Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/sGN2Hoeo13-3tb8AOZMsSF4apKo.roa
File: sGN2Hoeo13-3tb8AOZMsSF4apKo.roa (raw, json)
Hash identifier: kl1bZaVQ1cBkrNHSZkyLNJZUtpnHoG1mdwifBcb7nM4=
Subject key identifier: B0:63:76:1E:87:A8:D7:7F:B7:B5:BF:00:39:93:2C:48:5E:1A:A4:AA
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 067A17E7
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/sGN2Hoeo13-3tb8AOZMsSF4apKo.roa
Signing time: Wed 16 Feb 2022 09:36:44 +0000
ROA not before: Wed 16 Feb 2022 09:36:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 166.108.218.0/23 maxlen: 24
166.108.216.0/23 maxlen: 24
166.108.226.0/23 maxlen: 24
166.108.220.0/23 maxlen: 24
166.108.222.0/23 maxlen: 24
166.108.224.0/23 maxlen: 24
166.108.228.0/23 maxlen: 24
166.108.230.0/23 maxlen: 24
166.108.232.0/23 maxlen: 24
166.108.234.0/23 maxlen: 24
166.108.236.0/23 maxlen: 24
166.108.238.0/23 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.244.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.251.0/24 maxlen: 24
166.108.255.0/24 maxlen: 24
166.108.164.0/22 maxlen: 24
166.108.160.0/22 maxlen: 24
166.108.172.0/22 maxlen: 24
166.108.168.0/22 maxlen: 24
166.108.176.0/22 maxlen: 24
166.108.184.0/22 maxlen: 24
166.108.180.0/22 maxlen: 24
166.108.192.0/22 maxlen: 24
166.108.188.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
166.108.200.0/22 maxlen: 24
166.108.212.0/22 maxlen: 24
166.108.208.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 108664807 (0x67a17e7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Feb 16 09:36:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b063761e87a8d77fb7b5bf0039932c485e1aa4aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:79:f7:6f:19:48:5f:6d:a4:4e:ae:86:60:7b:
44:b7:4a:ff:07:28:a7:07:ef:68:c9:70:95:42:1c:
08:15:a8:bb:50:78:a4:57:8e:df:50:11:45:f8:6e:
dc:c5:78:04:3b:a4:0c:f9:b4:42:7e:8f:db:94:22:
f5:2c:35:6f:1f:41:65:1d:c1:f6:54:40:1d:74:92:
4a:b2:4a:e6:76:1d:df:1c:0d:24:20:bd:9c:e7:79:
04:d3:89:5e:bf:1c:39:55:1c:38:50:e2:9b:98:76:
ce:b1:d6:e9:c5:22:c7:09:a8:f1:b2:34:ce:5c:0f:
65:b2:e1:81:2f:00:b7:57:85:57:6b:1f:1e:84:84:
3e:5c:67:da:dc:71:bf:23:04:44:49:a4:f7:57:0c:
54:f4:52:c9:bd:0c:96:df:9c:1e:b5:2b:75:f7:32:
30:57:4f:81:f4:95:c1:8f:83:fa:3d:2a:31:11:ab:
c9:d8:49:c1:eb:d3:fb:35:b5:a5:9b:e4:4a:e7:56:
01:fb:43:d2:3b:48:ed:98:98:97:18:ee:5d:d1:73:
36:ae:64:0d:ce:0e:1c:ad:1c:22:3c:5d:41:ab:a6:
77:98:c1:87:9c:b4:69:39:8a:54:dd:d1:0c:b9:75:
b5:6f:29:a5:15:ab:16:af:0d:b0:92:be:8e:54:b1:
29:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:63:76:1E:87:A8:D7:7F:B7:B5:BF:00:39:93:2C:48:5E:1A:A4:AA
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/sGN2Hoeo13-3tb8AOZMsSF4apKo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0-166.108.203.255
