Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/8fbG13HPVAjQtH8-MaiLFmPuDxE.roa
File: 8fbG13HPVAjQtH8-MaiLFmPuDxE.roa (raw, json)
Hash identifier: j4oWQUQbylQW6r0V236XV5YVFah0OSvrsFdSlB5+WPo=
Subject key identifier: F1:F6:C6:D7:71:CF:54:08:D0:B4:7F:3E:31:A8:8B:16:63:EE:0F:11
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0183D136DB49177A986A9580DF323283D7FE
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/8fbG13HPVAjQtH8-MaiLFmPuDxE.roa
Signing time: Thu 13 Oct 2022 11:59:36 +0000
ROA not before: Thu 13 Oct 2022 11:59:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209737
IP address blocks: 166.108.164.0/22 maxlen: 24
166.108.192.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
166.108.208.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:d1:36:db:49:17:7a:98:6a:95:80:df:32:32:83:d7:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Oct 13 11:59:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f1f6c6d771cf5408d0b47f3e31a88b1663ee0f11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:1b:c4:c0:16:a4:24:10:08:99:0d:be:4c:4c:
18:7e:5f:52:f8:b0:47:87:19:0d:c0:89:3c:92:f5:
18:bc:6a:f6:c1:58:71:69:b4:40:26:5a:14:45:41:
4f:f6:2e:87:2b:dc:f5:79:34:38:72:7b:8f:09:1a:
0c:d3:b9:af:d9:d1:1e:5a:95:ad:d2:18:70:ac:71:
da:5b:c1:02:2c:74:a5:6d:26:74:7d:55:f4:2e:83:
c8:32:80:26:3f:29:c4:a0:73:d5:dc:b6:41:04:fa:
51:cb:15:71:f5:c6:fd:61:db:92:4a:b8:e3:f4:e5:
00:27:69:e1:b1:26:58:33:6a:c5:d0:89:97:5b:03:
df:75:0c:8d:1d:14:56:33:49:6c:c7:81:f1:ec:a5:
57:a4:5d:c0:61:e9:cf:75:86:57:10:87:7b:18:44:
13:1a:ef:a3:73:a1:37:89:7f:b2:79:a1:bb:58:93:
bc:e3:43:9e:74:14:0c:12:54:63:51:ac:21:1e:b4:
f4:6d:91:59:e9:ac:c4:41:e7:cc:db:de:d5:67:44:
72:da:fd:bc:52:d8:9b:d6:a1:c1:69:50:c4:02:43:
db:09:04:63:4f:d8:1d:ac:ec:c4:8f:aa:41:67:ca:
4f:d9:f0:56:75:96:93:b4:f6:8e:82:9e:1c:36:b2:
b8:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:F6:C6:D7:71:CF:54:08:D0:B4:7F:3E:31:A8:8B:16:63:EE:0F:11
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/8fbG13HPVAjQtH8-MaiLFmPuDxE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.164.0/22
166.108.192.0/21
166.108.208.0/22
Signature Algorithm: sha256WithRSAEncryption
98:db:50:43:de:ec:55:9e:67:ab:cb:38:05:4e:98:45:06:99:
76:dd:f5:d4:09:25:d0:f2:4c:05:d3:f9:3a:b1:d4:4c:45:bd:
b3:0f:3e:e1:f3:d7:07:e8:90:88:c0:d3:71:29:0d:03:88:37:
d2:95:5d:07:bd:03:a6:af:28:74:6c:6a:c8:0a:99:9d:e6:33:
ee:7e:b6:2f:9b:dd:21:8b:87:60:4e:93:fa:6f:ca:7b:75:bf:
79:15:88:62:b4:37:6c:6f:e3:60:58:92:e3:c1:fa:71:d0:72:
d4:91:f6:f1:fa:6a:a9:93:c3:8f:b7:a7:56:a3:c8:62:b5:4d:
f7:3f:f1:aa:7f:34:fc:5b:d2:82:bb:fb:35:12:88:a5:bd:99:
45:71:ec:1b:d1:e1:29:a1:09:62:57:01:36:55:06:86:3a:5d:
f7:db:bb:9a:02:43:9c:6c:de:c6:5b:71:5c:e5:d2:ae:c8:8a:
15:7f:d9:64:dc:93:c9:e0:b0:86:38:c9:ce:fc:af:11:63:c7:
08:88:06:54:87:36:48:5d:e5:de:d5:56:06:e8:91:bc:99:e5:
0c:e2:ed:3e:1c:53:92:70:35:11:c4:83:d0:01:87:d3:d8:95:
66:d6:21:dc:ac:c3:3f:ad:ad:d8:63:80:4d:d6:ef:06:be:06:
f7:a0:2b:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYPRNttJF3qYapWA3zIyg9f+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMDEzMTE1OTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWY2YzZkNzcxY2Y1NDA4ZDBiNDdmM2UzMWE4OGIxNjYzZWUwZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBvEwBakJBAImQ2+TEwYfl9S+LBH
hxkNwIk8kvUYvGr2wVhxabRAJloURUFP9i6HK9z1eTQ4cnuPCRoM07mv2dEeWpWt
0hhwrHHaW8ECLHSlbSZ0fVX0LoPIMoAmPynEoHPV3LZBBPpRyxVx9cb9YduSSrjj
9OUAJ2nhsSZYM2rF0ImXWwPfdQyNHRRWM0lsx4Hx7KVXpF3AYenPdYZXEId7GEQT
Gu+jc6E3iX+yeaG7WJO840OedBQMElRjUawhHrT0bZFZ6azEQefM297VZ0Ry2v28
Utib1qHBaVDEAkPbCQRjT9gdrOzEj6pBZ8pP2fBWdZaTtPaOgp4cNrK4nwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPH2xtdxz1QI0LR/PjGoixZj7g8RMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvOGZiRzEzSFBWQWpRdEg4LU1haUxGbVB1RHhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCpmykAwQD
pmzAAwQCpmzQMA0GCSqGSIb3DQEBCwUAA4IBAQCY21BD3uxVnmeryzgFTphFBpl2
3fXUCSXQ8kwF0/k6sdRMRb2zDz7h89cH6JCIwNNxKQ0DiDfSlV0HvQOmryh0bGrI
Cpmd5jPufrYvm90hi4dgTpP6b8p7db95FYhitDdsb+NgWJLjwfpx0HLUkfbx+mqp
k8OPt6dWo8hitU33P/GqfzT8W9KCu/s1EoilvZlFcewb0eEpoQliVwE2VQaGOl33
27uaAkOcbN7GW3Fc5dKuyIoVf9lk3JPJ4LCGOMnO/K8RY8cIiAZUhzZIXeXe1VYG
6JG8meUM4u0+HFOScDURxIPQAYfT2JVm1iHcrMM/ra3YY4BN1u8Gvgb3oCuf
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:46 2023 by rpki-client on console.sobornost.net