Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/NXPOj7QEH62GvkL4Q08REgEEHNI.roa
File: NXPOj7QEH62GvkL4Q08REgEEHNI.roa (raw, json)
Hash identifier: Aq0DbH1pN8I83uvo9nyimTEYFg+WyqQE/gMLT2j06aU=
Subject key identifier: 35:73:CE:8F:B4:04:1F:AD:86:BE:42:F8:43:4F:11:12:01:04:1C:D2
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 07ED4E40
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/NXPOj7QEH62GvkL4Q08REgEEHNI.roa
Signing time: Fri 11 Feb 2022 08:28:26 +0000
ROA not before: Fri 11 Feb 2022 08:28:26 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.66.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 132992576 (0x7ed4e40)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Feb 11 08:28:26 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3573ce8fb4041fad86be42f8434f111201041cd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:4f:2f:27:a7:6c:82:73:a5:50:02:15:89:b8:
c8:2b:c8:83:94:b3:75:c3:04:0d:32:6b:9d:cc:af:
bd:68:6e:7a:de:3e:41:c3:d9:88:1b:7e:58:7e:78:
b9:42:2b:1b:a4:93:9b:1f:6f:59:7d:c1:cb:29:78:
b3:4d:3d:a8:b3:18:16:25:20:12:f2:f8:3d:22:7e:
6f:61:f0:07:9e:36:20:15:2a:6f:66:56:26:5d:18:
dd:ce:d7:5f:d9:21:b7:88:8c:6f:d4:47:fd:76:d1:
3a:79:68:12:1e:b1:4c:8e:64:c8:03:23:3a:6d:54:
3b:18:1f:ef:fc:9e:10:c3:df:d7:c2:25:28:28:eb:
77:96:2b:e9:c9:1a:59:2f:e9:20:2f:0f:2a:b4:7c:
4a:d9:cd:e9:1e:07:45:dc:72:3c:67:06:ad:66:69:
72:c7:24:6c:69:a3:8a:e9:d5:f6:40:d8:82:52:ba:
0d:d9:0f:1d:1a:9a:9c:60:f4:3f:dc:ca:5f:9c:bc:
21:b1:98:b6:d7:3b:00:b1:93:1d:f9:fb:28:3c:01:
9b:00:39:b8:56:b6:38:ed:fe:8f:b6:26:01:28:c5:
cc:f8:6f:86:cc:02:97:11:18:33:d7:94:2e:44:91:
0f:75:79:70:60:0e:3d:50:ed:ed:c0:c4:40:81:b8:
17:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:73:CE:8F:B4:04:1F:AD:86:BE:42:F8:43:4F:11:12:01:04:1C:D2
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/NXPOj7QEH62GvkL4Q08REgEEHNI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.66.0/24
217.168.245.0/24
Signature Algorithm: sha256WithRSAEncryption
07:a9:78:61:be:2c:45:91:cc:59:b6:b9:98:be:de:1c:9b:ed:
67:e0:4b:4a:8d:18:6b:1f:21:e8:3c:46:4e:b3:5c:40:c7:07:
b2:df:16:50:b3:11:77:3d:cb:8c:90:4e:89:7f:da:4b:cc:a9:
41:eb:71:67:cd:dc:f4:10:13:b7:44:f6:3f:56:6e:48:89:39:
83:20:48:c3:ed:b5:46:64:11:7e:81:85:1f:a6:32:03:4e:62:
4a:18:f2:e6:1a:da:d8:54:f4:a5:23:09:62:5b:3b:4a:2b:7a:
98:dd:36:06:6c:01:e2:89:7d:ee:ca:27:89:c2:43:c2:50:d3:
06:3d:08:2f:27:9a:cd:89:79:8e:64:20:22:3b:f7:34:ed:5e:
b2:c8:1a:09:ef:23:46:69:21:b2:4c:ac:67:45:e2:b9:27:73:
06:0e:30:10:06:b4:21:48:32:59:30:b7:e0:5b:6d:0e:20:af:
07:83:43:6e:c1:5b:13:0e:76:39:4d:10:b7:72:53:5e:8f:15:
00:c2:9a:f9:ef:e4:41:4c:0b:cc:3d:fa:79:ef:33:cd:6f:c8:
47:be:e6:b8:9b:fa:1a:d0:27:b3:8b:b6:ae:25:ac:7d:50:13:
a5:2d:28:53:f7:31:16:fe:0b:83:f6:2b:85:61:43:fc:04:c7:
67:4b:87:9c
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEB+1OQDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTBjM2NmM2RjNTNjYTU0OWMwM2U0ZjVmNDZkOTFjZTkwYjhlMDcwMB4XDTIyMDIx
MTA4MjgyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzU3M2NlOGZiNDA0
MWZhZDg2YmU0MmY4NDM0ZjExMTIwMTA0MWNkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOFPLyenbIJzpVACFYm4yCvIg5SzdcMEDTJrncyvvWhuet4+
QcPZiBt+WH54uUIrG6STmx9vWX3Byyl4s009qLMYFiUgEvL4PSJ+b2HwB542IBUq
b2ZWJl0Y3c7XX9kht4iMb9RH/XbROnloEh6xTI5kyAMjOm1UOxgf7/yeEMPf18Il
KCjrd5Yr6ckaWS/pIC8PKrR8StnN6R4HRdxyPGcGrWZpcsckbGmjiunV9kDYglK6
DdkPHRqanGD0P9zKX5y8IbGYttc7ALGTHfn7KDwBmwA5uFa2OO3+j7YmASjFzPhv
hswClxEYM9eULkSRD3V5cGAOPVDt7cDEQIG4F00CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQ1c86PtAQfrYa+QvhDTxESAQQc0jAfBgNVHSMEGDAWgBSxDDzz3FPKVJwD
5PX0bZHOkLjgcDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NRdzg4OXhUeWxTY0EtVDE5RzJSenBDNDRIQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmUvMjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8x
L05YUE9qN1FFSDYyR3ZrTDRRMDhSRWdFRUhOSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUv
MjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8xL3NRdzg4OXhUeWxT
Y0EtVDE5RzJSenBDNDRIQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALmhQgMEANmo9TANBgkqhkiG9w0B
AQsFAAOCAQEAB6l4Yb4sRZHMWba5mL7eHJvtZ+BLSo0Yax8h6DxGTrNcQMcHst8W
ULMRdz3LjJBOiX/aS8ypQetxZ83c9BATt0T2P1ZuSIk5gyBIw+21RmQRfoGFH6Yy
A05iShjy5hra2FT0pSMJYls7Sit6mN02BmwB4ol97sonicJDwlDTBj0ILyeazYl5
jmQgIjv3NO1essgaCe8jRmkhskysZ0XiuSdzBg4wEAa0IUgyWTC34FttDiCvB4ND
bsFbEw52OU0Qt3JTXo8VAMKa+e/kQUwLzD36ee8zzW/IR77muJv6GtAns4u2riWs
fVATpS0oU/cxFv4Lg/YrhWFD/ATHZ0uHnA==
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:30:50 2025 by rpki-client