Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/sGDOE6FNYooJXQnDOkKPI2qLsl8.roa
File: sGDOE6FNYooJXQnDOkKPI2qLsl8.roa (raw, json)
Hash identifier: DuXbYnzOxsnI9EIS7UqNoeNtxSCJylYF5qr+utkmD4Q=
Subject key identifier: B0:60:CE:13:A1:4D:62:8A:09:5D:09:C3:3A:42:8F:23:6A:8B:B2:5F
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018409274502CC9DE4E5C9FD1CEB3E4B9A49
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/sGDOE6FNYooJXQnDOkKPI2qLsl8.roa
Signing time: Mon 24 Oct 2022 08:41:19 +0000
ROA not before: Mon 24 Oct 2022 08:41:19 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 166.108.216.0/23 maxlen: 23
166.108.218.0/23 maxlen: 23
166.108.224.0/23 maxlen: 23
166.108.226.0/23 maxlen: 23
166.108.220.0/23 maxlen: 23
166.108.222.0/23 maxlen: 23
166.108.230.0/23 maxlen: 23
166.108.232.0/23 maxlen: 23
166.108.228.0/23 maxlen: 23
166.108.244.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 23
166.108.251.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.160.0/22 maxlen: 22
166.108.168.0/22 maxlen: 22
166.108.172.0/22 maxlen: 22
166.108.176.0/22 maxlen: 22
166.108.180.0/22 maxlen: 22
166.108.184.0/22 maxlen: 22
166.108.188.0/22 maxlen: 22
166.108.200.0/22 maxlen: 22
166.108.204.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:09:27:45:02:cc:9d:e4:e5:c9:fd:1c:eb:3e:4b:9a:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Oct 24 08:41:19 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b060ce13a14d628a095d09c33a428f236a8bb25f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:19:59:0d:93:d7:e0:44:fa:03:d7:ae:c2:ef:
de:77:89:99:42:1a:e0:42:35:91:fa:27:3f:2c:97:
35:e8:b9:81:de:4b:df:4a:ce:1e:29:2e:90:0b:03:
81:07:2a:d5:af:3d:41:c1:bc:a4:c1:e4:34:6e:d5:
d0:34:c1:9a:0a:41:3f:8e:06:de:01:47:6f:cb:68:
00:87:aa:77:1d:2b:93:61:a2:99:76:2a:cc:b0:e5:
e4:87:f1:be:75:dd:e9:5f:90:6a:de:e0:62:5c:9a:
84:f9:cd:95:c8:29:2e:d4:f8:ca:4e:c0:22:65:b4:
1b:0a:d2:49:5d:48:a2:57:b1:00:24:27:5a:f4:6f:
89:4e:b3:72:58:9c:ed:b6:58:d8:3d:6d:8a:6e:53:
93:09:2f:c9:06:29:41:ae:80:17:59:f6:6e:10:1e:
92:78:f7:25:4c:9c:8b:62:af:38:1c:4c:02:d4:71:
d7:9d:d2:1c:45:f8:c6:46:84:e4:7b:77:a4:47:cc:
83:63:a0:69:07:a3:bb:b7:54:69:f4:f2:b8:79:fe:
68:29:e2:6a:d7:6a:c6:bc:d0:56:07:08:4b:3e:dd:
e6:b8:12:82:b8:d4:93:55:5c:0d:0b:6a:fe:88:8c:
28:60:95:f7:37:2c:45:d8:53:ce:9c:30:58:9b:90:
27:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:60:CE:13:A1:4D:62:8A:09:5D:09:C3:3A:42:8F:23:6A:8B:B2:5F
