Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/vYEbGrTwCeQVVxCO2eP2zfYm0MQ.roa
File: vYEbGrTwCeQVVxCO2eP2zfYm0MQ.roa (raw, json)
Hash identifier: vgsrphHtwowQpGMCd0E/PlKIj9y1+5BkM8i4UDIArBk=
Subject key identifier: BD:81:1B:1A:B4:F0:09:E4:15:57:10:8E:D9:E3:F6:CD:F6:26:D0:C4
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0183E5A2C5AFB4196E029F0C5D9BE56B6EF9
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/vYEbGrTwCeQVVxCO2eP2zfYm0MQ.roa
Signing time: Mon 17 Oct 2022 11:09:53 +0000
ROA not before: Mon 17 Oct 2022 11:09:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 166.108.216.0/23 maxlen: 23
166.108.218.0/23 maxlen: 23
166.108.224.0/23 maxlen: 23
166.108.226.0/23 maxlen: 23
166.108.220.0/23 maxlen: 23
166.108.222.0/23 maxlen: 23
166.108.230.0/23 maxlen: 23
166.108.232.0/23 maxlen: 23
166.108.228.0/23 maxlen: 23
166.108.244.0/24 maxlen: 24
166.108.245.0/24 maxlen: 24
166.108.246.0/24 maxlen: 24
166.108.242.0/23 maxlen: 23
166.108.251.0/24 maxlen: 24
166.108.252.0/24 maxlen: 24
166.108.253.0/24 maxlen: 24
166.108.247.0/24 maxlen: 24
166.108.249.0/24 maxlen: 24
166.108.250.0/24 maxlen: 24
166.108.254.0/24 maxlen: 24
166.108.160.0/22 maxlen: 22
166.108.168.0/22 maxlen: 22
166.108.172.0/22 maxlen: 22
166.108.176.0/22 maxlen: 22
166.108.180.0/22 maxlen: 22
166.108.184.0/22 maxlen: 22
166.108.188.0/22 maxlen: 22
166.108.200.0/22 maxlen: 22
166.108.204.0/22 maxlen: 22
166.108.208.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:e5:a2:c5:af:b4:19:6e:02:9f:0c:5d:9b:e5:6b:6e:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Oct 17 11:09:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bd811b1ab4f009e41557108ed9e3f6cdf626d0c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:66:f8:d4:61:95:9b:34:90:d3:36:f7:d7:16:
aa:ac:92:e7:c4:f2:ad:00:b6:93:a2:3c:7e:e2:d0:
12:b6:a3:3d:94:7a:1e:16:28:18:37:67:0d:ee:8e:
96:cd:71:54:eb:eb:6b:bf:af:63:62:f4:9b:36:28:
9b:08:30:5c:39:22:a4:29:86:bf:c5:f5:36:95:a2:
51:b2:98:c4:97:1d:44:11:1a:e1:53:0a:06:cf:ac:
f5:db:2e:46:da:92:7c:d1:3e:43:c3:9e:58:9b:9c:
a1:77:20:98:1d:5e:30:c0:ae:9c:3c:11:41:ca:63:
ac:05:fe:20:aa:f8:98:d5:61:61:b0:f1:a7:d5:0b:
57:d9:03:67:66:eb:2b:84:60:00:1f:88:91:90:23:
bb:cd:5a:1a:d4:0f:80:06:ac:a6:1e:ab:a9:59:4a:
7c:38:6c:e5:c6:d1:6e:e7:68:44:76:4d:5b:2c:6b:
2e:38:0e:9c:7a:62:c7:64:ac:a2:85:94:7c:78:79:
bf:fe:13:3d:6f:c7:a1:47:82:4a:5a:7d:b1:6f:b5:
18:90:a9:a2:1d:24:81:b8:a9:8e:01:2f:29:c1:f8:
1e:9a:66:47:50:14:dd:92:7f:9d:e2:5b:45:96:e6:
2a:aa:b3:89:6a:d7:f3:de:57:4c:c0:34:f3:3d:9c:
c9:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:81:1B:1A:B4:F0:09:E4:15:57:10:8E:D9:E3:F6:CD:F6:26:D0:C4
