Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/LFbK_4FhtfpMN_JUvh4gY0J6NF8.roa
File: LFbK_4FhtfpMN_JUvh4gY0J6NF8.roa (raw, json)
Hash identifier: /H1XPMOwVlREoD11hZBkKAomDx0Bkm8Cf9VjJuA8cNk=
Subject key identifier: 2C:56:CA:FF:81:61:B5:FA:4C:37:F2:54:BE:1E:20:63:42:7A:34:5F
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 01911730436441CD783468DC992263471887
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/LFbK_4FhtfpMN_JUvh4gY0J6NF8.roa
Signing time: Sat 03 Aug 2024 07:42:04 +0000
ROA not before: Sat 03 Aug 2024 07:42:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.64.0/24 maxlen: 24
185.161.65.0/24 maxlen: 24
185.161.66.0/24 maxlen: 24
217.168.240.0/24 maxlen: 24
217.168.241.0/24 maxlen: 24
217.168.242.0/24 maxlen: 24
217.168.243.0/24 maxlen: 24
217.168.244.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
217.168.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:17:30:43:64:41:cd:78:34:68:dc:99:22:63:47:18:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Aug 3 07:42:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2c56caff8161b5fa4c37f254be1e2063427a345f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:cb:88:f4:00:b0:52:b0:02:6b:95:0f:e3:52:
0e:de:0e:71:2b:08:e1:69:a4:5f:d4:a4:da:b1:7c:
fe:f0:65:b8:75:76:78:b4:a0:15:83:66:44:b8:12:
2f:4e:64:64:4b:09:2c:dd:72:f6:9e:2e:3a:02:f4:
03:43:6d:96:8a:96:28:84:b5:79:19:2e:ac:a4:e5:
17:ac:8d:24:62:e0:af:d0:69:60:c8:98:ba:d7:9a:
0a:ce:26:4a:e1:db:01:d4:04:56:1d:eb:30:ae:fc:
d6:22:82:3c:52:2b:b9:d6:a3:91:ac:2d:9a:5e:1c:
54:81:fe:17:42:ef:ac:6b:5d:4e:69:a3:b2:8b:ce:
52:78:2d:44:1d:cd:1d:9d:77:ad:bc:de:e9:1a:5e:
9c:32:44:a0:ef:b8:52:60:ec:fb:ad:33:e9:6a:b9:
3f:51:48:71:9b:86:55:47:76:81:ed:a1:3f:5d:a5:
44:82:ed:86:65:9a:79:0b:15:6e:00:6e:1a:6a:7e:
c0:c3:bb:da:f5:d0:83:70:61:3a:30:16:61:26:00:
d1:94:87:81:ad:8f:d0:9f:a3:68:84:64:ca:5e:26:
f5:62:7e:29:50:fa:52:aa:3c:d5:ef:27:eb:9d:c0:
e7:b7:10:be:09:ea:82:cb:0a:ec:9e:fa:6c:62:f7:
45:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:56:CA:FF:81:61:B5:FA:4C:37:F2:54:BE:1E:20:63:42:7A:34:5F
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/LFbK_4FhtfpMN_JUvh4gY0J6NF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.64.0-185.161.66.255
217.168.240.0-217.168.245.255
217.168.247.0/24
Signature Algorithm: sha256WithRSAEncryption
03:94:17:fc:90:12:aa:52:6e:3d:a3:d5:14:a9:67:02:39:7e:
cf:4d:45:f6:91:a3:50:a8:51:48:e2:8c:94:8b:19:05:2c:dd:
52:c4:09:d1:5e:8d:3b:52:eb:20:98:d7:27:2f:93:56:c9:38:
57:63:9a:f1:11:5f:ae:05:2d:52:13:91:26:ac:75:e9:a6:94:
44:f0:24:dc:49:dc:d2:7f:ef:fe:cf:3a:ed:1b:9f:43:fc:fa:
86:a5:41:65:4a:f5:e4:56:83:72:1c:bb:b1:a5:c6:04:a9:7c:
37:b7:c7:e4:20:84:3e:3c:4b:0d:e4:bd:4a:05:74:02:74:94:
32:19:bd:d8:9a:e4:5a:6a:68:d5:4c:86:bc:41:c7:58:2d:39:
fb:76:a7:46:7b:6d:3c:4c:70:b2:85:ba:9c:f0:41:ff:37:75:
37:8a:ee:d8:22:42:80:87:48:0c:ad:6a:b4:c0:ed:6a:31:77:
99:cb:20:a8:0c:3b:30:d6:ef:a4:1d:d4:01:f4:ae:19:26:71:
e2:51:d8:88:3b:ab:e8:e0:7e:79:9e:57:48:53:ee:79:79:5e:
cb:d1:ff:70:8e:81:91:27:a4:4d:64:5b:24:9f:ad:3e:1c:66:
b3:d1:13:21:68:ee:2c:eb:6d:e1:bd:25:39:1e:f0:7c:77:f7:
0e:03:22:01
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZEXMENkQc14NGjcmSJjRxiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjQwODAzMDc0MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU2Y2FmZjgxNjFiNWZhNGMzN2YyNTRiZTFlMjA2MzQyN2EzNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MuI9ACwUrACa5UP41IO3g5xKwjh
aaRf1KTasXz+8GW4dXZ4tKAVg2ZEuBIvTmRkSwks3XL2ni46AvQDQ22WipYohLV5
GS6spOUXrI0kYuCv0GlgyJi615oKziZK4dsB1ARWHeswrvzWIoI8Uiu51qORrC2a
XhxUgf4XQu+sa11OaaOyi85SeC1EHc0dnXetvN7pGl6cMkSg77hSYOz7rTPpark/
UUhxm4ZVR3aB7aE/XaVEgu2GZZp5CxVuAG4aan7Aw7va9dCDcGE6MBZhJgDRlIeB
rY/Qn6NohGTKXib1Yn4pUPpSqjzV7yfrncDntxC+CeqCywrsnvpsYvdFQQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFCxWyv+BYbX6TDfyVL4eIGNCejRfMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvTEZiS180Rmh0ZnBNTl9KVXZoNGdZMEo2TkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAa5oUAD
BAC5oUIwDAMEBNmo8AMEAdmo9AMEANmo9zANBgkqhkiG9w0BAQsFAAOCAQEAA5QX
/JASqlJuPaPVFKlnAjl+z01F9pGjUKhRSOKMlIsZBSzdUsQJ0V6NO1LrIJjXJy+T
Vsk4V2Oa8RFfrgUtUhORJqx16aaURPAk3Enc0n/v/s867RufQ/z6hqVBZUr15FaD
chy7saXGBKl8N7fH5CCEPjxLDeS9SgV0AnSUMhm92JrkWmpo1UyGvEHHWC05+3an
RnttPExwsoW6nPBB/zd1N4ru2CJCgIdIDK1qtMDtajF3mcsgqAw7MNbvpB3UAfSu
GSZx4lHYiDur6OB+eZ5XSFPueXley9H/cI6BkSekTWRbJJ+tPhxms9ETIWjuLOtt
4b0lOR7wfHf3DgMiAQ==
-----END CERTIFICATE-----
Generated at Tue May 13 02:23:49 2025 by rpki-client