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/sGDOE6FNYooJXQnDOkKPI2qLsl8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0-166.108.191.255
166.108.200.0/21
166.108.216.0-166.108.233.255
166.108.242.0-166.108.247.255
166.108.249.0-166.108.254.255
Signature Algorithm: sha256WithRSAEncryption
b6:f8:89:d0:43:f6:3c:73:9d:76:85:98:f2:d9:22:ce:23:3a:
c5:36:fe:26:05:36:09:14:1d:40:8e:1e:0b:cd:a8:42:4c:e1:
1c:51:a8:bc:bb:c0:48:3c:00:25:eb:7a:ed:cc:05:1e:22:f9:
ad:4e:2a:b1:95:e2:a2:a8:07:e5:be:0c:02:50:68:a8:88:13:
22:82:59:03:3e:72:89:54:e3:ba:55:bf:f1:17:2c:c2:9e:77:
e0:28:98:f0:31:ef:b0:59:af:4c:e8:0e:6d:2c:a0:c1:2d:18:
d4:bf:5a:56:77:dd:c4:e5:eb:4d:cc:3c:72:65:9d:64:6d:52:
7f:9b:c4:c5:7e:71:5b:78:d1:21:44:e1:4b:a4:70:e1:90:cd:
cc:7a:f1:d0:28:28:74:2c:7a:e8:db:92:63:6b:8c:44:dc:dc:
39:87:1f:07:da:e3:e7:e6:37:20:f0:16:f1:c7:79:2b:51:a5:
cb:0a:3a:81:05:fe:44:3e:90:63:6c:01:11:a6:b0:b4:a9:c7:
bd:eb:e3:60:48:77:56:97:7d:67:0f:02:28:9b:5d:d0:28:ff:
5a:0d:3b:6f:e0:a1:95:d0:b2:c9:f5:9c:44:f1:51:05:31:72:
d0:4e:29:7e:71:97:83:2f:fd:12:02:8b:f0:09:3c:cb:1e:c7:
29:66:99:89
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYQJJ0UCzJ3k5cn9HOs+S5pJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMDI0MDg0MTE5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDYwY2UxM2ExNGQ2MjhhMDk1ZDA5YzMzYTQyOGYyMzZhOGJiMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBlZDZPX4ET6A9euwu/ed4mZQhrg
QjWR+ic/LJc16LmB3kvfSs4eKS6QCwOBByrVrz1BwbykweQ0btXQNMGaCkE/jgbe
AUdvy2gAh6p3HSuTYaKZdirMsOXkh/G+dd3pX5Bq3uBiXJqE+c2VyCku1PjKTsAi
ZbQbCtJJXUiiV7EAJCda9G+JTrNyWJzttljYPW2KblOTCS/JBilBroAXWfZuEB6S
ePclTJyLYq84HEwC1HHXndIcRfjGRoTke3ekR8yDY6BpB6O7t1Rp9PK4ef5oKeJq
12rGvNBWBwhLPt3muBKCuNSTVVwNC2r+iIwoYJX3NyxF2FPOnDBYm5AnGwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLBgzhOhTWKKCV0JwzpCjyNqi7JfMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvc0dET0U2Rk5Zb29KWFFuRE9rS1BJMnFMc2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCpmygMAwD
BAOmbKgDBAambIADBAOmbMgwDAMEA6Zs2AMEAaZs6DAMAwQBpmzyAwQDpmzwMAwD
BACmbPkDBACmbP4wDQYJKoZIhvcNAQELBQADggEBALb4idBD9jxznXaFmPLZIs4j
OsU2/iYFNgkUHUCOHgvNqEJM4RxRqLy7wEg8ACXreu3MBR4i+a1OKrGV4qKoB+W+
DAJQaKiIEyKCWQM+colU47pVv/EXLMKed+AomPAx77BZr0zoDm0soMEtGNS/WlZ3
3cTl603MPHJlnWRtUn+bxMV+cVt40SFE4UukcOGQzcx68dAoKHQseujbkmNrjETc
3DmHHwfa4+fmNyDwFvHHeStRpcsKOoEF/kQ+kGNsARGmsLSpx73r42BId1aXfWcP
AiibXdAo/1oNO2/goZXQssn1nETxUQUxctBOKX5xl4Mv/RICi/AJPMsexylmmYk=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:43 2023 by rpki-client on console-fra.rpki-client.org