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/vYEbGrTwCeQVVxCO2eP2zfYm0MQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0-166.108.191.255
166.108.200.0-166.108.211.255
166.108.216.0-166.108.233.255
166.108.242.0-166.108.247.255
166.108.249.0-166.108.254.255
Signature Algorithm: sha256WithRSAEncryption
40:3b:2e:0f:91:8d:4f:b7:46:52:b9:bf:b6:6b:79:be:1f:a3:
0a:6b:73:1c:e2:ea:fa:f8:12:de:f7:fc:67:8d:50:8d:14:4a:
38:70:af:9c:88:1a:ae:52:dc:fb:e8:a9:0b:24:49:78:9e:54:
3f:0d:f5:e4:8e:d6:47:4d:23:d1:a4:da:21:28:b6:2e:85:d1:
d3:8c:41:ab:68:b6:2c:bb:57:ad:76:8e:ab:52:5f:33:8e:53:
b0:e2:b3:e9:2f:a6:29:bf:c5:b9:9a:61:3f:be:d3:72:f7:b0:
b6:58:a6:9c:1b:60:f2:2c:ce:8d:88:68:22:c7:c2:cd:f0:fa:
46:43:42:49:15:bf:22:55:e5:75:7f:fc:f6:4e:8a:c4:cb:47:
e3:d2:9b:36:9f:3b:6a:15:24:7f:e2:16:98:20:a9:d1:2d:0d:
2b:0e:c9:1e:a6:72:c9:8a:b9:e0:e7:70:41:ee:9d:4c:fe:d4:
4d:c2:30:6a:37:28:6a:b9:83:91:45:42:d6:c9:c5:92:dd:2b:
48:e2:84:4c:7b:9e:59:15:fb:d0:1f:4a:6e:82:44:81:bc:71:
21:14:21:c4:b1:83:68:44:a4:30:66:ff:d6:e3:e0:8f:53:22:
ed:3f:0a:c4:4b:86:12:55:66:22:cc:5b:ea:3a:fb:66:bb:26:
b2:40:29:62
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYPlosWvtBluAp8MXZvla275MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMDE3MTEwOTUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDgxMWIxYWI0ZjAwOWU0MTU1NzEwOGVkOWUzZjZjZGY2MjZkMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGb41GGVmzSQ0zb31xaqrJLnxPKt
ALaTojx+4tAStqM9lHoeFigYN2cN7o6WzXFU6+trv69jYvSbNiibCDBcOSKkKYa/
xfU2laJRspjElx1EERrhUwoGz6z12y5G2pJ80T5Dw55Ym5yhdyCYHV4wwK6cPBFB
ymOsBf4gqviY1WFhsPGn1QtX2QNnZusrhGAAH4iRkCO7zVoa1A+ABqymHqupWUp8
OGzlxtFu52hEdk1bLGsuOA6cemLHZKyihZR8eHm//hM9b8ehR4JKWn2xb7UYkKmi
HSSBuKmOAS8pwfgemmZHUBTdkn+d4ltFluYqqrOJatfz3ldMwDTzPZzJ4QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFL2BGxq08AnkFVcQjtnj9s32JtDEMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvdllFYkdyVHdDZVFWVnhDTzJlUDJ6ZlltME1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCpmygMAwD
BAOmbKgDBAambIAwDAMEA6ZsyAMEAqZs0DAMAwQDpmzYAwQBpmzoMAwDBAGmbPID
BAOmbPAwDAMEAKZs+QMEAKZs/jANBgkqhkiG9w0BAQsFAAOCAQEAQDsuD5GNT7dG
Urm/tmt5vh+jCmtzHOLq+vgS3vf8Z41QjRRKOHCvnIgarlLc++ipCyRJeJ5UPw31
5I7WR00j0aTaISi2LoXR04xBq2i2LLtXrXaOq1JfM45TsOKz6S+mKb/FuZphP77T
cvewtlimnBtg8izOjYhoIsfCzfD6RkNCSRW/IlXldX/89k6KxMtH49KbNp87ahUk
f+IWmCCp0S0NKw7JHqZyyYq54OdwQe6dTP7UTcIwajcoarmDkUVC1snFkt0rSOKE
THueWRX70B9KboJEgbxxIRQhxLGDaESkMGb/1uPgj1Mi7T8KxEuGElVmIsxb6jr7
ZrsmskApYg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:12:45 2025 by rpki-client