Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/uTHhQuJfBmwiI1xGhz3d1Jdh27U.roa
File: uTHhQuJfBmwiI1xGhz3d1Jdh27U.roa (raw, json)
Hash identifier: 6B4jQ3jk2zMiLe0/j+7kBrV7m74BWyr5aLQzqYn+snU=
Subject key identifier: B9:31:E1:42:E2:5F:06:6C:22:23:5C:46:87:3D:DD:D4:97:61:DB:B5
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0185B9D392A54E354F6183E74B47BEFD472B
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/uTHhQuJfBmwiI1xGhz3d1Jdh27U.roa
Signing time: Mon 16 Jan 2023 09:05:28 +0000
ROA not before: Mon 16 Jan 2023 09:05:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211585
IP address blocks: 166.108.160.0/22 maxlen: 24
166.108.168.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:b9:d3:92:a5:4e:35:4f:61:83:e7:4b:47:be:fd:47:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Jan 16 09:05:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b931e142e25f066c22235c46873dddd49761dbb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:3c:dc:4b:db:a0:1b:e0:bd:de:55:4e:a9:6b:
47:a6:94:28:fd:31:2f:7a:9d:04:6e:eb:a2:b5:c3:
52:a2:e7:03:df:0b:d3:83:ac:61:d6:8d:d1:73:92:
c5:69:f3:29:e1:b9:2b:0d:91:7e:bb:4c:91:f7:39:
2e:fb:e1:72:51:d9:10:f5:87:66:b5:42:15:db:83:
f0:0c:fa:42:41:56:ea:07:c5:79:1b:b1:7e:af:40:
d4:1d:65:67:02:ab:a1:72:bb:c2:01:82:3e:37:24:
9e:10:9c:4c:42:41:7e:51:93:b8:c5:7c:f8:72:1a:
32:8e:7a:e2:96:b6:f9:95:5e:3c:56:86:aa:4d:9a:
89:1b:b9:b7:b7:b0:64:0b:3b:89:db:64:16:a6:a5:
27:b9:33:ee:4f:b8:d5:8b:e2:e8:0f:f4:9b:cb:4a:
88:ad:db:3a:a3:99:18:c3:fe:d2:df:8f:fc:39:b0:
a5:69:83:e8:bb:8f:9c:04:f0:35:2d:8c:2c:b9:a5:
74:af:df:8d:c3:08:22:ae:dd:52:47:1b:4b:d8:30:
2a:2b:65:f4:e6:8c:98:a2:97:03:47:dc:78:8d:14:
c9:3e:d7:2f:9a:34:07:12:0f:68:ab:19:eb:15:ba:
96:67:90:3e:2b:99:86:25:f7:89:bb:7e:b0:16:ef:
c2:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:31:E1:42:E2:5F:06:6C:22:23:5C:46:87:3D:DD:D4:97:61:DB:B5
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/uTHhQuJfBmwiI1xGhz3d1Jdh27U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0/22
166.108.196.0/22
Signature Algorithm: sha256WithRSAEncryption
7f:bb:8e:3f:8e:10:5b:0e:53:b1:62:86:00:a8:d1:df:8b:6c:
9b:aa:7b:cd:e2:26:ef:f6:98:61:d0:b0:9d:9c:9f:6a:5e:8b:
9b:04:39:b8:11:7d:9f:14:58:f7:b8:db:80:f0:e4:d8:ad:ef:
5c:d0:ab:82:89:db:fa:ae:a1:da:5a:fd:06:e7:53:f4:69:30:
53:dc:55:19:3e:5f:b2:df:7b:8e:bc:b7:75:13:e9:42:ca:98:
96:c1:25:66:a9:d0:ab:8c:34:c9:3d:b3:4e:9d:b2:d3:ce:ad:
cf:f3:c3:4a:dd:35:36:25:84:5a:5d:38:3c:24:e9:c7:86:8f:
47:7e:1a:fe:98:ef:ab:4a:e6:db:04:db:96:eb:17:4d:87:bf:
18:74:60:8b:1a:0a:51:af:a7:7c:3d:a8:1d:27:b6:a1:d4:28:
a0:2e:5e:01:92:7b:17:e3:3f:7a:17:55:12:97:50:e2:d3:c3:
da:e1:da:d4:55:24:c4:e3:b6:4c:93:e5:ad:ab:4b:a3:31:02:
b7:7e:5f:a8:26:f4:17:bc:19:9f:56:4e:77:aa:c1:a8:36:d5:
4a:e7:e2:ee:5c:0f:94:e8:44:37:0c:bc:75:78:94:77:2d:9c:
f9:b2:04:fe:fc:10:a0:72:0e:b1:a0:9c:15:b6:9b:18:3a:7a:
ad:ae:b7:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYW505KlTjVPYYPnS0e+/UcrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMTE2MDkwNTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTMxZTE0MmUyNWYwNjZjMjIyMzVjNDY4NzNkZGRkNDk3NjFkYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDzcS9ugG+C93lVOqWtHppQo/TEv
ep0EbuuitcNSoucD3wvTg6xh1o3Rc5LFafMp4bkrDZF+u0yR9zku++FyUdkQ9Ydm
tUIV24PwDPpCQVbqB8V5G7F+r0DUHWVnAquhcrvCAYI+NySeEJxMQkF+UZO4xXz4
choyjnrilrb5lV48VoaqTZqJG7m3t7BkCzuJ22QWpqUnuTPuT7jVi+LoD/Sby0qI
rds6o5kYw/7S34/8ObClaYPou4+cBPA1LYwsuaV0r9+Nwwgirt1SRxtL2DAqK2X0
5oyYopcDR9x4jRTJPtcvmjQHEg9oqxnrFbqWZ5A+K5mGJfeJu36wFu/C2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLkx4ULiXwZsIiNcRoc93dSXYdu1MB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvdVRIaFF1SmZCbXdpSTF4R2h6M2QxSmRoMjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCpmygAwQC
pmyoAwQCpmzEMA0GCSqGSIb3DQEBCwUAA4IBAQB/u44/jhBbDlOxYoYAqNHfi2yb
qnvN4ibv9phh0LCdnJ9qXoubBDm4EX2fFFj3uNuA8OTYre9c0KuCidv6rqHaWv0G
51P0aTBT3FUZPl+y33uOvLd1E+lCypiWwSVmqdCrjDTJPbNOnbLTzq3P88NK3TU2
JYRaXTg8JOnHho9Hfhr+mO+rSubbBNuW6xdNh78YdGCLGgpRr6d8PagdJ7ah1Cig
Ll4BknsX4z96F1USl1Di08Pa4drUVSTE47ZMk+Wtq0ujMQK3fl+oJvQXvBmfVk53
qsGoNtVK5+LuXA+U6EQ3DLx1eJR3LZz5sgT+/BCgcg6xoJwVtpsYOnqtrrfQ
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:46 2023 by rpki-client on console.sobornost.net