166.108.208.0-166.108.239.255
166.108.244.0/22
166.108.249.0-166.108.253.255
166.108.255.0/24
Signature Algorithm: sha256WithRSAEncryption
b5:00:61:f7:48:bb:26:0c:0d:9c:9b:49:41:b4:7f:60:2b:25:
eb:51:f8:5c:2d:91:57:1c:5f:fc:51:a6:dc:1c:72:df:bc:56:
bd:98:19:d8:84:21:3f:75:b5:32:22:cb:ec:04:cb:1e:57:2c:
0e:d6:01:85:93:24:0f:00:a3:45:af:63:53:d5:1d:48:0b:40:
f1:4b:11:c4:21:26:99:9d:ae:bf:bd:45:a6:0f:53:7d:0d:0e:
e5:97:7e:8c:19:b3:7f:8d:68:77:10:a7:c9:2c:a9:0a:83:39:
93:9a:56:99:11:f8:24:c2:64:f3:80:b8:9d:e6:8a:58:ed:a1:
3d:06:37:da:5f:44:03:d1:50:34:47:21:24:07:36:cf:10:ac:
cb:11:e4:05:ff:79:75:05:b6:d0:06:45:eb:31:48:1f:73:e9:
81:36:e3:72:69:64:66:c2:a8:3d:24:8d:19:04:b3:b5:92:40:
b6:ef:82:af:4a:04:c6:33:10:9a:2d:d8:75:04:31:fa:71:19:
d9:e8:64:0a:05:c1:19:0e:ec:60:db:de:1a:1c:02:58:35:92:
78:cc:3a:1f:7d:fa:e2:5e:f4:26:94:a0:ea:e1:e6:ec:9a:16:
8b:4f:d9:09:71:9a:c9:30:65:69:9f:8a:b8:77:18:2f:a3:14:
54:b4:36:c4
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEBnoX5zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
OTJiODYwOTVjZTU1OGQyZTk2MTg3MjhhNDQyMjhhMjdiZTkwOThmMB4XDTIyMDIx
NjA5MzY0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjA2Mzc2MWU4N2E4
ZDc3ZmI3YjViZjAwMzk5MzJjNDg1ZTFhYTRhYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI95928ZSF9tpE6uhmB7RLdK/wcopwfvaMlwlUIcCBWou1B4
pFeO31ARRfhu3MV4BDukDPm0Qn6P25Qi9Sw1bx9BZR3B9lRAHXSSSrJK5nYd3xwN
JCC9nOd5BNOJXr8cOVUcOFDim5h2zrHW6cUixwmo8bI0zlwPZbLhgS8At1eFV2sf
HoSEPlxn2txxvyMEREmk91cMVPRSyb0Mlt+cHrUrdfcyMFdPgfSVwY+D+j0qMRGr
ydhJwevT+zW1pZvkSudWAftD0jtI7ZiYlxjuXdFzNq5kDc4OHK0cIjxdQaumd5jB
h5y0aTmKVN3RDLl1tW8ppRWrFq8NsJK+jlSxKakCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBSwY3Yeh6jXf7e1vwA5kyxIXhqkqjAfBgNVHSMEGDAWgBSZK4YJXOVY0ulh
hyikQiiie+kJjzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21TdUdDVnpsV05McFlZY29wRUlvb252cENZOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzkvOGVhOWI5LTNiNmUtNGZkZi1iNWQxLWYwNGZkY2MwOWU1MS8x
L3NHTjJIb2VvMTMtM3RiOEFPWk1zU0Y0YXBLby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkv
OGVhOWI5LTNiNmUtNGZkZi1iNWQxLWYwNGZkY2MwOWU1MS8xL21TdUdDVnpsV05M
cFlZY29wRUlvb252cENZOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNjAMAwQFpmygAwQCpmzIMAwDBASmbNAD
BASmbOADBAKmbPQwDAMEAKZs+QMEAaZs/AMEAKZs/zANBgkqhkiG9w0BAQsFAAOC
AQEAtQBh90i7JgwNnJtJQbR/YCsl61H4XC2RVxxf/FGm3Bxy37xWvZgZ2IQhP3W1
MiLL7ATLHlcsDtYBhZMkDwCjRa9jU9UdSAtA8UsRxCEmmZ2uv71Fpg9TfQ0O5Zd+
jBmzf41odxCnySypCoM5k5pWmRH4JMJk84C4neaKWO2hPQY32l9EA9FQNEchJAc2
zxCsyxHkBf95dQW20AZF6zFIH3PpgTbjcmlkZsKoPSSNGQSztZJAtu+Cr0oExjMQ
mi3YdQQx+nEZ2ehkCgXBGQ7sYNveGhwCWDWSeMw6H3364l70JpSg6uHm7JoWi0/Z
CXGayTBlaZ+KuHcYL6MUVLQ2xA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:27 2023 by rpki-client on console-ams.rpki-client.org