Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/PlnoGJToKBcCmAptkntOL70QKEc.roa
File: PlnoGJToKBcCmAptkntOL70QKEc.roa (raw, json)
Hash identifier: uw+ubgavutoZ0YJ5+JQH4Cz/jAgdv51SMcAGtf4hw14=
Subject key identifier: 3E:59:E8:18:94:E8:28:17:02:98:0A:6D:92:7B:4E:2F:BD:10:28:47
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 01898E94DBB27EBB3C6D4B58C88B16DF22AA
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/PlnoGJToKBcCmAptkntOL70QKEc.roa
Signing time: Tue 25 Jul 2023 19:44:27 +0000
ROA not before: Tue 25 Jul 2023 19:44:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.66.0/24 maxlen: 24
217.168.243.0/24 maxlen: 24
217.168.242.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
217.168.241.0/24 maxlen: 24
217.168.244.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:8e:94:db:b2:7e:bb:3c:6d:4b:58:c8:8b:16:df:22:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jul 25 19:44:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e59e81894e8281702980a6d927b4e2fbd102847
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:74:0f:25:1e:20:bb:b2:a3:9b:a5:0a:20:a5:
b7:7a:17:d8:14:8f:42:f0:9b:30:1a:73:8b:c9:2f:
f9:3b:fb:ec:25:96:b0:a0:15:e5:e6:27:ea:32:25:
8c:84:e7:fd:20:b5:e8:89:56:55:18:70:da:21:b4:
c8:8c:5d:a7:dc:19:92:87:4a:43:b3:2d:e2:9d:bc:
d0:a3:51:56:1e:23:c0:58:48:20:1b:bc:40:16:1b:
f8:da:f5:80:5c:98:c8:fa:d3:94:cc:e9:54:5c:f0:
d9:7e:32:7a:16:f3:10:1a:29:b0:77:ee:44:8c:3e:
14:94:ba:a6:de:e6:7e:6f:aa:9d:43:c1:4d:4f:b6:
c6:ab:d1:a8:bd:a5:bd:ba:93:17:8b:c6:2d:ed:07:
50:5e:ed:e4:61:e8:81:ca:88:e8:fc:29:06:0b:9a:
68:4f:27:8f:47:69:78:ad:68:8a:9a:20:83:50:48:
40:a4:1a:bd:8c:9c:0d:75:fa:d2:91:55:51:2b:53:
87:a9:f0:56:4e:9d:af:e0:4b:0d:c6:df:ef:3a:98:
17:0a:6e:db:b6:38:63:27:56:3c:0b:53:ad:72:93:
e8:24:6b:15:ed:af:56:3b:f6:4c:eb:00:89:af:53:
20:47:f1:45:2e:c4:e3:61:90:2b:ba:7a:de:36:10:
c0:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:59:E8:18:94:E8:28:17:02:98:0A:6D:92:7B:4E:2F:BD:10:28:47
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/PlnoGJToKBcCmAptkntOL70QKEc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.66.0/24
217.168.241.0-217.168.245.255
Signature Algorithm: sha256WithRSAEncryption
0b:83:d1:9c:5e:fe:79:f1:87:b2:ac:a3:f5:dc:3d:fd:6a:51:
31:15:65:11:d0:21:a1:07:b6:d5:45:55:30:e4:c9:fd:a2:e8:
a9:1f:e7:2b:fb:5b:00:22:0f:9c:f0:1f:ac:40:88:1c:57:0d:
3b:c3:fa:f9:e7:65:81:c3:f6:64:13:b9:0e:0e:71:95:93:32:
76:ce:d6:d4:fd:d3:0f:12:8b:ac:16:02:1f:1f:8c:6e:01:7e:
ce:90:b5:9e:4b:34:c2:29:41:11:86:b2:e1:cb:db:32:41:75:
27:cf:cb:99:ec:36:75:e6:72:74:ae:90:8a:3b:5d:bf:ef:a6:
ae:f8:4b:2d:98:ad:91:bb:60:2b:d3:a0:a8:9d:23:f4:6a:43:
e5:e9:36:65:21:13:58:34:4c:d5:dc:0a:93:98:57:8f:ec:07:
43:0b:f3:dc:0a:eb:76:80:33:d2:1a:5e:a6:8d:bb:a6:c4:6c:
8c:b1:5c:a7:7e:8f:3a:74:67:e0:70:c9:c6:e6:ff:ff:0f:69:
d1:46:ef:f4:28:e7:c3:90:c0:9e:28:18:0f:2f:3e:d8:b1:8b:
a9:78:61:95:d8:2a:77:09:9c:29:ba:c4:0f:37:9d:7f:bd:fb:
ec:10:e7:01:5d:67:43:89:ce:dd:2a:19:a8:bc:2e:d2:94:c2:
61:0d:6d:7c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYmOlNuyfrs8bUtYyIsW3yKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjMwNzI1MTk0NDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTU5ZTgxODk0ZTgyODE3MDI5ODBhNmQ5MjdiNGUyZmJkMTAyODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXQPJR4gu7Kjm6UKIKW3ehfYFI9C
8JswGnOLyS/5O/vsJZawoBXl5ifqMiWMhOf9ILXoiVZVGHDaIbTIjF2n3BmSh0pD
sy3inbzQo1FWHiPAWEggG7xAFhv42vWAXJjI+tOUzOlUXPDZfjJ6FvMQGimwd+5E
jD4UlLqm3uZ+b6qdQ8FNT7bGq9GovaW9upMXi8Yt7QdQXu3kYeiByojo/CkGC5po
TyePR2l4rWiKmiCDUEhApBq9jJwNdfrSkVVRK1OHqfBWTp2v4EsNxt/vOpgXCm7b
tjhjJ1Y8C1OtcpPoJGsV7a9WO/ZM6wCJr1MgR/FFLsTjYZArunreNhDAGQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFD5Z6BiU6CgXApgKbZJ7Ti+9EChHMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvUGxub0dKVG9LQmNDbUFwdGtudE9MNzBRS0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuaFCMAwD
BADZqPEDBAHZqPQwDQYJKoZIhvcNAQELBQADggEBAAuD0Zxe/nnxh7Kso/XcPf1q
UTEVZRHQIaEHttVFVTDkyf2i6Kkf5yv7WwAiD5zwH6xAiBxXDTvD+vnnZYHD9mQT
uQ4OcZWTMnbO1tT90w8Si6wWAh8fjG4Bfs6QtZ5LNMIpQRGGsuHL2zJBdSfPy5ns
NnXmcnSukIo7Xb/vpq74Sy2YrZG7YCvToKidI/RqQ+XpNmUhE1g0TNXcCpOYV4/s
B0ML89wK63aAM9IaXqaNu6bEbIyxXKd+jzp0Z+Bwycbm//8PadFG7/Qo58OQwJ4o
GA8vPtixi6l4YZXYKncJnCm6xA83nX+9++wQ5wFdZ0OJzt0qGai8LtKUwmENbXw=
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:48:55 2025 by rpki-client