Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/PK5qYdZ6ByznhKi-HyRPXIfQVsE.roa
File: PK5qYdZ6ByznhKi-HyRPXIfQVsE.roa (raw, json)
Hash identifier: tbqKi3Hjy1vFPhu4JabMFbIT67HuIwWIoKxgOuuAh1E=
Subject key identifier: 3C:AE:6A:61:D6:7A:07:2C:E7:84:A8:BE:1F:24:4F:5C:87:D0:56:C1
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018573E862DA9AB0155848B10239DE044A7A
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/PK5qYdZ6ByznhKi-HyRPXIfQVsE.roa
Signing time: Mon 02 Jan 2023 19:14:47 +0000
ROA not before: Mon 02 Jan 2023 19:14:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.66.0/24 maxlen: 24
217.168.243.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
217.168.244.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:e8:62:da:9a:b0:15:58:48:b1:02:39:de:04:4a:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 2 19:14:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3cae6a61d67a072ce784a8be1f244f5c87d056c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:50:b3:d1:60:16:e2:95:27:ab:85:37:7e:65:
fb:a5:45:fb:57:3e:79:17:30:4d:c2:f5:83:fe:41:
72:2b:da:60:e2:92:93:aa:cc:ea:17:28:82:17:9b:
49:c2:f9:50:44:08:43:a1:b4:2f:32:94:35:1d:5e:
3f:35:5a:9a:8f:25:26:2a:59:9d:1d:02:d0:51:fd:
e1:ae:88:94:52:ec:e5:ac:e8:37:c1:0b:0f:2a:11:
1c:38:45:a2:84:0c:f3:38:36:fb:2a:e8:2a:34:64:
ba:9a:66:4a:fb:c0:53:c8:33:b2:79:b3:1d:70:54:
cc:11:04:29:9f:1e:67:10:84:c9:40:80:5a:bc:7c:
c5:5a:6a:2e:62:5f:7e:bf:81:97:9c:3d:1f:9d:bc:
2d:a9:36:9d:9d:56:19:33:16:4f:ed:b7:30:d3:82:
95:16:91:f4:00:f2:ba:5d:7b:92:a3:3a:53:10:cb:
85:50:ae:7d:e9:bd:56:85:68:7e:6d:21:a9:8c:5a:
27:34:ec:0d:0f:f2:b1:6f:9b:95:f7:20:c9:81:d1:
60:56:96:39:d9:b7:e1:d5:38:3d:53:06:07:bc:ef:
97:37:48:71:7f:dd:57:bf:af:16:7e:01:69:f2:e3:
3f:fb:2a:00:92:b5:6a:cf:3e:0b:05:c7:a0:96:68:
e9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:AE:6A:61:D6:7A:07:2C:E7:84:A8:BE:1F:24:4F:5C:87:D0:56:C1
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/PK5qYdZ6ByznhKi-HyRPXIfQVsE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.66.0/24
217.168.243.0-217.168.245.255
Signature Algorithm: sha256WithRSAEncryption
01:44:99:21:b4:8b:e6:79:86:e7:ff:46:df:7d:d4:48:09:c5:
9a:d3:9e:14:5c:ac:c1:89:11:2e:37:d0:2b:a5:ea:3f:6c:75:
4a:c9:5c:a3:98:9b:1d:2a:23:42:93:4a:a9:a6:31:91:ce:29:
26:a5:2d:b4:e6:70:55:ba:b2:48:ad:13:ff:1e:92:54:f2:27:
b9:bb:b2:f1:16:b7:7c:62:59:3d:ea:28:6b:91:db:a8:0c:cf:
0e:5f:d1:fe:ce:e4:28:36:f3:25:52:84:4a:2d:49:6e:b2:dd:
e2:f0:14:2e:c3:35:ab:5e:f9:42:f1:4c:8c:c9:cb:40:a4:09:
28:74:4e:c0:83:aa:f9:60:92:54:67:c3:38:f6:97:ba:6a:83:
fb:d1:fc:44:61:2c:2a:2f:18:1e:2f:11:f3:ec:7d:1b:90:0b:
61:c7:8c:65:a9:d0:48:0d:e0:50:ba:e6:88:9e:46:3d:6a:a0:
90:26:8b:d2:37:2c:1c:d7:42:27:d6:7b:c6:16:f3:aa:b8:53:
08:36:b0:3f:0d:77:86:0b:8c:4d:8d:d7:df:f5:83:b1:6c:0d:
3b:14:e3:52:56:71:1f:04:21:9f:6a:41:45:f4:a9:c0:f7:c9:
1a:8c:a5:c6:c0:8e:61:bd:58:a6:ab:ea:eb:bf:ee:5d:77:ca:
7c:85:3e:f8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVz6GLamrAVWEixAjneBEp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjMwMTAyMTkxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FlNmE2MWQ2N2EwNzJjZTc4NGE4YmUxZjI0NGY1Yzg3ZDA1NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1Cz0WAW4pUnq4U3fmX7pUX7Vz55
FzBNwvWD/kFyK9pg4pKTqszqFyiCF5tJwvlQRAhDobQvMpQ1HV4/NVqajyUmKlmd
HQLQUf3hroiUUuzlrOg3wQsPKhEcOEWihAzzODb7KugqNGS6mmZK+8BTyDOyebMd
cFTMEQQpnx5nEITJQIBavHzFWmouYl9+v4GXnD0fnbwtqTadnVYZMxZP7bcw04KV
FpH0APK6XXuSozpTEMuFUK596b1WhWh+bSGpjFonNOwND/Kxb5uV9yDJgdFgVpY5
2bfh1Tg9UwYHvO+XN0hxf91Xv68WfgFp8uM/+yoAkrVqzz4LBceglmjpNwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDyuamHWegcs54Sovh8kT1yH0FbBMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvUEs1cVlkWjZCeXpuaEtpLUh5UlBYSWZRVnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuaFCMAwD
BADZqPMDBAHZqPQwDQYJKoZIhvcNAQELBQADggEBAAFEmSG0i+Z5huf/Rt991EgJ
xZrTnhRcrMGJES430Cul6j9sdUrJXKOYmx0qI0KTSqmmMZHOKSalLbTmcFW6skit
E/8eklTyJ7m7svEWt3xiWT3qKGuR26gMzw5f0f7O5Cg28yVShEotSW6y3eLwFC7D
Nate+ULxTIzJy0CkCSh0TsCDqvlgklRnwzj2l7pqg/vR/ERhLCovGB4vEfPsfRuQ
C2HHjGWp0EgN4FC65oieRj1qoJAmi9I3LBzXQifWe8YW86q4Uwg2sD8Nd4YLjE2N
19/1g7FsDTsU41JWcR8EIZ9qQUX0qcD3yRqMpcbAjmG9WKar6uu/7l13ynyFPvg=
-----END CERTIFICATE-----
Generated at Sat Apr 19 02:41:57 2025 by rpki-client