Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/D9r7cuWJqrxtLCcFW6lJkIihr2c.roa
File: D9r7cuWJqrxtLCcFW6lJkIihr2c.roa (raw, json)
Hash identifier: OTIHye0UYUt/L18oA5ILQfonQOR5DYW4kp1EbrWDLc8=
Subject key identifier: 0F:DA:FB:72:E5:89:AA:BC:6D:2C:27:05:5B:A9:49:90:88:A1:AF:67
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018CC500CF70B8CE3AA176CA5FCD23B63573
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/D9r7cuWJqrxtLCcFW6lJkIihr2c.roa
Signing time: Mon 01 Jan 2024 12:30:13 +0000
ROA not before: Mon 01 Jan 2024 12:30:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.66.0/24 maxlen: 24
217.168.240.0/24 maxlen: 24
217.168.243.0/24 maxlen: 24
217.168.242.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
217.168.241.0/24 maxlen: 24
217.168.244.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:cf:70:b8:ce:3a:a1:76:ca:5f:cd:23:b6:35:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 1 12:30:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0fdafb72e589aabc6d2c27055ba9499088a1af67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:80:bb:7f:14:b9:b3:58:59:b3:c3:0c:39:f4:
84:2c:e5:24:60:37:89:2a:3c:21:86:d2:16:2f:fe:
69:99:9f:e8:f3:eb:44:a4:c7:54:af:2a:1c:96:07:
d5:5f:85:9d:af:f5:26:74:7e:8f:35:62:dc:4e:eb:
e3:a4:16:3d:8c:f5:39:ab:99:b7:60:d5:b3:01:4a:
d8:62:52:17:ac:fb:d2:2d:94:93:f8:d1:7e:c8:d9:
14:e3:b4:e4:3f:0e:02:12:88:0a:80:8d:aa:b8:a9:
4c:b0:05:27:69:53:d4:0c:74:a3:83:76:3f:bd:bb:
76:48:09:cd:b9:03:11:16:cd:3d:f3:0c:87:e7:e0:
3f:e0:e9:7a:58:3c:56:a3:1e:fb:62:b6:2e:f6:29:
ee:51:cf:6f:9c:62:f2:0c:59:8e:8b:9d:2a:80:d0:
62:2e:c6:f5:0b:0b:e7:89:f0:c4:c9:af:cd:08:73:
f8:2c:8b:51:b0:c2:d9:fb:c0:bc:ac:ce:e7:be:68:
8f:4d:e4:dd:2c:60:93:67:9b:b7:e4:f1:49:62:cb:
99:09:5a:ed:f6:16:73:0e:85:c1:26:90:4b:a3:20:
ed:26:6b:9e:f9:64:b6:e8:b4:68:cb:ec:bd:46:55:
30:0d:67:a8:67:da:fa:dd:ac:f6:04:58:f1:d6:93:
7d:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:DA:FB:72:E5:89:AA:BC:6D:2C:27:05:5B:A9:49:90:88:A1:AF:67
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/D9r7cuWJqrxtLCcFW6lJkIihr2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.66.0/24
217.168.240.0-217.168.245.255
Signature Algorithm: sha256WithRSAEncryption
56:03:10:49:a2:ef:bc:fb:d5:0c:f1:6e:24:c2:14:08:7d:d8:
2e:61:e9:3c:e3:1c:72:2e:60:db:9f:ff:87:a2:9f:14:e2:c9:
8b:83:1b:a7:d9:b4:60:8c:bb:5d:8e:bd:88:46:06:aa:69:78:
a8:25:da:0f:fd:98:59:ed:88:94:7e:d9:bc:96:d7:99:59:e1:
2f:20:df:0a:c5:28:65:e7:f9:ad:21:c9:f4:c8:31:b2:6e:e9:
fd:23:ff:36:1f:86:7a:61:14:2d:a4:af:5b:18:69:34:c0:40:
aa:9f:4b:62:a3:fb:f1:79:ef:42:48:54:bb:37:d8:d8:11:57:
a0:ec:93:37:e3:3b:31:73:2b:5b:62:8a:99:81:f3:be:09:2b:
5f:fb:ec:9e:c2:10:89:ae:10:a9:ab:e1:b6:75:7e:65:58:9e:
b0:26:fe:e8:02:79:17:d5:bb:a3:32:cf:74:cb:ad:da:fa:5c:
62:72:b4:a7:6b:92:18:53:33:f6:44:b7:e6:25:c7:e0:3f:a0:
ef:06:0e:6d:97:8c:b5:e4:d7:09:3f:0f:7d:74:d6:4d:b1:ec:
1e:8d:17:44:0c:b3:3e:a4:33:d2:fd:08:73:5b:2a:d4:0f:ab:
6e:0f:f0:67:a4:3f:21:6f:79:4f:06:91:e4:c0:81:4d:fa:24:
5b:94:32:34
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFAM9wuM46oXbKX80jtjVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRhZmI3MmU1ODlhYWJjNmQyYzI3MDU1YmE5NDk5MDg4YTFhZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoC7fxS5s1hZs8MMOfSELOUkYDeJ
KjwhhtIWL/5pmZ/o8+tEpMdUryoclgfVX4Wdr/UmdH6PNWLcTuvjpBY9jPU5q5m3
YNWzAUrYYlIXrPvSLZST+NF+yNkU47TkPw4CEogKgI2quKlMsAUnaVPUDHSjg3Y/
vbt2SAnNuQMRFs098wyH5+A/4Ol6WDxWox77YrYu9inuUc9vnGLyDFmOi50qgNBi
Lsb1CwvnifDEya/NCHP4LItRsMLZ+8C8rM7nvmiPTeTdLGCTZ5u35PFJYsuZCVrt
9hZzDoXBJpBLoyDtJmue+WS26LRoy+y9RlUwDWeoZ9r63az2BFjx1pN9ZQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFA/a+3Lliaq8bSwnBVupSZCIoa9nMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvRDlyN2N1V0pxcnh0TENjRlc2bEprSWlocjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuaFCMAwD
BATZqPADBAHZqPQwDQYJKoZIhvcNAQELBQADggEBAFYDEEmi77z71QzxbiTCFAh9
2C5h6TzjHHIuYNuf/4einxTiyYuDG6fZtGCMu12OvYhGBqppeKgl2g/9mFntiJR+
2byW15lZ4S8g3wrFKGXn+a0hyfTIMbJu6f0j/zYfhnphFC2kr1sYaTTAQKqfS2Kj
+/F570JIVLs32NgRV6DskzfjOzFzK1tiipmB874JK1/77J7CEImuEKmr4bZ1fmVY
nrAm/ugCeRfVu6Myz3TLrdr6XGJytKdrkhhTM/ZEt+Ylx+A/oO8GDm2XjLXk1wk/
D3101k2x7B6NF0QMsz6kM9L9CHNbKtQPq24P8GekPyFveU8GkeTAgU36JFuUMjQ=
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:19:12 2025 by rpki-client