Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/nWSBBGIhFlJcAth0PGX0qiC8t2I.roa
File: nWSBBGIhFlJcAth0PGX0qiC8t2I.roa (raw, json)
Hash identifier: yNhCZIj6v/nOU8i/OkdsdY+BKu0ygy9XbP0ASFESb88=
Subject key identifier: 9D:64:81:04:62:21:16:52:5C:02:D8:74:3C:65:F4:AA:20:BC:B7:62
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 0188BB82FC169C33646286D75A50CA0514A7
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/nWSBBGIhFlJcAth0PGX0qiC8t2I.roa
Signing time: Wed 14 Jun 2023 20:05:03 +0000
ROA not before: Wed 14 Jun 2023 20:05:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 174
IP address blocks: 166.108.4.0/22 maxlen: 22
166.108.0.0/22 maxlen: 22
166.108.8.0/22 maxlen: 22
166.108.12.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:bb:82:fc:16:9c:33:64:62:86:d7:5a:50:ca:05:14:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Jun 14 20:05:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9d648104622116525c02d8743c65f4aa20bcb762
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:39:ca:c0:fb:74:74:56:05:c0:d6:83:20:85:
88:03:41:bb:47:c8:43:cf:0d:bc:db:c0:9b:62:79:
84:9a:b1:03:f2:4f:dd:bb:49:af:2e:6f:16:da:62:
72:e8:0f:11:59:7c:a7:e5:52:5a:cc:16:40:84:50:
52:89:9b:0c:5c:1f:5c:ee:cd:4e:65:84:6a:18:cf:
e8:ee:6e:cf:12:80:d6:cb:b4:81:64:8b:b3:3f:3d:
1d:e1:38:d7:3f:40:ec:21:8e:e2:c1:01:ff:39:54:
c7:fc:64:50:ab:48:0c:c9:6d:29:3f:50:7a:ab:fb:
8a:6d:23:e3:b9:78:22:96:a9:f7:dc:72:da:da:d5:
8a:8e:85:72:0d:cc:73:61:c3:94:31:70:88:63:79:
9e:12:3b:1a:7e:0b:26:c7:71:11:5b:5c:2b:c4:08:
13:8f:82:bc:05:4c:1b:17:44:13:e8:1a:fd:f3:05:
1e:a6:c2:1c:9d:bd:b4:e2:db:35:b5:78:9e:3d:a6:
e8:55:3a:57:d2:51:1b:20:8a:81:b6:35:1c:0c:bc:
00:4e:6f:83:bc:bc:aa:9d:99:14:6f:7a:de:ac:a9:
69:77:56:29:3f:81:92:bf:77:b4:f5:24:da:15:23:
3b:2e:b6:08:e5:da:e6:e7:ec:8e:d9:82:58:a8:aa:
cf:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:64:81:04:62:21:16:52:5C:02:D8:74:3C:65:F4:AA:20:BC:B7:62
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/nWSBBGIhFlJcAth0PGX0qiC8t2I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.0.0/20
Signature Algorithm: sha256WithRSAEncryption
5b:8a:4f:7c:1d:0c:cf:c4:64:38:03:11:01:8a:d2:2a:21:35:
5c:c0:74:43:6e:22:a3:ba:ae:ec:51:6b:7f:98:e7:19:47:fe:
03:e1:71:b9:6c:7c:38:96:aa:b6:4e:c6:e0:cd:f8:ab:de:33:
19:ea:57:b0:af:e2:c7:c3:93:c6:5c:2d:77:e0:07:82:08:bc:
40:15:cc:d8:f2:4d:fa:b6:6b:36:51:71:0f:af:bd:2f:dd:ee:
3b:b4:97:0b:48:d3:99:6e:d0:61:53:0e:fe:22:e6:e3:f0:73:
45:96:6d:7f:a7:d0:1d:45:e2:73:c1:6c:21:08:43:ae:fc:3e:
a9:a2:31:9c:63:a1:bc:e5:65:30:3b:8c:b6:9c:fe:d7:a9:de:
d6:db:47:8b:70:20:31:5a:af:8d:c5:ef:47:69:6e:b7:98:95:
14:31:ff:a0:d1:49:1c:19:5d:0a:45:a8:b8:78:b8:0c:d7:bc:
ed:7c:1f:42:b4:96:36:e7:6b:c1:16:a3:44:b7:02:e8:cf:52:
c7:c5:a6:1e:2e:ac:b7:e5:4c:20:c8:09:47:0c:96:9f:3a:5f:
37:3c:91:dc:91:07:4b:b5:0e:43:83:9c:0b:de:61:0d:00:bb:
de:57:f1:f8:2f:a3:4b:c2:23:be:5b:fc:b9:d8:d4:ad:ec:3d:
c2:53:34:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYi7gvwWnDNkYobXWlDKBRSnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwNjE0MjAwNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDY0ODEwNDYyMjExNjUyNWMwMmQ4NzQzYzY1ZjRhYTIwYmNiNzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoznKwPt0dFYFwNaDIIWIA0G7R8hD
zw2828CbYnmEmrED8k/du0mvLm8W2mJy6A8RWXyn5VJazBZAhFBSiZsMXB9c7s1O
ZYRqGM/o7m7PEoDWy7SBZIuzPz0d4TjXP0DsIY7iwQH/OVTH/GRQq0gMyW0pP1B6
q/uKbSPjuXgilqn33HLa2tWKjoVyDcxzYcOUMXCIY3meEjsafgsmx3ERW1wrxAgT
j4K8BUwbF0QT6Br98wUepsIcnb204ts1tXiePaboVTpX0lEbIIqBtjUcDLwATm+D
vLyqnZkUb3rerKlpd1YpP4GSv3e09STaFSM7LrYI5drm5+yO2YJYqKrPcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1kgQRiIRZSXALYdDxl9KogvLdiMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvbldTQkJHSWhGbEpjQXRoMFBHWDBxaUM4dDJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEpmwAMA0G
CSqGSIb3DQEBCwUAA4IBAQBbik98HQzPxGQ4AxEBitIqITVcwHRDbiKjuq7sUWt/
mOcZR/4D4XG5bHw4lqq2Tsbgzfir3jMZ6lewr+LHw5PGXC134AeCCLxAFczY8k36
tms2UXEPr70v3e47tJcLSNOZbtBhUw7+Iubj8HNFlm1/p9AdReJzwWwhCEOu/D6p
ojGcY6G85WUwO4y2nP7Xqd7W20eLcCAxWq+Nxe9HaW63mJUUMf+g0UkcGV0KRai4
eLgM17ztfB9CtJY252vBFqNEtwLoz1LHxaYeLqy35UwgyAlHDJafOl83PJHckQdL
tQ5Dg5wL3mENALveV/H4L6NLwiO+W/y52NSt7D3CUzS1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org