Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/9SHLHnM3duPJc83TrSVcbgmfpM8.roa
File: 9SHLHnM3duPJc83TrSVcbgmfpM8.roa (raw, json)
Hash identifier: CMTbYdPuxwxe5P1J3vrVpSdO+2pF8ti4CvPbHNrdnag=
Subject key identifier: F5:21:CB:1E:73:37:76:E3:C9:73:CD:D3:AD:25:5C:6E:09:9F:A4:CF
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 018A2E119848D52023E7F97F3ADB5BC84AA9
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/9SHLHnM3duPJc83TrSVcbgmfpM8.roa
Signing time: Fri 25 Aug 2023 19:00:19 +0000
ROA not before: Fri 25 Aug 2023 19:00:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 166.108.4.0/22 maxlen: 22
166.108.0.0/22 maxlen: 22
166.108.8.0/22 maxlen: 22
166.108.12.0/22 maxlen: 22
192.53.136.0/21 maxlen: 21
192.53.64.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:2e:11:98:48:d5:20:23:e7:f9:7f:3a:db:5b:c8:4a:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Aug 25 19:00:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f521cb1e733776e3c973cdd3ad255c6e099fa4cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:02:b4:30:0e:13:83:15:a5:e2:06:0d:fb:00:
9e:df:57:bd:7d:3e:e6:02:85:54:cc:2a:53:a1:57:
24:40:48:2f:f0:93:27:51:c9:53:66:b1:f3:43:aa:
2c:bf:2c:39:77:82:49:43:5c:38:15:1a:71:be:6b:
c3:89:e1:45:d3:36:91:88:7d:9e:33:51:4a:d3:60:
b8:8f:12:e9:8d:2c:b4:98:78:d9:63:4f:e3:7d:e3:
63:96:d5:0d:54:da:95:15:d7:06:9a:56:f3:1a:00:
5c:74:c0:7c:12:eb:a5:66:0d:44:24:5f:18:3f:ac:
b4:23:b3:86:ff:eb:f9:1b:91:c4:7b:72:ab:a8:ce:
6e:0f:79:8a:fa:54:5d:a7:36:c1:90:8f:5e:79:00:
c7:c5:c7:48:ef:42:62:93:97:e8:13:26:c1:81:00:
8a:50:0b:90:8f:9f:75:73:4e:d0:33:84:14:71:74:
7d:6e:ab:62:16:e8:95:e9:6a:6b:7e:00:83:89:2f:
94:e4:7b:20:bb:13:dd:0d:82:89:c7:99:74:4f:ab:
3f:ab:30:fb:c3:77:6c:2a:43:37:3f:e2:30:7b:0c:
28:d7:e9:ea:9f:51:ac:67:09:51:94:69:c9:9e:98:
66:69:58:f3:85:f2:fb:2f:4f:b5:98:f3:6d:0a:9b:
09:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:21:CB:1E:73:37:76:E3:C9:73:CD:D3:AD:25:5C:6E:09:9F:A4:CF
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/9SHLHnM3duPJc83TrSVcbgmfpM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.0.0/20
192.53.64.0/21
192.53.136.0/21
Signature Algorithm: sha256WithRSAEncryption
2d:49:aa:21:ed:e5:92:52:ac:a5:2c:a3:b3:27:f8:c5:c7:7c:
49:76:e9:a2:ab:7d:c4:8c:41:40:d5:05:e4:36:e9:f5:b0:de:
90:f7:d4:4b:75:21:5b:cf:d8:e4:dd:33:dd:17:6c:cf:fe:5e:
18:43:14:08:36:62:57:7c:42:cd:a3:b6:c2:1c:f0:f3:c4:89:
d4:c8:1d:0e:34:99:1d:7b:d1:c7:45:fd:ff:c2:08:b0:f1:51:
b0:0a:24:0e:78:09:26:e0:b7:38:92:f0:5c:61:49:f4:5b:0a:
f3:fd:a4:3d:85:2a:59:d9:0a:8c:88:68:ed:6a:37:3f:37:fc:
32:47:aa:46:00:f5:5f:c7:82:43:fd:1c:7a:19:44:8f:7e:59:
ae:3b:1d:3f:18:1c:0d:b3:32:d5:06:03:a4:47:7b:3e:80:cc:
cb:5c:c1:1e:b8:c2:3e:e8:f4:ac:30:1e:02:e4:98:6a:36:21:
81:ac:09:aa:25:d3:c4:b5:1a:74:a1:0a:47:fb:45:57:9a:bd:
fd:56:06:9e:0a:37:72:f6:24:73:73:87:81:8b:ff:ac:ce:33:
06:73:c0:63:7c:2a:b0:ef:6d:3d:7a:ad:15:5d:47:f9:c3:bb:
8c:3f:ce:16:94:00:ed:4a:e8:1f:55:bb:a9:14:c5:01:31:e3:
ad:24:d7:97
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYouEZhI1SAj5/l/OttbyEqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwODI1MTkwMDE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTIxY2IxZTczMzc3NmUzYzk3M2NkZDNhZDI1NWM2ZTA5OWZhNGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgK0MA4TgxWl4gYN+wCe31e9fT7m
AoVUzCpToVckQEgv8JMnUclTZrHzQ6osvyw5d4JJQ1w4FRpxvmvDieFF0zaRiH2e
M1FK02C4jxLpjSy0mHjZY0/jfeNjltUNVNqVFdcGmlbzGgBcdMB8EuulZg1EJF8Y
P6y0I7OG/+v5G5HEe3KrqM5uD3mK+lRdpzbBkI9eeQDHxcdI70Jik5foEybBgQCK
UAuQj591c07QM4QUcXR9bqtiFuiV6WprfgCDiS+U5HsguxPdDYKJx5l0T6s/qzD7
w3dsKkM3P+Iwewwo1+nqn1GsZwlRlGnJnphmaVjzhfL7L0+1mPNtCpsJxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPUhyx5zN3bjyXPN060lXG4Jn6TPMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvOVNITEhuTTNkdVBKYzgzVHJTVmNiZ21mcE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEpmwAAwQD
wDVAAwQDwDWIMA0GCSqGSIb3DQEBCwUAA4IBAQAtSaoh7eWSUqylLKOzJ/jFx3xJ
dumiq33EjEFA1QXkNun1sN6Q99RLdSFbz9jk3TPdF2zP/l4YQxQINmJXfELNo7bC
HPDzxInUyB0ONJkde9HHRf3/wgiw8VGwCiQOeAkm4Lc4kvBcYUn0Wwrz/aQ9hSpZ
2QqMiGjtajc/N/wyR6pGAPVfx4JD/Rx6GUSPflmuOx0/GBwNszLVBgOkR3s+gMzL
XMEeuMI+6PSsMB4C5JhqNiGBrAmqJdPEtRp0oQpH+0VXmr39VgaeCjdy9iRzc4eB
i/+szjMGc8BjfCqw7209eq0VXUf5w7uMP84WlADtSugfVbupFMUBMeOtJNeX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org