Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/saMmO4P-E4E54yiomy5q11A-AgM.roa
File: saMmO4P-E4E54yiomy5q11A-AgM.roa (raw, json)
Hash identifier: MEs7kuoH9Ka36zyyU/fZ3nGiruADoCAauIeh09oLmFk=
Subject key identifier: B1:A3:26:3B:83:FE:13:81:39:E3:28:A8:9B:2E:6A:D7:50:3E:02:03
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 018388633BB7E63CA2CD5E0F2C41E6B4E748
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/saMmO4P-E4E54yiomy5q11A-AgM.roa
Signing time: Thu 29 Sep 2022 08:35:48 +0000
ROA not before: Thu 29 Sep 2022 08:35:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209737
IP address blocks: 166.108.164.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
166.108.208.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:88:63:3b:b7:e6:3c:a2:cd:5e:0f:2c:41:e6:b4:e7:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Sep 29 08:35:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b1a3263b83fe138139e328a89b2e6ad7503e0203
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:59:71:cb:f5:4f:c6:30:92:64:a5:5d:cc:0f:
c5:64:77:dd:43:f5:b7:2a:d7:d2:17:67:f2:8d:97:
d9:3c:ac:98:b9:87:1b:3e:fe:d4:d1:f2:42:ca:b3:
8e:17:70:91:49:c7:96:48:98:a1:aa:d3:89:7b:07:
9c:38:56:dc:0b:7c:4f:13:5c:62:c8:9c:e0:e6:bf:
a6:37:f1:61:ae:9e:89:89:65:d9:21:87:52:67:49:
fd:af:e6:4e:e2:df:92:11:53:e8:22:7a:6a:45:ac:
e5:da:82:3c:66:36:f4:7c:2e:c9:0b:8b:59:d2:c9:
60:0e:26:64:90:95:62:5b:8f:f7:46:49:90:7c:63:
23:e6:8a:cd:77:48:1d:87:83:3c:6a:2b:f8:64:35:
32:ff:37:8f:33:54:60:35:5c:11:fb:76:65:1c:04:
c5:d7:37:7c:b4:d3:f6:c4:45:3d:83:b7:70:0c:db:
c8:5a:14:4d:8d:57:c8:be:51:f8:b5:8c:10:c4:c1:
55:5a:92:3d:b8:e6:26:4e:fb:b7:20:37:94:a7:cf:
30:e4:6f:e9:d7:d2:68:f1:9d:51:b0:b0:3a:25:2d:
ce:65:92:08:42:30:c1:65:eb:62:25:61:bd:8a:a6:
31:20:b1:c1:3f:9d:c9:a2:68:24:5d:46:44:5e:83:
ea:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:A3:26:3B:83:FE:13:81:39:E3:28:A8:9B:2E:6A:D7:50:3E:02:03
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/saMmO4P-E4E54yiomy5q11A-AgM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.164.0/22
166.108.196.0/22
166.108.208.0/22
Signature Algorithm: sha256WithRSAEncryption
b3:a6:95:88:f6:0a:18:63:87:f6:bd:c4:39:95:eb:4d:b2:ab:
8e:91:2f:be:a7:5d:c4:7e:a0:48:80:d8:57:1a:37:0b:9f:6e:
6b:51:d1:b4:f7:d7:6f:68:20:e1:c3:7d:52:34:7d:0b:57:2e:
93:d5:b3:2c:73:a4:dd:b4:80:a7:71:e3:d1:73:8d:f5:18:93:
d2:ac:aa:81:6d:48:ce:16:cf:11:38:7b:38:a7:a7:2c:da:76:
86:69:22:c3:a4:6f:e5:0a:6a:1a:b5:bb:8c:93:a9:99:2b:c3:
08:df:01:79:b3:12:b0:18:3d:32:62:fd:17:d9:a6:79:7b:70:
c9:c2:53:d8:32:69:a5:5e:c0:df:58:9f:5c:b4:b3:16:16:61:
43:d9:c0:43:c1:d6:7f:33:a6:b2:63:bb:cb:11:c7:06:02:71:
88:e6:e0:62:25:6b:b5:a5:bf:4c:7b:67:c5:ae:f1:d3:08:c9:
46:83:8c:20:67:4d:12:b9:bc:ee:82:7f:2e:d6:a1:6e:f6:74:
08:8c:a8:18:01:09:10:e1:72:54:92:22:de:26:aa:89:50:b5:
50:d3:2e:b7:fb:34:6c:3d:48:a4:d5:16:41:01:28:6a:cd:1b:
7a:92:2f:b9:a8:c9:c8:44:66:a7:b9:d0:38:6b:6f:42:7b:79:
82:c9:75:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYOIYzu35jyizV4PLEHmtOdIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIwOTI5MDgzNTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWEzMjYzYjgzZmUxMzgxMzllMzI4YTg5YjJlNmFkNzUwM2UwMjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVlxy/VPxjCSZKVdzA/FZHfdQ/W3
KtfSF2fyjZfZPKyYuYcbPv7U0fJCyrOOF3CRSceWSJihqtOJewecOFbcC3xPE1xi
yJzg5r+mN/Fhrp6JiWXZIYdSZ0n9r+ZO4t+SEVPoInpqRazl2oI8Zjb0fC7JC4tZ
0slgDiZkkJViW4/3RkmQfGMj5orNd0gdh4M8aiv4ZDUy/zePM1RgNVwR+3ZlHATF
1zd8tNP2xEU9g7dwDNvIWhRNjVfIvlH4tYwQxMFVWpI9uOYmTvu3IDeUp88w5G/p
19Jo8Z1RsLA6JS3OZZIIQjDBZetiJWG9iqYxILHBP53JomgkXUZEXoPqywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLGjJjuD/hOBOeMoqJsuatdQPgIDMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvc2FNbU80UC1FNEU1NHlpb215NXExMUEtQWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCpmykAwQC
pmzEAwQCpmzQMA0GCSqGSIb3DQEBCwUAA4IBAQCzppWI9goYY4f2vcQ5letNsquO
kS++p13EfqBIgNhXGjcLn25rUdG099dvaCDhw31SNH0LVy6T1bMsc6TdtICncePR
c431GJPSrKqBbUjOFs8ROHs4p6cs2naGaSLDpG/lCmoatbuMk6mZK8MI3wF5sxKw
GD0yYv0X2aZ5e3DJwlPYMmmlXsDfWJ9ctLMWFmFD2cBDwdZ/M6ayY7vLEccGAnGI
5uBiJWu1pb9Me2fFrvHTCMlGg4wgZ00Subzugn8u1qFu9nQIjKgYAQkQ4XJUkiLe
JqqJULVQ0y63+zRsPUik1RZBAShqzRt6ki+5qMnIRGanudA4a29Ce3mCyXUy
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:27 2023 by rpki-client on console-ams.rpki-client.org