Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/668Yjr6VYLWT1Ues6ID6ptPXb5A.roa
File: 668Yjr6VYLWT1Ues6ID6ptPXb5A.roa (raw, json)
Hash identifier: LET9hqhQARFJt5duIvnV/qSzUP5PjWCYqtCYpiPbuWs=
Subject key identifier: EB:AF:18:8E:BE:95:60:B5:93:D5:47:AC:E8:80:FA:A6:D3:D7:6F:90
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 0190B858F06355C2186DA25C22132BB8D81D
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/668Yjr6VYLWT1Ues6ID6ptPXb5A.roa
Signing time: Mon 15 Jul 2024 21:42:34 +0000
ROA not before: Mon 15 Jul 2024 21:42:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.64.0/24 maxlen: 24
185.161.66.0/24 maxlen: 24
217.168.240.0/24 maxlen: 24
217.168.241.0/24 maxlen: 24
217.168.242.0/24 maxlen: 24
217.168.243.0/24 maxlen: 24
217.168.244.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
217.168.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:b8:58:f0:63:55:c2:18:6d:a2:5c:22:13:2b:b8:d8:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jul 15 21:42:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ebaf188ebe9560b593d547ace880faa6d3d76f90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:26:46:bb:00:42:00:2b:6a:b2:bd:9a:a9:6a:
dd:2c:14:f6:e6:2d:04:e2:a9:5e:26:bf:b3:22:e1:
3a:db:a2:cc:25:5c:ac:97:f0:8e:ef:45:c4:99:32:
7e:9f:f9:11:cf:71:b8:52:1a:e0:ae:75:b5:20:c0:
88:51:f0:7f:54:1a:cc:86:40:06:cf:67:04:dd:b0:
47:13:8f:3a:46:1e:9a:01:4a:ef:7d:28:bb:3f:ed:
05:7a:68:30:9c:7e:5d:e7:63:af:f7:34:05:70:38:
66:bc:0c:e8:a2:19:e6:0e:bf:be:ab:1d:8d:1f:cb:
f5:71:c8:26:94:67:21:3f:24:4f:22:c7:c1:48:f7:
fb:12:31:59:11:52:2f:95:3d:4a:d6:37:03:9f:f9:
eb:02:ba:c6:cc:f2:dc:b6:82:ec:05:55:8d:ed:86:
cd:36:f9:47:c7:fe:19:f3:27:6e:fe:4b:dd:f1:a6:
0f:8b:33:2b:88:12:82:19:fe:18:f4:50:f4:f3:c6:
c2:b3:68:08:da:6c:9f:97:1f:eb:f6:ee:a8:79:62:
3f:ef:bb:bb:b7:7e:00:c6:ad:76:f7:de:dc:55:31:
ba:8d:cb:df:2c:af:4d:00:79:53:73:12:4b:d0:fd:
f0:c9:19:34:5b:80:41:63:02:76:0d:b5:bb:b2:c3:
f1:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:AF:18:8E:BE:95:60:B5:93:D5:47:AC:E8:80:FA:A6:D3:D7:6F:90
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/668Yjr6VYLWT1Ues6ID6ptPXb5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.64.0/24
185.161.66.0/24
217.168.240.0-217.168.245.255
217.168.247.0/24
Signature Algorithm: sha256WithRSAEncryption
29:b3:5d:9b:8b:0c:7e:83:82:18:19:41:88:ab:4b:98:58:ce:
1c:0f:7e:d0:08:40:7d:29:a4:09:98:23:61:00:2f:ad:1f:e2:
a9:0c:5e:e8:78:d8:5d:e2:47:af:50:e3:87:53:0b:ba:66:e0:
fd:28:f9:54:55:03:58:b2:60:d5:82:d7:7b:62:ac:20:7f:e0:
15:1e:73:80:26:a5:92:28:97:d1:e9:b0:a6:6b:71:b3:7c:49:
64:be:7b:7b:53:30:58:df:3b:25:50:fb:30:14:8d:fc:80:90:
ff:13:ee:e4:51:98:2b:a4:56:89:9a:a5:61:9b:64:9f:26:f4:
09:0c:8b:5d:8d:6b:2f:13:0f:39:bc:d9:dc:1c:dc:49:a1:bb:
c8:26:0a:71:1c:e2:57:20:bb:b2:b0:ed:ef:bb:de:56:9c:f1:
12:c9:5f:ff:82:e2:5a:be:6d:ec:20:50:0e:e1:e3:e0:17:4b:
c2:b8:cf:32:d7:e1:19:e6:b5:eb:23:16:5c:51:1d:6b:53:92:
1e:ae:93:7e:bc:12:ba:ad:f5:a4:bb:d0:c1:97:f3:0a:55:7d:
d2:93:c3:aa:b5:00:f7:00:d4:55:89:78:21:e6:3e:43:41:1c:
b0:6a:9e:f6:0c:25:14:e8:8e:86:15:0b:f8:8e:b0:67:9b:88:
68:51:0d:10
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZC4WPBjVcIYbaJcIhMruNgdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjQwNzE1MjE0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmFmMTg4ZWJlOTU2MGI1OTNkNTQ3YWNlODgwZmFhNmQzZDc2ZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiZGuwBCACtqsr2aqWrdLBT25i0E
4qleJr+zIuE626LMJVysl/CO70XEmTJ+n/kRz3G4UhrgrnW1IMCIUfB/VBrMhkAG
z2cE3bBHE486Rh6aAUrvfSi7P+0FemgwnH5d52Ov9zQFcDhmvAzoohnmDr++qx2N
H8v1ccgmlGchPyRPIsfBSPf7EjFZEVIvlT1K1jcDn/nrArrGzPLctoLsBVWN7YbN
NvlHx/4Z8ydu/kvd8aYPizMriBKCGf4Y9FD088bCs2gI2myflx/r9u6oeWI/77u7
t34Axq12997cVTG6jcvfLK9NAHlTcxJL0P3wyRk0W4BBYwJ2DbW7ssPxmwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOuvGI6+lWC1k9VHrOiA+qbT12+QMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvNjY4WWpyNlZZTFdUMVVlczZJRDZwdFBYYjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAuaFAAwQA
uaFCMAwDBATZqPADBAHZqPQDBADZqPcwDQYJKoZIhvcNAQELBQADggEBACmzXZuL
DH6DghgZQYirS5hYzhwPftAIQH0ppAmYI2EAL60f4qkMXuh42F3iR69Q44dTC7pm
4P0o+VRVA1iyYNWC13tirCB/4BUec4AmpZIol9HpsKZrcbN8SWS+e3tTMFjfOyVQ
+zAUjfyAkP8T7uRRmCukVomapWGbZJ8m9AkMi12Nay8TDzm82dwc3Emhu8gmCnEc
4lcgu7Kw7e+73lac8RLJX/+C4lq+bewgUA7h4+AXS8K4zzLX4RnmtesjFlxRHWtT
kh6uk368Erqt9aS70MGX8wpVfdKTw6q1APcA1FWJeCHmPkNBHLBqnvYMJRTojoYV
C/iOsGebiGhRDRA=
-----END CERTIFICATE-----
Generated at Sun Apr 20 03:36:35 2025 by rpki-client