbNwwDAMEAaZs4gMEAaZs
6DAMAwQBpmzyAwQDpmzwMAwDBACmbPkDBACmbP4wDQYJKoZIhvcNAQELBQADggEB
AL3DvNVNzHj1aa+molgq0xQwI8sf5xdOnA4C5yf7GJPPJOiriXrrWlh5VFqzpQ4y
0aFiUA5k3fGqU+J0NxJNOhthxfCF8q7l2oG/ViFcpOOMft5UHh6r9zk9YRmJfO4w
tDdm0hvrItE9T8Mzj8t8VqxyuxqdNS/Ag8NBYj/EVLuy+pnDDcFNZOnGTtcXk58u
1sYkltSxBL+8FZMs+RDWktaMNts3FUW3HC77u9yDqNQHxNh9jSPFKMn2KApbHGlN
a57B0tPuq/gOMKl2BZm36tZHhLluCuf1d2m4GpOISfk9CyAkNO9BSwcm+gn70qx8
0hy+stYXBW7SfHl72bzRAwU=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:43 2023 by rpki-client on console-fra.rpki-client.org