Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/uVlnDBZRheEU9Yri5dasiLtFpQI.roa
File: uVlnDBZRheEU9Yri5dasiLtFpQI.roa (raw, json)
Hash identifier: DTTLh/lLxRuG35k1XPrpjHNq5tXGoj7XEu5XIFbVht8=
Subject key identifier: B9:59:67:0C:16:51:85:E1:14:F5:8A:E2:E5:D6:AC:88:BB:45:A5:02
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0184ED060580F84C704F4C8024714B72749C
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/uVlnDBZRheEU9Yri5dasiLtFpQI.roa
Signing time: Wed 07 Dec 2022 14:38:25 +0000
ROA not before: Wed 07 Dec 2022 14:38:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3320
IP address blocks: 166.108.240.0/23 maxlen: 24
166.108.234.0/23 maxlen: 24
166.108.236.0/23 maxlen: 24
166.108.238.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:ed:06:05:80:f8:4c:70:4f:4c:80:24:71:4b:72:74:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Dec 7 14:38:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b959670c165185e114f58ae2e5d6ac88bb45a502
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:5a:1c:7a:fe:47:04:ab:94:5a:ca:a1:b2:60:
b4:c9:a5:c2:f3:90:44:10:d0:85:f8:e7:2e:57:5b:
7e:c0:c1:90:03:ff:eb:a8:f9:f2:35:4b:8e:b6:5d:
30:90:ab:ac:2c:a7:56:12:02:95:88:22:ff:9c:71:
df:a8:b1:a0:20:bc:df:32:b4:4a:16:a6:d4:1f:bd:
a1:88:3a:7a:ec:67:5e:a9:d5:90:3e:5a:a6:c6:9e:
f4:dc:82:05:44:ec:61:0a:b2:91:a8:55:f9:67:45:
af:db:4b:d8:72:49:a9:11:3e:8d:ac:3d:61:22:e5:
a9:b1:31:54:ca:a0:49:a5:d0:42:64:d7:b7:ec:26:
b1:16:dc:f7:91:02:7b:42:18:6d:32:61:c7:87:f3:
59:19:0d:57:7c:8d:e4:75:6b:27:28:1e:2b:b5:06:
b9:3a:09:98:19:12:3f:56:b9:db:8a:32:32:8e:ae:
56:79:5a:9c:77:36:28:da:e1:6c:1b:c1:e3:c7:45:
8d:4b:6b:36:90:ad:bc:5c:ca:37:e7:39:89:50:22:
56:ae:6b:62:0e:72:53:06:43:89:01:33:62:a4:6b:
c8:68:15:4e:91:d1:a3:d2:c1:f2:05:ee:ea:90:ec:
ae:5c:37:6d:e0:06:cf:db:be:75:c3:fe:74:d5:60:
23:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:59:67:0C:16:51:85:E1:14:F5:8A:E2:E5:D6:AC:88:BB:45:A5:02
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/uVlnDBZRheEU9Yri5dasiLtFpQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.234.0-166.108.241.255
Signature Algorithm: sha256WithRSAEncryption
88:bd:73:0a:34:08:23:83:f3:7c:7e:1a:cb:6a:96:f7:df:6a:
8e:f6:55:db:b5:50:21:ff:ed:21:a0:88:b2:fe:a1:86:a3:64:
80:de:c8:78:a8:db:90:0c:c8:d6:88:2c:fd:fa:60:a1:ea:62:
ae:0f:5e:66:9e:13:85:e1:4e:fe:8a:62:fe:30:fc:07:79:87:
de:e0:ff:48:c1:26:a2:2f:bb:17:0b:f8:b6:14:5f:af:2d:07:
20:39:ad:dc:84:88:03:c0:70:f2:c8:fb:9d:82:20:37:8a:f2:
12:63:97:de:53:0d:03:b0:04:75:ce:c5:4f:a1:b5:61:bc:cd:
b5:dd:31:0d:0f:17:fa:53:c9:a3:84:bd:45:ac:da:32:6a:d7:
96:ab:0f:43:da:3d:8e:c4:72:e0:2f:ea:46:e9:5c:63:46:a7:
f8:61:08:3e:c1:fc:2d:e4:6c:3b:01:99:e1:61:e8:00:12:5f:
6d:a2:1e:a8:fe:15:32:e5:89:5e:2a:22:c3:d2:0c:a7:bc:f5:
16:2f:a9:a4:78:79:68:cd:f6:55:0a:bb:91:9c:ea:af:bb:7e:
b9:93:eb:5c:bd:99:c9:6e:dc:da:cc:3f:62:82:80:65:12:29:
b0:51:dc:31:2e:ec:a6:26:20:fc:d0:01:49:4c:c6:a6:0f:20:
3b:8d:4e:6e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYTtBgWA+ExwT0yAJHFLcnScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMjA3MTQzODI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTU5NjcwYzE2NTE4NWUxMTRmNThhZTJlNWQ2YWM4OGJiNDVhNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61ocev5HBKuUWsqhsmC0yaXC85BE
ENCF+OcuV1t+wMGQA//rqPnyNUuOtl0wkKusLKdWEgKViCL/nHHfqLGgILzfMrRK
FqbUH72hiDp67GdeqdWQPlqmxp703IIFROxhCrKRqFX5Z0Wv20vYckmpET6NrD1h
IuWpsTFUyqBJpdBCZNe37CaxFtz3kQJ7QhhtMmHHh/NZGQ1XfI3kdWsnKB4rtQa5
OgmYGRI/VrnbijIyjq5WeVqcdzYo2uFsG8Hjx0WNS2s2kK28XMo35zmJUCJWrmti
DnJTBkOJATNipGvIaBVOkdGj0sHyBe7qkOyuXDdt4AbP2751w/501WAjXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLlZZwwWUYXhFPWK4uXWrIi7RaUCMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvdVZsbkRCWlJoZUVVOVlyaTVkYXNpTHRGcFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAGmbOoD
BAGmbPAwDQYJKoZIhvcNAQELBQADggEBAIi9cwo0CCOD83x+Gstqlvffao72Vdu1
UCH/7SGgiLL+oYajZIDeyHio25AMyNaILP36YKHqYq4PXmaeE4XhTv6KYv4w/Ad5
h97g/0jBJqIvuxcL+LYUX68tByA5rdyEiAPAcPLI+52CIDeK8hJjl95TDQOwBHXO
xU+htWG8zbXdMQ0PF/pTyaOEvUWs2jJq15arD0PaPY7EcuAv6kbpXGNGp/hhCD7B
/C3kbDsBmeFh6AASX22iHqj+FTLliV4qIsPSDKe89RYvqaR4eWjN9lUKu5Gc6q+7
frmT61y9mclu3NrMP2KCgGUSKbBR3DEu7KYmIPzQAUlMxqYPIDuNTm4=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:43:37 2025 by rpki-client