Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/DgyMpC6NJydnFz2xT02aX7RPQNk.roa
File: DgyMpC6NJydnFz2xT02aX7RPQNk.roa (raw, json)
Hash identifier: IIumTdBdg9m61acYxFQy8fnyPAGqM/BRXs5P1l+GhBM=
Subject key identifier: 0E:0C:8C:A4:2E:8D:27:27:67:17:3D:B1:4F:4D:9A:5F:B4:4F:40:D9
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 092C0228
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/DgyMpC6NJydnFz2xT02aX7RPQNk.roa
Signing time: Fri 01 Jul 2022 07:47:04 +0000
ROA not before: Fri 01 Jul 2022 07:47:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.66.0/24 maxlen: 24
217.168.243.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
217.168.244.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 153879080 (0x92c0228)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jul 1 07:47:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0e0c8ca42e8d272767173db14f4d9a5fb44f40d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:94:61:f6:20:b2:d8:40:a7:2e:ee:eb:be:a5:
fc:ae:6a:57:ff:b6:0a:88:58:71:54:aa:cb:5e:74:
8e:35:a8:ca:7a:96:be:6b:e5:23:ab:6a:50:92:91:
b3:c9:a2:0e:b0:35:4f:0e:ac:b1:63:bf:1f:4d:c2:
41:8a:bc:b9:35:c7:9a:cb:0b:18:60:8e:7b:33:a2:
42:b4:93:d9:ee:ad:c3:af:86:57:0e:9b:4f:a0:bc:
af:1d:89:b7:7c:f6:9d:d2:b7:cf:e3:59:19:9c:d5:
4c:e4:fe:cb:9d:e6:e5:6b:88:7d:79:4f:94:67:3c:
31:f0:60:0a:a8:4a:07:6f:6d:8d:83:91:e5:15:00:
f7:32:e6:01:e2:dc:47:d6:6c:51:de:ec:8d:64:f0:
1b:b6:cd:bf:5d:84:2b:92:e0:57:21:96:ae:55:dc:
a9:1b:97:db:90:a0:b4:74:ec:a8:20:e9:66:48:4f:
4d:24:36:b2:ca:20:10:6f:a2:6c:06:1c:e3:e8:58:
b3:25:d7:91:4e:9b:79:36:3b:3c:42:36:46:e8:04:
0a:46:8b:da:f4:db:6c:12:de:3d:5a:88:27:b4:af:
b0:60:5f:54:dd:89:42:ad:7d:a8:b6:61:c7:10:9b:
f9:9b:02:26:6d:11:23:ce:68:a1:09:0b:6a:b4:02:
d5:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:0C:8C:A4:2E:8D:27:27:67:17:3D:B1:4F:4D:9A:5F:B4:4F:40:D9
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/DgyMpC6NJydnFz2xT02aX7RPQNk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.66.0/24
217.168.243.0-217.168.245.255
Signature Algorithm: sha256WithRSAEncryption
4b:5d:76:0a:61:d7:f5:b0:03:52:34:0b:f6:87:8e:d9:1c:3b:
4d:85:68:b9:66:f1:19:39:40:8c:0c:7b:fd:3d:a7:f5:1b:19:
bf:ee:74:e9:91:24:86:61:67:4f:40:47:51:e2:60:16:e1:5c:
b7:22:27:d4:bd:c8:61:41:4c:28:13:d2:62:39:c8:e1:06:e5:
ab:f8:99:bd:4a:46:a3:54:f7:ed:14:90:ea:69:6c:66:ab:0b:
74:19:2d:c9:d4:68:45:9b:d1:17:36:03:0f:33:c9:c5:6b:8d:
2e:5d:f4:41:d7:67:41:f5:06:1e:52:12:88:ea:3b:6e:a1:f1:
e4:6a:50:c1:12:41:ac:8a:f9:7f:d4:31:96:9b:2c:54:0d:06:
3c:79:bb:25:1c:e3:ed:2d:83:58:b8:b4:14:2e:70:e0:09:a8:
12:83:5b:b3:b6:93:75:0b:ac:85:84:da:60:06:3e:11:ba:17:
08:f8:80:c2:56:2f:f8:d8:74:72:b3:29:80:9d:08:bb:4a:75:
2b:ee:07:86:43:93:4d:0e:16:3e:8f:0c:82:d3:22:d6:c4:70:
9e:af:ec:fe:7f:3c:b8:89:d3:a8:3a:77:0c:3e:79:c3:08:57:
74:70:4f:47:82:80:3b:d0:90:9b:29:28:22:79:0f:10:19:cf:
6c:76:7e:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIECSwCKDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTBjM2NmM2RjNTNjYTU0OWMwM2U0ZjVmNDZkOTFjZTkwYjhlMDcwMB4XDTIyMDcw
MTA3NDcwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGUwYzhjYTQyZThk
MjcyNzY3MTczZGIxNGY0ZDlhNWZiNDRmNDBkOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIWUYfYgsthApy7u676l/K5qV/+2CohYcVSqy150jjWoynqW
vmvlI6tqUJKRs8miDrA1Tw6ssWO/H03CQYq8uTXHmssLGGCOezOiQrST2e6tw6+G
Vw6bT6C8rx2Jt3z2ndK3z+NZGZzVTOT+y53m5WuIfXlPlGc8MfBgCqhKB29tjYOR
5RUA9zLmAeLcR9ZsUd7sjWTwG7bNv12EK5LgVyGWrlXcqRuX25CgtHTsqCDpZkhP
TSQ2ssogEG+ibAYc4+hYsyXXkU6beTY7PEI2RugECkaL2vTbbBLePVqIJ7SvsGBf
VN2JQq19qLZhxxCb+ZsCJm0RI85ooQkLarQC1YUCAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBQODIykLo0nJ2cXPbFPTZpftE9A2TAfBgNVHSMEGDAWgBSxDDzz3FPKVJwD
5PX0bZHOkLjgcDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NRdzg4OXhUeWxTY0EtVDE5RzJSenBDNDRIQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmUvMjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8x
L0RneU1wQzZOSnlkbkZ6MnhUMDJhWDdSUFFOay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUv
MjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8xL3NRdzg4OXhUeWxT
Y0EtVDE5RzJSenBDNDRIQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEALmhQjAMAwQA2ajzAwQB2aj0MA0G
CSqGSIb3DQEBCwUAA4IBAQBLXXYKYdf1sANSNAv2h47ZHDtNhWi5ZvEZOUCMDHv9
Paf1Gxm/7nTpkSSGYWdPQEdR4mAW4Vy3IifUvchhQUwoE9JiOcjhBuWr+Jm9Skaj
VPftFJDqaWxmqwt0GS3J1GhFm9EXNgMPM8nFa40uXfRB12dB9QYeUhKI6jtuofHk
alDBEkGsivl/1DGWmyxUDQY8ebslHOPtLYNYuLQULnDgCagSg1uztpN1C6yFhNpg
Bj4RuhcI+IDCVi/42HRysymAnQi7SnUr7geGQ5NNDhY+jwyC0yLWxHCer+z+fzy4
idOoOncMPnnDCFd0cE9HgoA70JCbKSgieQ8QGc9sdn5e
-----END CERTIFICATE-----
Generated at Wed Apr 23 04:10:40 2025 by rpki-client